Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

system corruption from rootkit


  • This topic is locked This topic is locked
10 replies to this topic

#1 dixonshane32

dixonshane32

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 01 June 2012 - 08:09 PM

I recently removed "zero access" rootkit with "TDSS KILLER" and "combofix". I was left with several performance problems. overheating, cpu is eaten up by many instances of svchost in excess of 100k, searchindexer.exe was running at constant 100k until I disabled it, and Internet Explorer 8 is taking up alot of memory while running with only a few pages open. I believe my system is disorganized or there is resulting corruption, maybe someone here can look at the logs and give input please. I scanned system files with "sfc.exe" and corrupt system files were apparently found but not fixed.. I could not understand the "cbs.log".


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 10.4.1
Run by jake at 12:25:27 on 2012-06-01
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3837.926 [GMT -7:00]
.
AV: Norton 360 *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\WerCon.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Windows\System32\vds.exe
C:\Windows\System32\notepad.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Sublime Text 2\sublime_text.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\real\realplayer\Update\realsched.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyServer = 64.6.43.63:3128
uInternet Settings,ProxyOverride = *.local;<local>
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [Akamai NetSession Interface] "C:\Users\jake\AppData\Local\Akamai\netsession_win.exe"
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10o_ActiveX.exe -update activex
mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot
mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\jake\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CODEME~1.LNK - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: %SystemRoot%\system32\vsocklib.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{66CDD113-ED87-4A71-B03C-443879A45414} : DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{7A8AB931-DE9D-46C5-A2A7-CA849926D580} : DhcpNameServer = 192.168.1.1 68.238.64.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun-x64: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot
mRun-x64: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0308000.029\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0308000.029\SYMEFA64.SYS [?]
R0 vmci;VMware VMCI Bus Driver;C:\Windows\system32\DRIVERS\vmci.sys --> C:\Windows\system32\DRIVERS\vmci.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\system32\Drivers\N360x64\0308000.029\BHDrvx64.sys --> C:\Windows\system32\Drivers\N360x64\0308000.029\BHDrvx64.sys [?]
R1 ccHP;Symantec Hash Provider;C:\Windows\system32\Drivers\N360x64\0308000.029\ccHPx64.sys --> C:\Windows\system32\Drivers\N360x64\0308000.029\ccHPx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110628.031\IDSviA64.sys [2011-6-28 488056]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/04/02 05:14:08];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe [?]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-2-2 18656]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 CodeMeter.exe;CodeMeter Runtime Server;C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2010-5-3 2065296]
R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-12-18 189736]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-13 654408]
R2 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys --> C:\Windows\system32\drivers\npf.sys [?]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2011-12-2 31408]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-1-19 365952]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2011-11-25 386344]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-27 2228008]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-23 2886528]
R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-26 296320]
R2 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-26 116096]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-22 846448]
R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [2012-5-11 932736]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 SYMNDISV;Symantec Network Filter Driver;C:\Windows\system32\Drivers\N360x64\0308000.029\SYMNDISV.SYS --> C:\Windows\system32\Drivers\N360x64\0308000.029\SYMNDISV.SYS [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-3-23 2321520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-11 136176]
S2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2010-3-5 117640]
S2 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2011-8-22 11837440]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-1-19 222512]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-26 1431888]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-11 136176]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;C:\Windows\system32\DRIVERS\libusb0.sys --> C:\Windows\system32\DRIVERS\libusb0.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw3v64.sys --> C:\Windows\system32\DRIVERS\NETw3v64.sys [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-5 93184]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-07-19 00:40:12 -------- d-----w- C:\Updater
2012-05-29 04:59:26 -------- d-----w- C:\Program Files (x86)\Oracle
2012-05-29 04:57:13 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-29 04:57:12 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-05-28 00:32:01 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-23 20:47:20 98816 ----a-w- C:\Windows\sed.exe
2012-05-23 20:47:20 518144 ----a-w- C:\Windows\SWREG.exe
2012-05-23 20:47:20 256000 ----a-w- C:\Windows\PEV.exe
2012-05-23 20:47:20 208896 ----a-w- C:\Windows\MBR.exe
2012-05-23 20:21:52 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-22 19:32:59 95744 ----a-w- C:\Windows\System32\ciphdctr64.dll
2012-05-22 19:32:58 83456 ----a-w- C:\Windows\SysWow64\ciphdctr.dll
2012-05-12 06:08:59 -------- d-----w- C:\FRST
2012-05-11 19:49:19 -------- d-----w- C:\Users\jake\AppData\Roaming\AVG2012
2012-05-11 19:46:54 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-05-11 19:44:26 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-05-11 19:41:42 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-05-11 02:43:06 -------- d-----w- C:\Users\jake\AppData\Local\AVG Secure Search
2012-05-11 02:42:00 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-05-11 02:39:30 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-05-11 02:34:42 -------- d-----w- C:\$AVG
2012-05-11 02:34:41 -------- d-----w- C:\ProgramData\AVG2012
2012-05-11 02:29:58 -------- d-----w- C:\Program Files (x86)\AVG
2012-05-11 01:58:21 -------- d-----w- C:\ProgramData\MFAData
2012-05-10 20:58:13 -------- d-----w- C:\Program Files (x86)\File Seeker
2012-05-04 20:30:26 -------- d-----w- C:\Users\jake\AppData\Roaming\GameTuts
.
==================== Find3M ====================
.
2012-04-19 11:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-04-04 22:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-19 12:17:26 383808 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
.
============= FINISH: 12:28:00.20 ===============

BC AdBot (Login to Remove)

 


#2 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:03:47 AM

Posted 07 June 2012 - 08:47 AM

Greetings dixonshane32 and Welcome to the Forums,
When you recently removed zero access using combofix, were you guided by an expert here or elsewhere in some help forum or did you do this on your own? May we see the last combofix log and the log from your TDSSKiller scan please?

Next, please click Start-->All Programs-->Accessories-->Command Prompt.
Right click on "Command Prompt". On the pop-up menu, select “Run as Administrator”...when the command prompt opens, please copy/paste the following Bold text to the command line prompt:

findstr /c:"[SR]" %windir%\logs\cbs\cbs.log

...the command will output to the screen so you'll need to copy that in order to paste it here. If there were any errors when you ran the system file check, this will display them to the screen. It not only will show that the output actually exists but will also show any potential errors when it was run.

When you reply next, please remember to post the combofix log, TDSSKiller log, and hte .CBS log. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#3 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:03:47 AM

Posted 11 June 2012 - 01:30 PM

Still with us dixonshane32?

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#4 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:03:47 AM

Posted 13 June 2012 - 06:32 AM

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to anyone of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:47 AM

Posted 03 July 2012 - 12:47 PM

Re opened per OP's PM.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 dixonshane32

dixonshane32
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 03 July 2012 - 03:06 PM

I removed it on my own
cbs:










