Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect virus + continual false alerts


  • This topic is locked This topic is locked
26 replies to this topic

#1 stevenseagal

stevenseagal

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 27 March 2012 - 05:18 PM

Good evening,

Today I had downloaded several suspicious files, resulting in an infection on my computer.

I am running Windows 7 Enterprise on a laptop PC, and I use Google Chrome.

My description of the infection and my attempts to remedy the situation are as follows:

- Redirecting from any and all google search results begins (redirection is towards various advertisement sites).
- Redirection is accompanied with various detections of alleged threats by AVG anti-virus free edition 2011.
- Attempted to remedy the situation by running: AVG anti-virus free edition 2011 (several times), Spybot search & destroy (once).
- Redirecting seemed to had stopped.
- Redirecting continues once every half-hour or so for a few clicks, then stops for a while again.
- In addition, new tabs occasionally open when I click a link from a google search, or open a new tab and try to visit facebook, etc., and the new tab visits a website of a similar nature to the redirections.
- AVG detects infections in varying /system32/ files every 15 minutes or so. I used the "move to vault" option for the first 6 or 7 alerts before suspecting that these were false detections. I've had about 5 more alerts since then, all of which I have ignored.
- I attempted to follow the instructions on atechjourney.com for removing the "google redirect virus", all of which failed to identify any problematic files in the registry.

I await instructions. Thanks for reading.

Steve

BC AdBot (Login to Remove)

 


#2 stevenseagal

stevenseagal
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 27 March 2012 - 05:35 PM

Here is my DDS log. Attach.zip is attached.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Boy at 18:27:12 on 2012-03-27
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.2.1033.18.3046.1020 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\MATLAB701\webserver\bin\win32\matlabserver.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\matlab701\bin\win32\matlab.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\System32\SupportAppXL\AutoDect.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\igfxext.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\explorer.exe
C:\Users\Boy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Boy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Boy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Boy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Boy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Boy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Boy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Boy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE
C:\Users\Boy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Boy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Boy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Boy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Boy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Boy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Boy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\5.1\youtubedownloaderToolbarIE.dll
uURLSearchHooks: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PC Tools Browser Defender BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\5.1\youtubedownloaderToolbarIE.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\5.1\youtubedownloaderToolbarIE.dll
TB: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
TB: {531C49A7-179F-43CA-AF5E-AF375FBB8840} - No File
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Google Update] "c:\users\boy\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [PPS Accelerator] c:\progra~1\ppstream\ppsap.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [F.lux] "c:\users\boy\local settings\apps\f.lux\flux.exe" /noshow
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [4Y3Y0C3A9F7W0I5VZJHDTUQ] c:\recycle.bin\B6232F3AF2A.exe /q
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [TpShocks] TpShocks.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [autodetect] c:\windows\system32\supportappxl\AutoDect.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [<NO NAME>]
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
StartupFolder: c:\users\boy\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
LSP: mswsock.dll
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: webscache.com
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{29DF85F7-7966-4D1F-9A7D-5D8089E1C168} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{29DF85F7-7966-4D1F-9A7D-5D8089E1C168}\46C696E6B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{29DF85F7-7966-4D1F-9A7D-5D8089E1C168}\75C414E4 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{29DF85F7-7966-4D1F-9A7D-5D8089E1C168}\775637475627E6 : DhcpNameServer = 216.254.136.227 216.254.141.13
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli c:\program files\thinkvantage fingerprint software\psqlpwd.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-9-18 24304]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-3-27 331880]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-3-27 342168]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2012-3-27 909728]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-10-9 20520]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 297168]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-9-18 13480]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-3-27 185560]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-3-4 748440]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-7 269520]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools\pc tools security\bdt\BDTUpdateService.exe [2012-3-27 550864]
R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2011-3-24 271408]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2010-9-18 93032]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2010-8-24 592120]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2010-3-17 6630912]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2012-3-27 56840]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S2 avg7alrt;FVXSCSI;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 CTMSHD;Nvpvrmon;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-8 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-9-18 132456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-8 136176]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-8-12 9216]
S3 PCDSRVC{3037D694-FD904ACA-06020000}_0;PCDSRVC{3037D694-FD904ACA-06020000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2010-5-7 21360]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-9-18 75112]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-5-23 15872]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools\pc tools security\pctsAuxs.exe [2012-3-27 402336]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools\pc tools security\pctsSvc.exe [2012-3-27 1117624]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-23 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-18 1343400]
.
=============== Created Last 30 ================
.
2012-03-27 18:35:47 -------- d-----w- c:\windows\pss
2012-03-27 17:12:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-27 17:12:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-03-27 16:23:57 767952 ----a-w- c:\windows\BDTSupport.dll
2012-03-27 16:23:57 56840 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-03-27 16:23:56 2250704 ----a-w- c:\windows\PCTBDCore.dll
2012-03-27 16:23:56 1681360 ----a-w- c:\windows\PCTBDRes.dll
2012-03-27 16:23:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2012-03-27 16:22:39 253352 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-03-27 16:22:39 107864 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2012-03-27 16:22:24 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2012-03-27 16:22:19 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-03-27 16:22:10 -------- d-----w- c:\program files\PC Tools
2012-03-27 16:22:09 -------- d-----w- C:\736f6709422ccabfc1f1910b
2012-03-27 16:18:55 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-03-27 16:18:54 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-03-27 16:18:49 331880 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-03-27 16:18:49 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-03-27 16:18:45 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-03-27 16:18:45 -------- d-----w- c:\program files\common files\PC Tools
2012-03-27 16:17:55 -------- d-----w- c:\programdata\PC Tools
2012-03-27 16:17:54 -------- d-----w- c:\users\boy\appdata\roaming\TestApp
2012-03-27 15:43:02 -------- d-----w- c:\program files\Tracker Software
2012-03-27 15:32:09 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-18 14:42:23 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2012-03-18 14:42:23 -------- d-----w- c:\program files\common files\Spigot
2012-03-18 14:42:23 -------- d-----w- c:\program files\Application Updater
2012-03-15 03:18:18 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-15 03:18:17 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 15:52:24 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 15:52:23 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 15:52:01 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-14 15:52:01 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 15:52:01 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 15:52:01 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 15:51:59 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 15:51:59 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 15:51:59 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-07 18:00:51 162664 ----a-w- c:\programdata\microsoft\windows\sqm\manifest\Sqm10140.bin
2012-02-28 21:58:17 -------- d-----w- c:\programdata\YouTube Downloader
2012-02-28 21:58:11 -------- d-----w- c:\program files\YouTube Downloader
.
==================== Find3M ====================
.
2012-01-24 15:48:10 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-01-04 08:58:41 442880 ----a-w- c:\windows\system32\ntshrui.dll
2011-12-30 05:27:56 478720 ----a-w- c:\windows\system32\timedate.cpl
2011-12-29 21:50:33 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
.
============= FINISH: 18:28:14.74 ===============

Attached Files



#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:01 PM

Posted 28 March 2012 - 12:32 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 stevenseagal

stevenseagal
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 28 March 2012 - 11:30 AM

Greetings,

I disabled AVG as it was instructed in the link you provided, closed all browsers etc. and ran combofix. Combofix detected that AVG was "still running", although it was indeed disabled so I pushed onwards despite the warning. After roughly 12 minutes of scanning, which included 2 sets of 2 prompts informing me that I'm infected with a "ZeroAccess.rootkit!" and simply a "rootkit", Combofix restarted my machine. Upon restart, I was not prompted for a password or anything, but rather combofix continued to run, completing "stages" 1 through 50. After this, it began deleting a whole slew of files in \system32\, and then stated "deleting folder c:\windows\$NtUninstallKB50524$", which at present seems to be an empty folder. Combofix seems to have stalled at this stage, since it sat there deleting the folder for 20 minutes before I concluded that it had stalled, at which point I closed it and restarted the computer. Boot-up this time was normal. I do not see a log anywhere, as I presume one was not created since I terminated the program before it finished (whether it was going to finish is obviously an open question).

I am unaware of whether I continue to get redirections or new-tab pop-ups, as they happen sporadically. I am also unaware as to whether AVG will continue to register threats every 15-20 minutes since it is currently disabled and I need to restart the machine to get it going again. I will let you know about the AVG part sometime soon.

