Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! AVG, Eset says I'm clear, Im unconvinced ~


  • This topic is locked This topic is locked
16 replies to this topic

#1 Justice893

Justice893

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 18 October 2012 - 09:40 PM

Hello all~

First off I'd like to thank you for the help on this topic.

I came across this virus after using a link through XBMC media center through the addon Project Free TV.

I noticed two .exe files that registered as cookies through AVG and knew something was going on right away. I did various scans and unfortunately could not find the infection so I unplugged my ethernet and shut down for the night. The next day when I booted on my computer AVG immidately found said files and the trojans buried with them. It removed IDP.Trojan.E13F31C (Two processes rundll.exe from two locations, the file Seartray.dll and its registry key) and an Unknown (1 process rundll.exe, 1 file Seartray.dll and its registry key.)

The above files are all locked in quarentine but my computer is not running like it used to, I also noticed that while preparing for shutdown the computer hangs momentarily to end some hidden processes.

I have tried using mbam (malwarebytes anti-malware)and it has repeatedly frozen @ C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT... etc. Not always the exact same file, but always in NTUSER.DAT . Spybot S&D, Eset Online Scanner and AVG all say that I am clear at the moment. Also, just for the record, Sandboxie was installed post infection just so I could test it as I was planning on doing a reformat if I could not successfully remove the infection.

I will cease to do any work on my system from this point on without your advice and post both DDS files (dds and attach) and a HiJackThis log below.

Thank you in advance for your help and support and wish me luck! (not that it will do anything considering the damage is done)

I appreciate any help I can get on the topic and will be awating your reply.

**EDIT** Kapersky just found another trojan on my computer, I will post the info below.

1.Trojan-FakeAV.Win32.SmartFortress.cjc

PE-Crypt.XorPE




DDS

DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by User at 21:50:11 on 2012-10-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8191.4370 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Sandboxie\SandboxieRpcSs.exe
C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Sandboxie\32\SbieSvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Sandboxie\SandboxieCrypto.exe
C:\Program Files\Sandboxie\SandboxieCrypto.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.ca/
uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.10.1
TCP: Interfaces\{373D162F-8662-4C3B-AA5D-6FDCF19D5C33} : DHCPNameServer = 192.168.10.1
TCP: Interfaces\{55327BB0-5CA5-4CFC-B10B-F4C0915ABF97} : DHCPNameServer = 192.168.10.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Run: [NVRaidService] C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-10-10 55856]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-7-26 291680]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-4 31080]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-4-25 202296]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 128456]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-10-10 1153368]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-9-4 722528]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-8-25 202632]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-15 136176]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2012-9-27 21712]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-15 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-10-15 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-10 1255736]
.
=============== Created Last 30 ================
.
2012-10-18 19:23:13 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{54DA8E07-8A24-4D7D-9D21-B233F517C411}\offreg.dll
2012-10-18 18:28:57 -------- d-----w- C:\Program Files (x86)\ESET
2012-10-18 17:02:12 -------- d-----w- C:\Program Files\Sandboxie
2012-10-18 16:53:11 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{54DA8E07-8A24-4D7D-9D21-B233F517C411}\mpengine.dll
2012-10-18 16:35:47 -------- d-----r- C:\Sandbox
2012-10-17 15:58:15 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-10-17 15:58:15 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2012-10-17 15:46:17 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-16 16:42:07 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-10-16 16:42:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-16 14:18:08 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-10-16 14:18:06 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-10-16 14:18:06 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-10-16 14:18:05 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-10-16 14:15:46 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-16 14:15:45 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-16 14:15:45 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-16 14:15:45 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-16 14:15:45 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-16 14:15:44 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-15 03:31:06 -------- d-----w- C:\Program Files\Axantum
2012-10-10 21:35:15 -------- d-----w- C:\Program Files (x86)\FreeTime
2012-10-07 22:29:17 -------- d-----w- C:\Windows\SysWow64\My Vaults
2012-10-07 22:19:28 -------- d-----w- C:\Users\User\AppData\Local\Proxure
2012-10-07 22:19:14 -------- d-----w- C:\ProgramData\ClubSanDisk
2012-10-06 14:47:14 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8619DCCE-1536-48DA-BF6D-BED2CA8C8B96}\gapaengine.dll
2012-09-27 15:07:20 21712 ----a-w- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
2012-09-27 15:07:20 -------- d-----w- C:\Users\User\AppData\Local\eSupport.com
2012-09-26 23:11:33 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-09-26 23:11:33 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-09-26 23:11:33 6198120 ----a-w- C:\Windows\System32\nvcpl.dll
2012-09-26 23:11:33 3266920 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-09-26 23:11:33 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-09-26 23:09:27 -------- d-----w- C:\NVIDIA
2012-09-26 23:04:47 3487434 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-09-26 23:04:15 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-09-26 17:54:40 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-09-26 17:54:40 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-09-26 17:51:56 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-26 15:23:53 -------- d-----w- C:\temp
2012-09-21 15:12:32 -------- d-----w- C:\Program Files (x86)\Guild Wars 2
.
==================== Find3M ====================
.
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-04 14:05:14 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-08-31 02:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-31 02:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-24 19:43:16 384352 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-07-26 07:21:28 291680 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
.
============= FINISH: 21:55:11.99 ===============



ATTACH

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/10/2011 3:09:26 PM
System Uptime: 18/10/2012 12:40:03 PM (9 hours ago)
.
Motherboard: Acer | | MC72XE
Processor: Intel® Core™2 Quad CPU Q9550 @ 2.83GHz | SOCKET775 M/B | 2833/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 596 GiB total, 271.365 GiB free.
D: is CDROM (UDF)
E: is CDROM ()
F: is FIXED (NTFS) - 596 GiB total, 397.259 GiB free.
G: is FIXED (NTFS) - 596 GiB total, 361.231 GiB free.
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP149: 12/10/2012 11:04:03 AM - Windows Update
RP150: 14/10/2012 11:30:36 PM - Installed AxCrypt 1.7.2931.0
RP151: 15/10/2012 11:28:05 AM - Windows Update
RP152: 16/10/2012 10:18:17 AM - Windows Update
.
==== Installed Programs ======================
.
"Nero SoundTrax Help
Adobe AIR
Adobe Flash Player 11 ActiveX 64-bit
Adobe Photoshop Elements 8.0
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
Advertising Center
AusLogics BoostSpeed
AVG 2012
AxCrypt 1.7.2931.0
CCleaner
CPUID CPU-Z 1.61.3
Crysis® 2
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Setup
DolbyFiles
Driver Sweeper version 3.2.0
DriverAgent by eSupport.com
ESET Online Scanner v3
FormatFactory 2.96
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HijackThis 2.0.2
ImagXpress
Java Auto Updater
Java™ 7 Update 5
JavaFX 2.1.1
JMicron JMB36X Driver
Kaspersky Security Scan
Logitech Gaming Software
Logitech Gaming Software 8.20
Malwarebytes Anti-Malware version 1.65.0.1400
Media Player Codec Pack 3.9.2
Menu Templates - Starter Kit
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Movie Templates - Starter Kit
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9
Nero BurningROM
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero Express
Nero InfoTool
Nero Installer
Nero Live
Nero Live Help
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero WaveEditor
Nero WaveEditor Help
NeroBurningROM
NeroExpress
neroxml
NirSoft BlueScreenView
NVIDIA Control Panel 306.23
NVIDIA Graphics Driver 306.23
NVIDIA Install Application
NVIDIA MediaShield
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0604
Oblivion
OCCT 4.3.1
Origin
Photodex Presenter
ProShow Producer
QuickTime
Sandboxie 3.74 (64-bit)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
SoundTrax
Spybot - Search & Destroy
swMSM
System Requirements Lab
TeamSpeak 3 Client
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.11
WebM Media Foundation Components
WinRAR archiver
XBMC
.
==== Event Viewer Messages From Past Week ========
.
17/10/2012 4:59:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
17/10/2012 2:05:43 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
17/10/2012 2:05:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
17/10/2012 2:05:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
17/10/2012 2:05:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
17/10/2012 2:05:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
17/10/2012 2:05:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
17/10/2012 2:05:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
17/10/2012 2:05:07 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
17/10/2012 2:05:06 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
17/10/2012 2:05:06 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
17/10/2012 2:05:06 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
17/10/2012 2:05:06 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
17/10/2012 2:05:06 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
17/10/2012 2:05:06 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
17/10/2012 2:05:06 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
17/10/2012 2:05:06 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
17/10/2012 2:05:06 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
17/10/2012 2:05:06 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
13/10/2012 4:31:41 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.137.1745.0).
13/10/2012 4:31:35 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1670.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070643 Error description: Fatal error during installation.
.
==== End Of File ===========================


HiJackThis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:53 PM, on 18/10/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Sandboxie\32\SbieSvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\User\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kaspersky Security Scan Service (KSS) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater12.2.6 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11839 bytes

Edited by Justice893, 18 October 2012 - 11:47 PM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,496 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:48 PM

Posted 19 October 2012 - 03:46 PM

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]
The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#3 Justice893

Justice893
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 19 October 2012 - 04:52 PM

Hello CatByte and thank you very much for the quick response :) .

Unfortunately I cannot enter System Recovery Options from the Advanced boot options, I dont believe I have any of these settings disabled so I feel as though my computer doesnt have preinstalled recovery options. The "Repair your computer" menu item does not exist for me :( .

Also, I cannot enter the System recovery options from a windows disc as a family member was the one who installed w7 on my computer and I cannot get in contact with him for the moment. Is there any other way I can use the Farbar Recovery Scan Tool or am I out of luck until I can get my hands on a windows CD?


Thanks again and take care

Justice~

Edited by Justice893, 19 October 2012 - 04:55 PM.


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,496 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:48 PM

Posted 19 October 2012 - 06:16 PM

you can make a recovery CD

  • Press Windows Key + R, type recdisc.exe in the runbox and press enter.
  • If you get a UAC prompt, allow the application to run by clicking Yes. You will see the following:

    Posted Image

  • Make sure you have a blank CD or DVD in your CD/DVD drive and click Create disc. Note: If AutoPlay comes up, just close it.
  • When the System Repair Disk has been created, click Close and then OK. Your System Repair Disk is now ready for use.