2012-05-29 18:16:23, Info CSI 00000208 [SR] Verify complete
2012-05-29 18:16:25, Info CSI 00000209 [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:16:25, Info CSI 0000020a [SR] Beginning Verify
and Repair transaction
2012-05-29 18:16:36, Info CSI 0000020c [SR] Verify complete
2012-05-29 18:16:38, Info CSI 0000020d [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:16:38, Info CSI 0000020e [SR] Beginning Verify
and Repair transaction
2012-05-29 18:16:54, Info CSI 00000210 [SR] Verify complete
2012-05-29 18:16:55, Info CSI 00000211 [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:16:55, Info CSI 00000212 [SR] Beginning Verify
and Repair transaction
2012-05-29 18:17:07, Info CSI 00000214 [SR] Verify complete
2012-05-29 18:17:08, Info CSI 00000215 [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:17:08, Info CSI 00000216 [SR] Beginning Verify
and Repair transaction
2012-05-29 18:17:10, Info CSI 00000218 [SR] Verify complete
2012-05-29 18:17:13, Info CSI 00000219 [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:17:13, Info CSI 0000021a [SR] Beginning Verify
and Repair transaction
2012-05-29 18:17:31, Info CSI 0000021e [SR] Verify complete
2012-05-29 18:17:34, Info CSI 0000021f [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:17:34, Info CSI 00000220 [SR] Beginning Verify
and Repair transaction
2012-05-29 18:17:43, Info CSI 00000222 [SR] Cannot repair me
mber file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6
001.18000, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, Vers
ionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, Ty
peName neutral, PublicKey neutral in the store, hash mismatch
2012-05-29 18:17:48, Info CSI 00000227 [SR] Cannot repair me
mber file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6
001.18000, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, Vers
ionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, Ty
peName neutral, PublicKey neutral in the store, hash mismatch
2012-05-29 18:17:48, Info CSI 00000228 [SR] This component w
as referenced by [l:162{81}]"Package_20_for_KB936330~31bf3856ad364e35~amd64~~6.0
.1.18000.936330-33_neutral_GDR"
2012-05-29 18:17:48, Info CSI 0000022b [SR] Could not reproj
ect corrupted file [ml:520{260},l:84{42}]"\??\C:\Program Files (x86)\Windows Sid
ebar"\[l:24{12}]"settings.ini"; source file in store is also corrupted
2012-05-29 18:17:50, Info CSI 0000022d [SR] Verify complete
2012-05-29 18:17:51, Info CSI 0000022e [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:17:51, Info CSI 0000022f [SR] Beginning Verify
and Repair transaction
2012-05-29 18:18:23, Info CSI 0000023a [SR] Verify complete
2012-05-29 18:18:24, Info CSI 0000023b [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:18:24, Info CSI 0000023c [SR] Beginning Verify
and Repair transaction
2012-05-29 18:18:38, Info CSI 00000247 [SR] Verify complete
2012-05-29 18:18:40, Info CSI 00000248 [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:18:40, Info CSI 00000249 [SR] Beginning Verify
and Repair transaction
2012-05-29 18:18:44, Info CSI 0000024b [SR] Verify complete
2012-05-29 18:18:46, Info CSI 0000024c [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:18:46, Info CSI 0000024d [SR] Beginning Verify
and Repair transaction
2012-05-29 18:18:57, Info CSI 0000024f [SR] Verify complete
2012-05-29 18:18:58, Info CSI 00000250 [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:18:58, Info CSI 00000251 [SR] Beginning Verify
and Repair transaction
2012-05-29 18:19:06, Info CSI 00000256 [SR] Verify complete
2012-05-29 18:19:07, Info CSI 00000257 [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:19:07, Info CSI 00000258 [SR] Beginning Verify
and Repair transaction
2012-05-29 18:19:15, Info CSI 0000025a [SR] Verify complete
2012-05-29 18:19:16, Info CSI 0000025b [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:19:16, Info CSI 0000025c [SR] Beginning Verify
and Repair transaction
2012-05-29 18:19:30, Info CSI 00000281 [SR] Verify complete
2012-05-29 18:19:30, Info CSI 00000282 [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:19:30, Info CSI 00000283 [SR] Beginning Verify
and Repair transaction
2012-05-29 18:19:38, Info CSI 00000285 [SR] Verify complete
2012-05-29 18:19:39, Info CSI 00000286 [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:19:39, Info CSI 00000287 [SR] Beginning Verify
and Repair transaction
2012-05-29 18:19:49, Info CSI 00000289 [SR] Verify complete
2012-05-29 18:19:50, Info CSI 0000028a [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:19:50, Info CSI 0000028b [SR] Beginning Verify
and Repair transaction
2012-05-29 18:19:57, Info CSI 0000028d [SR] Verify complete
2012-05-29 18:19:58, Info CSI 0000028e [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:19:58, Info CSI 0000028f [SR] Beginning Verify
and Repair transaction
2012-05-29 18:20:12, Info CSI 000002a0 [SR] Verify complete
2012-05-29 18:20:13, Info CSI 000002a1 [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:20:13, Info CSI 000002a2 [SR] Beginning Verify
and Repair transaction
2012-05-29 18:20:37, Info CSI 000002a4 [SR] Verify complete
2012-05-29 18:20:38, Info CSI 000002a5 [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:20:38, Info CSI 000002a6 [SR] Beginning Verify
and Repair transaction
2012-05-29 18:20:59, Info CSI 000002b4 [SR] Verify complete
2012-05-29 18:21:00, Info CSI 000002b5 [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:21:00, Info CSI 000002b6 [SR] Beginning Verify
and Repair transaction
2012-05-29 18:21:04, Info CSI 000002b8 [SR] Verify complete
2012-05-29 18:21:07, Info CSI 000002b9 [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:21:07, Info CSI 000002ba [SR] Beginning Verify
and Repair transaction
2012-05-29 18:21:22, Info CSI 000002be [SR] Verify complete
2012-05-29 18:21:23, Info CSI 000002bf [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:21:23, Info CSI 000002c0 [SR] Beginning Verify
and Repair transaction
2012-05-29 18:21:34, Info CSI 000002c2 [SR] Verify complete
2012-05-29 18:21:34, Info CSI 000002c3 [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:21:34, Info CSI 000002c4 [SR] Beginning Verify
and Repair transaction
2012-05-29 18:21:46, Info CSI 000002c6 [SR] Verify complete
2012-05-29 18:21:47, Info CSI 000002c7 [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:21:47, Info CSI 000002c8 [SR] Beginning Verify
and Repair transaction
2012-05-29 18:21:53, Info CSI 000002ca [SR] Verify complete
2012-05-29 18:21:54, Info CSI 000002cb [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:21:54, Info CSI 000002cc [SR] Beginning Verify
and Repair transaction
2012-05-29 18:22:08, Info CSI 000002d0 [SR] Verify complete
2012-05-29 18:22:09, Info CSI 000002d1 [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:22:09, Info CSI 000002d2 [SR] Beginning Verify
and Repair transaction
2012-05-29 18:22:29, Info CSI 000002ec [SR] Verify complete
2012-05-29 18:22:30, Info CSI 000002ed [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:22:30, Info CSI 000002ee [SR] Beginning Verify
and Repair transaction
2012-05-29 18:22:44, Info CSI 000002f0 [SR] Verify complete
2012-05-29 18:22:45, Info CSI 000002f1 [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:22:45, Info CSI 000002f2 [SR] Beginning Verify
and Repair transaction
2012-05-29 18:23:24, Info CSI 000002f4 [SR] Verify complete
2012-05-29 18:23:25, Info CSI 000002f5 [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:23:25, Info CSI 000002f6 [SR] Beginning Verify
and Repair transaction
2012-05-29 18:23:39, Info CSI 000002f8 [SR] Verify complete
2012-05-29 18:23:40, Info CSI 000002f9 [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:23:40, Info CSI 000002fa [SR] Beginning Verify
and Repair transaction
2012-05-29 18:23:50, Info CSI 000002fc [SR] Verify complete
2012-05-29 18:23:51, Info CSI 000002fd [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:23:51, Info CSI 000002fe [SR] Beginning Verify
and Repair transaction
2012-05-29 18:24:16, Info CSI 00000301 [SR] Verify complete
2012-05-29 18:24:18, Info CSI 00000302 [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:24:18, Info CSI 00000303 [SR] Beginning Verify
and Repair transaction
2012-05-29 18:24:30, Info CSI 00000305 [SR] Verify complete
2012-05-29 18:24:31, Info CSI 00000306 [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:24:31, Info CSI 00000307 [SR] Beginning Verify
and Repair transaction
2012-05-29 18:24:40, Info CSI 00000309 [SR] Verify complete
2012-05-29 18:24:41, Info CSI 0000030a [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:24:41, Info CSI 0000030b [SR] Beginning Verify
and Repair transaction
2012-05-29 18:24:49, Info CSI 0000030d [SR] Verify complete
2012-05-29 18:24:50, Info CSI 0000030e [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:24:50, Info CSI 0000030f [SR] Beginning Verify
and Repair transaction
2012-05-29 18:25:00, Info CSI 00000312 [SR] Verify complete
2012-05-29 18:25:01, Info CSI 00000313 [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:25:01, Info CSI 00000314 [SR] Beginning Verify
and Repair transaction
2012-05-29 18:25:12, Info CSI 00000316 [SR] Verify complete
2012-05-29 18:25:14, Info CSI 00000317 [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:25:14, Info CSI 00000318 [SR] Beginning Verify
and Repair transaction
2012-05-29 18:25:27, Info CSI 0000031b [SR] Verify complete
2012-05-29 18:25:28, Info CSI 0000031c [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:25:28, Info CSI 0000031d [SR] Beginning Verify
and Repair transaction
2012-05-29 18:25:50, Info CSI 00000320 [SR] Verify complete
2012-05-29 18:25:51, Info CSI 00000321 [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:25:51, Info CSI 00000322 [SR] Beginning Verify
and Repair transaction
2012-05-29 18:26:23, Info CSI 00000324 [SR] Verify complete
2012-05-29 18:26:25, Info CSI 00000325 [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:26:25, Info CSI 00000326 [SR] Beginning Verify
and Repair transaction
2012-05-29 18:26:37, Info CSI 00000328 [SR] Verify complete
2012-05-29 18:26:40, Info CSI 00000329 [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:26:40, Info CSI 0000032a [SR] Beginning Verify
and Repair transaction
2012-05-29 18:26:50, Info CSI 0000032c [SR] Verify complete
2012-05-29 18:26:52, Info CSI 0000032d [SR] Verifying 100 (0
x0000000000000064) components
2012-05-29 18:26:52, Info CSI 0000032e [SR] Beginning Verify
and Repair transaction
2012-05-29 18:27:05, Info CSI 00000330 [SR] Verify complete
2012-05-29 18:27:05, Info CSI 00000331 [SR] Verifying 14 (0x
000000000000000e) components
2012-05-29 18:27:05, Info CSI 00000332 [SR] Beginning Verify
and Repair transaction
2012-05-29 18:27:06, Info CSI 00000334 [SR] Verify complete
2012-05-29 18:27:06, Info CSI 00000335 [SR] Repairing 4 comp
onents
2012-05-29 18:27:06, Info CSI 00000336 [SR] Beginning Verify
and Repair transaction
2012-05-29 18:27:06, Info CSI 00000337 [SR] Cannot repair me
mber file [l:30{15}]"dfsrres.dll.mui" of Microsoft-Windows-DFSR-Core-ClientOnly.
Resources, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Cult
ure = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf385
6ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file
is missing
2012-05-29 18:27:07, Info CSI 00000339 [SR] Cannot repair me
mber file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6
001.18000, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope
= 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName ne
utral, PublicKey neutral in the store, hash mismatch
2012-05-29 18:27:07, Info CSI 0000033a [SR] Cannot verify co
mponent files for Microsoft-Windows-VirtualDiskService-BasicProvider.Resources,
Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture = [l:10
{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35},
Type neutral, TypeName neutral, PublicKey neutral, manifest may be damaged (TRU
E)
2012-05-29 18:27:07, Info CSI 0000033c [SR] Cannot repair me
mber file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6
001.18000, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, Vers
ionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, Ty
peName neutral, PublicKey neutral in the store, hash mismatch
2012-05-29 18:27:07, Info CSI 0000033e [SR] Cannot repair me
mber file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6
001.18000, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope
= 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName ne
utral, PublicKey neutral in the store, hash mismatch
2012-05-29 18:27:07, Info CSI 0000033f [SR] This component w
as referenced by [l:162{81}]"Package_20_for_KB936330~31bf3856ad364e35~amd64~~6.0
.1.18000.936330-33_neutral_GDR"
2012-05-29 18:27:07, Info CSI 00000342 [SR] Could not reproj
ect corrupted file [ml:520{260},l:72{36}]"\??\C:\Program Files\Windows Sidebar"\
[l:24{12}]"settings.ini"; source file in store is also corrupted
2012-05-29 18:27:07, Info CSI 00000343 [SR] Cannot repair me
mber file [l:30{15}]"dfsrres.dll.mui" of Microsoft-Windows-DFSR-Core-ClientOnly.
Resources, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Cult
ure = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf385
6ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file
is missing
2012-05-29 18:27:07, Info CSI 00000344 [SR] This component w
as referenced by [l:168{84}]"Package_19_for_KB936330~31bf3856ad364e35~amd64~en-U
S~6.0.1.18000.936330-32_en-us_GDR"
2012-05-29 18:27:07, Info CSI 00000345 [SR] Could not reproj
ect corrupted file [ml:520{260},l:58{29}]"\??\C:\Windows\System32\en-US"\[l:30{1
5}]"dfsrres.dll.mui"; source file in store is also corrupted
2012-05-29 18:27:07, Info CSI 00000347 [SR] Cannot repair me
mber file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6
001.18000, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, Vers
ionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, Ty
peName neutral, PublicKey neutral in the store, hash mismatch
2012-05-29 18:27:07, Info CSI 00000348 [SR] This component w
as referenced by [l:162{81}]"Package_20_for_KB936330~31bf3856ad364e35~amd64~~6.0
.1.18000.936330-33_neutral_GDR"
2012-05-29 18:27:07, Info CSI 0000034b [SR] Could not reproj
ect corrupted file [ml:520{260},l:84{42}]"\??\C:\Program Files (x86)\Windows Sid
ebar"\[l:24{12}]"settings.ini"; source file in store is also corrupted
2012-05-29 18:27:07, Info CSI 0000034d [SR] Repair complete
2012-05-29 18:27:07, Info CSI 0000034e [SR] Committing trans
action
2012-05-29 18:27:08, Info CSI 00000352 [SR] Verify and Repai
r Transaction completed. All files and registry keys listed in this transaction
have been successfully repaired





