Steve

#5 stevenseagal

stevenseagal
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 28 March 2012 - 11:44 AM

I am unable to enable "Anti-Virus", "Anti-Spyware", and "Resident Shield" on my AVG 2011 free edition. I clicked "Fix all", which updated, then it asked to restart so I did, and those components still won't enable. "Whole computer scans" finish instantly, finding nothing.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:01 PM

Posted 28 March 2012 - 02:54 PM

Hello


OK lets leave AVG alone for now

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 stevenseagal

stevenseagal
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 28 March 2012 - 04:25 PM

The scan completed this time. Here is the log:

ComboFix 12-03-28.02 - Boy 28/03/2012 17:03:19.4.2 - x86 MINIMAL
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.2.1033.18.3046.2336 [GMT -4:00]
Running from: c:\users\Boy\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\recycle.bin\B6232F3AF2A.exe
c:\windows\$NtUninstallKB50542$
.
---- Previous Run -------
.
c:\recycle.bin\B6232F3AF2A.exe
.
-- Previous Run --
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
.
--------
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WINIO
-------\Service_aexnsclienttransport
-------\Service_BLKWGU(Belkin)
-------\Service_cpuz132
-------\Service_dnsexit
-------\Service_dtsagntsvc
-------\Service_EhttpSrv
-------\Service_icm10blk
-------\Service_idebusdr
-------\Service_IWCA
-------\Service_k750bus
-------\Service_lvhidsvc
-------\Service_mozyFilter
-------\Service_oracleorahomemanagementserver
-------\Service_ovmsmaccessmanager
-------\Service_ovsecurityserver
-------\Service_psimsvc
-------\Service_rca
-------\Service_se2Dnd5
-------\Service_transbaseservice
-------\Service_twotrack
-------\Service_WINIO
-------\Service_Wtcls2k
-------\Service_ZDCNDIS5
-------\Service_zpsc
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-28 )))))))))))))))))))))))))))))))
.
.
2012-03-28 21:11 . 2012-03-28 21:13 -------- d-----w- c:\users\Boy\AppData\Local\temp
2012-03-28 21:11 . 2012-03-28 21:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-27 17:12 . 2012-03-27 17:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-27 17:12 . 2012-03-27 17:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-03-27 16:23 . 2012-02-17 19:08 767952 ----a-w- c:\windows\BDTSupport.dll
2012-03-27 16:23 . 2011-09-28 17:14 56840 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-03-27 16:23 . 2012-02-17 19:08 149456 ----a-w- c:\windows\SGDetectionTool.dll
2012-03-27 16:23 . 2012-02-17 19:08 2250704 ----a-w- c:\windows\PCTBDCore.dll
2012-03-27 16:23 . 2012-02-17 19:08 1681360 ----a-w- c:\windows\PCTBDRes.dll
2012-03-27 16:22 . 2012-02-24 14:31 107864 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2012-03-27 16:17 . 2012-03-27 16:17 -------- d-----w- c:\users\Boy\AppData\Roaming\TestApp
2012-03-27 15:43 . 2012-03-27 15:43 -------- d-----w- c:\program files\Tracker Software
2012-03-18 14:42 . 2012-03-18 14:42 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2012-03-18 14:42 . 2012-03-18 14:42 -------- d-----w- c:\program files\Common Files\Spigot
2012-03-18 14:42 . 2012-03-18 14:42 -------- d-----w- c:\program files\Application Updater
2012-03-15 03:18 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-15 03:18 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 15:52 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 15:52 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 15:52 . 2012-02-17 05:34 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-14 15:52 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 15:52 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 15:52 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 15:51 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 15:51 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 15:51 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-07 18:00 . 2012-03-07 18:00 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-28 21:58 . 2012-02-28 21:58 -------- d-----w- c:\programdata\YouTube Downloader
2012-02-28 21:58 . 2012-02-28 21:58 -------- d-----w- c:\program files\YouTube Downloader
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-24 15:48 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-01-04 08:58 . 2012-02-16 03:54 442880 ----a-w- c:\windows\system32\ntshrui.dll
2011-12-30 05:27 . 2012-02-16 03:54 478720 ----a-w- c:\windows\system32\timedate.cpl
2011-12-29 21:50 . 2011-12-29 21:50 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-01 14709640]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-30 1242448]
"F.lux"="c:\users\Boy\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"TpShocks"="TpShocks.exe" [2009-12-11 337256]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2010-08-25 894312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"autodetect"="c:\windows\system32\SupportAppXL\AutoDect.exe" [2008-12-02 91648]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-03-05 934752]
.
c:\users\Boy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2010-04-02 19:46 100104 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-04 297168]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD.sys [2012-02-24 185560]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2012-03-05 748440]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-02-17 550864]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-08 136176]
R2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [2011-03-25 271408]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 12560]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-08-24 592120]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-27 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 21968]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2010-08-25 132456]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-08 136176]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-09-27 9216]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2010-03-18 6630912]
R3 PCDSRVC{3037D694-FD904ACA-06020000}_0;PCDSRVC{3037D694-FD904ACA-06020000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2010-05-07 21360]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD.sys [2011-09-28 56840]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2010-08-25 75112]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools\PC Tools Security\pctsAuxs.exe [2012-02-24 402336]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-19 1343400]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2010-08-25 24304]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-11-14 331880]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-12-01 342168]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-12-01 909728]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-10-09 20520]
.
.
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
tng-dts
ssmdrv
ipassconnectengine
oraclesnmppeermasteragent
mpservice
avg7alrt
s3savagemx
TCtrlIO
CTMSHD
cbidf
smbusp
pnkbstra
RushTopDevice
vpcnets2
ovsecurityserver
vmount2
lvhidsvc
tlntsvr
twotrack
icm10blk
EhttpSrv
psimsvc
mozyFilter
se2Dnd5
rca
BLKWGU(Belkin)
dnsexit
cdaudio
zpsc
transbaseservice
mclogmanagerservice
ovmsmaccessmanager
ZDCNDIS5
Wtcls2k
cpuz132
oracleorahomemanagementserver
dtsagntsvc
idebusdr
aexnsclienttransport
dac2w2k
snac
k750bus
fsks
IWCA
AX88772
i2omp
se59bus
pdlnatcm
omnidrv
z525obex
SMTPSVC
z800mdfl
arkbcfltr
lxby_device
s217mgmt
a8djusb
SNPSTD3
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-08 13:50]
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-08 13:50]
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3023243419-23348955-599690747-1000Core.job
- c:\users\Boy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-27 10:58]
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3023243419-23348955-599690747-1000UA.job
- c:\users\Boy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-27 10:58]
.
2012-03-22 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2010-05-07 19:46]
.
2012-03-28 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2010-09-08 22:14]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: webscache.com
TCP: DhcpNameServer = 142.1.208.1
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-PPS Accelerator - c:\progra~1\PPStream\ppsap.exe
HKCU-Run-4Y3Y0C3A9F7W0I5VZJHDTUQ - c:\recycle.bin\B6232F3AF2A.exe
SafeBoot-klmdb.sys
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06020000}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(588)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2012-03-28 17:17:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-28 21:17
.
Pre-Run: 340,604,514,304 bytes free
Post-Run: 340,323,692,544 bytes free
.
- - End Of File - - AD5FC60BFEC4A99A507575DDAAD8D2BF

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:01 PM

Posted 28 March 2012 - 05:50 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 stevenseagal

stevenseagal
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 28 March 2012 - 09:49 PM

Greetings,

No trouble running the scans. No restart required after tdsskiller. Still unsure as to whether the problems persist as they occur sporadically, however I have not yet had an instance since running combofix. AVG still disabled. Here are the logs:


22:24:08.0125 4916 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
22:24:08.0437 4916 ============================================================
22:24:08.0437 4916 Current date / time: 2012/03/28 22:24:08.0437
22:24:08.0437 4916 SystemInfo:
22:24:08.0437 4916
22:24:08.0437 4916 OS Version: 6.1.7601 ServicePack: 1.0
22:24:08.0437 4916 Product type: Workstation
22:24:08.0437 4916 ComputerName: BOY-PC
22:24:08.0437 4916 UserName: Boy
22:24:08.0437 4916 Windows directory: C:\Windows
22:24:08.0437 4916 System windows directory: C:\Windows
22:24:08.0453 4916 Processor architecture: Intel x86
22:24:08.0453 4916 Number of processors: 2
22:24:08.0453 4916 Page size: 0x1000
22:24:08.0453 4916 Boot type: Normal boot
22:24:08.0453 4916 ============================================================
22:24:09.0654 4916 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
22:24:09.0654 4916 \Device\Harddisk0\DR0:
22:24:09.0654 4916 MBR used
22:24:09.0654 4916 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:24:09.0654 4916 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
22:24:09.0685 4916 Initialize success
22:24:09.0685 4916 ============================================================
22:24:22.0009 0964 ============================================================
22:24:22.0009 0964 Scan started
22:24:22.0009 0964 Mode: Manual;
22:24:22.0009 0964 ============================================================
22:24:22.0696 0964 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
22:24:22.0711 0964 1394ohci - ok
22:24:22.0711 0964 a8djusb - ok
22:24:22.0789 0964 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
22:24:22.0789 0964 ACPI - ok
22:24:22.0852 0964 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
22:24:22.0852 0964 AcpiPmi - ok
22:24:22.0914 0964 ADIHdAudAddService (6c61bceb60c2c187e6f96001fd69493e) C:\Windows\system32\drivers\ADIHdAud.sys
22:24:22.0914 0964 ADIHdAudAddService - ok
22:24:23.0039 0964 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
22:24:23.0039 0964 adp94xx - ok
22:24:23.0101 0964 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
22:24:23.0101 0964 adpahci - ok
22:24:23.0132 0964 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
22:24:23.0132 0964 adpu320 - ok
22:24:23.0179 0964 AEADIFilters (4dc6b0772d1698f04fc79053a21c8260) C:\Windows\system32\AEADISRV.EXE
22:24:23.0179 0964 AEADIFilters - ok
22:24:23.0210 0964 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
22:24:23.0210 0964 AeLookupSvc - ok
22:24:23.0288 0964 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
22:24:23.0288 0964 AFD - ok
22:24:23.0335 0964 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
22:24:23.0335 0964 agp440 - ok
22:24:23.0382 0964 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
22:24:23.0382 0964 aic78xx - ok
22:24:23.0429 0964 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
22:24:23.0429 0964 ALG - ok
22:24:23.0476 0964 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
22:24:23.0476 0964 aliide - ok
22:24:23.0522 0964 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
22:24:23.0522 0964 amdagp - ok
22:24:23.0538 0964 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
22:24:23.0554 0964 amdide - ok
22:24:23.0600 0964 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
22:24:23.0600 0964 AmdK8 - ok
22:24:23.0616 0964 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
22:24:23.0616 0964 AmdPPM - ok
22:24:23.0663 0964 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
22:24:23.0663 0964 amdsata - ok
22:24:23.0710 0964 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
22:24:23.0725 0964 amdsbs - ok
22:24:23.0741 0964 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
22:24:23.0741 0964 amdxata - ok
22:24:23.0803 0964 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
22:24:23.0803 0964 AppID - ok
22:24:23.0850 0964 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
22:24:23.0850 0964 AppIDSvc - ok
22:24:23.0897 0964 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
22:24:23.0897 0964 Appinfo - ok
22:24:24.0022 0964 Application Updater (54951548980ecd07b80ead3c7921f8a1) C:\Program Files\Application Updater\ApplicationUpdater.exe
22:24:24.0037 0964 Application Updater - ok
22:24:24.0084 0964 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
22:24:24.0084 0964 AppMgmt - ok
22:24:24.0146 0964 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
22:24:24.0146 0964 arc - ok
22:24:24.0162 0964 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
22:24:24.0162 0964 arcsas - ok
22:24:24.0240 0964 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
22:24:24.0240 0964 AsyncMac - ok
22:24:24.0287 0964 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
22:24:24.0287 0964 atapi - ok
22:24:24.0365 0964 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
22:24:24.0365 0964 AudioEndpointBuilder - ok
22:24:24.0380 0964 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
22:24:24.0396 0964 Audiosrv - ok
22:24:24.0427 0964 avg7alrt - ok
22:24:24.0770 0964 AVGIDSAgent (7a0f6a3e0e41425b9ba54616b482668a) C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
22:24:24.0848 0964 AVGIDSAgent - ok
22:24:24.0911 0964 AVGIDSDriver (b9acb889ba1e0561868c025f95d63e25) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
22:24:24.0911 0964 AVGIDSDriver - ok
22:24:24.0958 0964 AVGIDSEH (13256fc72fa5b3f6d6e8c5957e579b7c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
22:24:24.0958 0964 AVGIDSEH - ok
22:24:24.0989 0964 AVGIDSFilter (fa0685cc51de5cfd804e7deaa6488e0e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
22:24:24.0989 0964 AVGIDSFilter - ok
22:24:25.0036 0964 AVGIDSShim (f788b51100d0f40ea176798cce954a1a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
22:24:25.0036 0964 AVGIDSShim - ok
22:24:25.0114 0964 Avgldx86 (06da359369d0bc11c67327d768fc5f97) C:\Windows\system32\DRIVERS\avgldx86.sys
22:24:25.0129 0964 Avgldx86 ( Virus.Win32.ZAccess.k ) - infected
22:24:25.0129 0964 Avgldx86 - detected Virus.Win32.ZAccess.k (0)
22:24:25.0192 0964 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
22:24:25.0192 0964 Avgmfx86 - ok
22:24:25.0207 0964 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
22:24:25.0207 0964 Avgrkx86 - ok
22:24:25.0254 0964 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
22:24:25.0254 0964 Avgtdix - ok
22:24:25.0348 0964 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files\AVG\AVG10\avgwdsvc.exe
22:24:25.0348 0964 avgwd - ok
22:24:25.0363 0964 AX88772 - ok
22:24:25.0410 0964 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
22:24:25.0410 0964 AxInstSV - ok
22:24:25.0488 0964 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
22:24:25.0488 0964 b06bdrv - ok
22:24:25.0519 0964 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
22:24:25.0519 0964 b57nd60x - ok
22:24:25.0582 0964 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
22:24:25.0582 0964 BDESVC - ok
22:24:25.0628 0964 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
22:24:25.0628 0964 Beep - ok
22:24:25.0691 0964 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
22:24:25.0706 0964 BITS - ok
22:24:25.0722 0964 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
22:24:25.0722 0964 blbdrive - ok
22:24:25.0769 0964 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
22:24:25.0769 0964 bowser - ok
22:24:25.0800 0964 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:24:25.0800 0964 BrFiltLo - ok
22:24:25.0831 0964 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:24:25.0831 0964 BrFiltUp - ok
22:24:25.0878 0964 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
22:24:25.0878 0964 BridgeMP - ok
22:24:25.0940 0964 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
22:24:25.0940 0964 Browser - ok
22:24:26.0159 0964 Browser Defender Update Service (335219836821cb675533ab4731779754) C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
22:24:26.0159 0964 Browser Defender Update Service - ok
22:24:26.0206 0964 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
22:24:26.0221 0964 Brserid - ok
22:24:26.0237 0964 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
22:24:26.0237 0964 BrSerWdm - ok
22:24:26.0252 0964 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:24:26.0252 0964 BrUsbMdm - ok
22:24:26.0284 0964 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
22:24:26.0284 0964 BrUsbSer - ok
22:24:26.0299 0964 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
22:24:26.0299 0964 BTHMODEM - ok
22:24:26.0362 0964 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
22:24:26.0362 0964 bthserv - ok
22:24:26.0440 0964 catchme - ok
22:24:26.0486 0964 cbidf - ok
22:24:26.0502 0964 cdaudio - ok
22:24:26.0549 0964 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
22:24:26.0549 0964 cdfs - ok
22:24:26.0611 0964 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
22:24:26.0611 0964 cdrom - ok
22:24:26.0674 0964 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
22:24:26.0689 0964 CertPropSvc - ok
22:24:26.0705 0964 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
22:24:26.0705 0964 circlass - ok
22:24:26.0736 0964 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
22:24:26.0752 0964 CLFS - ok
22:24:26.0798 0964 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:24:26.0798 0964 clr_optimization_v2.0.50727_32 - ok
22:24:26.0876 0964 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:24:26.0876 0964 clr_optimization_v4.0.30319_32 - ok
22:24:26.0908 0964 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
22:24:26.0908 0964 CmBatt - ok
22:24:26.0954 0964 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
22:24:26.0954 0964 cmdide - ok
22:24:27.0017 0964 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
22:24:27.0017 0964 CNG - ok
22:24:27.0064 0964 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
22:24:27.0064 0964 Compbatt - ok
22:24:27.0126 0964 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
22:24:27.0126 0964 CompositeBus - ok
22:24:27.0157 0964 COMSysApp - ok
22:24:27.0188 0964 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
22:24:27.0188 0964 crcdisk - ok
22:24:27.0251 0964 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
22:24:27.0251 0964 CryptSvc - ok
22:24:27.0298 0964 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
22:24:27.0313 0964 CSC - ok
22:24:27.0344 0964 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
22:24:27.0360 0964 CscService - ok
22:24:27.0407 0964 CTMSHD - ok
22:24:27.0422 0964 dac2w2k - ok
22:24:27.0469 0964 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
22:24:27.0485 0964 DcomLaunch - ok
22:24:27.0516 0964 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
22:24:27.0516 0964 defragsvc - ok
22:24:27.0563 0964 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
22:24:27.0563 0964 DfsC - ok
22:24:27.0594 0964 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
22:24:27.0594 0964 Dhcp - ok
22:24:27.0625 0964 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
22:24:27.0625 0964 discache - ok
22:24:27.0688 0964 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
22:24:27.0688 0964 Disk - ok
22:24:27.0734 0964 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
22:24:27.0734 0964 Dnscache - ok
22:24:27.0781 0964 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
22:24:27.0797 0964 dot3svc - ok
22:24:27.0859 0964 DozeHDD (e00b3ce273b17aee1259c105df5524ca) C:\Windows\system32\DRIVERS\DozeHDD.sys
22:24:27.0859 0964 DozeHDD - ok
22:24:27.0906 0964 DozeSvc (1cfd5b47a899cfff4cb5c44b8b66f0c2) C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
22:24:27.0906 0964 DozeSvc - ok
22:24:27.0953 0964 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
22:24:27.0968 0964 DPS - ok
22:24:28.0015 0964 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
22:24:28.0015 0964 drmkaud - ok
22:24:28.0078 0964 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
22:24:28.0078 0964 DXGKrnl - ok
22:24:28.0140 0964 e1express (cf0a6015f437161698c5b2a0a12cf052) C:\Windows\system32\DRIVERS\e1e6032.sys
22:24:28.0140 0964 e1express - ok
22:24:28.0187 0964 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
22:24:28.0187 0964 EapHost - ok
22:24:28.0312 0964 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
22:24:28.0374 0964 ebdrv - ok
22:24:28.0421 0964 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
22:24:28.0421 0964 EFS - ok
22:24:28.0499 0964 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
22:24:28.0499 0964 ehRecvr - ok
22:24:28.0530 0964 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
22:24:28.0530 0964 ehSched - ok
22:24:28.0577 0964 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
22:24:28.0577 0964 elxstor - ok
22:24:28.0624 0964 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
22:24:28.0624 0964 ErrDev - ok
22:24:28.0686 0964 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
22:24:28.0686 0964 EventSystem - ok
22:24:28.0795 0964 EvtEng (8597822f0e0eaa61a9ffd18778828792) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
22:24:28.0795 0964 EvtEng - ok
22:24:28.0826 0964 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
22:24:28.0826 0964 exfat - ok
22:24:28.0858 0964 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
22:24:28.0858 0964 fastfat - ok
22:24:28.0920 0964 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
22:24:28.0936 0964 Fax - ok
