Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Ubuntu Reveals Desktop Telemetry for the First Time

Featured Deal: Get Over 90% off a Windscribe Pro VPN Lifetime Subscription Deal

Virus. keeps coming back.Winsvcs.exe

Started by StupidMalware , Dec 07 2012 10:14 PM

Please log in to reply

9 replies to this topic

#1 StupidMalware

Members
15 posts
OFFLINE

Local time:03:31 AM

Posted 07 December 2012 - 10:14 PM

Hey guys I have scanned with Malwarebytes, Superanti Spyware, and Hitman they all have said none except Malwarebytes and I know its right because my computer will randomly shut off some times.

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 boopme

To Insanity and Beyond

Global Moderator
73,072 posts
OFFLINE

Gender:Male
Location:NJ USA
Local time:04:31 AM

Posted 07 December 2012 - 10:46 PM

Hello please post that MBAM log.
The log is automatically saved and can be viewed by clicking the Logs tab.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.

Is it Winsvcs.exe or winsvc.exe

Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.

>>>>
ADW Cleaner

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

>>>>>>

ESET ONLINE

I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on this link to open ESET OnlineScan in a new window.
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
- Double click on the
  icon on your desktop.
Check "YES, I accept the Terms of Use."
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
- Scan potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 StupidMalware

Topic Starter

Members
15 posts
OFFLINE

Local time:03:31 AM

Posted 08 December 2012 - 04:58 AM

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.19.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ian :: IAN-PC [administrator]

12/7/2012 10:30:27 PM
mbam-log-2012-12-07 (23-34-39).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 474240
Time elapsed: 1 hour(s), 3 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Ian\Documents\Windows\winsvcs.exe (Backdoor.Agent) -> No action taken.

(end)

TDSS killer:

23:35:05.0816 7620 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:35:06.0302 7620 ============================================================
23:35:06.0302 7620 Current date / time: 2012/12/07 23:35:06.0302
23:35:06.0302 7620 SystemInfo:
23:35:06.0302 7620
23:35:06.0302 7620 OS Version: 6.1.7601 ServicePack: 1.0
23:35:06.0302 7620 Product type: Workstation
23:35:06.0302 7620 ComputerName: IAN-PC
23:35:06.0302 7620 UserName: Ian
23:35:06.0302 7620 Windows directory: C:\Windows
23:35:06.0302 7620 System windows directory: C:\Windows
23:35:06.0302 7620 Running under WOW64
23:35:06.0302 7620 Processor architecture: Intel x64
23:35:06.0302 7620 Number of processors: 8
23:35:06.0302 7620 Page size: 0x1000
23:35:06.0302 7620 Boot type: Normal boot
23:35:06.0302 7620 ============================================================
23:35:06.0687 7620 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:35:06.0692 7620 ============================================================
23:35:06.0692 7620 \Device\Harddisk0\DR0:
23:35:06.0692 7620 MBR partitions:
23:35:06.0692 7620 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x22EE8800
23:35:06.0708 7620 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x260E9800, BlocksNum 0x3145C000
23:35:06.0709 7620 ============================================================
23:35:06.0745 7620 C: <-> \Device\Harddisk0\DR0\Partition1
23:35:06.0776 7620 D: <-> \Device\Harddisk0\DR0\Partition2
23:35:06.0776 7620 ============================================================
23:35:06.0776 7620 Initialize success
23:35:06.0776 7620 ============================================================
23:35:44.0393 8120 ============================================================
23:35:44.0393 8120 Scan started
23:35:44.0393 8120 Mode: Manual; TDLFS;
23:35:44.0393 8120 ============================================================
23:35:45.0883 8120 ================ Scan system memory ========================
23:35:45.0883 8120 System memory - ok
23:35:45.0883 8120 ================ Scan services =============================
23:35:45.0956 8120 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
23:35:45.0958 8120 !SASCORE - ok
23:35:46.0082 8120 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:35:46.0085 8120 1394ohci - ok
23:35:46.0108 8120 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:35:46.0111 8120 ACPI - ok
23:35:46.0122 8120 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:35:46.0123 8120 AcpiPmi - ok
23:35:46.0205 8120 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:35:46.0207 8120 AdobeFlashPlayerUpdateSvc - ok
23:35:46.0227 8120 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:35:46.0232 8120 adp94xx - ok
23:35:46.0238 8120 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:35:46.0241 8120 adpahci - ok
23:35:46.0256 8120 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:35:46.0258 8120 adpu320 - ok
23:35:46.0280 8120 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:35:46.0282 8120 AeLookupSvc - ok
23:35:46.0309 8120 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
23:35:46.0315 8120 AFD - ok
23:35:46.0331 8120 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:35:46.0332 8120 agp440 - ok
23:35:46.0358 8120 [ 16F6F6B7903B913AB41AB848C8BB5658 ] AiCharger C:\Windows\system32\DRIVERS\AiCharger.sys
23:35:46.0360 8120 AiCharger - ok
23:35:46.0369 8120 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
23:35:46.0370 8120 ALG - ok
23:35:46.0380 8120 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
23:35:46.0381 8120 aliide - ok
23:35:46.0390 8120 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
23:35:46.0391 8120 amdide - ok
23:35:46.0413 8120 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
23:35:46.0414 8120 AmdK8 - ok
23:35:46.0429 8120 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
23:35:46.0431 8120 AmdPPM - ok
23:35:46.0454 8120 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:35:46.0456 8120 amdsata - ok
23:35:46.0466 8120 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
23:35:46.0469 8120 amdsbs - ok
23:35:46.0483 8120 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:35:46.0484 8120 amdxata - ok
23:35:46.0536 8120 [ E8494519BCB9E3B1B72E5604993A76E3 ] Amsp C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
23:35:46.0539 8120 Amsp - ok
23:35:46.0549 8120 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
23:35:46.0551 8120 AppID - ok
23:35:46.0562 8120 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:35:46.0563 8120 AppIDSvc - ok
23:35:46.0575 8120 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
23:35:46.0576 8120 Appinfo - ok
23:35:46.0637 8120 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:35:46.0639 8120 Apple Mobile Device - ok
23:35:46.0654 8120 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
23:35:46.0656 8120 arc - ok
23:35:46.0663 8120 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:35:46.0665 8120 arcsas - ok
23:35:46.0708 8120 [ A3626C6D3F2DC95497F3F61842D7FD89 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
23:35:46.0709 8120 ASLDRService - ok
23:35:46.0729 8120 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
23:35:46.0730 8120 ASMMAP64 - ok
23:35:46.0762 8120 [ B6EF28ECEE73B624D56DF30AD562AE8D ] AsusUacSvc C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe
23:35:46.0764 8120 AsusUacSvc - ok
23:35:46.0780 8120 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:35:46.0781 8120 AsyncMac - ok
23:35:46.0807 8120 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
23:35:46.0808 8120 atapi - ok
23:35:46.0843 8120 [ CBE61B4494165F458BD87E37181EE934 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
23:35:46.0844 8120 AthBTPort - ok
23:35:46.0884 8120 [ 4C4A576818EA028257C624AE36FF7A03 ] Atheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
23:35:46.0886 8120 Atheros Bt&Wlan Coex Agent - ok
23:35:46.0895 8120 [ 21753130331188C4B474E1D3B396E629 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
23:35:46.0897 8120 AtherosSvc - ok
23:35:46.0945 8120 [ B4174564AD5834A1680610572477878C ] athr C:\Windows\system32\DRIVERS\athrx.sys
23:35:46.0987 8120 athr - ok
23:35:47.0009 8120 [ DBC598E47E7A382E60E2A4745D41FEF9 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
23:35:47.0017 8120 ATKGFNEXSrv - ok
23:35:47.0048 8120 [ 41CEAFFCF3550785E59E3EC9BEE8D97A ] ATKWMIACPIIO_ C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
23:35:47.0049 8120 ATKWMIACPIIO_ - ok
23:35:47.0085 8120 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:35:47.0092 8120 AudioEndpointBuilder - ok
23:35:47.0102 8120 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:35:47.0105 8120 AudioSrv - ok
23:35:47.0133 8120 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:35:47.0135 8120 AxInstSV - ok
23:35:47.0153 8120 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
23:35:47.0158 8120 b06bdrv - ok
23:35:47.0190 8120 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:35:47.0194 8120 b57nd60a - ok
23:35:47.0238 8120 [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
23:35:47.0241 8120 BBSvc - ok
23:35:47.0257 8120 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
23:35:47.0259 8120 BDESVC - ok
23:35:47.0264 8120 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
23:35:47.0265 8120 Beep - ok
23:35:47.0293 8120 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
23:35:47.0300 8120 BFE - ok
23:35:47.0335 8120 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
23:35:47.0360 8120 BITS - ok
23:35:47.0370 8120 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:35:47.0371 8120 blbdrive - ok
23:35:47.0397 8120 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:35:47.0402 8120 Bonjour Service - ok
23:35:47.0423 8120 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:35:47.0424 8120 bowser - ok
23:35:47.0439 8120 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
23:35:47.0440 8120 BrFiltLo - ok
23:35:47.0451 8120 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
23:35:47.0452 8120 BrFiltUp - ok
23:35:47.0477 8120 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
23:35:47.0479 8120 Browser - ok
23:35:47.0499 8120 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:35:47.0503 8120 Brserid - ok
23:35:47.0511 8120 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:35:47.0512 8120 BrSerWdm - ok
23:35:47.0521 8120 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:35:47.0522 8120 BrUsbMdm - ok
23:35:47.0528 8120 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:35:47.0529 8120 BrUsbSer - ok
23:35:47.0557 8120 [ FE70889A85C57A9268101B2DB0474509 ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
23:35:47.0561 8120 BTATH_A2DP - ok
23:35:47.0577 8120 [ A83A91D07D1FE6BBE7A9DB46CA00434B ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys
23:35:47.0578 8120 BTATH_BUS - ok
23:35:47.0587 8120 [ C864FF85EE16D61C2BDD5EF76824625F ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys
23:35:47.0590 8120 BTATH_HCRP - ok
23:35:47.0598 8120 [ 0DEA505EFB5D771826D177EF8B8A208F ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
23:35:47.0599 8120 BTATH_LWFLT - ok
23:35:47.0614 8120 [ 724C8088C96EFE7A3E63FEC21D4681C0 ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys
23:35:47.0617 8120 BTATH_RCP - ok
23:35:47.0635 8120 [ AA0F5AFCF077C5246589B32ECEEAE566 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
23:35:47.0639 8120 BtFilter - ok
23:35:47.0666 8120 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
23:35:47.0668 8120 BthEnum - ok
23:35:47.0676 8120 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
23:35:47.0678 8120 BTHMODEM - ok
23:35:47.0693 8120 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
23:35:47.0694 8120 BthPan - ok
23:35:47.0718 8120 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
23:35:47.0724 8120 BTHPORT - ok
23:35:47.0762 8120 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
23:35:47.0763 8120 bthserv - ok
23:35:47.0773 8120 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
23:35:47.0775 8120 BTHUSB - ok
23:35:47.0804 8120 [ 55913573C41CF091F93A1AC07965EA7E ] busenum C:\Windows\system32\DRIVERS\SteelBus64.sys
23:35:47.0806 8120 busenum - ok
23:35:47.0820 8120 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:35:47.0822 8120 cdfs - ok
23:35:47.0853 8120 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:35:47.0855 8120 cdrom - ok
23:35:47.0876 8120 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
23:35:47.0877 8120 CertPropSvc - ok
23:35:47.0885 8120 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
23:35:47.0886 8120 circlass - ok
23:35:47.0903 8120 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
23:35:47.0907 8120 CLFS - ok
23:35:48.0001 8120 [ DB26C2BA2AC0AB6BE1CFA59F61CE22DA ] CLHNServiceForPowerDVD D:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
23:35:48.0003 8120 CLHNServiceForPowerDVD - ok
23:35:48.0058 8120 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:35:48.0059 8120 clr_optimization_v2.0.50727_32 - ok
23:35:48.0077 8120 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:35:48.0079 8120 clr_optimization_v2.0.50727_64 - ok
23:35:48.0138 8120 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:35:48.0144 8120 clr_optimization_v4.0.30319_32 - ok
23:35:48.0156 8120 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:35:48.0158 8120 clr_optimization_v4.0.30319_64 - ok
23:35:48.0180 8120 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:35:48.0181 8120 CmBatt - ok
23:35:48.0195 8120 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:35:48.0196 8120 cmdide - ok
23:35:48.0218 8120 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
23:35:48.0222 8120 CNG - ok
23:35:48.0244 8120 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
23:35:48.0245 8120 Compbatt - ok
23:35:48.0250 8120 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
23:35:48.0251 8120 CompositeBus - ok
23:35:48.0255 8120 COMSysApp - ok
23:35:48.0267 8120 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:35:48.0268 8120 crcdisk - ok
23:35:48.0288 8120 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
23:35:48.0290 8120 Creative ALchemy AL6 Licensing Service - ok
23:35:48.0307 8120 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
23:35:48.0308 8120 Creative Audio Engine Licensing Service - ok
23:35:48.0342 8120 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:35:48.0344 8120 CryptSvc - ok
23:35:48.0395 8120 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
23:35:48.0403 8120 cvhsvc - ok
23:35:48.0460 8120 [ E27D60E5A51EEDF9A57F5B69A9A6457D ] CyberLink PowerDVD 11.0 Monitor Service D:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
23:35:48.0462 8120 CyberLink PowerDVD 11.0 Monitor Service - ok
23:35:48.0468 8120 [ 857943A77B06AC056771A3B12CD318DD ] CyberLink PowerDVD 11.0 Service D:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
23:35:48.0471 8120 CyberLink PowerDVD 11.0 Service - ok
23:35:48.0516 8120 [ 003626F7CA17C204F16CD5047AF0703A ] danewFltr C:\Windows\system32\drivers\danew.sys
23:35:48.0517 8120 danewFltr - ok
23:35:48.0539 8120 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:35:48.0545 8120 DcomLaunch - ok
23:35:48.0564 8120 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
23:35:48.0568 8120 defragsvc - ok
23:35:48.0577 8120 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:35:48.0579 8120 DfsC - ok
23:35:48.0605 8120 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
23:35:48.0609 8120 Dhcp - ok
23:35:48.0616 8120 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
23:35:48.0617 8120 discache - ok