ORIGINAL TSDSS KILLER SCAN:


13:11:27.0663 5924 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
13:11:28.0080 5924 ============================================================
13:11:28.0080 5924 Current date / time: 2012/05/23 13:11:28.0080
13:11:28.0080 5924 SystemInfo:
13:11:28.0080 5924
13:11:28.0080 5924 OS Version: 6.0.6001 ServicePack: 1.0
13:11:28.0080 5924 Product type: Workstation
13:11:28.0081 5924 ComputerName: COMP
13:11:28.0081 5924 UserName: jake
13:11:28.0081 5924 Windows directory: C:\Windows
13:11:28.0081 5924 System windows directory: C:\Windows
13:11:28.0081 5924 Running under WOW64
13:11:28.0081 5924 Processor architecture: Intel x64
13:11:28.0081 5924 Number of processors: 2
13:11:28.0081 5924 Page size: 0x1000
13:11:28.0081 5924 Boot type: Normal boot
13:11:28.0081 5924 ============================================================
13:11:35.0900 5924 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:11:35.0929 5924 ============================================================
13:11:35.0929 5924 \Device\Harddisk0\DR0:
13:11:35.0930 5924 MBR partitions:
13:11:35.0930 5924 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x23A01000
13:11:35.0930 5924 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23A01800, BlocksNum 0x1A2B800
13:11:35.0930 5924 ============================================================
13:11:36.0015 5924 C: <-> \Device\Harddisk0\DR0\Partition0
13:11:36.0092 5924 D: <-> \Device\Harddisk0\DR0\Partition1
13:11:36.0092 5924 ============================================================
13:11:36.0092 5924 Initialize success
13:11:36.0092 5924 ============================================================
13:11:47.0332 5872 ============================================================
13:11:47.0332 5872 Scan started
13:11:47.0332 5872 Mode: Manual;
13:11:47.0332 5872 ============================================================
13:11:50.0851 5872 Accelerometer (60fbb29ccce48b4c3a6517caf42c3496) C:\Windows\system32\DRIVERS\Accelerometer.sys
13:11:50.0853 5872 Accelerometer - ok
13:11:51.0000 5872 ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys
13:11:51.0024 5872 ACPI - ok
13:11:51.0301 5872 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
13:11:51.0318 5872 adp94xx - ok
13:11:51.0436 5872 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
13:11:51.0447 5872 adpahci - ok
13:11:51.0495 5872 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
13:11:51.0500 5872 adpu160m - ok
13:11:51.0612 5872 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
13:11:51.0619 5872 adpu320 - ok
13:11:51.0831 5872 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
13:11:51.0834 5872 AeLookupSvc - ok
13:11:51.0998 5872 AESTFilters (7f66523a27754afcfecae2f5eb643a4a) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe
13:11:52.0002 5872 AESTFilters - ok
13:11:52.0319 5872 AFD (9bb97042fa331a0fb4bdd98b9280a50a) C:\Windows\system32\drivers\afd.sys
13:11:52.0338 5872 AFD - ok
13:11:52.0431 5872 AgereModemAudio (8b0d8b5bafd4c9d57b41426bc68b32f9) C:\Windows\system32\agr64svc.exe
13:11:52.0432 5872 AgereModemAudio - ok
13:11:52.0823 5872 AgereSoftModem (3627a62b10284ffbf862bfd49928edf4) C:\Windows\system32\DRIVERS\agrsm64.sys
13:11:52.0867 5872 AgereSoftModem - ok
13:11:53.0003 5872 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
13:11:53.0006 5872 agp440 - ok
13:11:53.0285 5872 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
13:11:53.0307 5872 aic78xx - ok
13:11:54.0628 5872 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll
13:11:54.0628 5872 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7
13:11:54.0646 5872 Akamai ( HiddenFile.Multi.Generic ) - warning
13:11:54.0646 5872 Akamai - detected HiddenFile.Multi.Generic (1)
13:11:54.0806 5872 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
13:11:54.0810 5872 ALG - ok
13:11:54.0914 5872 aliide (e0ca5bb8e6c79533dc6b1da7361a201e) C:\Windows\system32\drivers\aliide.sys
13:11:54.0918 5872 aliide - ok
13:11:54.0943 5872 amdide (7034f8d1b9703d711d3f92c95deb377d) C:\Windows\system32\drivers\amdide.sys
13:11:54.0946 5872 amdide - ok
13:11:55.0051 5872 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
13:11:55.0054 5872 AmdK8 - ok
13:11:55.0213 5872 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
13:11:55.0217 5872 Appinfo - ok
13:11:55.0708 5872 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:11:55.0710 5872 Apple Mobile Device - ok
13:11:55.0830 5872 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
13:11:55.0836 5872 arc - ok
13:11:55.0891 5872 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
13:11:55.0896 5872 arcsas - ok
13:11:56.0109 5872 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:11:56.0184 5872 aspnet_state - ok
13:11:56.0270 5872 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
13:11:56.0273 5872 AsyncMac - ok
13:11:56.0305 5872 atapi (aca311fac841a06e4a7ef9a0f1c195f8) C:\Windows\system32\drivers\atapi.sys
13:11:56.0306 5872 atapi - ok
13:11:57.0117 5872 athr (19f0adc93e97c4d41afe40407bf61ca8) C:\Windows\system32\DRIVERS\athrx.sys
13:11:57.0282 5872 athr - ok
13:11:57.0791 5872 Ati External Event Utility (31c5a1c3c0dcd34720b6bf59940cc9f3) C:\Windows\system32\Ati2evxx.exe
13:11:57.0820 5872 Ati External Event Utility - ok
13:11:58.0711 5872 atikmdag (a4379447148ee55330768cc491ee999e) C:\Windows\system32\DRIVERS\atikmdag.sys
13:11:58.0853 5872 atikmdag - ok
13:11:59.0216 5872 AtiPcie (db0d3de15edc96e7529fc0d3f7760894) C:\Windows\system32\DRIVERS\AtiPcie.sys
13:11:59.0219 5872 AtiPcie - ok
13:11:59.0409 5872 AudioEndpointBuilder (2a54b6a48ab6d2166271b05e9469326e) C:\Windows\System32\Audiosrv.dll
13:11:59.0433 5872 AudioEndpointBuilder - ok
13:11:59.0447 5872 AudioSrv (2a54b6a48ab6d2166271b05e9469326e) C:\Windows\System32\Audiosrv.dll
13:11:59.0455 5872 AudioSrv - ok
13:11:59.0742 5872 Autodesk Content Service (1992c2a1867d95aa3a0802539358d162) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
13:11:59.0746 5872 Autodesk Content Service - ok
13:12:00.0015 5872 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
13:12:00.0016 5872 Avgfwfd - ok
13:12:02.0715 5872 avgfws (3f246752bc1309f71a737c6a90dd5295) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
13:12:02.0890 5872 avgfws - ok
13:12:05.0932 5872 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
13:12:06.0510 5872 AVGIDSAgent - ok
13:12:07.0010 5872 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
13:12:07.0012 5872 AVGIDSDriver - ok
13:12:07.0282 5872 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
13:12:07.0315 5872 AVGIDSFilter - ok
13:12:07.0540 5872 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
13:12:07.0541 5872 AVGIDSHA - ok
13:12:07.0732 5872 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
13:12:07.0737 5872 Avgldx64 - ok
13:12:07.0791 5872 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
13:12:07.0792 5872 Avgmfx64 - ok
13:12:07.0931 5872 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
13:12:07.0934 5872 Avgrkx64 - ok
13:12:08.0078 5872 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
13:12:08.0085 5872 Avgtdia - ok
13:12:08.0803 5872 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
13:12:08.0841 5872 avgwd - ok
13:12:09.0007 5872 BHDrvx64 (4d7f8401eae7eaa4ef702fa6f4153269) C:\Windows\System32\Drivers\N360x64\0308000.029\BHDrvx64.sys
13:12:09.0013 5872 BHDrvx64 - ok
13:12:09.0275 5872 BITS (d896a0d43f8ab81ecb1fc6c24decfd58) C:\Windows\System32\qmgr.dll
13:12:09.0353 5872 BITS - ok
13:12:09.0544 5872 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
13:12:09.0553 5872 blbdrive - ok
13:12:09.0958 5872 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
13:12:09.0971 5872 Bonjour Service - ok
13:12:10.0070 5872 bowser (f0f035fcec3554cc1b70c5611bd87951) C:\Windows\system32\DRIVERS\bowser.sys
13:12:10.0108 5872 bowser - ok
13:12:10.0229 5872 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
13:12:10.0232 5872 BrFiltLo - ok
13:12:10.0370 5872 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
13:12:10.0373 5872 BrFiltUp - ok
13:12:10.0575 5872 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
13:12:10.0588 5872 Browser - ok
13:12:10.0685 5872 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