Start PC, Insert Windows 7 DVD and hit a key when asked to. You may have to change your boot order to boot from DVD!


follow the rest of the instructions for FRST
The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#5 Justice893

Justice893
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 19 October 2012 - 08:02 PM

Thank you very much CatByte I appreciate your patience with me, please excuse my ignorance ~


Here are the requested files -

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-10-2012
Ran by SYSTEM at 19-10-2012 20:13:13
Running from M:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet005

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized [5889816 2011-12-07] (Logitech Inc.)
HKLM\...\Run: [NVRaidService] C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe [291944 2010-04-08] (NVIDIA Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2596984 2012-07-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [947808 2012-09-04] ()
HKLM-x32\...\Run: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction [36960 2012-07-18] ()
HKLM-x32\...\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [1022048 2012-09-04] ()
HKU\User\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\User\...\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun [202296 2012-04-25] (Kaspersky Lab ZAO)
HKU\User\...\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" [765200 2012-08-25] (SANDBOXIE L.T.D)
HKU\User\...\Policies\system: [LogonHoursAction] 2
HKU\User\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1

==================== Services (Whitelisted) ===================

2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5167736 2012-08-12] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 KSS; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" -r [202296 2012-04-25] (Kaspersky Lab ZAO)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
2 SbieSvc; "C:\Program Files\Sandboxie\SbieSvc.exe" [123664 2012-08-25] (SANDBOXIE L.T.D)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe [186760 2011-10-10] ()
2 vToolbarUpdater12.2.6; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [722528 2012-09-04] ()

==================== Drivers (Whitelisted) =====================

3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [291680 2012-07-25] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [31080 2012-09-04] (AVG Technologies)
0 nvrd64; C:\Windows\System32\Drivers\nvrd64.sys [175720 2010-04-08] (NVIDIA Corporation)
3 SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [202632 2012-08-25] (SANDBOXIE L.T.D)
4 NVHDA; C:\Windows\System32\drivers\nvhda64v.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-10-18 15:04 - 2012-10-18 15:04 - 00687724 ____R (Swearware) C:\Users\User\Desktop\dds.com
2012-10-18 10:28 - 2012-10-18 10:28 - 00000000 ____D C:\Program Files (x86)\ESET
2012-10-18 09:02 - 2012-10-19 13:21 - 00001806 ____A C:\Windows\Sandboxie.ini
2012-10-18 09:02 - 2012-10-18 09:02 - 00000000 ____D C:\Program Files\Sandboxie
2012-10-18 08:35 - 2012-10-18 08:35 - 00000000 ___RD C:\Sandbox
2012-10-18 08:29 - 2012-10-18 08:29 - 02564880 ____A (SANDBOXIE L.T.D) C:\Users\User\Downloads\SandboxieInstall.exe
2012-10-17 17:32 - 2012-10-17 17:34 - 140249544 ____A C:\Users\User\Downloads\setup_11.0.0.1245.x01_2012_10_18_03_13.exe
2012-10-17 10:06 - 2012-10-17 12:30 - 00033332 ____A C:\Windows\System32\avgrep.txt
2012-10-17 08:55 - 2012-10-17 08:56 - 02213464 ____A (Kaspersky Lab ZAO) C:\Users\User\Desktop\tdsskiller.exe
2012-10-17 07:58 - 2012-10-17 17:34 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2012-10-17 07:58 - 2012-10-17 07:58 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2012-10-17 07:39 - 2012-10-17 07:39 - 00401720 ____A (Trend Micro Inc.) C:\Users\User\Desktop\HiJackThis.exe
2012-10-16 08:42 - 2012-10-16 08:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-16 08:42 - 2012-09-07 13:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-10-16 06:18 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-10-16 06:18 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-16 06:18 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-10-16 06:18 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-10-16 06:17 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-16 06:17 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-10-16 06:17 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-16 06:17 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-10-16 06:17 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-10-16 06:17 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-10-16 06:17 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-10-16 06:17 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-10-16 06:17 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-10-16 06:17 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-10-16 06:17 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-10-16 06:17 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-10-16 06:17 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-10-16 06:17 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-10-16 06:17 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-10-16 06:17 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-10-16 06:17 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-10-16 06:17 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-10-16 06:17 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-10-16 06:17 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-16 06:17 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-10-16 06:17 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-10-16 06:17 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-10-16 06:15 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-16 06:15 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-16 06:15 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-16 06:15 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-10-16 06:15 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-10-16 06:15 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-10-15 09:05 - 2012-10-15 09:11 - 735868928 ____A C:\Users\User\Downloads\Myvideolinks.Giesecke.Tk-Schindlers.List.1993.DVDrip.XViD-ALLiANCE.cd2.avi
2012-10-14 19:31 - 2012-10-14 19:31 - 00000000 ____D C:\Program Files\Axantum
2012-10-14 19:17 - 2012-10-14 19:17 - 00379399 ____A C:\Users\User\Downloads\hip21_en.zip
2012-10-10 13:38 - 2012-10-15 21:05 - 00000000 ____D C:\Users\User\Documents\Movies
2012-10-10 13:38 - 2012-10-11 07:46 - 00000000 ____D C:\Users\User\Documents\TV Shows
2012-10-10 13:35 - 2012-10-15 20:41 - 00000000 ____D C:\Users\User\Documents\FFOutput
2012-10-10 13:35 - 2012-10-10 13:35 - 00000000 ____D C:\Program Files (x86)\FreeTime
2012-10-07 14:29 - 2012-10-07 14:29 - 00000000 ____D C:\Windows\SysWOW64\My Vaults
2012-10-07 14:19 - 2012-10-07 14:19 - 00000288 ____A C:\Users\User\AppData\Roaming\.backup.dm
2012-10-07 14:19 - 2012-10-07 14:19 - 00000000 ____D C:\Users\User\AppData\Local\Proxure
2012-10-07 14:19 - 2012-10-07 14:19 - 00000000 ____D C:\Users\All Users\ClubSanDisk
2012-09-27 07:07 - 2012-09-27 07:07 - 00021712 ____A (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2012-09-27 07:07 - 2012-09-27 07:07 - 00000000 ____D C:\Users\User\AppData\Local\eSupport.com
2012-09-26 19:51 - 2012-09-26 19:51 - 00291552 ____A C:\Windows\Minidump\092612-27019-01.dmp
2012-09-26 17:41 - 2012-09-26 17:41 - 00071782 ____A C:\Users\User\Documents\cc_20120926_214118.reg
2012-09-26 15:13 - 2012-09-26 15:13 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-09-26 15:11 - 2012-08-30 08:18 - 03266920 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-09-26 15:11 - 2012-08-30 08:18 - 00891240 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-09-26 15:11 - 2012-08-30 08:18 - 00118120 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-09-26 15:11 - 2012-08-30 08:18 - 00063336 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-09-26 15:11 - 2012-08-30 08:17 - 06198120 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-09-26 15:10 - 2012-08-30 11:14 - 26228072 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-09-26 15:10 - 2012-08-30 11:14 - 25256296 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-09-26 15:10 - 2012-08-30 11:14 - 19828584 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-09-26 15:10 - 2012-08-30 11:14 - 18229096 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-09-26 15:10 - 2012-08-30 11:14 - 17559912 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-09-26 15:10 - 2012-08-30 11:14 - 15291752 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-09-26 15:10 - 2012-08-30 11:14 - 14879080 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-09-26 15:10 - 2012-08-30 11:14 - 13391720 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-09-26 15:10 - 2012-08-30 11:14 - 12465512 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-09-26 15:10 - 2012-08-30 11:14 - 09066344 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-09-26 15:10 - 2012-08-30 11:14 - 07626088 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-09-26 15:10 - 2012-08-30 11:14 - 07397736 ____A (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2012-09-26 15:10 - 2012-08-30 11:14 - 06109032 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2012-09-26 15:10 - 2012-08-30 11:14 - 02745192 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-09-26 15:10 - 2012-08-30 11:14 - 02725224 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-09-26 15:10 - 2012-08-30 11:14 - 02573672 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-09-26 15:10 - 2012-08-30 11:14 - 02422120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-09-26 15:10 - 2012-08-30 11:14 - 02216808 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-09-26 15:10 - 2012-08-30 11:14 - 01866088 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-09-26 15:10 - 2012-08-30 11:14 - 01760104 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-09-26 15:10 - 2012-08-30 11:14 - 01482600 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispgenco64.dll
2012-09-26 15:10 - 2012-08-30 11:14 - 00971624 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2012-09-26 15:10 - 2012-08-30 11:14 - 00830312 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2012-09-26 15:10 - 2012-08-30 11:14 - 00247144 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2012-09-26 15:10 - 2012-08-30 11:14 - 00202600 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2012-09-26 15:09 - 2012-09-26 15:09 - 00000000 ____D C:\NVIDIA
2012-09-26 15:04 - 2012-09-26 15:04 - 00000000 ____D C:\Users\All Users\NVIDIA Corporation
2012-09-26 15:04 - 2012-08-30 08:18 - 03487434 ____A C:\Windows\System32\nvcoproc.bin
2012-09-26 12:11 - 2012-09-26 12:11 - 00000000 __RHD C:\MSOCache
2012-09-26 09:54 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-09-26 09:54 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-09-26 09:51 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-09-26 06:13 - 2012-09-26 06:13 - 00286400 ____A C:\Windows\Minidump\092612-26894-01.dmp
2012-09-22 19:43 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-22 19:43 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-22 19:43 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-22 19:43 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-22 19:43 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-22 19:43 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-22 19:43 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-22 19:43 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-22 19:43 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-22 19:43 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-22 19:43 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-09-22 19:43 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-22 19:43 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-22 19:43 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-22 19:43 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-22 19:43 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-22 19:43 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-09-22 19:43 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-09-22 19:43 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-09-22 19:43 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-09-22 19:43 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-09-22 19:43 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-09-22 19:43 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-09-22 19:43 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-09-22 19:43 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-09-22 19:43 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-09-22 19:43 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-09-22 19:43 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-09-22 19:43 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-09-22 19:43 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-09-22 19:43 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-09-22 19:43 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-09-22 19:24 - 2012-09-22 19:24 - 00450776 ____A C:\Windows\Minidump\092212-28657-01.dmp
2012-09-21 07:12 - 2012-09-21 13:47 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2
2012-09-21 07:11 - 2012-09-21 10:01 - 00000000 ____D C:\Users\User\Documents\Guild Wars 2