23:35:48.0638 8120 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
23:35:48.0639 8120 Disk - ok
23:35:48.0664 8120 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:35:48.0666 8120 Dnscache - ok
23:35:48.0680 8120 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:35:48.0683 8120 dot3svc - ok
23:35:48.0694 8120 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
23:35:48.0696 8120 DPS - ok
23:35:48.0709 8120 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:35:48.0710 8120 drmkaud - ok
23:35:48.0733 8120 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:35:48.0743 8120 DXGKrnl - ok
23:35:48.0773 8120 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
23:35:48.0775 8120 EapHost - ok
23:35:48.0829 8120 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
23:35:48.0873 8120 ebdrv - ok
23:35:48.0897 8120 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
23:35:48.0898 8120 EFS - ok
23:35:48.0943 8120 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:35:48.0949 8120 ehRecvr - ok
23:35:48.0963 8120 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
23:35:48.0965 8120 ehSched - ok
23:35:49.0004 8120 ekrn - ok
23:35:49.0024 8120 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:35:49.0029 8120 elxstor - ok
23:35:49.0053 8120 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:35:49.0054 8120 ErrDev - ok
23:35:49.0075 8120 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
23:35:49.0080 8120 EventSystem - ok
23:35:49.0097 8120 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
23:35:49.0100 8120 exfat - ok
23:35:49.0111 8120 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:35:49.0114 8120 fastfat - ok
23:35:49.0152 8120 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
23:35:49.0159 8120 Fax - ok
23:35:49.0185 8120 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
23:35:49.0186 8120 fdc - ok
23:35:49.0202 8120 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
23:35:49.0203 8120 fdPHost - ok
23:35:49.0215 8120 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
23:35:49.0216 8120 FDResPub - ok
23:35:49.0231 8120 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:35:49.0233 8120 FileInfo - ok
23:35:49.0244 8120 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:35:49.0245 8120 Filetrace - ok
23:35:49.0261 8120 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
23:35:49.0262 8120 flpydisk - ok
23:35:49.0276 8120 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:35:49.0280 8120 FltMgr - ok
23:35:49.0315 8120 [ 8768D7AF8CA1AEB2380BD62170C03F70 ] FLxHCIc C:\Windows\system32\DRIVERS\FLxHCIc.sys
23:35:49.0318 8120 FLxHCIc - ok
23:35:49.0332 8120 [ DCEE5572BCC930D5B8A9E23391236233 ] FLxHCIh C:\Windows\system32\DRIVERS\FLxHCIh.sys
23:35:49.0334 8120 FLxHCIh - ok
23:35:49.0358 8120 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
23:35:49.0374 8120 FontCache - ok
23:35:49.0409 8120 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:35:49.0410 8120 FontCache3.0.0.0 - ok
23:35:49.0418 8120 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:35:49.0419 8120 FsDepends - ok
23:35:49.0441 8120 [ 3DFA8D4E50D608F8F732014614C84DD2 ] fspad_win764 C:\Windows\system32\DRIVERS\fspad_win764.sys
23:35:49.0443 8120 fspad_win764 - ok
23:35:49.0466 8120 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
23:35:49.0467 8120 fssfltr - ok
23:35:49.0530 8120 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
23:35:49.0556 8120 fsssvc - ok
23:35:49.0572 8120 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:35:49.0573 8120 Fs_Rec - ok
23:35:49.0589 8120 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:35:49.0592 8120 fvevol - ok
23:35:49.0607 8120 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:35:49.0609 8120 gagp30kx - ok
23:35:49.0632 8120 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:35:49.0633 8120 GEARAspiWDM - ok
23:35:49.0666 8120 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
23:35:49.0673 8120 gpsvc - ok
23:35:49.0717 8120 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:35:49.0720 8120 gusvc - ok
23:35:49.0749 8120 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
23:35:49.0750 8120 hamachi - ok
23:35:49.0776 8120 Hamachi2Svc - ok
23:35:49.0790 8120 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:35:49.0791 8120 hcw85cir - ok
23:35:49.0802 8120 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:35:49.0806 8120 HdAudAddService - ok
23:35:49.0819 8120 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:35:49.0821 8120 HDAudBus - ok
23:35:49.0832 8120 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
23:35:49.0833 8120 HidBatt - ok
23:35:49.0843 8120 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
23:35:49.0845 8120 HidBth - ok
23:35:49.0860 8120 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
23:35:49.0861 8120 HidIr - ok
23:35:49.0874 8120 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
23:35:49.0875 8120 hidserv - ok
23:35:49.0898 8120 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:35:49.0899 8120 HidUsb - ok
23:35:49.0920 8120 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:35:49.0922 8120 hkmsvc - ok
23:35:49.0934 8120 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:35:49.0937 8120 HomeGroupListener - ok
23:35:49.0959 8120 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:35:49.0963 8120 HomeGroupProvider - ok
23:35:49.0977 8120 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:35:49.0978 8120 HpSAMD - ok
23:35:50.0012 8120 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:35:50.0020 8120 HTTP - ok
23:35:50.0023 8120 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:35:50.0023 8120 hwpolicy - ok
23:35:50.0047 8120 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:35:50.0048 8120 i8042prt - ok
23:35:50.0072 8120 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
23:35:50.0074 8120 iaStor - ok
23:35:50.0096 8120 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:35:50.0101 8120 iaStorV - ok
23:35:50.0148 8120 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:35:50.0158 8120 idsvc - ok
23:35:50.0172 8120 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:35:50.0174 8120 iirsp - ok
23:35:50.0197 8120 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
23:35:50.0206 8120 IKEEXT - ok
23:35:50.0288 8120 [ 602788BF364D43E5878AA1B4F85C232B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:35:50.0350 8120 IntcAzAudAddService - ok
23:35:50.0359 8120 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
23:35:50.0360 8120 intelide - ok
23:35:50.0373 8120 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:35:50.0374 8120 intelppm - ok
23:35:50.0396 8120 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:35:50.0398 8120 IPBusEnum - ok
23:35:50.0409 8120 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:35:50.0411 8120 IpFilterDriver - ok
23:35:50.0438 8120 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:35:50.0439 8120 IPMIDRV - ok
23:35:50.0447 8120 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:35:50.0449 8120 IPNAT - ok
23:35:50.0487 8120 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:35:50.0498 8120 iPod Service - ok
23:35:50.0514 8120 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:35:50.0515 8120 IRENUM - ok
23:35:50.0527 8120 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:35:50.0528 8120 isapnp - ok
23:35:50.0544 8120 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:35:50.0547 8120 iScsiPrt - ok
23:35:50.0557 8120 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:35:50.0558 8120 kbdclass - ok
23:35:50.0571 8120 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:35:50.0573 8120 kbdhid - ok
23:35:50.0590 8120 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
23:35:50.0590 8120 kbfiltr - ok
23:35:50.0596 8120 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
23:35:50.0597 8120 KeyIso - ok
23:35:50.0617 8120 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:35:50.0619 8120 KSecDD - ok
23:35:50.0639 8120 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:35:50.0642 8120 KSecPkg - ok
23:35:50.0648 8120 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:35:50.0650 8120 ksthunk - ok
23:35:50.0671 8120 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
23:35:50.0676 8120 KtmRm - ok
23:35:50.0696 8120 [ 033B4AED2C5519072C0D81E00804D003 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
23:35:50.0697 8120 L1C - ok
23:35:50.0710 8120 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
23:35:50.0719 8120 LanmanServer - ok
23:35:50.0732 8120 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:35:50.0734 8120 LanmanWorkstation - ok
23:35:50.0755 8120 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:35:50.0757 8120 lltdio - ok
23:35:50.0783 8120 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:35:50.0787 8120 lltdsvc - ok
23:35:50.0802 8120 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:35:50.0803 8120 lmhosts - ok
23:35:50.0843 8120 [ 0803906D607A9B83184447B75B60ECC2 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
23:35:50.0846 8120 LMS - ok
23:35:50.0869 8120 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:35:50.0871 8120 LSI_FC - ok
23:35:50.0877 8120 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:35:50.0879 8120 LSI_SAS - ok
23:35:50.0891 8120 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
23:35:50.0892 8120 LSI_SAS2 - ok
23:35:50.0906 8120 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:35:50.0908 8120 LSI_SCSI - ok
23:35:50.0924 8120 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
23:35:50.0926 8120 luafv - ok
23:35:50.0952 8120 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
23:35:50.0953 8120 MBAMProtector - ok
23:35:51.0016 8120 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
23:35:51.0020 8120 MBAMScheduler - ok
23:35:51.0048 8120 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
23:35:51.0054 8120 MBAMService - ok
23:35:51.0077 8120 [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt C:\Windows\system32\drivers\MBfilt64.sys
23:35:51.0079 8120 MBfilt - ok
23:35:51.0094 8120 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:35:51.0096 8120 Mcx2Svc - ok
23:35:51.0105 8120 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
23:35:51.0106 8120 megasas - ok
23:35:51.0125 8120 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
23:35:51.0128 8120 MegaSR - ok
23:35:51.0143 8120 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
23:35:51.0145 8120 MEIx64 - ok
23:35:51.0162 8120 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
23:35:51.0164 8120 MMCSS - ok
23:35:51.0179 8120 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
23:35:51.0180 8120 Modem - ok
23:35:51.0200 8120 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:35:51.0201 8120 monitor - ok
23:35:51.0222 8120 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:35:51.0224 8120 mouclass - ok
23:35:51.0239 8120 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:35:51.0241 8120 mouhid - ok
23:35:51.0251 8120 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:35:51.0253 8120 mountmgr - ok
23:35:51.0289 8120 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:35:51.0291 8120 MozillaMaintenance - ok
23:35:51.0304 8120 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
23:35:51.0307 8120 mpio - ok
23:35:51.0323 8120 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:35:51.0325 8120 mpsdrv - ok
23:35:51.0350 8120 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:35:51.0362 8120 MpsSvc - ok
23:35:51.0377 8120 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:35:51.0379 8120 MRxDAV - ok
23:35:51.0407 8120 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:35:51.0409 8120 mrxsmb - ok
23:35:51.0419 8120 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:35:51.0423 8120 mrxsmb10 - ok
23:35:51.0429 8120 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:35:51.0432 8120 mrxsmb20 - ok
23:35:51.0444 8120 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
23:35:51.0446 8120 msahci - ok
23:35:51.0455 8120 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:35:51.0457 8120 msdsm - ok
23:35:51.0475 8120 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
23:35:51.0478 8120 MSDTC - ok
23:35:51.0493 8120 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:35:51.0494 8120 Msfs - ok
23:35:51.0507 8120 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:35:51.0508 8120 mshidkmdf - ok
23:35:51.0520 8120 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:35:51.0521 8120 msisadrv - ok
23:35:51.0535 8120 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:35:51.0538 8120 MSiSCSI - ok
23:35:51.0541 8120 msiserver - ok
23:35:51.0555 8120 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:35:51.0556 8120 MSKSSRV - ok
23:35:51.0563 8120 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:35:51.0564 8120 MSPCLOCK - ok
23:35:51.0575 8120 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:35:51.0576 8120 MSPQM - ok
23:35:51.0590 8120 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:35:51.0594 8120 MsRPC - ok
23:35:51.0607 8120 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:35:51.0609 8120 mssmbios - ok
23:35:51.0623 8120 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:35:51.0624 8120 MSTEE - ok
23:35:51.0635 8120 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
23:35:51.0635 8120 MTConfig - ok
23:35:51.0651 8120 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
23:35:51.0652 8120 Mup - ok
23:35:51.0668 8120 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
23:35:51.0674 8120 napagent - ok