22:24:28.0982 0964 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
22:24:28.0982 0964 fdc - ok
22:24:29.0029 0964 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
22:24:29.0029 0964 fdPHost - ok
22:24:29.0060 0964 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
22:24:29.0060 0964 FDResPub - ok
22:24:29.0076 0964 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
22:24:29.0076 0964 FileInfo - ok
22:24:29.0092 0964 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
22:24:29.0092 0964 Filetrace - ok
22:24:29.0123 0964 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
22:24:29.0123 0964 flpydisk - ok
22:24:29.0170 0964 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
22:24:29.0170 0964 FltMgr - ok
22:24:29.0232 0964 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
22:24:29.0248 0964 FontCache - ok
22:24:29.0294 0964 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:24:29.0294 0964 FontCache3.0.0.0 - ok
22:24:29.0326 0964 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
22:24:29.0326 0964 FsDepends - ok
22:24:29.0357 0964 fsks - ok
22:24:29.0372 0964 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
22:24:29.0372 0964 Fs_Rec - ok
22:24:29.0419 0964 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
22:24:29.0419 0964 fvevol - ok
22:24:29.0482 0964 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:24:29.0482 0964 gagp30kx - ok
22:24:29.0528 0964 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
22:24:29.0544 0964 gpsvc - ok
22:24:29.0669 0964 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
22:24:29.0669 0964 gupdate - ok
22:24:29.0700 0964 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
22:24:29.0700 0964 gupdatem - ok
22:24:29.0778 0964 HBtnKey (72e296127300412d1d472f6471c69ab2) C:\Windows\system32\DRIVERS\tkbtnpn.sys
22:24:29.0778 0964 HBtnKey - ok
22:24:29.0809 0964 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
22:24:29.0825 0964 hcw85cir - ok
22:24:29.0903 0964 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
22:24:29.0903 0964 HdAudAddService - ok
22:24:29.0996 0964 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
22:24:29.0996 0964 HDAudBus - ok
22:24:30.0028 0964 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
22:24:30.0028 0964 HidBatt - ok
22:24:30.0059 0964 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
22:24:30.0059 0964 HidBth - ok
22:24:30.0121 0964 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
22:24:30.0121 0964 HidIr - ok
22:24:30.0152 0964 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
22:24:30.0152 0964 hidserv - ok
22:24:30.0215 0964 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
22:24:30.0215 0964 HidUsb - ok
22:24:30.0262 0964 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
22:24:30.0262 0964 hkmsvc - ok
22:24:30.0324 0964 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
22:24:30.0324 0964 HomeGroupListener - ok
22:24:30.0355 0964 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
22:24:30.0355 0964 HomeGroupProvider - ok
22:24:30.0418 0964 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
22:24:30.0418 0964 HpSAMD - ok
22:24:30.0527 0964 hshld (8041fb828109307a522a7fa665c94449) C:\Program Files\Hotspot Shield\bin\openvpnas.exe
22:24:30.0527 0964 hshld - ok
22:24:30.0574 0964 HssDrv (4f28652ec514fa1ba473bc1a695a5c98) C:\Windows\system32\DRIVERS\HssDrv.sys
22:24:30.0574 0964 HssDrv - ok
22:24:30.0636 0964 HssSrv (882b18a2e79b3a99c0637f3ac9b28d03) C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
22:24:30.0636 0964 HssSrv - ok
22:24:30.0683 0964 HssTrayService (ea1d8fc49ae639c329137348fc4fe8ff) C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
22:24:30.0683 0964 HssTrayService - ok
22:24:30.0714 0964 HssWd - ok
22:24:30.0776 0964 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
22:24:30.0776 0964 HTTP - ok
22:24:30.0839 0964 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
22:24:30.0839 0964 hwpolicy - ok
22:24:30.0854 0964 i2omp - ok
22:24:30.0917 0964 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
22:24:30.0932 0964 i8042prt - ok
22:24:30.0964 0964 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
22:24:30.0964 0964 iaStorV - ok
22:24:30.0995 0964 IBMPMDRV (bf648877413f6160e480814a24942b65) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
22:24:30.0995 0964 IBMPMDRV - ok
22:24:31.0010 0964 IBMPMSVC (a75ce11915e4ecc5e1597d6e0f7bb2db) C:\Windows\system32\ibmpmsvc.exe
22:24:31.0010 0964 IBMPMSVC - ok
22:24:31.0088 0964 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:24:31.0120 0964 idsvc - ok
22:24:31.0260 0964 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
22:24:31.0291 0964 igfx - ok
22:24:31.0322 0964 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
22:24:31.0338 0964 iirsp - ok
22:24:31.0385 0964 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
22:24:31.0400 0964 IKEEXT - ok
22:24:31.0463 0964 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
22:24:31.0463 0964 intelide - ok
22:24:31.0510 0964 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
22:24:31.0510 0964 intelppm - ok
22:24:31.0525 0964 ipassconnectengine - ok
22:24:31.0556 0964 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
22:24:31.0556 0964 IPBusEnum - ok
22:24:31.0588 0964 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:24:31.0588 0964 IpFilterDriver - ok
22:24:31.0634 0964 IPHLPSVC (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
22:24:31.0666 0964 IPHLPSVC - ok
22:24:31.0697 0964 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
22:24:31.0712 0964 IPMIDRV - ok
22:24:31.0728 0964 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
22:24:31.0728 0964 IPNAT - ok
22:24:31.0790 0964 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
22:24:31.0790 0964 IRENUM - ok
22:24:31.0837 0964 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
22:24:31.0837 0964 isapnp - ok
22:24:31.0868 0964 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
22:24:31.0884 0964 iScsiPrt - ok
22:24:31.0931 0964 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
22:24:31.0931 0964 kbdclass - ok
22:24:31.0978 0964 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
22:24:31.0978 0964 kbdhid - ok
22:24:32.0024 0964 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:24:32.0024 0964 KeyIso - ok
22:24:32.0056 0964 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
22:24:32.0056 0964 KSecDD - ok
22:24:32.0087 0964 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
22:24:32.0087 0964 KSecPkg - ok
22:24:32.0118 0964 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
22:24:32.0134 0964 KtmRm - ok
22:24:32.0180 0964 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
22:24:32.0180 0964 LanmanServer - ok
22:24:32.0243 0964 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
22:24:32.0243 0964 LanmanWorkstation - ok
22:24:32.0321 0964 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\Windows\system32\DRIVERS\smiif32.sys
22:24:32.0321 0964 lenovo.smi - ok
22:24:32.0368 0964 Lenovo.VIRTSCRLSVC (6f2cc57eb5836d2ac9bd37f3554d55f8) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
22:24:32.0368 0964 Lenovo.VIRTSCRLSVC - ok
22:24:32.0430 0964 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
22:24:32.0430 0964 lltdio - ok
22:24:32.0461 0964 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
22:24:32.0477 0964 lltdsvc - ok
22:24:32.0492 0964 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
22:24:32.0492 0964 lmhosts - ok
22:24:32.0539 0964 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:24:32.0555 0964 LSI_FC - ok
22:24:32.0570 0964 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:24:32.0570 0964 LSI_SAS - ok
22:24:32.0602 0964 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:24:32.0602 0964 LSI_SAS2 - ok
22:24:32.0617 0964 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:24:32.0633 0964 LSI_SCSI - ok
22:24:32.0648 0964 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
22:24:32.0648 0964 luafv - ok
22:24:32.0680 0964 lxby_device - ok
22:24:32.0758 0964 massfilter (59a2783aba6019bed0c843c706e10a6a) C:\Windows\system32\drivers\massfilter.sys
22:24:32.0758 0964 massfilter - ok
22:24:32.0851 0964 matlabserver (a02707eabeccf78d43f41e8dad7ac0a6) C:\MATLAB701\webserver\bin\win32\matlabserver.exe
22:24:32.0851 0964 matlabserver - ok
22:24:32.0882 0964 mclogmanagerservice - ok
22:24:32.0929 0964 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
22:24:32.0929 0964 Mcx2Svc - ok
22:24:32.0960 0964 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
22:24:32.0976 0964 megasas - ok
22:24:33.0023 0964 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
22:24:33.0023 0964 MegaSR - ok
22:24:33.0116 0964 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
22:24:33.0116 0964 Microsoft Office Groove Audit Service - ok
22:24:33.0148 0964 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
22:24:33.0148 0964 MMCSS - ok
22:24:33.0179 0964 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
22:24:33.0179 0964 Modem - ok
22:24:33.0226 0964 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
22:24:33.0226 0964 monitor - ok
22:24:33.0272 0964 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
22:24:33.0272 0964 mouclass - ok
22:24:33.0335 0964 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
22:24:33.0335 0964 mouhid - ok
22:24:33.0382 0964 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
22:24:33.0397 0964 mountmgr - ok
22:24:33.0444 0964 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
22:24:33.0444 0964 mpio - ok
22:24:33.0460 0964 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
22:24:33.0460 0964 mpsdrv - ok
22:24:33.0538 0964 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
22:24:33.0538 0964 MRxDAV - ok
22:24:33.0584 0964 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:24:33.0584 0964 mrxsmb - ok
22:24:33.0647 0964 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:24:33.0662 0964 mrxsmb10 - ok
22:24:33.0678 0964 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:24:33.0678 0964 mrxsmb20 - ok
22:24:33.0725 0964 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
22:24:33.0725 0964 msahci - ok
22:24:33.0772 0964 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
22:24:33.0772 0964 msdsm - ok
22:24:33.0818 0964 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
22:24:33.0818 0964 MSDTC - ok
22:24:33.0865 0964 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
22:24:33.0865 0964 Msfs - ok
22:24:33.0881 0964 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
22:24:33.0881 0964 mshidkmdf - ok
22:24:33.0912 0964 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
22:24:33.0912 0964 msisadrv - ok
22:24:33.0974 0964 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
22:24:33.0974 0964 MSiSCSI - ok
22:24:33.0990 0964 msiserver - ok
22:24:34.0037 0964 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
22:24:34.0037 0964 MSKSSRV - ok
22:24:34.0068 0964 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
22:24:34.0068 0964 MSPCLOCK - ok
22:24:34.0084 0964 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
22:24:34.0084 0964 MSPQM - ok
22:24:34.0115 0964 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
22:24:34.0130 0964 MsRPC - ok
22:24:34.0146 0964 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
22:24:34.0146 0964 mssmbios - ok
22:24:34.0177 0964 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
22:24:34.0177 0964 MSTEE - ok
22:24:34.0208 0964 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
22:24:34.0208 0964 MTConfig - ok
22:24:34.0240 0964 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
22:24:34.0240 0964 Mup - ok
22:24:34.0302 0964 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
22:24:34.0318 0964 napagent - ok
22:24:34.0380 0964 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
22:24:34.0380 0964 NativeWifiP - ok
22:24:34.0442 0964 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
22:24:34.0458 0964 NDIS - ok
22:24:34.0505 0964 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
22:24:34.0520 0964 NdisCap - ok
22:24:34.0567 0964 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
22:24:34.0567 0964 NdisTapi - ok
22:24:34.0630 0964 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
22:24:34.0630 0964 Ndisuio - ok
22:24:34.0645 0964 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
22:24:34.0645 0964 NdisWan - ok
22:24:34.0708 0964 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
22:24:34.0708 0964 NDProxy - ok
22:24:34.0723 0964 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
22:24:34.0723 0964 NetBIOS - ok
22:24:34.0786 0964 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
22:24:34.0786 0964 NetBT - ok
22:24:34.0832 0964 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:24:34.0832 0964 Netlogon - ok
22:24:34.0895 0964 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
22:24:34.0910 0964 Netman - ok
22:24:34.0926 0964 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
22:24:34.0942 0964 netprofm - ok
22:24:35.0004 0964 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:24:35.0004 0964 NetTcpPortSharing - ok
22:24:35.0176 0964 netw5v32 (396ac7cc025d1bb582edba1d43576c44) C:\Windows\system32\DRIVERS\netw5v32.sys
22:24:35.0238 0964 netw5v32 - ok
22:24:35.0285 0964 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