==================== 3 Months Modified Files ==================

2012-10-19 16:08 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-19 16:08 - 2009-07-13 20:51 - 00077982 ____A C:\Windows\setupact.log
2012-10-19 15:47 - 2011-10-10 11:11 - 01528942 ____A C:\Windows\WindowsUpdate.log
2012-10-19 15:06 - 2011-10-15 11:29 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-19 13:46 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-19 13:46 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-19 13:46 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-19 13:39 - 2011-10-15 11:29 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-19 13:21 - 2012-10-18 09:02 - 00001806 ____A C:\Windows\Sandboxie.ini
2012-10-18 15:04 - 2012-10-18 15:04 - 00687724 ____R (Swearware) C:\Users\User\Desktop\dds.com
2012-10-18 08:29 - 2012-10-18 08:29 - 02564880 ____A (SANDBOXIE L.T.D) C:\Users\User\Downloads\SandboxieInstall.exe
2012-10-17 17:34 - 2012-10-17 17:32 - 140249544 ____A C:\Users\User\Downloads\setup_11.0.0.1245.x01_2012_10_18_03_13.exe
2012-10-17 12:30 - 2012-10-17 10:06 - 00033332 ____A C:\Windows\System32\avgrep.txt
2012-10-17 08:56 - 2012-10-17 08:55 - 02213464 ____A (Kaspersky Lab ZAO) C:\Users\User\Desktop\tdsskiller.exe
2012-10-17 07:39 - 2012-10-17 07:39 - 00401720 ____A (Trend Micro Inc.) C:\Users\User\Desktop\HiJackThis.exe
2012-10-17 07:34 - 2011-10-10 15:12 - 00048686 ____A C:\Windows\PFRO.log
2012-10-16 06:21 - 2011-10-10 14:45 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-10-15 09:11 - 2012-10-15 09:05 - 735868928 ____A C:\Users\User\Downloads\Myvideolinks.Giesecke.Tk-Schindlers.List.1993.DVDrip.XViD-ALLiANCE.cd2.avi
2012-10-14 19:17 - 2012-10-14 19:17 - 00379399 ____A C:\Users\User\Downloads\hip21_en.zip
2012-10-07 14:19 - 2012-10-07 14:19 - 00000288 ____A C:\Users\User\AppData\Roaming\.backup.dm
2012-09-27 16:35 - 2009-07-13 21:08 - 00032630 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-27 07:07 - 2012-09-27 07:07 - 00021712 ____A (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2012-09-26 19:51 - 2012-09-26 19:51 - 00291552 ____A C:\Windows\Minidump\092612-27019-01.dmp
2012-09-26 19:51 - 2011-10-18 08:35 - 810863515 ____A C:\Windows\MEMORY.DMP
2012-09-26 17:41 - 2012-09-26 17:41 - 00071782 ____A C:\Users\User\Documents\cc_20120926_214118.reg
2012-09-26 09:55 - 2012-03-05 08:52 - 00001945 ____A C:\Windows\epplauncher.mif
2012-09-26 06:13 - 2012-09-26 06:13 - 00286400 ____A C:\Windows\Minidump\092612-26894-01.dmp
2012-09-22 19:24 - 2012-09-22 19:24 - 00450776 ____A C:\Windows\Minidump\092212-28657-01.dmp
2012-09-14 11:19 - 2012-10-16 06:17 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-14 10:28 - 2012-10-16 06:17 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-09-09 14:35 - 2012-09-09 14:35 - 00435488 ____A C:\Windows\Minidump\090912-26707-01.dmp
2012-09-07 13:04 - 2012-10-16 08:42 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-04 06:05 - 2012-09-04 06:05 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-08-31 10:19 - 2012-10-16 06:18 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-08-30 18:03 - 2012-08-30 18:03 - 00228768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-08-30 18:03 - 2011-04-27 12:25 - 00128456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-08-30 11:14 - 2012-09-26 15:10 - 26228072 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-08-30 11:14 - 2012-09-26 15:10 - 25256296 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-08-30 11:14 - 2012-09-26 15:10 - 19828584 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-08-30 11:14 - 2012-09-26 15:10 - 18229096 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-08-30 11:14 - 2012-09-26 15:10 - 17559912 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-08-30 11:14 - 2012-09-26 15:10 - 15291752 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-08-30 11:14 - 2012-09-26 15:10 - 14879080 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-08-30 11:14 - 2012-09-26 15:10 - 13391720 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-08-30 11:14 - 2012-09-26 15:10 - 12465512 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-08-30 11:14 - 2012-09-26 15:10 - 09066344 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-08-30 11:14 - 2012-09-26 15:10 - 07626088 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-08-30 11:14 - 2012-09-26 15:10 - 07397736 ____A (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2012-08-30 11:14 - 2012-09-26 15:10 - 06109032 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2012-08-30 11:14 - 2012-09-26 15:10 - 02745192 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-08-30 11:14 - 2012-09-26 15:10 - 02725224 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-08-30 11:14 - 2012-09-26 15:10 - 02573672 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-08-30 11:14 - 2012-09-26 15:10 - 02422120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-08-30 11:14 - 2012-09-26 15:10 - 02216808 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-08-30 11:14 - 2012-09-26 15:10 - 01866088 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-08-30 11:14 - 2012-09-26 15:10 - 01760104 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-08-30 11:14 - 2012-09-26 15:10 - 01482600 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispgenco64.dll
2012-08-30 11:14 - 2012-09-26 15:10 - 00971624 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2012-08-30 11:14 - 2012-09-26 15:10 - 00830312 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2012-08-30 11:14 - 2012-09-26 15:10 - 00247144 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2012-08-30 11:14 - 2012-09-26 15:10 - 00202600 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2012-08-30 11:14 - 2012-02-09 18:43 - 00016366 ____A C:\Windows\System32\nvinfo.pb
2012-08-30 10:03 - 2012-10-16 06:18 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-30 09:12 - 2012-10-16 06:18 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-08-30 09:12 - 2012-10-16 06:18 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-08-30 08:18 - 2012-09-26 15:11 - 03266920 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-08-30 08:18 - 2012-09-26 15:11 - 00891240 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-08-30 08:18 - 2012-09-26 15:11 - 00118120 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-08-30 08:18 - 2012-09-26 15:11 - 00063336 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-08-30 08:18 - 2012-09-26 15:04 - 03487434 ____A C:\Windows\System32\nvcoproc.bin
2012-08-30 08:17 - 2012-09-26 15:11 - 06198120 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-08-29 12:57 - 2012-08-29 12:57 - 00453328 ____A C:\Windows\Minidump\082912-25240-01.dmp
2012-08-29 12:37 - 2012-08-29 12:37 - 00433048 ____A C:\Windows\Minidump\082912-26223-01.dmp
2012-08-28 20:49 - 2012-08-28 20:49 - 00437160 ____A C:\Windows\Minidump\082912-29577-01.dmp
2012-08-27 13:53 - 2012-08-27 13:53 - 00431608 ____A C:\Windows\Minidump\082712-31012-01.dmp
2012-08-25 21:16 - 2012-08-25 21:16 - 00029482 ____A C:\Users\User\Documents\cc_20120826_011622.reg
2012-08-25 19:34 - 2012-08-25 19:33 - 00072374 ____A C:\Users\User\Documents\cc_20120825_233352.reg
2012-08-25 08:28 - 2012-08-25 08:28 - 00433232 ____A C:\Windows\Minidump\082512-36332-01.dmp
2012-08-24 12:53 - 2012-08-24 12:53 - 00436904 ____A C:\Windows\Minidump\082412-33727-01.dmp
2012-08-24 11:43 - 2012-08-24 11:43 - 00384352 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
2012-08-24 10:05 - 2012-10-16 06:17 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 08:57 - 2012-10-16 06:17 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-08-24 03:15 - 2012-09-22 19:43 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 02:39 - 2012-09-22 19:43 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 02:31 - 2012-09-22 19:43 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 02:22 - 2012-09-22 19:43 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 02:21 - 2012-09-22 19:43 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 02:20 - 2012-09-22 19:43 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 02:18 - 2012-09-22 19:43 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 02:17 - 2012-09-22 19:43 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 02:14 - 2012-09-22 19:43 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 02:14 - 2012-09-22 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 02:13 - 2012-09-22 19:43 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 02:12 - 2012-09-22 19:43 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 02:11 - 2012-09-22 19:43 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 02:10 - 2012-09-22 19:43 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 02:09 - 2012-09-22 19:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 02:04 - 2012-09-22 19:43 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-23 23:27 - 2012-09-22 19:43 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-23 23:03 - 2012-09-22 19:43 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-23 22:59 - 2012-09-22 19:43 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-23 22:59 - 2012-08-23 22:18 - 883514521 ____A (GOG.com ) C:\Users\User\Downloads\setup_homm_3_complete_1.0.1.14.exe
2012-08-23 22:51 - 2012-09-22 19:43 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-23 22:51 - 2012-09-22 19:43 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-23 22:51 - 2012-09-22 19:43 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-23 22:49 - 2012-09-22 19:43 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-23 22:48 - 2012-09-22 19:43 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-23 22:47 - 2012-09-22 19:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-23 22:47 - 2012-09-22 19:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-23 22:47 - 2012-09-22 19:43 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-23 22:45 - 2012-09-22 19:43 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-23 22:44 - 2012-09-22 19:43 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-23 22:44 - 2012-09-22 19:43 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-23 22:43 - 2012-09-22 19:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-23 22:40 - 2012-09-22 19:43 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-23 21:50 - 2012-01-02 10:11 - 00007597 ____A C:\Users\User\AppData\Local\resmon.resmoncfg
2012-08-23 21:47 - 2009-07-13 20:45 - 00419848 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-22 10:12 - 2012-09-13 04:44 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 10:12 - 2012-09-13 04:44 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 10:12 - 2012-09-13 04:44 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 10:12 - 2012-09-13 04:44 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 13:01 - 2012-09-26 09:51 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-08-20 10:48 - 2012-10-16 06:17 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-08-20 10:48 - 2012-10-16 06:17 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-08-20 10:48 - 2012-10-16 06:17 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-08-20 10:48 - 2012-10-16 06:17 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-08-20 10:48 - 2012-10-16 06:17 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-08-20 10:48 - 2012-10-16 06:17 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-08-20 10:48 - 2012-10-16 06:17 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-08-20 10:46 - 2012-10-16 06:17 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-08-20 10:38 - 2012-10-16 06:17 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 06:17 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 06:17 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 06:17 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 06:17 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 06:17 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 06:17 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 06:17 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 06:17 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 06:17 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 06:17 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 06:17 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 06:17 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 06:17 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 06:17 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 06:17 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 06:17 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 06:17 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 06:17 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 06:17 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 06:17 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 06:17 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 06:17 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 06:17 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 06:17 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 06:17 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 06:17 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 06:17 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 09:40 - 2012-10-16 06:17 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-08-20 09:38 - 2012-10-16 06:17 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-08-20 09:37 - 2012-10-16 06:17 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-08-20 09:37 - 2012-10-16 06:17 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-08-20 09:37 - 2012-10-16 06:17 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-08-20 09:32 - 2012-10-16 06:17 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 06:17 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 06:17 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 06:17 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 06:17 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 06:17 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 06:17 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 06:17 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 06:17 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 06:17 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 06:17 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 06:17 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 06:17 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 06:17 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 06:17 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 06:17 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 06:17 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 06:17 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 06:17 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 06:17 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 06:17 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 06:17 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 06:17 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 06:17 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-08-20 07:38 - 2012-10-16 06:17 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-08-20 07:38 - 2012-10-16 06:17 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-08-20 07:33 - 2012-10-16 06:17 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 07:33 - 2012-10-16 06:17 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 07:33 - 2012-10-16 06:17 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 07:33 - 2012-10-16 06:17 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-08-14 18:58 - 2012-08-14 18:58 - 00284056 ____A C:\Windows\Minidump\081412-37003-01.dmp
2012-08-13 06:23 - 2012-08-13 06:23 - 00285664 ____A C:\Windows\Minidump\081312-37643-01.dmp
2012-08-12 16:35 - 2012-08-12 16:35 - 00285464 ____A C:\Windows\Minidump\081212-37721-01.dmp
2012-08-12 06:16 - 2012-08-12 06:16 - 00282608 ____A C:\Windows\Minidump\081212-28376-01.dmp
2012-08-12 06:14 - 2012-08-12 06:14 - 00291576 ____A C:\Windows\Minidump\081212-25880-01.dmp
2012-08-11 18:08 - 2012-08-11 18:08 - 00427560 ____A C:\Windows\Minidump\081112-27736-01.dmp
2012-08-11 13:55 - 2012-08-11 13:55 - 00454472 ____A C:\Windows\Minidump\081112-27300-01.dmp
2012-08-11 11:47 - 2012-08-11 11:47 - 00317224 ____A C:\Windows\Minidump\081112-28017-01.dmp
2012-08-11 05:25 - 2012-08-11 05:25 - 00262192 ____A C:\Windows\Minidump\081112-36972-01.dmp
2012-08-10 16:56 - 2012-10-16 06:17 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-08-10 15:56 - 2012-10-16 06:17 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-08-09 08:23 - 2012-08-09 08:23 - 00437952 ____A C:\Windows\Minidump\080912-32432-01.dmp
2012-08-08 07:12 - 2012-08-08 07:12 - 00290304 ____A C:\Windows\Minidump\080812-33680-01.dmp
2012-08-08 07:05 - 2012-08-08 07:05 - 00291608 ____A C:\Windows\Minidump\080812-33119-01.dmp
2012-08-06 17:28 - 2012-08-06 17:28 - 00423232 ____A C:\Windows\Minidump\080612-26660-01.dmp
2012-08-06 15:04 - 2012-08-06 15:04 - 00421416 ____A C:\Windows\Minidump\080612-27627-01.dmp
2012-08-06 05:40 - 2012-08-06 05:40 - 00450488 ____A C:\Windows\Minidump\080612-25537-01.dmp
2012-08-05 15:07 - 2012-08-05 15:07 - 00432984 ____A C:\Windows\Minidump\080512-26722-01.dmp
2012-08-05 14:09 - 2012-08-05 14:09 - 00437608 ____A C:\Windows\Minidump\080512-27362-01.dmp
2012-08-05 06:50 - 2012-08-05 06:50 - 00288320 ____A C:\Windows\Minidump\080512-30170-01.dmp
2012-08-04 16:07 - 2012-08-04 16:07 - 00429584 ____A C:\Windows\Minidump\080412-26020-01.dmp
2012-08-03 09:10 - 2012-08-03 09:10 - 00287728 ____A C:\Windows\Minidump\080312-30513-01.dmp
2012-08-03 09:07 - 2012-08-03 09:07 - 00291288 ____A C:\Windows\Minidump\080312-29889-01.dmp
2012-08-02 09:58 - 2012-09-13 04:44 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 08:57 - 2012-09-13 04:44 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-08-01 16:58 - 2012-08-01 16:58 - 00429384 ____A C:\Windows\Minidump\080112-26254-01.dmp
2012-08-01 10:56 - 2012-08-01 10:56 - 00427608 ____A C:\Windows\Minidump\080112-28782-01.dmp
2012-07-28 04:49 - 2012-07-28 04:49 - 00262144 ____A C:\Windows\Minidump\072812-28704-01.dmp
2012-07-25 23:21 - 2012-07-25 23:21 - 00291680 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-15 07:28:13
Restore point made on: 2012-10-16 06:18:26
Restore point made on: 2012-10-19 13:54:38