13:12:10.0691 5872 Brserid - ok
13:12:10.0828 5872 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
13:12:10.0833 5872 BrSerWdm - ok
13:12:10.0861 5872 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
13:12:10.0865 5872 BrUsbMdm - ok
13:12:10.0885 5872 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
13:12:10.0888 5872 BrUsbSer - ok
13:12:11.0102 5872 BthEnum (471ff09330a53177bbe9fd6ddf8a8259) C:\Windows\system32\DRIVERS\BthEnum.sys
13:12:11.0187 5872 BthEnum - ok
13:12:11.0494 5872 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
13:12:11.0499 5872 BTHMODEM - ok
13:12:11.0809 5872 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
13:12:11.0816 5872 BthPan - ok
13:12:12.0038 5872 BTHPORT (7d104f22c04a76f0d2f96f789ac07fcb) C:\Windows\system32\Drivers\BTHport.sys
13:12:12.0101 5872 BTHPORT - ok
13:12:12.0147 5872 BthServ (90e967b4bb5556edc9c2ea0eb653d1b2) C:\Windows\System32\bthserv.dll
13:12:12.0242 5872 BthServ - ok
13:12:12.0276 5872 BTHUSB (d9324f0c142267961ce900bfc3798bb1) C:\Windows\system32\Drivers\BTHUSB.sys
13:12:12.0279 5872 BTHUSB - ok
13:12:12.0431 5872 BTWUSB (9b998c49a1eb2285dfe9410ce345fb2d) C:\Windows\system32\Drivers\btwusb.sys
13:12:12.0507 5872 BTWUSB - ok
13:12:12.0934 5872 ccHP (1b79efc84b924a6932bb9d2a549de5c9) C:\Windows\System32\Drivers\N360x64\0308000.029\ccHPx64.sys
13:12:12.0945 5872 ccHP - ok
13:12:13.0128 5872 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
13:12:13.0132 5872 cdfs - ok
13:12:13.0316 5872 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
13:12:13.0320 5872 cdrom - ok
13:12:13.0443 5872 CertPropSvc (edfffc8b6afb609bf33dbe0a900426b6) C:\Windows\System32\certprop.dll
13:12:13.0447 5872 CertPropSvc - ok
13:12:13.0483 5872 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
13:12:13.0487 5872 circlass - ok
13:12:13.0589 5872 CLFS (c12c4ee07843b595036da0baa6317936) C:\Windows\system32\CLFS.sys
13:12:13.0607 5872 CLFS - ok
13:12:13.0698 5872 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:12:13.0709 5872 clr_optimization_v2.0.50727_32 - ok
13:12:13.0828 5872 clr_optimization_v2.0.50727_64 (fa58b51ed71c9133e141164eaa7c54eb) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:12:13.0834 5872 clr_optimization_v2.0.50727_64 - ok
13:12:14.0004 5872 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:12:14.0158 5872 clr_optimization_v4.0.30319_32 - ok
13:12:14.0780 5872 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:12:14.0910 5872 clr_optimization_v4.0.30319_64 - ok
13:12:15.0040 5872 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
13:12:15.0043 5872 CmBatt - ok
13:12:15.0065 5872 cmdide (8c6aa24c1d7273a02284588426ab8ce3) C:\Windows\system32\drivers\cmdide.sys
13:12:15.0071 5872 cmdide - ok
13:12:16.0139 5872 CodeMeter.exe (f4715e16e8ca5aaf0523f1c7ea25c29c) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
13:12:16.0210 5872 CodeMeter.exe - ok
13:12:17.0322 5872 Com4QLBEx (12e94e225bd7b05a2bccd5c0b841e921) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
13:12:17.0409 5872 Com4QLBEx - ok
13:12:18.0342 5872 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
13:12:18.0345 5872 Compbatt - ok
13:12:18.0353 5872 COMSysApp - ok
13:12:18.0373 5872 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
13:12:18.0376 5872 crcdisk - ok
13:12:18.0598 5872 CryptSvc (4374f784121d8b3bb466b03f5e5ebd33) C:\Windows\system32\cryptsvc.dll
13:12:18.0677 5872 CryptSvc - ok
13:12:18.0847 5872 DcomLaunch (52cdade8289ff21f1f2215ff51a5f36c) C:\Windows\system32\rpcss.dll
13:12:18.0931 5872 DcomLaunch - ok
13:12:19.0010 5872 DfsC (3725c43c9e90731eca651d506cc599a3) C:\Windows\system32\Drivers\dfsc.sys
13:12:19.0093 5872 DfsC - ok
13:12:20.0475 5872 DFSR (1781f99840979ee7b126c9073c377fd0) C:\Windows\system32\DFSR.exe
13:12:20.0648 5872 DFSR - ok
13:12:21.0211 5872 Dhcp (fdaa0edfcfb70cd529589ad654651b40) C:\Windows\System32\dhcpcsvc.dll
13:12:21.0303 5872 Dhcp - ok
13:12:21.0402 5872 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
13:12:21.0410 5872 disk - ok
13:12:21.0521 5872 Dnscache (daf05293c1264e251d3a25e7e24b2ddf) C:\Windows\System32\dnsrslvr.dll
13:12:21.0535 5872 Dnscache - ok
13:12:21.0589 5872 dot3svc (cc661867677627f2911c2a4970dee0f1) C:\Windows\System32\dot3svc.dll
13:12:21.0602 5872 dot3svc - ok
13:12:21.0722 5872 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
13:12:21.0735 5872 Dot4 - ok
13:12:21.0758 5872 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:12:21.0762 5872 Dot4Print - ok
13:12:21.0783 5872 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
13:12:21.0787 5872 dot4usb - ok
13:12:21.0984 5872 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
13:12:22.0161 5872 DPS - ok
13:12:22.0258 5872 drmkaud (97dc2a789c1be458976507846a1a8ced) C:\Windows\system32\drivers\drmkaud.sys
13:12:22.0261 5872 drmkaud - ok
13:12:22.0658 5872 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
13:12:22.0764 5872 DXGKrnl - ok
13:12:22.0824 5872 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
13:12:22.0837 5872 E1G60 - ok
13:12:22.0873 5872 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
13:12:22.0879 5872 EapHost - ok
13:12:22.0975 5872 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
13:12:23.0042 5872 Ecache - ok
13:12:24.0109 5872 eeCtrl (eb0883462ac43829e47929d705d40933) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
13:12:24.0117 5872 eeCtrl - ok
13:12:24.0611 5872 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
13:12:24.0627 5872 ehRecvr - ok
13:12:24.0662 5872 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
13:12:24.0674 5872 ehSched - ok
13:12:24.0694 5872 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
13:12:24.0696 5872 ehstart - ok
13:12:24.0755 5872 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
13:12:24.0867 5872 elxstor - ok
13:12:24.0969 5872 EMDMgmt (e4eb76d0a8fc43db7f36302e1f33791f) C:\Windows\system32\emdmgmt.dll
13:12:25.0013 5872 EMDMgmt - ok
13:12:25.0119 5872 enecir (3a70dc8951b995c73a22b9a23210833e) C:\Windows\system32\DRIVERS\enecir.sys
13:12:25.0125 5872 enecir - ok
13:12:25.0198 5872 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
13:12:25.0200 5872 ErrDev - ok
13:12:25.0732 5872 EventSystem (6b1a97bf9fefbdc83f3c7c7d0f826c66) C:\Windows\system32\es.dll
13:12:25.0749 5872 EventSystem - ok
13:12:25.0793 5872 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
13:12:25.0814 5872 exfat - ok
13:12:25.0907 5872 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
13:12:25.0973 5872 fastfat - ok
13:12:26.0177 5872 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
13:12:26.0187 5872 fdc - ok
13:12:26.0627 5872 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
13:12:26.0633 5872 fdPHost - ok
13:12:26.0686 5872 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
13:12:26.0691 5872 FDResPub - ok
13:12:26.0715 5872 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
13:12:26.0720 5872 FileInfo - ok
13:12:26.0868 5872 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
13:12:26.0966 5872 Filetrace - ok
13:12:28.0030 5872 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:12:28.0086 5872 FLEXnet Licensing Service - ok
13:12:29.0304 5872 FLEXnet Licensing Service 64 (5cee6cd43ae5844c49300ea0b1e557ee) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
13:12:29.0559 5872 FLEXnet Licensing Service 64 - ok
13:12:30.0831 5872 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
13:12:30.0833 5872 flpydisk - ok
13:12:31.0010 5872 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
13:12:31.0089 5872 FltMgr - ok
13:12:31.0217 5872 FontCache3.0.0.0 (73d0f1d32edae3dcc4e84468bf910add) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:12:31.0220 5872 FontCache3.0.0.0 - ok
13:12:31.0709 5872 FreeAgentGoNext Service (81b4a2c6c9bd17ffb6031a0a61c09764) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
13:12:31.0727 5872 FreeAgentGoNext Service - ok
13:12:31.0751 5872 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
13:12:31.0754 5872 Fs_Rec - ok
13:12:31.0805 5872 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
13:12:31.0810 5872 gagp30kx - ok
13:12:31.0850 5872 GameConsoleService - ok
13:12:31.0983 5872 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:12:31.0985 5872 GEARAspiWDM - ok