23:35:51.0701 8120 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:35:51.0705 8120 NativeWifiP - ok
23:35:51.0745 8120 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:35:51.0753 8120 NDIS - ok
23:35:51.0768 8120 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:35:51.0769 8120 NdisCap - ok
23:35:51.0788 8120 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:35:51.0789 8120 NdisTapi - ok
23:35:51.0795 8120 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:35:51.0797 8120 Ndisuio - ok
23:35:51.0811 8120 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:35:51.0813 8120 NdisWan - ok
23:35:51.0825 8120 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:35:51.0827 8120 NDProxy - ok
23:35:51.0840 8120 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:35:51.0841 8120 NetBIOS - ok
23:35:51.0856 8120 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:35:51.0859 8120 NetBT - ok
23:35:51.0871 8120 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
23:35:51.0872 8120 Netlogon - ok
23:35:51.0900 8120 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
23:35:51.0905 8120 Netman - ok
23:35:51.0922 8120 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
23:35:51.0927 8120 netprofm - ok
23:35:51.0952 8120 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:35:51.0954 8120 NetTcpPortSharing - ok
23:35:51.0974 8120 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:35:51.0975 8120 nfrd960 - ok
23:35:52.0017 8120 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:35:52.0021 8120 NlaSvc - ok
23:35:52.0029 8120 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:35:52.0030 8120 Npfs - ok
23:35:52.0050 8120 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
23:35:52.0051 8120 nsi - ok
23:35:52.0060 8120 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:35:52.0062 8120 nsiproxy - ok
23:35:52.0109 8120 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:35:52.0133 8120 Ntfs - ok
23:35:52.0160 8120 [ 7420B2E1F65642129B6E23BD42F752AA ] ntk_PowerDVD D:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys
23:35:52.0162 8120 ntk_PowerDVD - ok
23:35:52.0183 8120 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
23:35:52.0184 8120 Null - ok
23:35:52.0217 8120 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
23:35:52.0219 8120 NVHDA - ok
23:35:52.0407 8120 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:35:52.0570 8120 nvlddmkm - ok
23:35:52.0587 8120 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:35:52.0589 8120 nvraid - ok
23:35:52.0617 8120 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:35:52.0620 8120 nvstor - ok
23:35:52.0672 8120 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
23:35:52.0681 8120 nvsvc - ok
23:35:52.0762 8120 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
23:35:52.0787 8120 nvUpdatusService - ok
23:35:52.0801 8120 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:35:52.0803 8120 nv_agp - ok
23:35:52.0810 8120 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:35:52.0812 8120 ohci1394 - ok
23:35:52.0849 8120 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:35:52.0851 8120 ose - ok
23:35:52.0948 8120 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:35:53.0015 8120 osppsvc - ok
23:35:53.0065 8120 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:35:53.0069 8120 p2pimsvc - ok
23:35:53.0093 8120 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
23:35:53.0098 8120 p2psvc - ok
23:35:53.0118 8120 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
23:35:53.0120 8120 Parport - ok
23:35:53.0144 8120 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:35:53.0145 8120 partmgr - ok
23:35:53.0222 8120 [ 7C0582921913D00180EC2B8518BA135C ] pbfilter D:\Program Files\PeerBlock\pbfilter.sys
23:35:53.0223 8120 pbfilter - ok
23:35:53.0227 8120 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:35:53.0230 8120 PcaSvc - ok
23:35:53.0253 8120 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
23:35:53.0255 8120 pci - ok
23:35:53.0266 8120 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
23:35:53.0267 8120 pciide - ok
23:35:53.0278 8120 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
23:35:53.0281 8120 pcmcia - ok
23:35:53.0293 8120 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
23:35:53.0294 8120 pcw - ok
23:35:53.0312 8120 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:35:53.0318 8120 PEAUTH - ok
23:35:53.0382 8120 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:35:53.0383 8120 PerfHost - ok
23:35:53.0423 8120 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
23:35:53.0448 8120 pla - ok
23:35:53.0479 8120 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:35:53.0484 8120 PlugPlay - ok
23:35:53.0499 8120 PnkBstrA - ok
23:35:53.0502 8120 PnkBstrB - ok
23:35:53.0528 8120 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:35:53.0530 8120 PNRPAutoReg - ok
23:35:53.0535 8120 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:35:53.0538 8120 PNRPsvc - ok
23:35:53.0565 8120 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:35:53.0571 8120 PolicyAgent - ok
23:35:53.0595 8120 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
23:35:53.0598 8120 Power - ok
23:35:53.0618 8120 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:35:53.0620 8120 PptpMiniport - ok
23:35:53.0631 8120 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
23:35:53.0632 8120 Processor - ok
23:35:53.0650 8120 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
23:35:53.0653 8120 ProfSvc - ok
23:35:53.0663 8120 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:35:53.0664 8120 ProtectedStorage - ok
23:35:53.0679 8120 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:35:53.0681 8120 Psched - ok
23:35:53.0712 8120 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
23:35:53.0713 8120 PxHlpa64 - ok
23:35:53.0755 8120 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:35:53.0780 8120 ql2300 - ok
23:35:53.0794 8120 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:35:53.0796 8120 ql40xx - ok
23:35:53.0820 8120 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
23:35:53.0824 8120 QWAVE - ok
23:35:53.0833 8120 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:35:53.0834 8120 QWAVEdrv - ok
23:35:53.0849 8120 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:35:53.0850 8120 RasAcd - ok
23:35:53.0871 8120 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:35:53.0872 8120 RasAgileVpn - ok
23:35:53.0879 8120 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
23:35:53.0881 8120 RasAuto - ok
23:35:53.0894 8120 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:35:53.0896 8120 Rasl2tp - ok
23:35:53.0911 8120 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
23:35:53.0916 8120 RasMan - ok
23:35:53.0924 8120 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:35:53.0926 8120 RasPppoe - ok
23:35:53.0933 8120 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:35:53.0935 8120 RasSstp - ok
23:35:53.0945 8120 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:35:53.0949 8120 rdbss - ok
23:35:53.0957 8120 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
23:35:53.0958 8120 rdpbus - ok
23:35:53.0978 8120 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:35:53.0979 8120 RDPCDD - ok
23:35:53.0992 8120 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:35:53.0992 8120 RDPENCDD - ok
23:35:54.0007 8120 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:35:54.0008 8120 RDPREFMP - ok
23:35:54.0029 8120 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:35:54.0031 8120 RDPWD - ok
23:35:54.0047 8120 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:35:54.0050 8120 rdyboost - ok
23:35:54.0067 8120 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:35:54.0070 8120 RemoteAccess - ok
23:35:54.0076 8120 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:35:54.0079 8120 RemoteRegistry - ok
23:35:54.0100 8120 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
23:35:54.0102 8120 RFCOMM - ok
23:35:54.0114 8120 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:35:54.0116 8120 RpcEptMapper - ok
23:35:54.0128 8120 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
23:35:54.0129 8120 RpcLocator - ok
23:35:54.0146 8120 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
23:35:54.0150 8120 RpcSs - ok
23:35:54.0160 8120 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:35:54.0161 8120 rspndr - ok
23:35:54.0189 8120 [ E57FAC2CDB73F06586ED2ED310B80932 ] RSUSBVSTOR C:\Windows\system32\Drivers\RtsUVStor.sys
23:35:54.0192 8120 RSUSBVSTOR - ok
23:35:54.0215 8120 [ F4C374B1C46DE294B573BB43723AC3F6 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
23:35:54.0220 8120 RTL8167 - ok
23:35:54.0247 8120 [ F71EEA505290B0AAD48850F0D750702D ] RzSynapse C:\Windows\system32\DRIVERS\RzSynapse.sys
23:35:54.0249 8120 RzSynapse - ok
23:35:54.0263 8120 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
23:35:54.0264 8120 SamSs - ok
23:35:54.0301 8120 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
23:35:54.0302 8120 SASDIFSV - ok
23:35:54.0323 8120 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
23:35:54.0324 8120 SASKUTIL - ok
23:35:54.0334 8120 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:35:54.0336 8120 sbp2port - ok
23:35:54.0350 8120 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:35:54.0353 8120 SCardSvr - ok
23:35:54.0407 8120 [ EFD61BD67E5CE72CA5CE8BB6AD3E1FDB ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
23:35:54.0409 8120 SCDEmu - ok
23:35:54.0423 8120 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:35:54.0424 8120 scfilter - ok
23:35:54.0447 8120 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
23:35:54.0462 8120 Schedule - ok
23:35:54.0484 8120 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:35:54.0485 8120 SCPolicySvc - ok
23:35:54.0508 8120 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:35:54.0511 8120 SDRSVC - ok
23:35:54.0555 8120 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
23:35:54.0558 8120 SeaPort - ok
23:35:54.0576 8120 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:35:54.0577 8120 secdrv - ok
23:35:54.0586 8120 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
23:35:54.0588 8120 seclogon - ok
23:35:54.0596 8120 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
23:35:54.0598 8120 SENS - ok
23:35:54.0609 8120 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:35:54.0611 8120 SensrSvc - ok
23:35:54.0618 8120 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
23:35:54.0619 8120 Serenum - ok
23:35:54.0635 8120 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
23:35:54.0637 8120 Serial - ok
23:35:54.0667 8120 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:35:54.0669 8120 sermouse - ok
23:35:54.0676 8120 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
23:35:54.0679 8120 SessionEnv - ok
23:35:54.0687 8120 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:35:54.0687 8120 sffdisk - ok
23:35:54.0700 8120 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:35:54.0700 8120 sffp_mmc - ok
23:35:54.0712 8120 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:35:54.0713 8120 sffp_sd - ok
23:35:54.0728 8120 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
23:35:54.0729 8120 sfloppy - ok
23:35:54.0766 8120 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
23:35:54.0774 8120 Sftfs - ok
23:35:54.0798 8120 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
23:35:54.0803 8120 sftlist - ok
23:35:54.0817 8120 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
23:35:54.0821 8120 Sftplay - ok
23:35:54.0829 8120 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
23:35:54.0830 8120 Sftredir - ok
23:35:54.0841 8120 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
23:35:54.0842 8120 Sftvol - ok
23:35:54.0856 8120 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
23:35:54.0859 8120 sftvsa - ok
23:35:54.0890 8120 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:35:54.0894 8120 SharedAccess - ok
23:35:54.0902 8120 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:35:54.0907 8120 ShellHWDetection - ok
23:35:54.0925 8120 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
23:35:54.0926 8120 SiSGbeLH - ok
23:35:54.0937 8120 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
23:35:54.0938 8120 SiSRaid2 - ok
23:35:54.0948 8120 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:35:54.0950 8120 SiSRaid4 - ok
23:35:55.0058 8120 [ 0F97E7A47A52F4A36969F0FC319654C2 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
23:35:55.0100 8120 Skype C2C Service - ok
23:35:55.0152 8120 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
23:35:55.0155 8120 SkypeUpdate - ok
23:35:55.0169 8120 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:35:55.0170 8120 Smb - ok
23:35:55.0192 8120 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:35:55.0194 8120 SNMPTRAP - ok
23:35:55.0217 8120 [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan C:\Windows\syswow64\speedfan.sys
23:35:55.0219 8120 speedfan - ok
23:35:55.0225 8120 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
23:35:55.0226 8120 spldr - ok
23:35:55.0254 8120 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
23:35:55.0260 8120 Spooler - ok
23:35:55.0311 8120 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
23:35:55.0362 8120 sppsvc - ok
23:35:55.0373 8120 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:35:55.0375 8120 sppuinotify - ok
23:35:55.0397 8120 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
23:35:55.0402 8120 srv - ok