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8191.27 MB
Available physical RAM: 7321.99 MB
Total Pagefile: 8189.42 MB
Available Pagefile: 7316.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:596.07 GB) (Free:273.25 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:596.17 GB) (Free:397.26 GB) NTFS
3 Drive e: (DATA) (Fixed) (Total:596.17 GB) (Free:361.23 GB) NTFS
5 Drive h: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
10 Drive m: (MULTIBOOT) (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32
11 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
12 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 Online 596 GB 0 B
Disk 2 Online 596 GB 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 No Media 0 B 0 B
Disk 7 Online 7648 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 596 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 596 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 596 GB 1024 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D DATA NTFS Partition 596 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 596 GB 1024 KB

==================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 E DATA NTFS Partition 596 GB Healthy

=========================================================

Partitions of Disk 7:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7647 MB 40 KB

==================================================================================

Disk: 7
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 10 M MULTIBOOT FAT32 Removable 7647 MB Healthy

=========================================================

Last Boot: 2012-10-16 07:50

==================== End Of Log =============================




Services

Farbar Recovery Scan Tool (x64) Version: 16-10-2012
Ran by SYSTEM at 2012-10-19 20:14:54
Running from M:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======


Again, thank you for your continued assistance.

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,496 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:48 PM

Posted 19 October 2012 - 08:08 PM

Please run the following

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#7 Justice893

Justice893
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 20 October 2012 - 09:01 AM

Sorry for the delay,

I followed all of the combofix instructions very carefully and unfortunately it appears to have stalled while "Preparing log Report.".

I let the program sit overnight and it still is on the same step. Is it normal for the program to take this long on this step?

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,496 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:48 PM

Posted 20 October 2012 - 09:07 AM

yes it can be an issue, certain infections can interfere with it.

reboot the computer and see if a log has been created at C:\ComboFix.txt


NEXT


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#9 Justice893

Justice893
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 20 October 2012 - 10:58 AM

Unfortunately combofix.txt was not created in the process.

Here is the TDSS Killer log - It came up clear.