13:12:32.0789 5872 gpsvc (9e5b254d58232ec8921ec3c5a94c81ed) C:\Windows\System32\gpsvc.dll
13:12:32.0824 5872 gpsvc - ok
13:12:33.0136 5872 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:12:33.0140 5872 gupdate - ok
13:12:33.0297 5872 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:12:33.0299 5872 gupdatem - ok
13:12:33.0400 5872 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:12:33.0408 5872 gusvc - ok
13:12:33.0551 5872 hcmon (5bf776abedea06b0779c82e9d54b58d7) C:\Windows\system32\drivers\hcmon.sys
13:12:33.0553 5872 hcmon - ok
13:12:33.0932 5872 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
13:12:33.0941 5872 HdAudAddService - ok
13:12:34.0088 5872 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:12:34.0090 5872 HDAudBus - ok
13:12:34.0121 5872 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
13:12:34.0134 5872 HidBth - ok
13:12:34.0208 5872 HidIr (1d4e03e5c5ba4c3679c38cb6b4c60d5f) C:\Windows\system32\DRIVERS\hidir.sys
13:12:34.0210 5872 HidIr - ok
13:12:34.0274 5872 hidserv (0aa154538544e988429da2d5aa803a6c) C:\Windows\System32\hidserv.dll
13:12:34.0277 5872 hidserv - ok
13:12:34.0517 5872 HidUsb (59a7b5e13356c20d67983868242167c5) C:\Windows\system32\DRIVERS\hidusb.sys
13:12:34.0520 5872 HidUsb - ok
13:12:34.0547 5872 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
13:12:34.0553 5872 hkmsvc - ok
13:12:34.0938 5872 HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
13:12:34.0941 5872 HP Health Check Service - ok
13:12:35.0060 5872 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
13:12:35.0065 5872 HpCISSs - ok
13:12:35.0194 5872 hpdskflt (4a435ca815a54639ca09ddf75d751ebc) C:\Windows\system32\DRIVERS\hpdskflt.sys
13:12:35.0197 5872 hpdskflt - ok
13:12:35.0552 5872 hpqcxs08 (ed377b3c83fdea8d906109a085d219ba) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
13:12:35.0635 5872 hpqcxs08 - ok
13:12:35.0706 5872 hpqddsvc (ee4c7a4cf2316701ffde90f404520265) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
13:12:35.0724 5872 hpqddsvc - ok
13:12:35.0745 5872 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
13:12:35.0748 5872 HpqKbFiltr - ok
13:12:36.0205 5872 hpqwmiex (188ff0adf66768d53ad94f43972e1e9a) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
13:12:36.0407 5872 hpqwmiex - ok
13:12:36.0578 5872 hpsrv (6bf024ea61d7894bf4af0b10a90b546e) C:\Windows\system32\Hpservice.exe
13:12:36.0580 5872 hpsrv - ok
13:12:36.0648 5872 HssDrv (a60c877e1cd3aa2e4e5ccd8af305c0f1) C:\Windows\system32\DRIVERS\HssDrv.sys
13:12:36.0652 5872 HssDrv - ok
13:12:37.0138 5872 HTTP (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys
13:12:37.0211 5872 HTTP - ok
13:12:37.0411 5872 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
13:12:37.0414 5872 i2omp - ok
13:12:37.0517 5872 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
13:12:37.0590 5872 i8042prt - ok
13:12:39.0845 5872 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
13:12:40.0010 5872 iaStorV - ok
13:12:40.0675 5872 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
13:12:40.0688 5872 IDriverT - ok
13:12:41.0749 5872 idsvc (76ea63cdb2d88dae7209691d089bef1d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:12:41.0876 5872 idsvc - ok
13:12:42.0560 5872 IDSVia64 (d321ff68ff6986bcc18fe85943cb55ef) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110628.031\IDSvia64.sys
13:12:42.0568 5872 IDSVia64 - ok
13:12:44.0527 5872 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
13:12:44.0536 5872 iirsp - ok
13:12:44.0741 5872 IKEEXT (3a3b232140c33376e134e7b61a0eaa44) C:\Windows\System32\ikeext.dll
13:12:44.0778 5872 IKEEXT - ok
13:12:44.0942 5872 intelide (475490caf376e55e6e8b37bbdfeb2e81) C:\Windows\system32\drivers\intelide.sys
13:12:45.0018 5872 intelide - ok
13:12:45.0816 5872 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
13:12:45.0904 5872 intelppm - ok
13:12:46.0646 5872 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
13:12:46.0746 5872 IPBusEnum - ok
13:12:47.0289 5872 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:12:47.0295 5872 IpFilterDriver - ok
13:12:47.0477 5872 iphlpsvc (3a0427f35e7f8c16bbc5b1be32b8de76) C:\Windows\System32\iphlpsvc.dll
13:12:47.0523 5872 iphlpsvc - ok
13:12:47.0531 5872 IpInIp - ok
13:12:47.0616 5872 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
13:12:47.0621 5872 IPMIDRV - ok
13:12:47.0678 5872 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
13:12:47.0833 5872 IPNAT - ok
13:12:48.0925 5872 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
13:12:49.0090 5872 iPod Service - ok
13:12:49.0162 5872 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
13:12:49.0164 5872 IRENUM - ok
13:12:49.0612 5872 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
13:12:49.0614 5872 isapnp - ok
13:12:49.0977 5872 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
13:12:49.0981 5872 iScsiPrt - ok
13:12:50.0252 5872 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
13:12:50.0255 5872 iteatapi - ok
13:12:50.0522 5872 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
13:12:50.0589 5872 iteraid - ok
13:12:51.0036 5872 JMCR (15371306d1adbbf35e475c8da516a956) C:\Windows\system32\DRIVERS\jmcr.sys
13:12:51.0040 5872 JMCR - ok
13:12:51.0163 5872 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
13:12:51.0165 5872 kbdclass - ok
13:12:51.0347 5872 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
13:12:51.0412 5872 kbdhid - ok
13:12:51.0606 5872 KeyIso (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
13:12:51.0610 5872 KeyIso - ok
13:12:52.0318 5872 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
13:12:52.0540 5872 KSecDD - ok
13:12:52.0755 5872 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
13:12:52.0757 5872 ksthunk - ok
13:12:53.0978 5872 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
13:12:54.0013 5872 KtmRm - ok
13:12:55.0110 5872 LanmanServer (3f27c9cdae606d74431e3ab39571a7f3) C:\Windows\System32\srvsvc.dll
13:12:55.0175 5872 LanmanServer - ok
13:12:55.0407 5872 LanmanWorkstation (6e25ffc6fead6544c6e9f1d23329570c) C:\Windows\System32\wkssvc.dll
13:12:55.0419 5872 LanmanWorkstation - ok
13:12:55.0604 5872 libusb0 (020dfdb1927c996c990e70ed86cfdb06) C:\Windows\system32\DRIVERS\libusb0.sys
13:12:55.0606 5872 libusb0 - ok
13:12:56.0174 5872 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
13:12:56.0316 5872 lltdio - ok
13:12:57.0138 5872 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
13:12:57.0199 5872 lltdsvc - ok
13:12:57.0316 5872 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
13:12:57.0320 5872 lmhosts - ok
13:12:57.0748 5872 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
13:12:57.0760 5872 LSI_FC - ok
13:12:58.0199 5872 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
13:12:58.0285 5872 LSI_SAS - ok
13:12:58.0625 5872 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
13:12:58.0632 5872 LSI_SCSI - ok
13:12:58.0661 5872 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
13:12:58.0665 5872 luafv - ok
13:12:58.0896 5872 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
13:12:58.0898 5872 MBAMProtector - ok
13:13:00.0481 5872 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:13:00.0491 5872 MBAMService - ok
13:13:00.0902 5872 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
13:13:00.0909 5872 Mcx2Svc - ok
13:13:01.0030 5872 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
13:13:01.0034 5872 megasas - ok
13:13:01.0778 5872 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
13:13:01.0899 5872 MegaSR - ok
13:13:02.0295 5872 Microsoft SharePoint Workspace Audit Service - ok
13:13:02.0610 5872 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
13:13:02.0614 5872 MMCSS - ok
13:13:02.0773 5872 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
13:13:02.0848 5872 Modem - ok
13:13:03.0099 5872 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
13:13:03.0101 5872 monitor - ok
13:13:03.0170 5872 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
13:13:03.0173 5872 mouclass - ok
13:13:03.0301 5872 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
13:13:03.0303 5872 mouhid - ok
13:13:03.0652 5872 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
13:13:03.0656 5872 MountMgr - ok