23:35:55.0414 8120 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:35:55.0419 8120 srv2 - ok
23:35:55.0428 8120 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:35:55.0430 8120 srvnet - ok
23:35:55.0445 8120 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:35:55.0448 8120 SSDPSRV - ok
23:35:55.0461 8120 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:35:55.0464 8120 SstpSvc - ok
23:35:55.0486 8120 Steam Client Service - ok
23:35:55.0535 8120 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
23:35:55.0540 8120 Stereo Service - ok
23:35:55.0547 8120 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
23:35:55.0549 8120 stexstor - ok
23:35:55.0578 8120 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
23:35:55.0585 8120 stisvc - ok
23:35:55.0595 8120 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:35:55.0596 8120 swenum - ok
23:35:55.0667 8120 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
23:35:55.0673 8120 SwitchBoard - ok
23:35:55.0694 8120 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
23:35:55.0700 8120 swprv - ok
23:35:55.0732 8120 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
23:35:55.0758 8120 SysMain - ok
23:35:55.0762 8120 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:35:55.0764 8120 TabletInputService - ok
23:35:55.0777 8120 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:35:55.0782 8120 TapiSrv - ok
23:35:55.0792 8120 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
23:35:55.0794 8120 TBS - ok
23:35:55.0839 8120 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:35:55.0865 8120 Tcpip - ok
23:35:55.0893 8120 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:35:55.0902 8120 TCPIP6 - ok
23:35:55.0923 8120 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:35:55.0924 8120 tcpipreg - ok
23:35:55.0938 8120 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:35:55.0939 8120 TDPIPE - ok
23:35:55.0953 8120 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:35:55.0954 8120 TDTCP - ok
23:35:55.0964 8120 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:35:55.0966 8120 tdx - ok
23:35:55.0985 8120 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:35:55.0986 8120 TermDD - ok
23:35:56.0002 8120 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
23:35:56.0010 8120 TermService - ok
23:35:56.0020 8120 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
23:35:56.0022 8120 Themes - ok
23:35:56.0038 8120 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
23:35:56.0039 8120 THREADORDER - ok
23:35:56.0072 8120 [ 69D76CE06BB629B69165C81D83A4B03E ] TiMiniService C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
23:35:56.0076 8120 TiMiniService - ok
23:35:56.0098 8120 [ 73AAFFDD2AC3C8814B26C440E5DD9DD4 ] tmactmon C:\Windows\system32\DRIVERS\tmactmon.sys
23:35:56.0099 8120 tmactmon - ok
23:35:56.0112 8120 [ 360E61217D4E1E333583D0C721057F70 ] tmcomm C:\Windows\system32\DRIVERS\tmcomm.sys
23:35:56.0115 8120 tmcomm - ok
23:35:56.0123 8120 [ 699D34EB7C670139CA23A65372BD5743 ] tmevtmgr C:\Windows\system32\DRIVERS\tmevtmgr.sys
23:35:56.0125 8120 tmevtmgr - ok
23:35:56.0143 8120 [ 262198EFB734012BFCD17E7479AE4A09 ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys
23:35:56.0145 8120 tmtdi - ok
23:35:56.0149 8120 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
23:35:56.0151 8120 TrkWks - ok
23:35:56.0216 8120 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:35:56.0219 8120 TrustedInstaller - ok
23:35:56.0229 8120 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:35:56.0231 8120 tssecsrv - ok
23:35:56.0248 8120 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:35:56.0250 8120 TsUsbFlt - ok
23:35:56.0267 8120 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
23:35:56.0268 8120 TsUsbGD - ok
23:35:56.0291 8120 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:35:56.0293 8120 tunnel - ok
23:35:56.0309 8120 [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
23:35:56.0310 8120 TurboB - ok
23:35:56.0325 8120 [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
23:35:56.0328 8120 TurboBoost - ok
23:35:56.0339 8120 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:35:56.0341 8120 uagp35 - ok
23:35:56.0358 8120 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:35:56.0362 8120 udfs - ok
23:35:56.0377 8120 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:35:56.0379 8120 UI0Detect - ok
23:35:56.0387 8120 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:35:56.0389 8120 uliagpkx - ok
23:35:56.0407 8120 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:35:56.0408 8120 umbus - ok
23:35:56.0422 8120 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
23:35:56.0423 8120 UmPass - ok
23:35:56.0495 8120 [ EB79C6C91A99930015EF29AE7FA802D1 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
23:35:56.0537 8120 UNS - ok
23:35:56.0553 8120 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
23:35:56.0558 8120 upnphost - ok
23:35:56.0583 8120 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
23:35:56.0585 8120 USBAAPL64 - ok
23:35:56.0612 8120 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
23:35:56.0614 8120 usbaudio - ok
23:35:56.0636 8120 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:35:56.0638 8120 usbccgp - ok
23:35:56.0653 8120 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:35:56.0655 8120 usbcir - ok
23:35:56.0686 8120 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
23:35:56.0687 8120 usbehci - ok
23:35:56.0709 8120 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:35:56.0713 8120 usbhub - ok
23:35:56.0742 8120 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:35:56.0743 8120 usbohci - ok
23:35:56.0758 8120 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
23:35:56.0760 8120 usbprint - ok
23:35:56.0775 8120 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:35:56.0776 8120 USBSTOR - ok
23:35:56.0784 8120 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
23:35:56.0785 8120 usbuhci - ok
23:35:56.0810 8120 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
23:35:56.0812 8120 usbvideo - ok
23:35:56.0825 8120 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
23:35:56.0827 8120 UxSms - ok
23:35:56.0838 8120 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
23:35:56.0839 8120 VaultSvc - ok
23:35:56.0858 8120 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:35:56.0859 8120 vdrvroot - ok
23:35:56.0874 8120 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
23:35:56.0881 8120 vds - ok
23:35:56.0893 8120 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:35:56.0895 8120 vga - ok
23:35:56.0910 8120 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
23:35:56.0911 8120 VgaSave - ok
23:35:56.0916 8120 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:35:56.0918 8120 vhdmp - ok
23:35:56.0929 8120 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
23:35:56.0930 8120 viaide - ok
23:35:56.0960 8120 [ C37CE43FB54066FFB540729C6E6E194E ] VideAceWindowsService C:\ExpressGateUtil\VAWinService.exe
23:35:56.0962 8120 VideAceWindowsService - ok
23:35:56.0984 8120 [ 3B59BB6D10CF969DBE4DB93D9EAD7FB4 ] VKbms C:\Windows\system32\DRIVERS\VKbms.sys
23:35:56.0985 8120 VKbms - ok
23:35:56.0989 8120 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:35:56.0990 8120 volmgr - ok
23:35:57.0004 8120 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:35:57.0009 8120 volmgrx - ok
23:35:57.0032 8120 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:35:57.0036 8120 volsnap - ok
23:35:57.0059 8120 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:35:57.0062 8120 vsmraid - ok
23:35:57.0096 8120 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
23:35:57.0120 8120 VSS - ok
23:35:57.0131 8120 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
23:35:57.0132 8120 vwifibus - ok
23:35:57.0143 8120 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:35:57.0144 8120 vwififlt - ok
23:35:57.0161 8120 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
23:35:57.0166 8120 W32Time - ok
23:35:57.0189 8120 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
23:35:57.0191 8120 WacomPen - ok
23:35:57.0203 8120 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:35:57.0205 8120 WANARP - ok
23:35:57.0208 8120 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:35:57.0209 8120 Wanarpv6 - ok
23:35:57.0242 8120 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
23:35:57.0268 8120 WatAdminSvc - ok
23:35:57.0323 8120 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
23:35:57.0349 8120 wbengine - ok
23:35:57.0361 8120 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:35:57.0365 8120 WbioSrvc - ok
23:35:57.0371 8120 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:35:57.0376 8120 wcncsvc - ok
23:35:57.0387 8120 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:35:57.0389 8120 WcsPlugInService - ok
23:35:57.0401 8120 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
23:35:57.0402 8120 Wd - ok
23:35:57.0434 8120 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:35:57.0441 8120 Wdf01000 - ok
23:35:57.0454 8120 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:35:57.0456 8120 WdiServiceHost - ok
23:35:57.0459 8120 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:35:57.0461 8120 WdiSystemHost - ok
23:35:57.0471 8120 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
23:35:57.0475 8120 WebClient - ok
23:35:57.0493 8120 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:35:57.0497 8120 Wecsvc - ok
23:35:57.0507 8120 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:35:57.0510 8120 wercplsupport - ok
23:35:57.0529 8120 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
23:35:57.0531 8120 WerSvc - ok
23:35:57.0544 8120 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:35:57.0545 8120 WfpLwf - ok
23:35:57.0563 8120 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
23:35:57.0565 8120 WimFltr - ok
23:35:57.0579 8120 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:35:57.0580 8120 WIMMount - ok
23:35:57.0608 8120 WinDefend - ok
23:35:57.0612 8120 WinHttpAutoProxySvc - ok
23:35:57.0657 8120 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:35:57.0660 8120 Winmgmt - ok
23:35:57.0693 8120 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
23:35:57.0727 8120 WinRM - ok
23:35:57.0771 8120 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
23:35:57.0773 8120 WinUsb - ok
23:35:57.0791 8120 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
23:35:57.0803 8120 Wlansvc - ok
23:35:57.0836 8120 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:35:57.0838 8120 wlcrasvc - ok
23:35:57.0907 8120 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:35:57.0941 8120 wlidsvc - ok
23:35:57.0950 8120 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
23:35:57.0951 8120 WmiAcpi - ok
23:35:57.0968 8120 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:35:57.0971 8120 wmiApSrv - ok
23:35:57.0984 8120 WMPNetworkSvc - ok
23:35:58.0009 8120 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:35:58.0010 8120 WPCSvc - ok
23:35:58.0023 8120 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:35:58.0025 8120 WPDBusEnum - ok
23:35:58.0043 8120 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:35:58.0044 8120 ws2ifsl - ok
23:35:58.0055 8120 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
23:35:58.0057 8120 wscsvc - ok
23:35:58.0060 8120 WSearch - ok
23:35:58.0121 8120 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
23:35:58.0156 8120 wuauserv - ok
23:35:58.0184 8120 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:35:58.0186 8120 WudfPf - ok
23:35:58.0198 8120 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:35:58.0201 8120 WUDFRd - ok
23:35:58.0228 8120 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:35:58.0231 8120 wudfsvc - ok
23:35:58.0244 8120 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
23:35:58.0248 8120 WwanSvc - ok
23:35:58.0272 8120 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
23:35:58.0273 8120 xusb21 - ok
23:35:58.0314 8120 [ 1870A74EE2901CA09FFBFE79A5EE0E94 ] {329F96B6-DF1E-4328-BFDA-39EA953C1312} D:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11\Common\NavFilter\000.fcl
23:35:58.0317 8120 {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
23:35:58.0352 8120 ================ Scan global ===============================
23:35:58.0367 8120 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:35:58.0400 8120 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
23:35:58.0407 8120 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
23:35:58.0426 8120 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:35:58.0441 8120 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:35:58.0446 8120 [Global] - ok
23:35:58.0446 8120 ================ Scan MBR ==================================
23:35:58.0460 8120 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:35:58.0769 8120 \Device\Harddisk0\DR0 - ok
23:35:58.0769 8120 ================ Scan VBR ==================================
23:35:58.0771 8120 [ 134AF79D956C7368B5C0828774A56B1C ] \Device\Harddisk0\DR0\Partition1
23:35:58.0772 8120 \Device\Harddisk0\DR0\Partition1 - ok
23:35:58.0797 8120 [ BFFA971F88D95B5137F51739DE8ADACC ] \Device\Harddisk0\DR0\Partition2
23:35:58.0798 8120 \Device\Harddisk0\DR0\Partition2 - ok
23:35:58.0799 8120 ============================================================
23:35:58.0799 8120 Scan finished
23:35:58.0799 8120 ============================================================
23:35:58.0804 6400 Detected object count: 0
23:35:58.0804 6400 Actual detected object count: 0
23:36:28.0735 6724 Deinitialize success