11:52:02.0925 4808 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
11:52:02.0925 4808 ============================================================
11:52:02.0925 4808 Current date / time: 2012/10/20 11:52:02.0925
11:52:02.0925 4808 SystemInfo:
11:52:02.0925 4808
11:52:02.0925 4808 OS Version: 6.1.7601 ServicePack: 1.0
11:52:02.0925 4808 Product type: Workstation
11:52:02.0925 4808 ComputerName: USER-PC
11:52:02.0925 4808 UserName: User
11:52:02.0925 4808 Windows directory: C:\Windows
11:52:02.0925 4808 System windows directory: C:\Windows
11:52:02.0925 4808 Running under WOW64
11:52:02.0925 4808 Processor architecture: Intel x64
11:52:02.0925 4808 Number of processors: 4
11:52:02.0925 4808 Page size: 0x1000
11:52:02.0925 4808 Boot type: Normal boot
11:52:02.0925 4808 ============================================================
11:52:05.0811 4808 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x110892E, SectorsPerTrack: 0x1, TracksPerCylinder: 0x46, Type 'K0', Flags 0x00000040
11:52:05.0811 4808 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0xDF20F, SectorsPerTrack: 0x24, TracksPerCylinder: 0x26, Type 'K0', Flags 0x00000040
11:52:05.0826 4808 Drive \Device\Harddisk2\DR2 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0xDF20F, SectorsPerTrack: 0x24, TracksPerCylinder: 0x26, Type 'K0', Flags 0x00000040
11:52:05.0873 4808 Drive \Device\Harddisk7\DR7 - Size: 0x1DE000000 (7.47 Gb), SectorSize: 0x200, Cylinders: 0x3CE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:52:05.0873 4808 ============================================================
11:52:05.0873 4808 \Device\Harddisk0\DR0:
11:52:05.0873 4808 MBR partitions:
11:52:05.0873 4808 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:52:05.0873 4808 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4A825000
11:52:05.0873 4808 \Device\Harddisk1\DR1:
11:52:05.0873 4808 MBR partitions:
11:52:05.0873 4808 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A857000
11:52:05.0873 4808 \Device\Harddisk2\DR2:
11:52:05.0873 4808 MBR partitions:
11:52:05.0873 4808 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A857000
11:52:05.0873 4808 \Device\Harddisk7\DR7:
11:52:05.0873 4808 MBR partitions:
11:52:05.0873 4808 \Device\Harddisk7\DR7\Partition1: MBR, Type 0xB, StartLBA 0x50, BlocksNum 0xEEFFB0
11:52:05.0873 4808 ============================================================
11:52:05.0889 4808 C: <-> \Device\Harddisk0\DR0\Partition2
11:52:05.0904 4808 F: <-> \Device\Harddisk1\DR1\Partition1
11:52:05.0920 4808 G: <-> \Device\Harddisk2\DR2\Partition1
11:52:05.0920 4808 ============================================================
11:52:05.0920 4808 Initialize success
11:52:05.0920 4808 ============================================================
11:52:33.0766 4392 ============================================================
11:52:33.0766 4392 Scan started
11:52:33.0766 4392 Mode: Manual; TDLFS;
11:52:33.0766 4392 ============================================================
11:52:34.0561 4392 ================ Scan system memory ========================
11:52:34.0561 4392 System memory - ok
11:52:34.0561 4392 ================ Scan services =============================
11:52:34.0671 4392 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:52:34.0671 4392 1394ohci - ok
11:52:34.0702 4392 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:52:34.0717 4392 ACPI - ok
11:52:34.0749 4392 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:52:34.0749 4392 AcpiPmi - ok
11:52:34.0827 4392 [ 4451CC2275B04043EC2BCC757AF97291 ] AdobeActiveFileMonitor8.0 C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
11:52:34.0827 4392 AdobeActiveFileMonitor8.0 - ok
11:52:34.0889 4392 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:52:34.0889 4392 AdobeARMservice - ok
11:52:34.0936 4392 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
11:52:34.0951 4392 adp94xx - ok
11:52:34.0951 4392 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
11:52:34.0967 4392 adpahci - ok
11:52:34.0983 4392 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
11:52:34.0983 4392 adpu320 - ok
11:52:34.0998 4392 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:52:34.0998 4392 AeLookupSvc - ok
11:52:35.0061 4392 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
11:52:35.0061 4392 AFD - ok
11:52:35.0092 4392 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:52:35.0092 4392 agp440 - ok
11:52:35.0107 4392 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:52:35.0123 4392 ALG - ok
11:52:35.0123 4392 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
11:52:35.0123 4392 aliide - ok
11:52:35.0139 4392 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
11:52:35.0139 4392 amdide - ok
11:52:35.0154 4392 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
11:52:35.0154 4392 AmdK8 - ok
11:52:35.0154 4392 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:52:35.0170 4392 AmdPPM - ok
11:52:35.0201 4392 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:52:35.0217 4392 amdsata - ok
11:52:35.0232 4392 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
11:52:35.0232 4392 amdsbs - ok
11:52:35.0248 4392 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:52:35.0248 4392 amdxata - ok
11:52:35.0279 4392 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
11:52:35.0295 4392 AppID - ok
11:52:35.0295 4392 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:52:35.0295 4392 AppIDSvc - ok
11:52:35.0341 4392 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
11:52:35.0341 4392 Appinfo - ok
11:52:35.0341 4392 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
11:52:35.0341 4392 arc - ok
11:52:35.0341 4392 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
11:52:35.0341 4392 arcsas - ok
11:52:35.0357 4392 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:52:35.0357 4392 AsyncMac - ok
11:52:35.0388 4392 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
11:52:35.0388 4392 atapi - ok
11:52:35.0435 4392 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:52:35.0435 4392 AudioEndpointBuilder - ok
11:52:35.0451 4392 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:52:35.0451 4392 AudioSrv - ok
11:52:35.0653 4392 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
11:52:35.0685 4392 AVGIDSAgent - ok
11:52:35.0731 4392 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
11:52:35.0731 4392 AVGIDSDriver - ok
11:52:35.0763 4392 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
11:52:35.0763 4392 AVGIDSFilter - ok
11:52:35.0809 4392 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
11:52:35.0809 4392 AVGIDSHA - ok
11:52:35.0856 4392 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
11:52:35.0856 4392 Avgldx64 - ok
11:52:35.0887 4392 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
11:52:35.0887 4392 Avgmfx64 - ok
11:52:35.0919 4392 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
11:52:35.0919 4392 Avgrkx64 - ok
11:52:35.0965 4392 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
11:52:35.0965 4392 Avgtdia - ok
11:52:36.0012 4392 [ A313C4AE276E3C975A1BC27170AA23C6 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
11:52:36.0012 4392 avgtp - ok
11:52:36.0059 4392 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
11:52:36.0059 4392 avgwd - ok
11:52:36.0090 4392 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:52:36.0090 4392 AxInstSV - ok
11:52:36.0121 4392 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
11:52:36.0137 4392 b06bdrv - ok
11:52:36.0153 4392 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:52:36.0168 4392 b57nd60a - ok
11:52:36.0199 4392 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:52:36.0215 4392 BDESVC - ok
11:52:36.0231 4392 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:52:36.0231 4392 Beep - ok
11:52:36.0277 4392 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
11:52:36.0293 4392 BFE - ok
11:52:36.0355 4392 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
11:52:36.0371 4392 BITS - ok
11:52:36.0402 4392 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:52:36.0402 4392 blbdrive - ok
11:52:36.0433 4392 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:52:36.0433 4392 bowser - ok
11:52:36.0433 4392 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:52:36.0449 4392 BrFiltLo - ok
11:52:36.0465 4392 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:52:36.0465 4392 BrFiltUp - ok
11:52:36.0496 4392 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
11:52:36.0496 4392 Browser - ok
11:52:36.0511 4392 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:52:36.0527 4392 Brserid - ok
11:52:36.0543 4392 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:52:36.0558 4392 BrSerWdm - ok
11:52:36.0558 4392 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:52:36.0574 4392 BrUsbMdm - ok
11:52:36.0574 4392 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:52:36.0574 4392 BrUsbSer - ok
11:52:36.0589 4392 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
11:52:36.0605 4392 BTHMODEM - ok
11:52:36.0605 4392 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:52:36.0605 4392 bthserv - ok
11:52:36.0621 4392 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:52:36.0621 4392 cdfs - ok
11:52:36.0652 4392 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
11:52:36.0652 4392 cdrom - ok
11:52:36.0683 4392 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
11:52:36.0714 4392 CertPropSvc - ok
11:52:36.0730 4392 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
11:52:36.0745 4392 circlass - ok
11:52:36.0777 4392 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:52:36.0777 4392 CLFS - ok
11:52:36.0839 4392 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:52:36.0839 4392 clr_optimization_v2.0.50727_32 - ok
11:52:36.0855 4392 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:52:36.0870 4392 clr_optimization_v2.0.50727_64 - ok
11:52:36.0901 4392 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:52:36.0901 4392 clr_optimization_v4.0.30319_32 - ok
11:52:36.0933 4392 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:52:36.0933 4392 clr_optimization_v4.0.30319_64 - ok
11:52:36.0933 4392 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:52:36.0948 4392 CmBatt - ok
11:52:36.0948 4392 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:52:36.0948 4392 cmdide - ok
11:52:37.0026 4392 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
11:52:37.0026 4392 CNG - ok
11:52:37.0026 4392 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:52:37.0042 4392 Compbatt - ok
11:52:37.0042 4392 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:52:37.0042 4392 CompositeBus - ok
11:52:37.0057 4392 COMSysApp - ok
11:52:37.0073 4392 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
11:52:37.0073 4392 crcdisk - ok
11:52:37.0120 4392 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:52:37.0120 4392 CryptSvc - ok
11:52:37.0151 4392 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:52:37.0167 4392 DcomLaunch - ok
11:52:37.0213 4392 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:52:37.0229 4392 defragsvc - ok
11:52:37.0260 4392 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:52:37.0260 4392 DfsC - ok
11:52:37.0323 4392 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
11:52:37.0323 4392 Dhcp - ok
11:52:37.0338 4392 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:52:37.0354 4392 discache - ok
11:52:37.0369 4392 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
11:52:37.0369 4392 Disk - ok
11:52:37.0385 4392 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:52:37.0385 4392 Dnscache - ok
11:52:37.0432 4392 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:52:37.0432 4392 dot3svc - ok
11:52:37.0479 4392 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
11:52:37.0479 4392 DPS - ok
11:52:37.0494 4392 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:52:37.0510 4392 drmkaud - ok
11:52:37.0635 4392 [ 1ED08A6264C5C92099D6D1DAE5E8F530 ] DrvAgent64 C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
11:52:37.0666 4392 DrvAgent64 - ok
11:52:37.0728 4392 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:52:37.0728 4392 DXGKrnl - ok
11:52:37.0759 4392 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:52:37.0775 4392 EapHost - ok
11:52:37.0822 4392 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
11:52:37.0900 4392 ebdrv - ok
11:52:37.0993 4392 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
11:52:37.0993 4392 EFS - ok
11:52:38.0103 4392 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:52:38.0118 4392 ehRecvr - ok
11:52:38.0134 4392 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:52:38.0134 4392 ehSched - ok
11:52:38.0149 4392 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
11:52:38.0165 4392 elxstor - ok
11:52:38.0196 4392 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:52:38.0212 4392 ErrDev - ok
11:52:38.0243 4392 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:52:38.0243 4392 EventSystem - ok
11:52:38.0259 4392 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:52:38.0274 4392 exfat - ok
11:52:38.0321 4392 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:52:38.0321 4392 fastfat - ok
11:52:38.0368 4392 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
11:52:38.0383 4392 Fax - ok
11:52:38.0383 4392 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:52:38.0399 4392 fdc - ok
11:52:38.0415 4392 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:52:38.0415 4392 fdPHost - ok
11:52:38.0430 4392 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:52:38.0446 4392 FDResPub - ok
11:52:38.0477 4392 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:52:38.0477 4392 FileInfo - ok
11:52:38.0493 4392 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:52:38.0493 4392 Filetrace - ok
11:52:38.0539 4392 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:52:38.0555 4392 FLEXnet Licensing Service - ok
11:52:38.0571 4392 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:52:38.0571 4392 flpydisk - ok
11:52:38.0617 4392 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:52:38.0617 4392 FltMgr - ok
11:52:38.0649 4392 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
11:52:38.0680 4392 FontCache - ok
11:52:38.0727 4392 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:52:38.0727 4392 FontCache3.0.0.0 - ok
11:52:38.0727 4392 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:52:38.0727 4392 FsDepends - ok
11:52:38.0773 4392 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:52:38.0773 4392 Fs_Rec - ok
11:52:38.0836 4392 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:52:38.0836 4392 fvevol - ok
11:52:38.0851 4392 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
11:52:38.0851 4392 gagp30kx - ok
11:52:38.0898 4392 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
11:52:38.0898 4392 gpsvc - ok
11:52:38.0961 4392 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:52:38.0961 4392 gupdate - ok
11:52:38.0961 4392 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:52:38.0961 4392 gupdatem - ok
11:52:39.0023 4392 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:52:39.0273 4392 gusvc - ok
11:52:39.0319 4392 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:52:39.0351 4392 hcw85cir - ok
11:52:39.0507 4392 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:52:39.0585 4392 HdAudAddService - ok
11:52:39.0663 4392 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
11:52:39.0663 4392 HDAudBus - ok
11:52:39.0694 4392 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
11:52:39.0741 4392 HidBatt - ok
11:52:39.0772 4392 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
11:52:39.0819 4392 HidBth - ok
11:52:39.0850 4392 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
11:52:39.0881 4392 HidIr - ok
11:52:39.0928 4392 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
11:52:39.0959 4392 hidserv - ok
11:52:40.0006 4392 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:52:40.0006 4392 HidUsb - ok