13:13:04.0259 5872 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
13:13:04.0287 5872 mpio - ok
13:13:04.0573 5872 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
13:13:04.0661 5872 mpsdrv - ok
13:13:04.0696 5872 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
13:13:04.0816 5872 Mraid35x - ok
13:13:05.0248 5872 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
13:13:05.0314 5872 MRxDAV - ok
13:13:05.0812 5872 mrxsmb (b698eb9acc7ecd4927d99d268918f912) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:13:05.0818 5872 mrxsmb - ok
13:13:06.0665 5872 mrxsmb10 (9a797e27fd28500ee13d43000c931435) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:13:07.0013 5872 mrxsmb10 - ok
13:13:07.0239 5872 mrxsmb20 (f9425d610712533107a264e2d5b2154b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:13:07.0246 5872 mrxsmb20 - ok
13:13:07.0842 5872 msahci (9ac2055e4f5d8eb3c2ba6bd17aaf7719) C:\Windows\system32\drivers\msahci.sys
13:13:07.0844 5872 msahci - ok
13:13:08.0025 5872 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
13:13:08.0030 5872 msdsm - ok
13:13:08.0433 5872 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
13:13:08.0442 5872 MSDTC - ok
13:13:09.0254 5872 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
13:13:09.0260 5872 Msfs - ok
13:13:09.0681 5872 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
13:13:09.0684 5872 msisadrv - ok
13:13:10.0296 5872 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
13:13:10.0303 5872 MSiSCSI - ok
13:13:10.0455 5872 msiserver - ok
13:13:10.0838 5872 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
13:13:10.0848 5872 MSKSSRV - ok
13:13:10.0920 5872 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
13:13:10.0924 5872 MSPCLOCK - ok
13:13:10.0959 5872 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
13:13:10.0962 5872 MSPQM - ok
13:13:11.0113 5872 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
13:13:11.0132 5872 MsRPC - ok
13:13:11.0161 5872 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
13:13:11.0163 5872 mssmbios - ok
13:13:11.0540 5872 MSSQL$SQLEXPRESS - ok
13:13:11.0771 5872 MSSQLServerADHelper100 (7a2a8c975356858eb38466a6b1592e8d) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
13:13:11.0775 5872 MSSQLServerADHelper100 - ok
13:13:11.0836 5872 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
13:13:11.0840 5872 MSTEE - ok
13:13:11.0941 5872 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
13:13:11.0945 5872 Mup - ok
13:13:12.0244 5872 N360 (ee215321e83be72ab77b6627fd149eae) C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
13:13:12.0248 5872 N360 - ok
13:13:12.0777 5872 napagent (c25022cdd18980846973b598900915f8) C:\Windows\system32\qagentRT.dll
13:13:12.0803 5872 napagent - ok
13:13:12.0947 5872 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
13:13:12.0966 5872 NativeWifiP - ok
13:13:13.0151 5872 NAVENG - ok
13:13:13.0193 5872 NAVEX15 - ok
13:13:13.0478 5872 NDIS (2a2ee457af36c5c9a6808c768bd3a12b) C:\Windows\system32\drivers\ndis.sys
13:13:13.0549 5872 NDIS - ok
13:13:13.0655 5872 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
13:13:13.0658 5872 NdisTapi - ok
13:13:13.0747 5872 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
13:13:13.0750 5872 Ndisuio - ok
13:13:13.0840 5872 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
13:13:13.0902 5872 NdisWan - ok
13:13:14.0075 5872 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
13:13:14.0138 5872 NDProxy - ok
13:13:14.0273 5872 Net Driver HPZ12 (458a00528bf213a31f51896ec37b91f4) C:\Windows\system32\HPZinw12.dll
13:13:14.0279 5872 Net Driver HPZ12 - ok
13:13:14.0308 5872 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
13:13:14.0312 5872 NetBIOS - ok
13:13:14.0433 5872 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
13:13:14.0441 5872 netbt - ok
13:13:14.0625 5872 Netlogon (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
13:13:14.0628 5872 Netlogon - ok
13:13:14.0836 5872 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
13:13:14.0935 5872 Netman - ok
13:13:15.0287 5872 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:13:15.0331 5872 NetMsmqActivator - ok
13:13:15.0385 5872 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:13:15.0388 5872 NetPipeActivator - ok
13:13:15.0621 5872 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
13:13:15.0747 5872 netprofm - ok
13:13:15.0759 5872 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:13:15.0763 5872 NetTcpActivator - ok
13:13:15.0784 5872 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:13:15.0787 5872 NetTcpPortSharing - ok
13:13:17.0167 5872 NETw3v64 (c86984aee87900c1eeb6942ede3bf4b6) C:\Windows\system32\DRIVERS\NETw3v64.sys
13:13:17.0322 5872 NETw3v64 - ok
13:13:18.0227 5872 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
13:13:18.0295 5872 nfrd960 - ok
13:13:18.0431 5872 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
13:13:18.0497 5872 NlaSvc - ok
13:13:18.0975 5872 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
13:13:18.0977 5872 NPF - ok
13:13:19.0115 5872 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
13:13:19.0118 5872 Npfs - ok
13:13:19.0230 5872 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
13:13:19.0273 5872 nsi - ok
13:13:19.0304 5872 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
13:13:19.0312 5872 nsiproxy - ok
13:13:20.0386 5872 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
13:13:20.0538 5872 Ntfs - ok
13:13:21.0016 5872 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
13:13:21.0026 5872 Null - ok
13:13:21.0146 5872 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
13:13:21.0226 5872 nvraid - ok
13:13:21.0302 5872 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
13:13:21.0309 5872 nvstor - ok
13:13:21.0636 5872 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
13:13:21.0642 5872 nv_agp - ok
13:13:21.0651 5872 NwlnkFlt - ok
13:13:21.0666 5872 NwlnkFwd - ok
13:13:21.0954 5872 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
13:13:21.0958 5872 ohci1394 - ok
13:13:22.0527 5872 OpenVPNService (d29d5e61a5722630bb58940d1e4e231a) C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
13:13:22.0539 5872 OpenVPNService - ok
13:13:22.0968 5872 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:13:22.0975 5872 ose64 - ok
13:13:26.0074 5872 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:13:26.0769 5872 osppsvc - ok
13:13:28.0833 5872 p2pimsvc (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
13:13:29.0310 5872 p2pimsvc - ok
13:13:29.0351 5872 p2psvc (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
13:13:29.0376 5872 p2psvc - ok
13:13:30.0004 5872 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
13:13:30.0009 5872 Parport - ok
13:13:30.0333 5872 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
13:13:30.0338 5872 partmgr - ok
13:13:30.0525 5872 parvdm (5f22132c9153639762708909f156b33d) C:\Windows\system32\spooler.dll
13:13:30.0530 5872 parvdm ( Backdoor.Multi.ZAccess.gen ) - infected
13:13:30.0530 5872 parvdm - detected Backdoor.Multi.ZAccess.gen (0)
13:13:30.0817 5872 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
13:13:30.0824 5872 PcaSvc - ok
13:13:30.0926 5872 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
13:13:30.0933 5872 pci - ok
13:13:31.0030 5872 pciide (2c548d4e90bfc26fefdd5dbfc7a93e1e) C:\Windows\system32\drivers\pciide.sys
13:13:31.0034 5872 pciide - ok
13:13:31.0276 5872 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
13:13:31.0367 5872 pcmcia - ok
13:13:31.0549 5872 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
13:13:31.0568 5872 PEAUTH - ok
13:13:32.0436 5872 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
13:13:32.0441 5872 PerfHost - ok
13:13:34.0154 5872 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
13:13:34.0674 5872 pla - ok
13:13:35.0078 5872 PlugPlay (5aaa0c5534b05ed49919fcd9dbd11a5b) C:\Windows\system32\umpnpmgr.dll
13:13:35.0091 5872 PlugPlay - ok
13:13:35.0243 5872 Pml Driver HPZ12 (bb3bf7b26daadcbab3ba90c4bcf9e73c) C:\Windows\system32\HPZipm12.dll
13:13:35.0249 5872 Pml Driver HPZ12 - ok
13:13:35.0575 5872 PNRPAutoReg (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
13:13:35.0590 5872 PNRPAutoReg - ok
13:13:35.0612 5872 PNRPsvc (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