ADW Cleaner:

# AdwCleaner v2.011 - Logfile created 12/07/2012 at 23:41:45
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Ian - IAN-PC
# Boot Mode : Normal
# Running from : C:\Users\Ian\Downloads\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki

***** [Registry] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\6oc8qwtg.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.64

File : C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [14874 octets] - [07/08/2012 15:36:51]
AdwCleaner[S2].txt - [1404 octets] - [07/12/2012 23:41:45]

########## EOF - C:\AdwCleaner[S2].txt - [1464 octets] ##########

ESET:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=cc48961bfd4f1b40a1f807a845cc8266
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-12-08 08:43:42
# local_time=2012-12-08 02:43:42 (-0600, Central Standard Time (Mexico))
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 66 85 24325695 106499672 0 0
# scanned=257839
# found=8
# cleaned=8
# scan_time=10528
C:\Program Files (x86)\Cheat Engine 6.2\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application (cleaned by deleting - quarantined) 88F07DB216F388A603179649D83BF1FC9AC8CB06 C
C:\Program Files (x86)\Cheat Engine 6.2\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF application (cleaned by deleting - quarantined) CA3F51EC1897756636232998193325B830F22F26 C
C:\Users\Ian\AppData\Local\{8C6B555E-DD97-11E1-8270-B8AC6F996F26}\manager.js JS/Redirector.NCG trojan (cleaned by deleting - quarantined) B793737DA215EFC8E59A756C2873A5C9648312F8 C
C:\Users\Ian\Downloads\Assassins_Creed_III_RePack-RG_Mechanics_secure.exe Win32/TopMedia.B application (cleaned by deleting - quarantined) 97B0D5599B4C06C2E3A98C005E3E24B623EBEB47 C
C:\Users\Ian\Downloads\CheatEngine62.exe multiple threats (cleaned by deleting - quarantined) 5042D797D7FA03425D3AD7E333F5435626CA6534 C
C:\Users\Ian\Downloads\InstallFreeRARExtractFrog.exe Win32/OpenCandy application (cleaned by deleting - quarantined) F490CDF254EF667F2543F11EC718698BAFF6D26F C
D:\Users\Ian\Downloads\Assassins.Creed.3.UPDATE 1.01.and.CRACK.ONLY.1.01\Uplay.exe a variant of MSIL/Packed.Confuser.B application (cleaned by deleting - quarantined) 962DB6F144AB649B5DD9DA6CB496543457907BDD C
D:\Users\Ian\Downloads\The.Binding.of.Isaac.v1.0r9.cracked-THETA [ALEX]\The Binding of Isaac.exe Win32/HackTool.Crack.B application (cleaned by deleting - quarantined) D42F791213AA8EB4EA04C8BB7D3AB5163977B1CA C

#4 boopme

To Insanity and Beyond

Global Moderator
73,072 posts
OFFLINE

Gender:Male
Location:NJ USA
Local time:04:31 AM

Posted 08 December 2012 - 10:21 AM

Did you click Remove Selected after the scan? C:\Users\Ian\Documents\Windows\winsvcs.exe (Backdoor.Agent) -> No action taken.

How is it now?

You infected yuourself by using Cracked software..
IMPORTANT NOTE: The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

trendmicro.com/vinfo

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

Before we can continue, I need you to remove all cracks and keygens immediately to reduce the risk of infection/reinfection. If not, then we are just wasting time trying to clean your system. Further, other tools used during the disinfection process may detect crack and keygens so we need to ensure they have been removed.

Using these types of programs or the websites you visited to get them is almost a guaranteed way to get yourself infected!!

#5 StupidMalware

Topic Starter

Members
15 posts
OFFLINE

Local time:03:31 AM

Posted 08 December 2012 - 12:37 PM

Ok I have removed all of the cracks and yes I did select remove.

#6 boopme

To Insanity and Beyond

Global Moderator
73,072 posts
OFFLINE

Gender:Male
Location:NJ USA
Local time:04:31 AM

Posted 08 December 2012 - 01:32 PM

GreaT!,One more rootkit check?

and a check on mbam.

Please download aswMBR ( 4.5MB ) to your desktop.

Double click the aswMBR.exe icon, and click Run.
When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
Click the Scan button to start the scan.
On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Oh and some system info....

Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

#7 StupidMalware

Topic Starter

Members
15 posts
OFFLINE

Local time:03:31 AM

Posted 08 December 2012 - 05:48 PM

First Malware Bytes log:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.19.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ian :: IAN-PC [administrator]

12/8/2012 3:19:12 PM
mbam-log-2012-12-08 (15-19-12).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 473125
Time elapsed: 48 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Ian\Documents\Windows\winsvcs.exe (Backdoor.Agent) -> Quarantined and deleted successfully.