22:24:35.0300 0964 nfrd960 - ok
22:24:35.0347 0964 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
22:24:35.0347 0964 NlaSvc - ok
22:24:35.0378 0964 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
22:24:35.0378 0964 Npfs - ok
22:24:35.0410 0964 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
22:24:35.0410 0964 nsi - ok
22:24:35.0425 0964 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
22:24:35.0425 0964 nsiproxy - ok
22:24:35.0503 0964 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
22:24:35.0519 0964 Ntfs - ok
22:24:35.0534 0964 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
22:24:35.0550 0964 Null - ok
22:24:35.0597 0964 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
22:24:35.0597 0964 nvraid - ok
22:24:35.0628 0964 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
22:24:35.0644 0964 nvstor - ok
22:24:35.0690 0964 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
22:24:35.0690 0964 nv_agp - ok
22:24:35.0784 0964 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:24:35.0784 0964 odserv - ok
22:24:35.0815 0964 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
22:24:35.0815 0964 ohci1394 - ok
22:24:35.0846 0964 omnidrv - ok
22:24:35.0862 0964 oraclesnmppeermasteragent - ok
22:24:35.0909 0964 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:24:35.0909 0964 ose - ok
22:24:35.0971 0964 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
22:24:35.0987 0964 p2pimsvc - ok
22:24:36.0002 0964 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
22:24:36.0018 0964 p2psvc - ok
22:24:36.0049 0964 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
22:24:36.0049 0964 Parport - ok
22:24:36.0096 0964 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
22:24:36.0096 0964 partmgr - ok
22:24:36.0127 0964 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
22:24:36.0127 0964 Parvdm - ok
22:24:36.0158 0964 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
22:24:36.0158 0964 PcaSvc - ok
22:24:36.0236 0964 PCDSRVC{3037D694-FD904ACA-06020000}_0 (ae5fc5fe7127744a84102128fdc6810b) c:\program files\pc-doctor\pcdsrvc.pkms
22:24:36.0236 0964 PCDSRVC{3037D694-FD904ACA-06020000}_0 - ok
22:24:36.0283 0964 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
22:24:36.0283 0964 pci - ok
22:24:36.0330 0964 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
22:24:36.0330 0964 pciide - ok
22:24:36.0361 0964 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
22:24:36.0377 0964 pcmcia - ok
22:24:36.0408 0964 PCTBD (3a0262b85b5bb4d4cfc096ea00ed610b) C:\Windows\system32\Drivers\PCTBD.sys
22:24:36.0408 0964 PCTBD - ok
22:24:36.0455 0964 PCTCore (0edb74bd0d52d6d94cf862322e48b94e) C:\Windows\system32\drivers\PCTCore.sys
22:24:36.0455 0964 PCTCore - ok
22:24:36.0517 0964 pctDS (8734f7346b39a710491e0ddb136da2a3) C:\Windows\system32\drivers\pctDS.sys
22:24:36.0517 0964 pctDS - ok
22:24:36.0580 0964 pctEFA (653d8079cc000ec454789740a07b84a8) C:\Windows\system32\drivers\pctEFA.sys
22:24:36.0580 0964 pctEFA - ok
22:24:36.0626 0964 PCTSD (eb98f7514dcf1b922b318e6182d836b1) C:\Windows\system32\Drivers\PCTSD.sys
22:24:36.0642 0964 PCTSD - ok
22:24:36.0658 0964 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
22:24:36.0658 0964 pcw - ok
22:24:36.0689 0964 pdlnatcm - ok
22:24:36.0736 0964 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
22:24:36.0751 0964 PEAUTH - ok
22:24:36.0798 0964 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
22:24:36.0829 0964 PeerDistSvc - ok
22:24:36.0907 0964 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
22:24:36.0954 0964 pla - ok
22:24:37.0001 0964 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
22:24:37.0001 0964 PlugPlay - ok
22:24:37.0016 0964 pnkbstra - ok
22:24:37.0048 0964 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
22:24:37.0048 0964 PNRPAutoReg - ok
22:24:37.0079 0964 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
22:24:37.0079 0964 PNRPsvc - ok
22:24:37.0172 0964 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys
22:24:37.0172 0964 Point32 - ok
22:24:37.0219 0964 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
22:24:37.0235 0964 PolicyAgent - ok
22:24:37.0282 0964 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
22:24:37.0282 0964 Power - ok
22:24:37.0344 0964 Power Manager DBC Service (bac02775cf629e5fe80bea952f4448ef) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
22:24:37.0344 0964 Power Manager DBC Service - ok
22:24:37.0406 0964 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
22:24:37.0406 0964 PptpMiniport - ok
22:24:37.0438 0964 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
22:24:37.0438 0964 Processor - ok
22:24:37.0500 0964 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
22:24:37.0500 0964 ProfSvc - ok
22:24:37.0547 0964 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:24:37.0547 0964 ProtectedStorage - ok
22:24:37.0609 0964 psadd (651d3abc1d82d61b6cfb40cb947b3db3) C:\Windows\system32\DRIVERS\psadd.sys
22:24:37.0609 0964 psadd - ok
22:24:37.0640 0964 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
22:24:37.0640 0964 Psched - ok
22:24:37.0687 0964 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
22:24:37.0703 0964 ql2300 - ok
22:24:37.0734 0964 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
22:24:37.0734 0964 ql40xx - ok
22:24:37.0765 0964 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
22:24:37.0765 0964 QWAVE - ok
22:24:37.0781 0964 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
22:24:37.0781 0964 QWAVEdrv - ok
22:24:37.0812 0964 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
22:24:37.0812 0964 RasAcd - ok
22:24:37.0859 0964 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:24:37.0874 0964 RasAgileVpn - ok
22:24:37.0890 0964 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
22:24:37.0890 0964 RasAuto - ok
22:24:37.0921 0964 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:24:37.0921 0964 Rasl2tp - ok
22:24:37.0999 0964 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
22:24:38.0015 0964 RasMan - ok
22:24:38.0030 0964 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
22:24:38.0030 0964 RasPppoe - ok
22:24:38.0077 0964 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
22:24:38.0077 0964 RasSstp - ok
22:24:38.0124 0964 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
22:24:38.0140 0964 rdbss - ok
22:24:38.0155 0964 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
22:24:38.0155 0964 rdpbus - ok
22:24:38.0202 0964 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:24:38.0202 0964 RDPCDD - ok
22:24:38.0264 0964 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
22:24:38.0264 0964 RDPDR - ok
22:24:38.0296 0964 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
22:24:38.0296 0964 RDPENCDD - ok
22:24:38.0327 0964 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
22:24:38.0327 0964 RDPREFMP - ok
22:24:38.0389 0964 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
22:24:38.0389 0964 RdpVideoMiniport - ok
22:24:38.0436 0964 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
22:24:38.0452 0964 RDPWD - ok
22:24:38.0467 0964 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
22:24:38.0467 0964 rdyboost - ok
22:24:38.0576 0964 RegSrvc (7afcbe32616e08d45e4eaadb0a1dd5cf) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
22:24:38.0576 0964 RegSrvc - ok
22:24:38.0608 0964 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
22:24:38.0623 0964 RemoteAccess - ok
22:24:38.0654 0964 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
22:24:38.0654 0964 RemoteRegistry - ok
22:24:38.0717 0964 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
22:24:38.0717 0964 RpcEptMapper - ok
22:24:38.0748 0964 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
22:24:38.0748 0964 RpcLocator - ok
22:24:38.0795 0964 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
22:24:38.0795 0964 RpcSs - ok
22:24:38.0888 0964 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
22:24:38.0888 0964 rspndr - ok
22:24:38.0904 0964 RushTopDevice - ok
22:24:38.0920 0964 s217mgmt - ok
22:24:38.0966 0964 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
22:24:38.0966 0964 s3cap - ok
22:24:38.0998 0964 s3savagemx - ok
22:24:39.0029 0964 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:24:39.0029 0964 SamSs - ok
22:24:39.0076 0964 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
22:24:39.0076 0964 sbp2port - ok
22:24:39.0122 0964 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
22:24:39.0122 0964 SCardSvr - ok
22:24:39.0169 0964 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
22:24:39.0169 0964 scfilter - ok
22:24:39.0247 0964 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
22:24:39.0263 0964 Schedule - ok
22:24:39.0325 0964 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
22:24:39.0325 0964 SCPolicySvc - ok
22:24:39.0466 0964 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
22:24:39.0466 0964 sdAuxService - ok
22:24:39.0575 0964 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
22:24:39.0575 0964 sdbus - ok
22:24:39.0622 0964 sdCoreService (d2b30a5a8f57c00b0fa84a8880e9ec5b) C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
22:24:39.0622 0964 sdCoreService - ok
22:24:39.0668 0964 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
22:24:39.0668 0964 SDRSVC - ok
22:24:39.0684 0964 se59bus - ok
22:24:39.0731 0964 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:24:39.0731 0964 secdrv - ok
22:24:39.0762 0964 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
22:24:39.0762 0964 seclogon - ok
22:24:39.0809 0964 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
22:24:39.0809 0964 SENS - ok
22:24:39.0856 0964 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
22:24:39.0856 0964 SensrSvc - ok
22:24:39.0887 0964 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
22:24:39.0887 0964 Serenum - ok
22:24:39.0902 0964 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
22:24:39.0902 0964 Serial - ok
22:24:39.0949 0964 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
22:24:39.0949 0964 sermouse - ok
22:24:40.0012 0964 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
22:24:40.0012 0964 SessionEnv - ok
22:24:40.0058 0964 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
22:24:40.0058 0964 sffdisk - ok
22:24:40.0074 0964 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
22:24:40.0090 0964 sffp_mmc - ok
22:24:40.0105 0964 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
22:24:40.0105 0964 sffp_sd - ok
22:24:40.0136 0964 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
22:24:40.0136 0964 sfloppy - ok
22:24:40.0183 0964 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
22:24:40.0183 0964 SharedAccess - ok
22:24:40.0230 0964 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
22:24:40.0246 0964 ShellHWDetection - ok
22:24:40.0292 0964 Shockprf (486a1bd22dd66d0a8542ebb0cd792bdb) C:\Windows\system32\DRIVERS\Apsx86.sys
22:24:40.0292 0964 Shockprf - ok
22:24:40.0324 0964 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
22:24:40.0324 0964 sisagp - ok
22:24:40.0370 0964 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:24:40.0370 0964 SiSRaid2 - ok
22:24:40.0386 0964 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
22:24:40.0402 0964 SiSRaid4 - ok
22:24:40.0448 0964 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
22:24:40.0448 0964 Smb - ok
22:24:40.0464 0964 smbusp - ok
22:24:40.0511 0964 smihlp (0b9c01236d25bdcb37aa79dc59dfb7d3) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
22:24:40.0511 0964 smihlp - ok
22:24:40.0558 0964 SMTPSVC - ok
22:24:40.0573 0964 snac - ok
22:24:40.0620 0964 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
22:24:40.0636 0964 SNMPTRAP - ok
22:24:40.0636 0964 SNPSTD3 - ok
22:24:40.0682 0964 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
22:24:40.0682 0964 spldr - ok
22:24:40.0729 0964 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
22:24:40.0745 0964 Spooler - ok
22:24:40.0838 0964 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
22:24:40.0901 0964 sppsvc - ok
22:24:40.0948 0964 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
22:24:40.0963 0964 sppuinotify - ok
22:24:41.0010 0964 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
22:24:41.0026 0964 srv - ok
22:24:41.0057 0964 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
22:24:41.0057 0964 srv2 - ok
22:24:41.0104 0964 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
22:24:41.0104 0964 SrvHsfHDA - ok
22:24:41.0135 0964 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
22:24:41.0150 0964 SrvHsfV92 - ok
22:24:41.0182 0964 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
22:24:41.0182 0964 SrvHsfWinac - ok
22:24:41.0213 0964 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
22:24:41.0213 0964 srvnet - ok
22:24:41.0260 0964 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
22:24:41.0260 0964 SSDPSRV - ok
22:24:41.0275 0964 ssmdrv - ok
22:24:41.0291 0964 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
22:24:41.0306 0964 SstpSvc - ok
22:24:41.0416 0964 StarWindServiceAE (e5c796b621f6fba8616511063d7f0ffe) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
22:24:41.0416 0964 StarWindServiceAE - ok
22:24:41.0447 0964 Steam Client Service - ok
22:24:41.0509 0964 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