13:13:35.0628 5872 PNRPsvc - ok
13:13:36.0188 5872 PolicyAgent (eef3688d5e9592cbbbed00de71dda1ef) C:\Windows\System32\ipsecsvc.dll
13:13:36.0461 5872 PolicyAgent - ok
13:13:37.0040 5872 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
13:13:37.0044 5872 PptpMiniport - ok
13:13:37.0096 5872 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
13:13:37.0098 5872 Processor - ok
13:13:37.0335 5872 ProfSvc (b21fe10dad3ab59e78df7aa3fbf41e70) C:\Windows\system32\profsvc.dll
13:13:37.0402 5872 ProfSvc - ok
13:13:37.0524 5872 ProtectedStorage (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
13:13:37.0527 5872 ProtectedStorage - ok
13:13:37.0990 5872 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
13:13:38.0018 5872 PSched - ok
13:13:38.0700 5872 QBCFMonitorService (35dd92af8b4ec79162a6a013884797af) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
13:13:38.0702 5872 QBCFMonitorService - ok
13:13:39.0053 5872 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
13:13:39.0083 5872 QBFCService - ok
13:13:39.0738 5872 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
13:13:39.0834 5872 ql2300 - ok
13:13:39.0864 5872 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
13:13:39.0964 5872 ql40xx - ok
13:13:40.0013 5872 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
13:13:40.0119 5872 QWAVE - ok
13:13:40.0140 5872 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
13:13:40.0142 5872 QWAVEdrv - ok
13:13:40.0244 5872 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
13:13:40.0249 5872 RasAcd - ok
13:13:40.0278 5872 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
13:13:40.0360 5872 RasAuto - ok
13:13:41.0198 5872 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:13:41.0206 5872 Rasl2tp - ok
13:13:41.0421 5872 RasMan (d0c346d7df0df9b4899631796f177d56) C:\Windows\System32\rasmans.dll
13:13:41.0499 5872 RasMan - ok
13:13:41.0519 5872 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
13:13:41.0524 5872 RasPppoe - ok
13:13:42.0205 5872 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
13:13:42.0211 5872 RasSstp - ok
13:13:42.0410 5872 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
13:13:42.0506 5872 rdbss - ok
13:13:42.0585 5872 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:13:42.0588 5872 RDPCDD - ok
13:13:42.0962 5872 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
13:13:43.0030 5872 rdpdr - ok
13:13:43.0064 5872 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
13:13:43.0142 5872 RDPENCDD - ok
13:13:43.0193 5872 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
13:13:43.0265 5872 RDPWD - ok
13:13:43.0628 5872 RealNetworks Downloader Resolver Service (6b220cc1b8eb7f8723f5082f4a990b3c) C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
13:13:43.0630 5872 RealNetworks Downloader Resolver Service - ok
13:13:43.0876 5872 Recovery Service for Windows (c136bc5925b5bc50969ceb7ddd2bd7dd) C:\Program Files (x86)\SMINST\BLService.exe
13:13:43.0955 5872 Recovery Service for Windows - ok
13:13:44.0008 5872 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
13:13:44.0019 5872 RemoteAccess - ok
13:13:44.0283 5872 RemoteRegistry (416c611369cbe49074b89cee2f83abef) C:\Windows\system32\regsvc.dll
13:13:44.0352 5872 RemoteRegistry - ok
13:13:44.0552 5872 RFCOMM (72c35598ba591abddc37fce7d26fe1c4) C:\Windows\system32\DRIVERS\rfcomm.sys
13:13:44.0651 5872 RFCOMM - ok
13:13:45.0355 5872 RichVideo64 (0b169fe016039571ecc6db70073f8979) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
13:13:45.0405 5872 RichVideo64 - ok
13:13:45.0978 5872 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files (x86)\WinPcap\rpcapd.exe
13:13:46.0053 5872 rpcapd - ok
13:13:46.0222 5872 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
13:13:46.0230 5872 RpcLocator - ok
13:13:46.0563 5872 RpcSs (52cdade8289ff21f1f2215ff51a5f36c) C:\Windows\system32\rpcss.dll
13:13:46.0576 5872 RpcSs - ok
13:13:47.0085 5872 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
13:13:47.0169 5872 RsFx0103 - ok
13:13:47.0265 5872 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
13:13:47.0338 5872 rspndr - ok
13:13:47.0555 5872 RTL8169 (82b66abf055611024e5dbb9fa556c11d) C:\Windows\system32\DRIVERS\Rtlh64.sys
13:13:47.0644 5872 RTL8169 - ok
13:13:47.0721 5872 SamSs (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
13:13:47.0726 5872 SamSs - ok
13:13:47.0930 5872 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
13:13:47.0934 5872 sbp2port - ok
13:13:48.0349 5872 SCardSvr (f024d560fea06f8b56d673849eb89ae6) C:\Windows\System32\SCardSvr.dll
13:13:48.0363 5872 SCardSvr - ok
13:13:48.0540 5872 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
13:13:48.0542 5872 SCDEmu - ok
13:13:49.0375 5872 Schedule (ce75d26e0a1106129f4d156851e298ed) C:\Windows\system32\schedsvc.dll
13:13:49.0527 5872 Schedule - ok
13:13:49.0710 5872 SCPolicySvc (edfffc8b6afb609bf33dbe0a900426b6) C:\Windows\System32\certprop.dll
13:13:49.0712 5872 SCPolicySvc - ok
13:13:49.0996 5872 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
13:13:50.0021 5872 sdbus - ok
13:13:50.0280 5872 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
13:13:50.0314 5872 SDRSVC - ok
13:13:50.0364 5872 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:13:50.0366 5872 secdrv - ok
13:13:50.0505 5872 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
13:13:50.0510 5872 seclogon - ok
13:13:50.0708 5872 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
13:13:50.0753 5872 SENS - ok
13:13:50.0946 5872 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
13:13:50.0950 5872 Serenum - ok
13:13:51.0315 5872 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
13:13:51.0352 5872 Serial - ok
13:13:51.0559 5872 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
13:13:51.0562 5872 sermouse - ok
13:13:52.0052 5872 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
13:13:52.0094 5872 SessionEnv - ok
13:13:52.0211 5872 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
13:13:52.0213 5872 sffdisk - ok
13:13:52.0307 5872 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
13:13:52.0310 5872 sffp_mmc - ok
13:13:52.0438 5872 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
13:13:52.0443 5872 sffp_sd - ok
13:13:52.0489 5872 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
13:13:52.0492 5872 sfloppy - ok
13:13:53.0758 5872 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
13:13:53.0785 5872 SharedAccess - ok
13:13:54.0404 5872 ShellHWDetection (9235ec680d3db17464b39c7c7decb4dd) C:\Windows\System32\shsvcs.dll
13:13:54.0507 5872 ShellHWDetection - ok
13:13:54.0534 5872 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
13:13:54.0542 5872 SiSRaid2 - ok
13:13:55.0025 5872 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
13:13:55.0137 5872 SiSRaid4 - ok
13:13:57.0953 5872 slsvc (a301d2cefb4747dfe0c24425dcbe0b78) C:\Windows\system32\SLsvc.exe
13:13:58.0126 5872 slsvc - ok
13:13:59.0195 5872 SLUINotify (f5ddf7c0af85eb72cb295171f8c3cb35) C:\Windows\system32\SLUINotify.dll
13:13:59.0237 5872 SLUINotify - ok
13:13:59.0454 5872 SmartDefragDriver (b68385fd0cb677a1bb3eab0beb2999b7) C:\Windows\system32\Drivers\SmartDefragDriver.sys
13:13:59.0458 5872 SmartDefragDriver - ok
13:13:59.0865 5872 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
13:13:59.0922 5872 Smb - ok
13:14:00.0072 5872 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
13:14:00.0077 5872 SNMPTRAP - ok
13:14:00.0266 5872 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
13:14:00.0322 5872 spldr - ok
13:14:00.0638 5872 Spooler (92e6738d25c2123be9515c0eac0776cd) C:\Windows\System32\spoolsv.exe
13:14:00.0671 5872 Spooler - ok
13:14:02.0395 5872 sptd (9ab59cf736981ed1f83c6ab5faa8ba5c) C:\Windows\system32\Drivers\sptd.sys
13:14:02.0396 5872 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 9ab59cf736981ed1f83c6ab5faa8ba5c
13:14:02.0402 5872 sptd ( LockedFile.Multi.Generic ) - warning
13:14:02.0402 5872 sptd - detected LockedFile.Multi.Generic (1)
13:14:03.0583 5872 SQLAgent$SQLEXPRESS (12e6d95cde974b131defaa44bab8b056) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
13:14:03.0688 5872 SQLAgent$SQLEXPRESS - ok
13:14:04.0447 5872 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