(end)

aswMBR:
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-08 16:23:18
-----------------------------
16:23:18.670 OS Version: Windows x64 6.1.7601 Service Pack 1
16:23:18.670 Number of processors: 8 586 0x2A07
16:23:18.670 ComputerName: IAN-PC UserName: Ian
16:23:19.278 Initialize success
16:28:03.118 AVAST engine defs: 12120800
16:28:23.300 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:28:23.300 Disk 0 Vendor: WDC_WD75 01.0 Size: 715404MB BusType: 3
16:28:23.316 Disk 0 MBR read successfully
16:28:23.316 Disk 0 MBR scan
16:28:23.332 Disk 0 Windows 7 default MBR code
16:28:23.332 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048
16:28:23.332 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 286161 MB offset 52430848
16:28:23.347 Disk 0 Partition - 00 0F Extended LBA 403641 MB offset 638488576
16:28:23.363 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 403640 MB offset 638490624
16:28:23.394 Disk 0 scanning C:\Windows\system32\drivers
16:28:34.064 Service scanning
16:28:48.588 Modules scanning
16:28:48.588 Disk 0 trace - called modules:
16:28:48.619 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
16:28:48.931 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a7e5790]
16:28:48.931 3 CLASSPNP.SYS[fffff88001ba043f] -> nt!IofCallDriver -> [0xfffffa800a26ba70]
16:28:48.931 5 ACPI.sys[fffff88000f4a7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800a273050]
16:28:50.039 AVAST engine scan C:\Windows
16:28:51.724 AVAST engine scan C:\Windows\system32
16:30:31.564 AVAST engine scan C:\Windows\system32\drivers
16:30:39.333 AVAST engine scan C:\Users\Ian
16:32:31.793 File: C:\Users\Ian\AppData\Roaming\Identities\{E7927442-8v23-436B-8409-951D004DCD3B}\winsvchost.exe.vir **INFECTED** Win32:Malware-gen
16:34:01.478 AVAST engine scan C:\ProgramData
16:35:00.017 Scan finished successfully
16:40:03.552 Disk 0 MBR has been saved successfully to "C:\Users\Ian\Desktop\MBR.dat"
16:40:03.556 The log file has been saved successfully to "C:\Users\Ian\Desktop\aswMBR.txt"

MBS:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.08.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ian :: IAN-PC [administrator]

12/8/2012 4:40:28 PM
mbam-log-2012-12-08 (16-40-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231841
Time elapsed: 1 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Mini Toolbox:
iniToolBox by Farbar Version: 25-11-2012
Ran by Ian (administrator) on 08-12-2012 at 16:45:07
Running from "C:\Users\Ian\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Atheros AR9002WB-1NG Wireless Network Adapter = Wireless Network Connection (Connected)
Hamachi Network Interface = Hamachi (Hardware not present)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Hamachi" nexthop=5.0.0.1 publish=Yes
set interface interface="Hamachi" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : Ian-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 74-2F-68-82-B5-9A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 14-DA-E9-C2-4F-DA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR9002WB-1NG Wireless Network Adapter
Physical Address. . . . . . . . . : 74-2F-68-82-1D-FC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::259b:5b03:36db:65df%11(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.7(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, December 08, 2012 4:18:22 PM
Lease Expires . . . . . . . . . . : Sunday, December 09, 2012 4:18:22 PM
Default Gateway . . . . . . . . . : 10.0.0.2
DHCP Server . . . . . . . . . . . : 10.0.0.2
DHCPv6 IAID . . . . . . . . . . . : 242495336
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-E3-3C-33-74-2F-68-82-1D-FC
DNS Servers . . . . . . . . . . . : 10.0.0.2
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{3E9F7662-5E79-497B-8C66-F50792C0F836}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A4A2DE91-2580-4380-BB00-C75BC9EEA37F}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{7A897F15-0B5B-48E5-A804-9E3A6D0EEBAB}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: local.gateway
Address: 10.0.0.2

Name: google.com
Addresses: 2001:4860:4002:801::1000
74.125.227.38
74.125.227.39
74.125.227.40
74.125.227.41
74.125.227.46
74.125.227.32
74.125.227.33
74.125.227.34
74.125.227.35
74.125.227.36
74.125.227.37

Pinging google.com [74.125.227.38] with 32 bytes of data:
Reply from 74.125.227.38: bytes=32 time=15ms TTL=52
Reply from 74.125.227.38: bytes=32 time=29ms TTL=52

Ping statistics for 74.125.227.38:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 15ms, Maximum = 29ms, Average = 22ms
Server: local.gateway
Address: 10.0.0.2

Name: yahoo.com
Addresses: 72.30.38.140
98.138.253.109
98.139.183.24

Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=74ms TTL=48
Reply from 72.30.38.140: bytes=32 time=68ms TTL=48

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 68ms, Maximum = 74ms, Average = 71ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
14...74 2f 68 82 b5 9a ......Bluetooth Device (Personal Area Network)
12...14 da e9 c2 4f da ......Realtek PCIe GBE Family Controller
11...74 2f 68 82 1d fc ......Atheros AR9002WB-1NG Wireless Network Adapter
1...........................Software Loopback Interface 1
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.2 10.0.0.7 25
10.0.0.0 255.255.255.0 On-link 10.0.0.7 281
10.0.0.7 255.255.255.255 On-link 10.0.0.7 281
10.0.0.255 255.255.255.255 On-link 10.0.0.7 281
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.0.0.7 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.0.0.7 281
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 5.0.0.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 281 fe80::/64 On-link
11 281 fe80::259b:5b03:36db:65df/128
On-link
1 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination Gateway
0 4294967295 2620:9b::/96 On-link
===========================================================================
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/08/2012 03:56:42 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (12/08/2012 03:53:31 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/08/2012 03:01:27 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (12/07/2012 11:45:06 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/07/2012 11:45:02 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/07/2012 11:08:56 PM) (Source: Application Hang) (User: )
Description: The program farcry3_d3d11.exe version 0.1.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1f9c

Start Time: 01cdd50210f64d36

Termination Time: 9

Application Path: D:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3_d3d11.exe

Report Id: 585e59ab-40f5-11e2-903c-742f6882b59a

Error: (12/07/2012 09:07:06 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/06/2012 11:13:36 PM) (Source: MsiInstaller) (User: Ian-PC)
Description: Product: Windows Defender -- You do not need to install this software because Windows Defender is included in Windows Vista. You can access Windows Defender from the Security section of the Windows Control Panel.

Error: (12/06/2012 10:53:41 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19411142

Error: (12/06/2012 10:53:41 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 19411142

System errors:
=============
Error: (12/08/2012 04:20:27 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (12/08/2012 04:20:27 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1326

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (12/08/2012 04:18:22 PM) (Source: Service Control Manager) (User: )
Description: The ESET Service service failed to start due to the following error:
%%2

Error: (12/08/2012 08:22:54 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (12/08/2012 08:22:54 AM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1326

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (12/08/2012 08:20:42 AM) (Source: Service Control Manager) (User: )
Description: The ESET Service service failed to start due to the following error:
%%2

Error: (12/08/2012 04:10:07 AM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (12/07/2012 11:44:56 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (12/07/2012 11:44:56 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1326

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (12/07/2012 11:42:51 PM) (Source: Service Control Manager) (User: )
Description: The ESET Service service failed to start due to the following error:
%%2

Microsoft Office Sessions:
=========================
Error: (12/08/2012 03:56:42 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (12/08/2012 03:53:31 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Ian\Downloads\esetsmartinstaller_enu.exe

Error: (12/08/2012 03:01:27 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (12/07/2012 11:45:06 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Ian\Downloads\esetsmartinstaller_enu.exe

Error: (12/07/2012 11:45:02 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Ian\Downloads\esetsmartinstaller_enu.exe

Error: (12/07/2012 11:08:56 PM) (Source: Application Hang)(User: )
Description: farcry3_d3d11.exe0.1.0.11f9c01cdd50210f64d369D:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3_d3d11.exe585e59ab-40f5-11e2-903c-742f6882b59a

Error: (12/07/2012 09:07:06 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/06/2012 11:13:36 PM) (Source: MsiInstaller)(User: Ian-PC)
Description: Product: Windows Defender -- You do not need to install this software because Windows Defender is included in Windows Vista. You can access Windows Defender from the Security section of the Windows Control Panel.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/06/2012 10:53:41 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19411142

Error: (12/06/2012 10:53:41 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 19411142