22:24:41.0509 0964 stexstor - ok
22:24:41.0572 0964 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
22:24:41.0587 0964 StiSvc - ok
22:24:41.0634 0964 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
22:24:41.0634 0964 storflt - ok
22:24:41.0665 0964 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
22:24:41.0665 0964 StorSvc - ok
22:24:41.0728 0964 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
22:24:41.0728 0964 storvsc - ok
22:24:41.0790 0964 SUService (cbbd685f75aff6be0171026fb7fe7a66) C:\Program Files\Lenovo\System Update\SUService.exe
22:24:41.0790 0964 SUService - ok
22:24:41.0837 0964 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
22:24:41.0837 0964 swenum - ok
22:24:41.0946 0964 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
22:24:41.0946 0964 SwitchBoard - ok
22:24:41.0977 0964 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
22:24:41.0993 0964 swprv - ok
22:24:42.0024 0964 Synth3dVsc - ok
22:24:42.0086 0964 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
22:24:42.0118 0964 SysMain - ok
22:24:42.0164 0964 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
22:24:42.0180 0964 TabletInputService - ok
22:24:42.0211 0964 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
22:24:42.0227 0964 taphss - ok
22:24:42.0274 0964 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
22:24:42.0274 0964 TapiSrv - ok
22:24:42.0305 0964 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
22:24:42.0305 0964 TBS - ok
22:24:42.0383 0964 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
22:24:42.0414 0964 Tcpip - ok
22:24:42.0476 0964 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
22:24:42.0492 0964 TCPIP6 - ok
22:24:42.0539 0964 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
22:24:42.0539 0964 tcpipreg - ok
22:24:42.0570 0964 TCtrlIO - ok
22:24:42.0601 0964 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
22:24:42.0617 0964 TDPIPE - ok
22:24:42.0648 0964 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
22:24:42.0648 0964 TDTCP - ok
22:24:42.0710 0964 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
22:24:42.0710 0964 tdx - ok
22:24:42.0757 0964 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
22:24:42.0757 0964 TermDD - ok
22:24:42.0820 0964 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
22:24:42.0835 0964 TermService - ok
22:24:42.0866 0964 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
22:24:42.0866 0964 Themes - ok
22:24:42.0898 0964 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
22:24:42.0898 0964 THREADORDER - ok
22:24:42.0929 0964 tlntsvr - ok
22:24:42.0944 0964 tng-dts - ok
22:24:43.0007 0964 TPDIGIMN (20a439d6475d6fe1909159c0143d0466) C:\Windows\system32\DRIVERS\ApsHM86.sys
22:24:43.0007 0964 TPDIGIMN - ok
22:24:43.0022 0964 TPHDEXLGSVC (3775e4aa5f72264dbab7a578dd913ecf) C:\Windows\system32\TPHDEXLG.exe
22:24:43.0022 0964 TPHDEXLGSVC - ok
22:24:43.0069 0964 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
22:24:43.0069 0964 TPM - ok
22:24:43.0100 0964 TPPWRIF (6412da2b8d079d821b99b3a99943284e) C:\Windows\system32\drivers\Tppwr32v.sys
22:24:43.0100 0964 TPPWRIF - ok
22:24:43.0147 0964 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
22:24:43.0163 0964 TrkWks - ok
22:24:43.0210 0964 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
22:24:43.0210 0964 TrustedInstaller - ok
22:24:43.0256 0964 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:24:43.0256 0964 tssecsrv - ok
22:24:43.0303 0964 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
22:24:43.0303 0964 TsUsbFlt - ok
22:24:43.0319 0964 tsusbhub - ok
22:24:43.0397 0964 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
22:24:43.0397 0964 tunnel - ok
22:24:43.0428 0964 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
22:24:43.0428 0964 uagp35 - ok
22:24:43.0475 0964 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
22:24:43.0475 0964 udfs - ok
22:24:43.0522 0964 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
22:24:43.0522 0964 UI0Detect - ok
22:24:43.0568 0964 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
22:24:43.0568 0964 uliagpkx - ok
22:24:43.0631 0964 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
22:24:43.0631 0964 umbus - ok
22:24:43.0646 0964 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
22:24:43.0662 0964 UmPass - ok
22:24:43.0678 0964 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
22:24:43.0693 0964 UmRdpService - ok
22:24:43.0740 0964 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
22:24:43.0740 0964 upnphost - ok
22:24:43.0787 0964 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys
22:24:43.0787 0964 usbccgp - ok
22:24:43.0849 0964 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
22:24:43.0849 0964 usbcir - ok
22:24:43.0880 0964 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
22:24:43.0896 0964 usbehci - ok
22:24:43.0912 0964 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
22:24:43.0927 0964 usbhub - ok
22:24:43.0958 0964 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
22:24:43.0958 0964 usbohci - ok
22:24:43.0974 0964 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
22:24:43.0990 0964 usbprint - ok
22:24:44.0005 0964 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
22:24:44.0021 0964 USBSTOR - ok
22:24:44.0036 0964 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
22:24:44.0052 0964 usbuhci - ok
22:24:44.0068 0964 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
22:24:44.0068 0964 UxSms - ok
22:24:44.0114 0964 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:24:44.0114 0964 VaultSvc - ok
22:24:44.0177 0964 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
22:24:44.0177 0964 vdrvroot - ok
22:24:44.0239 0964 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
22:24:44.0255 0964 vds - ok
22:24:44.0270 0964 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
22:24:44.0270 0964 vga - ok
22:24:44.0302 0964 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
22:24:44.0302 0964 VgaSave - ok
22:24:44.0333 0964 VGPU - ok
22:24:44.0380 0964 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
22:24:44.0380 0964 vhdmp - ok
22:24:44.0426 0964 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
22:24:44.0426 0964 viaagp - ok
22:24:44.0442 0964 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
22:24:44.0442 0964 ViaC7 - ok
22:24:44.0473 0964 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
22:24:44.0473 0964 viaide - ok
22:24:44.0504 0964 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
22:24:44.0504 0964 vmbus - ok
22:24:44.0536 0964 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
22:24:44.0536 0964 VMBusHID - ok
22:24:44.0567 0964 vmount2 - ok
22:24:44.0598 0964 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
22:24:44.0614 0964 volmgr - ok
22:24:44.0629 0964 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
22:24:44.0645 0964 volmgrx - ok
22:24:44.0692 0964 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
22:24:44.0707 0964 volsnap - ok
22:24:44.0707 0964 vpcnets2 - ok
22:24:44.0832 0964 vpnagent (3730b7b03e2fd363d63e9327e0e1ebea) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
22:24:44.0832 0964 vpnagent - ok
22:24:44.0879 0964 vpnva (1b7c80c66742dafaa31f98af4c3a5bc2) C:\Windows\system32\DRIVERS\vpnva.sys
22:24:44.0894 0964 vpnva - ok
22:24:44.0941 0964 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
22:24:44.0957 0964 vsmraid - ok
22:24:45.0019 0964 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
22:24:45.0050 0964 VSS - ok
22:24:45.0082 0964 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
22:24:45.0082 0964 vwifibus - ok
22:24:45.0113 0964 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
22:24:45.0128 0964 W32Time - ok
22:24:45.0175 0964 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
22:24:45.0175 0964 WacomPen - ok
22:24:45.0238 0964 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:24:45.0238 0964 WANARP - ok
22:24:45.0253 0964 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:24:45.0253 0964 Wanarpv6 - ok
22:24:45.0331 0964 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
22:24:45.0378 0964 WatAdminSvc - ok
22:24:45.0440 0964 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
22:24:45.0472 0964 wbengine - ok
22:24:45.0503 0964 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
22:24:45.0503 0964 WbioSrvc - ok
22:24:45.0565 0964 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
22:24:45.0565 0964 wcncsvc - ok
22:24:45.0596 0964 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
22:24:45.0596 0964 WcsPlugInService - ok
22:24:45.0628 0964 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
22:24:45.0628 0964 Wd - ok
22:24:45.0659 0964 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
22:24:45.0674 0964 Wdf01000 - ok
22:24:45.0690 0964 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
22:24:45.0706 0964 WdiServiceHost - ok
22:24:45.0706 0964 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
22:24:45.0706 0964 WdiSystemHost - ok
22:24:45.0737 0964 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
22:24:45.0737 0964 WebClient - ok
22:24:45.0784 0964 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
22:24:45.0784 0964 Wecsvc - ok
22:24:45.0815 0964 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
22:24:45.0815 0964 wercplsupport - ok
22:24:45.0877 0964 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
22:24:45.0877 0964 WerSvc - ok
22:24:45.0924 0964 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
22:24:45.0940 0964 WfpLwf - ok
22:24:45.0955 0964 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
22:24:45.0955 0964 WIMMount - ok
22:24:46.0033 0964 WINDEFEND (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
22:24:46.0049 0964 WINDEFEND - ok
22:24:46.0049 0964 WinHttpAutoProxySvc - ok
22:24:46.0127 0964 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
22:24:46.0142 0964 Winmgmt - ok
22:24:46.0205 0964 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
22:24:46.0236 0964 WinRM - ok
22:24:46.0298 0964 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUSB.sys
22:24:46.0298 0964 WinUsb - ok
22:24:46.0361 0964 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
22:24:46.0376 0964 Wlansvc - ok
22:24:46.0423 0964 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
22:24:46.0439 0964 WmiAcpi - ok
22:24:46.0470 0964 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
22:24:46.0470 0964 wmiApSrv - ok
22:24:46.0564 0964 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
22:24:46.0595 0964 WMPNetworkSvc - ok
22:24:46.0642 0964 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
22:24:46.0642 0964 WPCSvc - ok
22:24:46.0688 0964 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
22:24:46.0688 0964 WPDBusEnum - ok
22:24:46.0720 0964 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
22:24:46.0720 0964 ws2ifsl - ok
22:24:46.0766 0964 WSCSVC (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
22:24:46.0782 0964 WSCSVC - ok
22:24:46.0798 0964 WSearch - ok
22:24:46.0845 0964 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
22:24:46.0891 0964 wuauserv - ok
22:24:46.0938 0964 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
22:24:46.0938 0964 WudfPf - ok
22:24:47.0001 0964 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:24:47.0001 0964 WUDFRd - ok
22:24:47.0063 0964 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
22:24:47.0063 0964 wudfsvc - ok
22:24:47.0110 0964 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
22:24:47.0110 0964 WwanSvc - ok
22:24:47.0141 0964 z525obex - ok
22:24:47.0172 0964 z800mdfl - ok
22:24:47.0219 0964 ZTEusbmdm6k (f9d62935e48ded9a2421be9faa93d6e8) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
22:24:47.0219 0964 ZTEusbmdm6k - ok
22:24:47.0266 0964 ZTEusbnmea (f9d62935e48ded9a2421be9faa93d6e8) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
22:24:47.0281 0964 ZTEusbnmea - ok
22:24:47.0313 0964 ZTEusbser6k (f9d62935e48ded9a2421be9faa93d6e8) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
22:24:47.0313 0964 ZTEusbser6k - ok
22:24:47.0359 0964 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:24:47.0437 0964 \Device\Harddisk0\DR0 - ok
22:24:47.0437 0964 Boot (0x1200) (7fe85a2fb1898ab974aa5024423f22cc) \Device\Harddisk0\DR0\Partition0
22:24:47.0437 0964 \Device\Harddisk0\DR0\Partition0 - ok
22:24:47.0453 0964 Boot (0x1200) (a25b0f75cfa4fc3fde89a90d21d03634) \Device\Harddisk0\DR0\Partition1
22:24:47.0453 0964 \Device\Harddisk0\DR0\Partition1 - ok
22:24:47.0453 0964 ============================================================
22:24:47.0453 0964 Scan finished
22:24:47.0453 0964 ============================================================
22:24:47.0484 4896 Detected object count: 1
22:24:47.0484 4896 Actual detected object count: 1
22:24:55.0175 4896 C:\Windows\system32\DRIVERS\avgldx86.sys - copied to quarantine
22:24:55.0191 4896 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\avgldx86.sys) error 1813
22:24:55.0939 4896 Backup copy not found, trying to cure infected file..
22:24:55.0939 4896 C:\Windows\system32\DRIVERS\avgldx86.sys - Cure failed (FFFFFFFF)
22:24:55.0939 4896 C:\Windows\system32\DRIVERS\avgldx86.sys - processing error
22:24:58.0529 4896 Avgldx86 ( Virus.Win32.ZAccess.k ) - User select action: Cure
22:27:13.0224 1500 Deinitialize success