11:52:40.0053 4392 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:52:40.0084 4392 hkmsvc - ok
11:52:40.0131 4392 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:52:40.0146 4392 HomeGroupListener - ok
11:52:40.0193 4392 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:52:40.0193 4392 HomeGroupProvider - ok
11:52:40.0240 4392 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:52:40.0255 4392 HpSAMD - ok
11:52:40.0349 4392 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:52:40.0349 4392 HTTP - ok
11:52:40.0396 4392 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:52:40.0396 4392 hwpolicy - ok
11:52:40.0427 4392 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
11:52:40.0427 4392 i8042prt - ok
11:52:40.0489 4392 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:52:40.0489 4392 iaStorV - ok
11:52:40.0552 4392 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:52:40.0567 4392 idsvc - ok
11:52:40.0614 4392 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
11:52:40.0614 4392 iirsp - ok
11:52:40.0645 4392 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
11:52:40.0661 4392 IKEEXT - ok
11:52:40.0677 4392 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
11:52:40.0677 4392 intelide - ok
11:52:40.0692 4392 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:52:40.0692 4392 intelppm - ok
11:52:40.0723 4392 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:52:40.0723 4392 IPBusEnum - ok
11:52:40.0755 4392 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:52:40.0770 4392 IpFilterDriver - ok
11:52:40.0848 4392 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:52:40.0848 4392 iphlpsvc - ok
11:52:40.0895 4392 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:52:40.0895 4392 IPMIDRV - ok
11:52:40.0911 4392 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:52:40.0911 4392 IPNAT - ok
11:52:40.0926 4392 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:52:40.0942 4392 IRENUM - ok
11:52:40.0942 4392 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:52:40.0942 4392 isapnp - ok
11:52:40.0989 4392 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:52:40.0989 4392 iScsiPrt - ok
11:52:41.0035 4392 [ 86CFEF6DC6DE51AAB0C10384FE98F48F ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
11:52:41.0035 4392 JRAID - ok
11:52:41.0067 4392 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:52:41.0082 4392 kbdclass - ok
11:52:41.0098 4392 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:52:41.0098 4392 kbdhid - ok
11:52:41.0113 4392 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
11:52:41.0113 4392 KeyIso - ok
11:52:41.0145 4392 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:52:41.0145 4392 KSecDD - ok
11:52:41.0191 4392 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:52:41.0191 4392 KSecPkg - ok
11:52:41.0301 4392 [ E47FFCA0909871AC1BFF0D446FF63CA9 ] KSS C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
11:52:41.0301 4392 KSS - ok
11:52:41.0316 4392 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:52:41.0316 4392 ksthunk - ok
11:52:41.0347 4392 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
11:52:41.0379 4392 KtmRm - ok
11:52:41.0410 4392 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
11:52:41.0410 4392 LanmanServer - ok
11:52:41.0457 4392 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:52:41.0457 4392 LanmanWorkstation - ok
11:52:41.0503 4392 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
11:52:41.0503 4392 LGBusEnum - ok
11:52:41.0535 4392 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
11:52:41.0535 4392 LGVirHid - ok
11:52:41.0550 4392 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:52:41.0550 4392 lltdio - ok
11:52:41.0566 4392 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:52:41.0581 4392 lltdsvc - ok
11:52:41.0628 4392 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:52:41.0628 4392 lmhosts - ok
11:52:41.0644 4392 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
11:52:41.0644 4392 LSI_FC - ok
11:52:41.0644 4392 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
11:52:41.0644 4392 LSI_SAS - ok
11:52:41.0675 4392 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:52:41.0675 4392 LSI_SAS2 - ok
11:52:41.0691 4392 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:52:41.0691 4392 LSI_SCSI - ok
11:52:41.0722 4392 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
11:52:41.0722 4392 luafv - ok
11:52:41.0753 4392 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:52:41.0769 4392 Mcx2Svc - ok
11:52:41.0784 4392 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
11:52:41.0784 4392 megasas - ok
11:52:41.0800 4392 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
11:52:41.0800 4392 MegaSR - ok
11:52:41.0847 4392 Microsoft SharePoint Workspace Audit Service - ok
11:52:41.0862 4392 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
11:52:41.0862 4392 MMCSS - ok
11:52:41.0878 4392 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:52:41.0878 4392 Modem - ok
11:52:41.0909 4392 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:52:41.0909 4392 monitor - ok
11:52:41.0925 4392 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:52:41.0925 4392 mouclass - ok
11:52:41.0940 4392 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:52:41.0940 4392 mouhid - ok
11:52:41.0971 4392 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:52:41.0971 4392 mountmgr - ok
11:52:42.0049 4392 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
11:52:42.0049 4392 MpFilter - ok
11:52:42.0112 4392 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
11:52:42.0268 4392 mpio - ok
11:52:42.0315 4392 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:52:42.0315 4392 mpsdrv - ok
11:52:42.0346 4392 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:52:42.0361 4392 MpsSvc - ok
11:52:42.0393 4392 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:52:42.0408 4392 MRxDAV - ok
11:52:42.0455 4392 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:52:42.0455 4392 mrxsmb - ok
11:52:42.0486 4392 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:52:42.0486 4392 mrxsmb10 - ok
11:52:42.0533 4392 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:52:42.0533 4392 mrxsmb20 - ok
11:52:42.0564 4392 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
11:52:42.0564 4392 msahci - ok
11:52:42.0611 4392 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:52:42.0611 4392 msdsm - ok
11:52:42.0627 4392 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
11:52:42.0642 4392 MSDTC - ok
11:52:42.0658 4392 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:52:42.0658 4392 Msfs - ok
11:52:42.0658 4392 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:52:42.0673 4392 mshidkmdf - ok
11:52:42.0705 4392 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:52:42.0705 4392 msisadrv - ok
11:52:42.0736 4392 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:52:42.0736 4392 MSiSCSI - ok
11:52:42.0736 4392 msiserver - ok
11:52:42.0751 4392 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:52:42.0767 4392 MSKSSRV - ok
11:52:42.0845 4392 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
11:52:42.0845 4392 MsMpSvc - ok
11:52:42.0845 4392 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:52:42.0845 4392 MSPCLOCK - ok
11:52:42.0861 4392 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:52:42.0861 4392 MSPQM - ok
11:52:42.0907 4392 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:52:42.0907 4392 MsRPC - ok
11:52:42.0923 4392 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
11:52:42.0923 4392 mssmbios - ok
11:52:42.0923 4392 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:52:42.0939 4392 MSTEE - ok
11:52:42.0939 4392 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
11:52:42.0954 4392 MTConfig - ok
11:52:42.0970 4392 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:52:42.0970 4392 Mup - ok
11:52:43.0048 4392 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
11:52:43.0048 4392 napagent - ok
11:52:43.0079 4392 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:52:43.0095 4392 NativeWifiP - ok
11:52:43.0126 4392 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:52:43.0141 4392 NDIS - ok
11:52:43.0141 4392 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:52:43.0157 4392 NdisCap - ok
11:52:43.0173 4392 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:52:43.0173 4392 NdisTapi - ok
11:52:43.0219 4392 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:52:43.0235 4392 Ndisuio - ok
11:52:43.0297 4392 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:52:43.0313 4392 NdisWan - ok
11:52:43.0375 4392 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:52:43.0375 4392 NDProxy - ok
11:52:43.0500 4392 [ C7F5C284B6F46FCAF6910EA4E644700B ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
11:52:43.0516 4392 Nero BackItUp Scheduler 4.0 - ok
11:52:43.0516 4392 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:52:43.0516 4392 NetBIOS - ok
11:52:43.0578 4392 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:52:43.0578 4392 NetBT - ok
11:52:43.0609 4392 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
11:52:43.0609 4392 Netlogon - ok
11:52:43.0656 4392 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
11:52:43.0672 4392 Netman - ok
11:52:43.0687 4392 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
11:52:43.0687 4392 netprofm - ok
11:52:43.0703 4392 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:52:43.0703 4392 NetTcpPortSharing - ok
11:52:43.0719 4392 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
11:52:43.0719 4392 nfrd960 - ok
11:52:43.0765 4392 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
11:52:43.0765 4392 NisDrv - ok
11:52:43.0797 4392 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
11:52:43.0797 4392 NisSrv - ok
11:52:43.0890 4392 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:52:43.0890 4392 NlaSvc - ok
11:52:43.0937 4392 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:52:43.0937 4392 Npfs - ok
11:52:43.0937 4392 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:52:43.0953 4392 nsi - ok
11:52:43.0953 4392 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:52:43.0953 4392 nsiproxy - ok
11:52:44.0140 4392 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:52:44.0155 4392 Ntfs - ok
11:52:44.0202 4392 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
11:52:44.0202 4392 Null - ok
11:52:44.0233 4392 NVHDA - ok
11:52:44.0795 4392 [ BF7A24A71E1932200D864BC1CE15E596 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:52:44.0857 4392 nvlddmkm - ok
11:52:44.0873 4392 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:52:44.0873 4392 nvraid - ok
11:52:44.0904 4392 [ 6F2D9D7F339F0C9EF358793F92BA3393 ] nvrd64 C:\Windows\system32\DRIVERS\nvrd64.sys
11:52:44.0904 4392 nvrd64 - ok
11:52:44.0951 4392 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:52:44.0951 4392 nvstor - ok
11:52:44.0998 4392 [ A1578751D32B2CED76DCA2B20C2B22A5 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
11:52:44.0998 4392 nvstor64 - ok
11:52:45.0076 4392 [ 43F91595049DE14C4B61D1E76436164F ] nvsvc C:\Windows\system32\nvvsvc.exe
11:52:45.0076 4392 nvsvc - ok
11:52:45.0123 4392 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:52:45.0123 4392 nv_agp - ok
11:52:45.0154 4392 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:52:45.0169 4392 ohci1394 - ok
11:52:45.0216 4392 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:52:45.0216 4392 ose - ok
11:52:45.0310 4392 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:52:45.0403 4392 osppsvc - ok
11:52:45.0419 4392 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:52:45.0419 4392 p2pimsvc - ok
11:52:45.0450 4392 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:52:45.0450 4392 p2psvc - ok
11:52:45.0466 4392 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
11:52:45.0481 4392 Parport - ok
11:52:45.0528 4392 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:52:45.0528 4392 partmgr - ok
11:52:45.0544 4392 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:52:45.0544 4392 PcaSvc - ok
11:52:45.0559 4392 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
11:52:45.0559 4392 pci - ok
11:52:45.0575 4392 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
11:52:45.0575 4392 pciide - ok
11:52:45.0575 4392 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
11:52:45.0575 4392 pcmcia - ok
11:52:45.0591 4392 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:52:45.0591 4392 pcw - ok
11:52:45.0637 4392 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:52:45.0637 4392 PEAUTH - ok
11:52:45.0700 4392 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:52:45.0778 4392 PerfHost - ok
11:52:45.0809 4392 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
11:52:45.0840 4392 pla - ok
11:52:45.0918 4392 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:52:45.0918 4392 PlugPlay - ok
11:52:45.0934 4392 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:52:45.0934 4392 PNRPAutoReg - ok
11:52:45.0949 4392 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:52:45.0965 4392 PNRPsvc - ok
11:52:45.0996 4392 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:52:45.0996 4392 PolicyAgent - ok
11:52:46.0027 4392 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
11:52:46.0027 4392 Power - ok
11:52:46.0059 4392 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:52:46.0074 4392 PptpMiniport - ok
11:52:46.0090 4392 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
11:52:46.0105 4392 Processor - ok
11:52:46.0137 4392 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
11:52:46.0137 4392 ProfSvc - ok
11:52:46.0152 4392 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:52:46.0152 4392 ProtectedStorage - ok
11:52:46.0199 4392 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:52:46.0199 4392 Psched - ok
11:52:46.0246 4392 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
11:52:46.0246 4392 PxHlpa64 - ok
11:52:46.0277 4392 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
11:52:46.0308 4392 ql2300 - ok
11:52:46.0308 4392 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
11:52:46.0308 4392 ql40xx - ok
11:52:46.0339 4392 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
11:52:46.0339 4392 QWAVE - ok
11:52:46.0339 4392 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:52:46.0355 4392 QWAVEdrv - ok
11:52:46.0371 4392 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:52:46.0371 4392 RasAcd - ok
11:52:46.0402 4392 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:52:46.0417 4392 RasAgileVpn - ok
11:52:46.0433 4392 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
11:52:46.0433 4392 RasAuto - ok
11:52:46.0464 4392 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:52:46.0480 4392 Rasl2tp - ok
11:52:46.0511 4392 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
11:52:46.0527 4392 RasMan - ok
11:52:46.0527 4392 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:52:46.0542 4392 RasPppoe - ok
11:52:46.0542 4392 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:52:46.0558 4392 RasSstp - ok
11:52:46.0589 4392 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:52:46.0605 4392 rdbss - ok
11:52:46.0605 4392 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:52:46.0620 4392 rdpbus - ok
11:52:46.0620 4392 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:52:46.0620 4392 RDPCDD - ok
11:52:46.0636 4392 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:52:46.0636 4392 RDPENCDD - ok
11:52:46.0651 4392 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:52:46.0651 4392 RDPREFMP - ok
11:52:46.0683 4392 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:52:46.0698 4392 RDPWD - ok
11:52:46.0729 4392 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:52:46.0729 4392 rdyboost - ok
11:52:46.0761 4392 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:52:46.0776 4392 RemoteAccess - ok