=========================== Installed Programs ============================

??????? Windows Live Mesh ActiveX ??(????) (Version: 15.4.5722.2)
??????? Windows Live Mesh ActiveX ??? (Version: 15.4.5722.2)
µTorrent (Version: 3.1.3)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
7-zip v9.20 (Version: v9.20)
A New Zero
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Photoshop CS6 (Version: 13.0)
AION Free-To-Play (Version: 2.70.0000)
Amnesia - The Dark Descent (Version: 1.0.0)
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
applicationupdater
ARMA 2
ARMA 2: Operation Arrowhead
ASUS AI Recovery (Version: 1.0.23)
ASUS FaceLogon (Version: 1.0.0013)
ASUS Live Update (Version: 3.1.2)
ASUS Power4Gear Hybrid (Version: 1.2.0)
ASUS USB Charger Plus (Version: 2.0.8)
ASUS Virtual Camera (Version: 1.0.25)
ASUS WebStorage (Version: 3.0.84.161)
AsusScr_G74 Series_ENG (Version: 1.0.0001)
AsusVibe2.0 (Version: 2.0.4.617)
Atheros Client Installation Program (Version: 7.0)
ATK Package (Version: 1.0.0015)
Bastion
Battlefield 3™ (Version: 1.0.0.0)
Battlefield: Bad Company™ 2 (Version: 1.0.0.0)
Battlelog Web Plugins (Version: 1.138.0)
BattlEye for OA Uninstall
BattlEye Uninstall
Bing Bar (Version: 7.0.610.0)
Bluetooth Win7 Suite (64) (Version: 7.2.0.65)
Bonjour (Version: 3.0.0.10)
Borderlands 2
Call of Duty: Modern Warfare 3
Call of Duty: Modern Warfare 3 - Dedicated Server
Call of Duty: Modern Warfare 3 - Multiplayer
Camtasia Studio 7 (Version: 7.1.1)
Cheat Engine 6.2
Contrôle ActiveX Windows Live Mesh pour connexions à distance (Version: 15.4.5722.2)
Control ActiveX de Windows Live Mesh para conexiones remotas (Version: 15.4.5722.2)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (Version: 15.4.5722.2)
Creation Kit
Crysis® 2 (Version: 1.0.0.0)
CyberLink LabelPrint (Version: 2.5.1908)
CyberLink Power2Go (Version: 6.1.3602c)
CyberLink PowerDVD 11 (Version: 11.0.2024.53)
D3DX10 (Version: 15.4.2368.0902)
DayZ Commander (Version: 0.9.85)
DirectX 9 Runtime (Version: 1.00.0000)
Dishonored
ESET Online Scanner v3
ESN Sonar (Version: 0.70.4)
ExpressGateCloud (Version: 2.6.27.160)
Fallout 3 (Version: 1.00.0000)
Fallout Mod Manager 0.13.21
Fallout: New Vegas
Far Cry 3 (Version: 1.02)
Finger Sensing Pad Driver (Version: 9.1.3.5)
FixCleaner (Version: 2.0.4419)
Fraps (remove only)
Fresco Logic USB3.0 Host Controller (Version: 3.5.73.0)
Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922)
Galerie de photos Windows Live (Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (Version: 15.4.3502.0922)
GameFast.exe (Version: 1.0.0.1)
gamelauncher-code4344-beta
gamelauncher-code4344-beta (x86)-Sony Online Entertainment-Installed Games-PlanetSide 2 Beta
gamelauncher-ps2-live
Google Chrome (Version: 23.0.1271.64)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Guild Wars 2
Gyazo 1.0
HandBrake 0.9.6 (Version: 0.9.6)
HitmanPro 3.7 (Version: 3.7.0.179)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 7.0.0.1118)
Intel® Turbo Boost Technology Monitor 2.0 (Version: 2.1.23.0)
iTunes (Version: 10.7.0.21)
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 31 (64-bit) (Version: 6.0.310)
Java™ 6 Update 31 (Version: 6.0.310)
JavaFX 2.1.1 (Version: 2.1.1)
Junk Mail filter update (Version: 15.4.3502.0922)
LIMBO
LogMeIn Hamachi (Version: 2.1.0.210)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Mass Effect™ 3 (Version: 1.01.0.0)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Mozilla Firefox 16.0.2 (x86 en-US) (Version: 16.0.2)
Mozilla Maintenance Service (Version: 14.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
NC Launcher (GameForge)
Nexus Mod Manager (Version: 0.19.0)
Nuance PDF Reader (Version: 6.00.0041)
NVIDIA 3D Vision Driver 306.97 (Version: 306.97)
NVIDIA Control Panel 306.97 (Version: 306.97)
NVIDIA Graphics Driver 306.97 (Version: 306.97)
NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA PhysX (Version: 9.12.0604)
NVIDIA PhysX System Software 9.12.0604 (Version: 9.12.0604)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.0697)
NVIDIA Update 1.7.11 (Version: 1.7.11)
NVIDIA Update Components (Version: 1.7.11)
Oblivion - Knights of the Nine (Version: 1.00.0000)
Oblivion - Orrery (Version: 1.00.0000)
Oblivion - Thieves Den (Version: 1.00.0000)
Oblivion - Wizard's Tower (Version: 1.00.0000)
Oblivion (Version: 1.00.0000)
OpenAL
Origin (Version: 8.5.0.4550)
Path of Exile (Version: 0.9.10.17445)
PDF Settings CS6 (Version: 11.0)
PeerBlock 1.1 (r518) (Version: 1.1.0.518)
PlanetSide 2 (Version: 1.0.3.181)
Play withSIX (Version: 1.00.0132)
Portal 2
PowerISO (Version: 5.2)
PunkBuster Services (Version: 0.993)
QuickTime (Version: 7.72.80.56)
Razer BlackWidow Ultimate (Version: 1.04.04)
Razer DeathAdder™ Mouse (Version: 3.05)
Razer Naga (Version: 3.03.01)
Realtek Ethernet Controller Driver (Version: 7.44.421.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6564)
Realtek USB 2.0 Reader Driver (Version: 6.1.7600.10001)
Rockstar Games Social Club (Version: 1.0.9.5)
Rotation Desktop for G Series.exe (Version: 1.0.0.9)
Roxio AACS Certificate (Version: 1.0.0)
Roxio CinePlayer (Version: 5.8)
Roxio CinePlayer (Version: 5.8.58232.1)
Saints Row The Third
Six Updater (Version: 2.09.7016)
Skype Click to Call (Version: 6.1.10441)
Skype™ 5.10 (Version: 5.10.116)
Sleeping Dogs, âåðñèÿ 1.01 (Version: 1.01)
Sophos Virus Removal Tool (Version: 2.1)
SpeedFan (remove only)
Spotify (Version: 0.8.4.124.ga3559d86)
Steam (Version: 1.0.0.0)
syncables desktop SE (Version: 5.5.746.11492)
TeamSpeak 3 Client (Version: 3.0.6)
The Elder Scrolls V: Skyrim
The War Z version alpha (Version: alpha)
THX TruStudio (Version: 1.03.01)
Trend Micro Titanium Internet Security (Version: 3.0)
Trend Micro Titanium Internet Security (Version: 3.00)
Trojan Remover 6.8.5 (Version: 6.8.5)
Ubisoft Game Launcher (Version: 1.0.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
VLC media player 2.0.0 (Version: 2.0.0)
Wallpapers (Version: 1.0.0)
Wallpapers by Wallpapers.com (Version: 1.0.0)
Windows Live ??? (Version: 15.4.3502.0922)
Windows Live ???? (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinFlash (Version: 2.32.0)
WinRAR 4.10 (64-bit) (Version: 4.10.0)
Wireless Console 3 (Version: 3.0.27)

========================= Memory info: ===================================

Percentage of memory in use: 19%
Total physical RAM: 12265.16 MB
Available physical RAM: 9840.31 MB
Total Pagefile: 24528.51 MB
Available Pagefile: 21938.41 MB
Total Virtual: 4095.88 MB
Available Virtual: 3964.67 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:69.15 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:394.18 GB) (Free:200.17 GB) NTFS
3 Drive e: (Far Cry 3) (CDROM) (Total:1.63 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\IAN-PC

Administrator Guest Ian
UpdatusUser

**** End of log ****

#8 boopme

To Insanity and Beyond

Global Moderator
73,072 posts
OFFLINE

Gender:Male
Location:NJ USA
Local time:04:31 AM

Posted 08 December 2012 - 10:35 PM

Good,looks like it's out now..

Uninstall these,outdated versions are exploitable.
Java™ 6 Update 31 (64-bit) (Version: 6.0.310)
Java™ 6 Update 31 (Version: 6.0.310)

Now..Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.

Then rerun Minitoolbox and only check this.. List Winsock Entries

#9 StupidMalware

Topic Starter

Members
15 posts
OFFLINE

Local time:03:31 AM

Posted 10 December 2012 - 10:40 PM

Thank you so much you guys are always so helpful.

#10 boopme

To Insanity and Beyond

Global Moderator
73,072 posts
OFFLINE

Gender:Male
Location:NJ USA
Local time:04:31 AM

Posted 10 December 2012 - 11:10 PM

You're most welcome! If all is good then..... Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

Go to > Programs > Accessories > System Tools and click "System Restore".
Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

Then use Disk Cleanup to remove all but the most recently created Restore Point.
Go to > Run... and type: Cleanmgr
Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
Click the "More Options" tab, then click the "Clean up" button under System Restore.
Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
Click Yes, then click Ok.
Click Yes again when prompted with "Are you sure you want to perform these actions?"
Disk Cleanup will remove the files and close automatically.