and the aswMBR log:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-28 22:28:56
-----------------------------
22:28:56.698 OS Version: Windows 6.1.7601 Service Pack 1
22:28:56.698 Number of processors: 2 586 0xF0B
22:28:56.698 ComputerName: BOY-PC UserName: Boy
22:28:58.773 Initialize success
22:29:57.267 AVAST engine defs: 12032802
22:30:16.923 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:30:16.923 Disk 0 Vendor: ST9500420AS 0002SDM1 Size: 476940MB BusType: 3
22:30:17.016 Disk 0 MBR read successfully
22:30:17.032 Disk 0 MBR scan
22:30:17.032 Disk 0 Windows 7 default MBR code
22:30:17.047 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:30:17.063 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
22:30:17.094 Disk 0 scanning sectors +976771072
22:30:17.188 Disk 0 scanning C:\Windows\system32\drivers
22:30:18.873 File: C:\Windows\system32\drivers\avgldx86.sys **INFECTED** Win32:Sirefef-RT [Trj]
22:30:31.119 Disk 0 trace - called modules:
22:30:31.150
22:30:32.242 AVAST engine scan C:\Windows
22:30:35.674 AVAST engine scan C:\Windows\system32
22:33:39.380 AVAST engine scan C:\Windows\system32\drivers
22:33:40.799 File: C:\Windows\system32\drivers\avgldx86.sys **INFECTED** Win32:Sirefef-RT [Trj]
22:33:56.025 AVAST engine scan C:\Users\Boy
22:42:35.428 AVAST engine scan C:\ProgramData
22:44:58.543 Scan finished successfully
22:45:27.135 Disk 0 MBR has been saved successfully to "C:\Users\Boy\Desktop\MBR.dat"
22:45:27.135 The log file has been saved successfully to "C:\Users\Boy\Desktop\aswMBR.txt"