11:52:46.0792 4392 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:52:46.0807 4392 RemoteRegistry - ok
11:52:46.0839 4392 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:52:46.0839 4392 RpcEptMapper - ok
11:52:46.0854 4392 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
11:52:46.0854 4392 RpcLocator - ok
11:52:46.0901 4392 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
11:52:46.0901 4392 RpcSs - ok
11:52:46.0917 4392 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:52:46.0917 4392 rspndr - ok
11:52:46.0917 4392 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
11:52:46.0917 4392 SamSs - ok
11:52:47.0026 4392 [ F444EBA4C58AD1D6D1DA9850C2B5D829 ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
11:52:47.0041 4392 SbieDrv - ok
11:52:47.0073 4392 [ 9E92ABAE6F6A63C4307FE7CC4AC95831 ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
11:52:47.0073 4392 SbieSvc - ok
11:52:47.0119 4392 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:52:47.0119 4392 sbp2port - ok
11:52:47.0166 4392 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
11:52:47.0166 4392 SBSDWSCService - ok
11:52:47.0182 4392 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:52:47.0197 4392 SCardSvr - ok
11:52:47.0229 4392 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:52:47.0229 4392 scfilter - ok
11:52:47.0322 4392 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
11:52:47.0338 4392 Schedule - ok
11:52:47.0385 4392 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:52:47.0385 4392 SCPolicySvc - ok
11:52:47.0431 4392 [ 958E956E119EB7B9ABA142AFED1B5FF4 ] ScsiAccess C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
11:52:47.0447 4392 ScsiAccess - ok
11:52:47.0478 4392 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:52:47.0478 4392 SDRSVC - ok
11:52:47.0494 4392 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:52:47.0494 4392 secdrv - ok
11:52:47.0525 4392 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
11:52:47.0541 4392 seclogon - ok
11:52:47.0556 4392 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
11:52:47.0556 4392 SENS - ok
11:52:47.0556 4392 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:52:47.0572 4392 SensrSvc - ok
11:52:47.0587 4392 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:52:47.0587 4392 Serenum - ok
11:52:47.0619 4392 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:52:47.0634 4392 Serial - ok
11:52:47.0681 4392 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
11:52:47.0697 4392 sermouse - ok
11:52:47.0743 4392 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
11:52:47.0743 4392 SessionEnv - ok
11:52:47.0790 4392 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:52:47.0790 4392 sffdisk - ok
11:52:47.0806 4392 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:52:47.0806 4392 sffp_mmc - ok
11:52:47.0821 4392 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:52:47.0821 4392 sffp_sd - ok
11:52:47.0837 4392 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
11:52:47.0837 4392 sfloppy - ok
11:52:47.0899 4392 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:52:47.0899 4392 SharedAccess - ok
11:52:47.0946 4392 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:52:47.0946 4392 ShellHWDetection - ok
11:52:47.0962 4392 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:52:47.0962 4392 SiSRaid2 - ok
11:52:47.0977 4392 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
11:52:47.0977 4392 SiSRaid4 - ok
11:52:47.0993 4392 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:52:47.0993 4392 Smb - ok
11:52:48.0024 4392 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:52:48.0024 4392 SNMPTRAP - ok
11:52:48.0055 4392 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:52:48.0055 4392 spldr - ok
11:52:48.0165 4392 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
11:52:48.0165 4392 Spooler - ok
11:52:48.0445 4392 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
11:52:48.0461 4392 sppsvc - ok
11:52:48.0477 4392 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:52:48.0492 4392 sppuinotify - ok
11:52:48.0523 4392 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
11:52:48.0539 4392 srv - ok
11:52:48.0570 4392 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:52:48.0586 4392 srv2 - ok
11:52:48.0617 4392 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:52:48.0617 4392 srvnet - ok
11:52:48.0633 4392 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:52:48.0633 4392 SSDPSRV - ok
11:52:48.0648 4392 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:52:48.0648 4392 SstpSvc - ok
11:52:48.0664 4392 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
11:52:48.0664 4392 stexstor - ok
11:52:48.0695 4392 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
11:52:48.0695 4392 stisvc - ok
11:52:48.0742 4392 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
11:52:48.0742 4392 swenum - ok
11:52:48.0773 4392 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
11:52:48.0789 4392 swprv - ok
11:52:48.0835 4392 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
11:52:48.0851 4392 SysMain - ok
11:52:48.0882 4392 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:52:48.0898 4392 TabletInputService - ok
11:52:48.0929 4392 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:52:48.0929 4392 TapiSrv - ok
11:52:48.0945 4392 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
11:52:48.0945 4392 TBS - ok
11:52:49.0007 4392 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:52:49.0023 4392 Tcpip - ok
11:52:49.0116 4392 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:52:49.0116 4392 TCPIP6 - ok
11:52:49.0179 4392 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:52:49.0179 4392 tcpipreg - ok
11:52:49.0210 4392 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:52:49.0210 4392 TDPIPE - ok
11:52:49.0257 4392 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:52:49.0272 4392 TDTCP - ok
11:52:49.0303 4392 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:52:49.0319 4392 tdx - ok
11:52:49.0319 4392 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
11:52:49.0319 4392 TermDD - ok
11:52:49.0397 4392 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
11:52:49.0413 4392 TermService - ok
11:52:49.0413 4392 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
11:52:49.0413 4392 Themes - ok
11:52:49.0444 4392 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
11:52:49.0444 4392 THREADORDER - ok
11:52:49.0459 4392 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
11:52:49.0459 4392 TrkWks - ok
11:52:49.0522 4392 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:52:49.0522 4392 TrustedInstaller - ok
11:52:49.0584 4392 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:52:49.0584 4392 tssecsrv - ok
11:52:49.0631 4392 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:52:49.0631 4392 TsUsbFlt - ok
11:52:49.0678 4392 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:52:49.0678 4392 tunnel - ok
11:52:49.0678 4392 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
11:52:49.0693 4392 uagp35 - ok
11:52:49.0725 4392 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:52:49.0725 4392 udfs - ok
11:52:49.0740 4392 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:52:49.0740 4392 UI0Detect - ok
11:52:49.0756 4392 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:52:49.0756 4392 uliagpkx - ok
11:52:49.0803 4392 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
11:52:49.0818 4392 umbus - ok
11:52:49.0818 4392 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
11:52:49.0834 4392 UmPass - ok
11:52:49.0849 4392 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
11:52:49.0849 4392 upnphost - ok
11:52:49.0896 4392 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
11:52:49.0912 4392 usbaudio - ok
11:52:49.0943 4392 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:52:49.0959 4392 usbccgp - ok
11:52:49.0990 4392 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:52:49.0990 4392 usbcir - ok
11:52:50.0037 4392 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:52:50.0037 4392 usbehci - ok
11:52:50.0052 4392 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:52:50.0068 4392 usbhub - ok
11:52:50.0083 4392 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
11:52:50.0083 4392 usbohci - ok
11:52:50.0099 4392 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:52:50.0115 4392 usbprint - ok
11:52:50.0130 4392 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:52:50.0130 4392 USBSTOR - ok
11:52:50.0146 4392 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
11:52:50.0161 4392 usbuhci - ok
11:52:50.0161 4392 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
11:52:50.0161 4392 UxSms - ok
11:52:50.0177 4392 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
11:52:50.0177 4392 VaultSvc - ok
11:52:50.0239 4392 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:52:50.0239 4392 vdrvroot - ok
11:52:50.0286 4392 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
11:52:50.0302 4392 vds - ok
11:52:50.0317 4392 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:52:50.0333 4392 vga - ok
11:52:50.0349 4392 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
11:52:50.0349 4392 VgaSave - ok
11:52:50.0380 4392 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:52:50.0380 4392 vhdmp - ok
11:52:50.0411 4392 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
11:52:50.0411 4392 viaide - ok
11:52:50.0427 4392 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:52:50.0427 4392 volmgr - ok
11:52:50.0473 4392 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:52:50.0473 4392 volmgrx - ok
11:52:50.0505 4392 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:52:50.0505 4392 volsnap - ok
11:52:50.0520 4392 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
11:52:50.0520 4392 vsmraid - ok
11:52:50.0583 4392 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
11:52:50.0583 4392 VSS - ok
11:52:50.0692 4392 [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
11:52:50.0692 4392 vToolbarUpdater12.2.6 - ok
11:52:50.0692 4392 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
11:52:50.0707 4392 vwifibus - ok
11:52:50.0739 4392 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
11:52:50.0739 4392 W32Time - ok
11:52:50.0754 4392 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
11:52:50.0770 4392 WacomPen - ok
11:52:50.0770 4392 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:52:50.0785 4392 WANARP - ok
11:52:50.0785 4392 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:52:50.0785 4392 Wanarpv6 - ok
11:52:50.0832 4392 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:52:50.0863 4392 WatAdminSvc - ok
11:52:50.0926 4392 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
11:52:50.0941 4392 wbengine - ok
11:52:50.0957 4392 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:52:50.0957 4392 WbioSrvc - ok
11:52:51.0004 4392 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:52:51.0019 4392 wcncsvc - ok
11:52:51.0051 4392 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:52:51.0051 4392 WcsPlugInService - ok
11:52:51.0066 4392 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
11:52:51.0066 4392 Wd - ok
11:52:51.0082 4392 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:52:51.0082 4392 Wdf01000 - ok
11:52:51.0097 4392 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:52:51.0097 4392 WdiServiceHost - ok
11:52:51.0097 4392 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:52:51.0097 4392 WdiSystemHost - ok
11:52:51.0144 4392 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
11:52:51.0160 4392 WebClient - ok
11:52:51.0160 4392 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:52:51.0175 4392 Wecsvc - ok
11:52:51.0191 4392 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:52:51.0191 4392 wercplsupport - ok
11:52:51.0207 4392 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:52:51.0207 4392 WerSvc - ok
11:52:51.0222 4392 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:52:51.0222 4392 WfpLwf - ok
11:52:51.0238 4392 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:52:51.0238 4392 WIMMount - ok
11:52:51.0253 4392 WinDefend - ok
11:52:51.0253 4392 WinHttpAutoProxySvc - ok
11:52:51.0285 4392 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:52:51.0285 4392 Winmgmt - ok
11:52:51.0347 4392 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
11:52:51.0378 4392 WinRM - ok
11:52:51.0441 4392 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
11:52:51.0456 4392 Wlansvc - ok
11:52:51.0487 4392 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:52:51.0487 4392 WmiAcpi - ok
11:52:51.0503 4392 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:52:51.0503 4392 wmiApSrv - ok
11:52:51.0519 4392 WMPNetworkSvc - ok
11:52:51.0519 4392 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:52:51.0534 4392 WPCSvc - ok
11:52:51.0565 4392 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:52:51.0565 4392 WPDBusEnum - ok
11:52:51.0581 4392 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:52:51.0597 4392 ws2ifsl - ok
11:52:51.0612 4392 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
11:52:51.0612 4392 wscsvc - ok
11:52:51.0612 4392 WSearch - ok
11:52:51.0690 4392 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:52:51.0721 4392 wuauserv - ok
11:52:51.0737 4392 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:52:51.0737 4392 WudfPf - ok
11:52:51.0784 4392 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:52:51.0784 4392 WUDFRd - ok
11:52:51.0815 4392 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:52:51.0815 4392 wudfsvc - ok
11:52:51.0846 4392 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
11:52:51.0862 4392 WwanSvc - ok
11:52:51.0924 4392 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
11:52:51.0924 4392 yukonw7 - ok
11:52:51.0924 4392 ================ Scan global ===============================
11:52:51.0971 4392 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:52:52.0033 4392 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
11:52:52.0049 4392 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
11:52:52.0080 4392 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:52:52.0111 4392 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:52:52.0127 4392 [Global] - ok
11:52:52.0127 4392 ================ Scan MBR ==================================
11:52:52.0127 4392 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:52:52.0517 4392 \Device\Harddisk0\DR0 - ok
11:52:52.0533 4392 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
11:52:52.0595 4392 \Device\Harddisk1\DR1 - ok
11:52:52.0611 4392 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk2\DR2
11:52:52.0673 4392 \Device\Harddisk2\DR2 - ok
11:52:52.0673 4392 [ 973E9BA32FDBB305C552ED3E1EBF0686 ] \Device\Harddisk7\DR7
11:52:52.0767 4392 \Device\Harddisk7\DR7 - ok
11:52:52.0767 4392 ================ Scan VBR ==================================
11:52:52.0782 4392 [ A2492B411752C659A59A0A86BAC11A19 ] \Device\Harddisk0\DR0\Partition1
11:52:52.0782 4392 \Device\Harddisk0\DR0\Partition1 - ok
11:52:52.0782 4392 [ 2EB632547162D993D6859EE176C97499 ] \Device\Harddisk0\DR0\Partition2
11:52:52.0782 4392 \Device\Harddisk0\DR0\Partition2 - ok
11:52:52.0813 4392 [ 42D3C8298B6EABB863F9BC8891319EAE ] \Device\Harddisk1\DR1\Partition1
11:52:52.0813 4392 \Device\Harddisk1\DR1\Partition1 - ok
11:52:52.0813 4392 [ 42D3C8298B6EABB863F9BC8891319EAE ] \Device\Harddisk2\DR2\Partition1
11:52:52.0829 4392 \Device\Harddisk2\DR2\Partition1 - ok
11:52:52.0829 4392 [ 04BDAB951F35F06E0C16E164E4B8F796 ] \Device\Harddisk7\DR7\Partition1
11:52:52.0829 4392 \Device\Harddisk7\DR7\Partition1 - ok
11:52:52.0829 4392 ============================================================
11:52:52.0829 4392 Scan finished
11:52:52.0829 4392 ============================================================
11:52:52.0829 4380 Detected object count: 0
11:52:52.0829 4380 Actual detected object count: 0