Steve

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:01 PM

Posted 28 March 2012 - 10:09 PM

Hello

After running the script below I want you to reinstall AVG and see if it starts working

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\program files\Common Files\Spigot

File::
C:\Windows\system32\drivers\avgldx86.sys

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 stevenseagal

stevenseagal
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 28 March 2012 - 11:04 PM

Combofix stalls at stage 4. Shall I try in safe mode?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:01 PM

Posted 28 March 2012 - 11:11 PM

Hello


yes try it and if combofix rebootes the computer then guide it back into safe mode for it to finish


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 stevenseagal

stevenseagal
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 29 March 2012 - 11:59 AM

Here is the report. No problems running it.

ComboFix 12-03-28.02 - Boy 29/03/2012 12:36:05.7.2 - x86 MINIMAL
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.2.1033.18.3046.2148 [GMT -4:00]
Running from: c:\users\Boy\Desktop\ComboFix.exe
Command switches used :: c:\users\Boy\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\system32\drivers\avgldx86.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\Spigot
c:\program files\Common Files\Spigot\Search Settings\baidu_ff.xml
c:\program files\Common Files\Spigot\Search Settings\baidu_ie.xml
c:\program files\Common Files\Spigot\Search Settings\config.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1031.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1033.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1034.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1036.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1040.ini
c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\program files\Common Files\Spigot\Search Settings\wth.dll
c:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xml
c:\program files\Common Files\Spigot\Search Settings\yandex_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yandex_ie.xml
c:\windows\system32\drivers\avgldx86.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_Avgldx86
-------\Service_Avgldx86
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-29 )))))))))))))))))))))))))))))))
.
.
2012-03-29 16:43 . 2012-03-29 16:45 -------- d-----w- c:\users\Boy\AppData\Local\temp
2012-03-29 16:43 . 2012-03-29 16:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-27 17:12 . 2012-03-27 17:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-27 17:12 . 2012-03-27 17:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-03-27 16:23 . 2012-02-17 19:08 767952 ----a-w- c:\windows\BDTSupport.dll
2012-03-27 16:23 . 2011-09-28 17:14 56840 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-03-27 16:23 . 2012-02-17 19:08 149456 ----a-w- c:\windows\SGDetectionTool.dll
2012-03-27 16:23 . 2012-02-17 19:08 2250704 ----a-w- c:\windows\PCTBDCore.dll
2012-03-27 16:23 . 2012-02-17 19:08 1681360 ----a-w- c:\windows\PCTBDRes.dll
2012-03-27 16:22 . 2012-02-24 14:31 107864 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2012-03-27 16:17 . 2012-03-27 16:17 -------- d-----w- c:\users\Boy\AppData\Roaming\TestApp
2012-03-27 15:43 . 2012-03-27 15:43 -------- d-----w- c:\program files\Tracker Software
2012-03-18 14:42 . 2012-03-18 14:42 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2012-03-18 14:42 . 2012-03-18 14:42 -------- d-----w- c:\program files\Application Updater
2012-03-15 03:18 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-15 03:18 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 15:52 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 15:52 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 15:52 . 2012-02-17 05:34 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-14 15:52 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 15:52 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 15:52 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 15:51 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 15:51 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 15:51 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-07 18:00 . 2012-03-07 18:00 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-28 21:58 . 2012-02-28 21:58 -------- d-----w- c:\programdata\YouTube Downloader
2012-02-28 21:58 . 2012-02-28 21:58 -------- d-----w- c:\program files\YouTube Downloader
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-24 15:48 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-01-04 08:58 . 2012-02-16 03:54 442880 ----a-w- c:\windows\system32\ntshrui.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-01 14709640]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-30 1242448]
"F.lux"="c:\users\Boy\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"TpShocks"="TpShocks.exe" [2009-12-11 337256]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2010-08-25 894312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"autodetect"="c:\windows\system32\SupportAppXL\AutoDect.exe" [2008-12-02 91648]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\Boy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2010-04-02 19:46 100104 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-04 297168]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD.sys [2012-02-24 185560]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2012-03-05 748440]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-02-17 550864]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-08 136176]
R2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [2011-03-25 271408]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 12560]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-08-24 592120]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-27 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 21968]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2010-08-25 132456]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-08 136176]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-09-27 9216]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2010-03-18 6630912]
R3 PCDSRVC{3037D694-FD904ACA-06020000}_0;PCDSRVC{3037D694-FD904ACA-06020000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2010-05-07 21360]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD.sys [2011-09-28 56840]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2010-08-25 75112]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools\PC Tools Security\pctsAuxs.exe [2012-02-24 402336]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-19 1343400]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2010-08-25 24304]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-11-14 331880]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-12-01 342168]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-12-01 909728]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-10-09 20520]
.
.
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
tng-dts
ssmdrv
ipassconnectengine
oraclesnmppeermasteragent
mpservice
avg7alrt
s3savagemx
TCtrlIO
CTMSHD
cbidf
smbusp
pnkbstra
RushTopDevice
vpcnets2
ovsecurityserver
vmount2
lvhidsvc
tlntsvr
twotrack
icm10blk
EhttpSrv
psimsvc
mozyFilter
se2Dnd5
rca
BLKWGU(Belkin)
dnsexit
cdaudio
zpsc
transbaseservice
mclogmanagerservice
ovmsmaccessmanager
ZDCNDIS5
Wtcls2k
cpuz132
oracleorahomemanagementserver
dtsagntsvc
idebusdr
aexnsclienttransport
dac2w2k
snac
k750bus
fsks
IWCA
AX88772
i2omp
se59bus
pdlnatcm
omnidrv
z525obex
SMTPSVC
z800mdfl
arkbcfltr
lxby_device
s217mgmt
a8djusb
SNPSTD3
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-08 13:50]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-08 13:50]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3023243419-23348955-599690747-1000Core.job
- c:\users\Boy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-27 10:58]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3023243419-23348955-599690747-1000UA.job
- c:\users\Boy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-27 10:58]
.
2012-03-22 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2010-05-07 19:46]
.
2012-03-28 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2010-09-08 22:14]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: webscache.com
TCP: DhcpNameServer = 142.1.208.1
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06020000}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(588)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2012-03-29 12:49:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-29 16:49
ComboFix2.txt 2012-03-28 21:17
.
Pre-Run: 340,083,105,792 bytes free
Post-Run: 340,107,051,008 bytes free
.
- - End Of File - - E5159BB79BCEE535B8610E6B5BE9C142

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:01 PM

Posted 29 March 2012 - 12:16 PM

Hello


How are things doing now and did you try to reinstall AVG?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 stevenseagal

stevenseagal
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 29 March 2012 - 02:43 PM

I've installed the latest AVG, and it seems to work. Did a scan; no problems found.

It appears that everything is fine for the moment. If anything comes back I'll send you a pm.


Thanks a lot. You guys are great.

Steve




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users