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,496 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:48 PM

Posted 20 October 2012 - 12:38 PM

Please run the following:

Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#11 Justice893

Justice893
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 20 October 2012 - 07:27 PM

Sorry about the delay the eset scan took appx 5 hours ~ it came up clean.

Here are the logs for mbam and AdwCleaner ~

Also AVG reported AdwCleaner as malware, not sure if thats normal or not just wanted to throw it out there.


AdwCleaner

# AdwCleaner v2.005 - Logfile created 10/20/2012 at 13:52:03
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : User - USER-PC
# Boot Mode : Normal
# Running from : C:\Users\User\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\ProgramData\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

*************************

AdwCleaner[S1].txt - [5282 octets] - [20/10/2012 13:52:03]

########## EOF - C:\AdwCleaner[S1].txt - [5342 octets] ##########


MBAM

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.20.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-PC [administrator]

20/10/2012 1:58:18 PM
mbam-log-2012-10-20 (13-58-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196419
Time elapsed: 10 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Thanks again Catbyte ~

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,496 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:48 PM

Posted 20 October 2012 - 07:45 PM

yes, quite often the AV companies will alert to our specialized tools, it's because they often use techniques to detect malware that is similar to the malware itself, but the tools are perfectly safe.

how is the computer behaving now
are there any outstanding issues?
The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#13 Justice893

Justice893
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 20 October 2012 - 07:54 PM

Theres nothing too obvious at the moment but I know that Trojan-FakeAV.Win32.SmartFortress.cjc is still buried in here somewhere as Kapersky picked it up but I didnt take any action as I didnt want to make my logs inaccurate just after I posted them (after my initial post). The computer is running noticeably slower then it did pre-infection :(.

Perhaps its time for a reformat :P.

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,496 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:48 PM

Posted 20 October 2012 - 07:58 PM

run a scan with Kaspersky and let me know where it finds the detection, it might already be in quarantine

if you can do a reformat without too much trouble, then that may be something you should consider
The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#15 Justice893

Justice893
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 20 October 2012 - 08:05 PM

I think I may just do a reformat and save the both of us the trouble :busy:.

Thank you so much for all the time you've put into helping me out with these issues. I really appreciate the quick and detailed responses, as soon as the funds are allowing I will be sending a donation your way.

Take care and thanks again for your patience and consistancy!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users