13:14:04.0518 5872 SQLBrowser - ok
13:14:05.0010 5872 SQLWriter (6d65985945b03ca59b67d0b73702fc7b) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:14:05.0063 5872 SQLWriter - ok
13:14:07.0646 5872 SRTSP (9e399476e5d5e0d3c8822c857a7e9a9a) C:\Windows\System32\Drivers\N360x64\0308000.029\SRTSP64.SYS
13:14:07.0791 5872 SRTSP - ok
13:14:08.0420 5872 SRTSPX (3d7717b582f0365e75071556936e5a6b) C:\Windows\system32\drivers\N360x64\0308000.029\SRTSPX64.SYS
13:14:08.0422 5872 SRTSPX - ok
13:14:09.0487 5872 srv (a8abd7d0d907b45cf3831f4dd8644349) C:\Windows\system32\DRIVERS\srv.sys
13:14:09.0644 5872 srv - ok
13:14:10.0324 5872 srv2 (6c72eea39e1c37b436a6d1532999f9ec) C:\Windows\system32\DRIVERS\srv2.sys
13:14:10.0355 5872 srv2 - ok
13:14:10.0676 5872 srvnet (7f69bcf9e6fa3d93c82ee6b87812666d) C:\Windows\system32\DRIVERS\srvnet.sys
13:14:10.0773 5872 srvnet - ok
13:14:10.0907 5872 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
13:14:10.0932 5872 SSDPSRV - ok
13:14:11.0174 5872 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
13:14:11.0187 5872 SstpSvc - ok
13:14:13.0354 5872 STacSV (3fb66e86ba667d627a613e1d677469b0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe
13:14:13.0382 5872 STacSV - ok
13:14:14.0492 5872 Steam Client Service - ok
13:14:15.0470 5872 STHDA (e01797a54f8a61512b7e590fde6d1988) C:\Windows\system32\DRIVERS\stwrt64.sys
13:14:15.0598 5872 STHDA - ok
13:14:15.0982 5872 stisvc (f14f7d7d68a66777fb999d5d0f21138d) C:\Windows\System32\wiaservc.dll
13:14:16.0187 5872 stisvc - ok
13:14:16.0263 5872 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
13:14:16.0264 5872 swenum - ok
13:14:16.0822 5872 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
13:14:16.0910 5872 SwitchBoard - ok
13:14:17.0066 5872 swprv (da34d6eb4a3154c0bebaeb0a2483ef3e) C:\Windows\System32\swprv.dll
13:14:17.0263 5872 swprv - ok
13:14:17.0378 5872 Symantec RemoteAssist - ok
13:14:17.0605 5872 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
13:14:17.0611 5872 Symc8xx - ok
13:14:17.0830 5872 SymEFA (4f87bb5389a93778ebc363b28271a65b) C:\Windows\system32\drivers\N360x64\0308000.029\SYMEFA64.SYS
13:14:17.0844 5872 SymEFA - ok
13:14:17.0974 5872 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
13:14:17.0978 5872 SymEvent - ok
13:14:18.0078 5872 SYMFW (6320bf296b62d324890866a13a296fc0) C:\Windows\System32\Drivers\N360x64\0308000.029\SYMFW.SYS
13:14:18.0080 5872 SYMFW - ok
13:14:18.0111 5872 SymIM (212bbf5a964513980d5de9397381534f) C:\Windows\system32\DRIVERS\SymIMv.sys
13:14:18.0113 5872 SymIM - ok
13:14:18.0433 5872 SYMNDISV (21dcc664a1e0af7bf4c8aded8c9ff9d5) C:\Windows\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS
13:14:18.0435 5872 SYMNDISV - ok
13:14:18.0650 5872 SYMTDI (56a1cb71b8bb7ba9c41d2c9706df43cd) C:\Windows\System32\Drivers\N360x64\0308000.029\SYMTDI.SYS
13:14:18.0655 5872 SYMTDI - ok
13:14:18.0774 5872 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
13:14:18.0807 5872 Sym_hi - ok
13:14:18.0950 5872 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
13:14:18.0953 5872 Sym_u3 - ok
13:14:19.0492 5872 SynTP (b432c6063d4c621241c2b6e05ca0c3e3) C:\Windows\system32\DRIVERS\SynTP.sys
13:14:19.0498 5872 SynTP - ok
13:14:20.0414 5872 SysMain (bea0d5521ed21df8f6ffeed86daede7b) C:\Windows\system32\sysmain.dll
13:14:20.0554 5872 SysMain - ok
13:14:20.0586 5872 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
13:14:20.0596 5872 TabletInputService - ok
13:14:20.0720 5872 tap0901 (f0b9d3ed88e56d3cd713dff21e42aaf0) C:\Windows\system32\DRIVERS\tap0901.sys
13:14:20.0728 5872 tap0901 - ok
13:14:20.0853 5872 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
13:14:20.0857 5872 taphss - ok
13:14:21.0368 5872 TapiSrv (52091001caf20ae84cf47023ee21b4bb) C:\Windows\System32\tapisrv.dll
13:14:21.0433 5872 TapiSrv - ok
13:14:21.0555 5872 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
13:14:21.0561 5872 TBS - ok
13:14:22.0851 5872 Tcpip (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\drivers\tcpip.sys
13:14:23.0004 5872 Tcpip - ok
13:14:24.0612 5872 Tcpip6 (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\DRIVERS\tcpip.sys
13:14:24.0635 5872 Tcpip6 - ok
13:14:25.0746 5872 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
13:14:25.0749 5872 tcpipreg - ok
13:14:26.0016 5872 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
13:14:26.0019 5872 TDPIPE - ok
13:14:26.0103 5872 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
13:14:26.0107 5872 TDTCP - ok
13:14:26.0216 5872 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
13:14:26.0221 5872 tdx - ok
13:14:30.0646 5872 TeamViewer6 (839e88db24d2d8f05b72e12b175951ca) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
13:14:30.0681 5872 TeamViewer6 - ok
13:14:33.0603 5872 TeamViewer7 (74fc70ae64a7b7dabec9697ce0a1f4fa) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
13:14:33.0644 5872 TeamViewer7 - ok
13:14:35.0385 5872 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
13:14:35.0387 5872 TermDD - ok
13:14:35.0595 5872 TermService (f870a5589d6a94b426efb13689023946) C:\Windows\System32\termsrv.dll
13:14:35.0682 5872 TermService - ok
13:14:35.0767 5872 Themes (9235ec680d3db17464b39c7c7decb4dd) C:\Windows\system32\shsvcs.dll
13:14:35.0776 5872 Themes - ok
13:14:35.0985 5872 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
13:14:35.0990 5872 THREADORDER - ok
13:14:36.0287 5872 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
13:14:36.0316 5872 TrkWks - ok
13:14:36.0465 5872 TrustedInstaller (ac6ff1df22ed90bad6417ee5a4c6e2f0) C:\Windows\servicing\TrustedInstaller.exe
13:14:36.0468 5872 TrustedInstaller - ok
13:14:36.0564 5872 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:14:36.0566 5872 tssecsrv - ok
13:14:36.0698 5872 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
13:14:36.0702 5872 tunmp - ok
13:14:36.0736 5872 tunnel (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys
13:14:36.0742 5872 tunnel - ok
13:14:37.0965 5872 TVCapSvc (1c31169dddc70c1605f703da701eaeea) C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
13:14:37.0977 5872 TVCapSvc - ok
13:14:38.0215 5872 TVSched (290b8c381dbc15d3dbcbd2bdb6b0ba12) C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
13:14:38.0221 5872 TVSched - ok
13:14:38.0285 5872 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
13:14:38.0292 5872 uagp35 - ok
13:14:38.0546 5872 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
13:14:38.0624 5872 udfs - ok
13:14:38.0772 5872 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
13:14:38.0779 5872 UI0Detect - ok
13:14:38.0923 5872 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
13:14:38.0955 5872 uliagpkx - ok
13:14:39.0839 5872 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
13:14:39.0854 5872 uliahci - ok
13:14:39.0988 5872 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
13:14:40.0005 5872 UlSata - ok
13:14:40.0263 5872 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
13:14:40.0338 5872 ulsata2 - ok
13:14:40.0363 5872 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
13:14:40.0384 5872 umbus - ok
13:14:40.0420 5872 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys
13:14:40.0423 5872 UMPass - ok
13:14:40.0746 5872 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
13:14:40.0839 5872 upnphost - ok
13:14:41.0063 5872 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
13:14:41.0069 5872 USBAAPL64 - ok
13:14:41.0207 5872 usbaudio (c899fb269be4740dbe2801b204cd71d4) C:\Windows\system32\drivers\usbaudio.sys
13:14:41.0249 5872 usbaudio - ok
13:14:41.0575 5872 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
13:14:41.0629 5872 usbccgp - ok
13:14:41.0884 5872 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
13:14:41.0890 5872 usbcir - ok
13:14:42.0034 5872 usbehci (da6d8d8ed0a53c63ac6f4bd40fe83fbe) C:\Windows\system32\DRIVERS\usbehci.sys
13:14:42.0039 5872 usbehci - ok
13:14:42.0422 5872 usbfilter (8fec71666aba7114f9cab9e56065ec80) C:\Windows\system32\DRIVERS\usbfilter.sys
13:14:42.0424 5872 usbfilter - ok
13:14:42.0936 5872 usbhub (99045369ae3216216573d0775fd7ed56) C:\Windows\system32\DRIVERS\usbhub.sys
13:14:43.0024 5872 usbhub - ok
13:14:43.0052 5872 usbohci (540b622da0949695c40cdc9d5d497a8b) C:\Windows\system32\DRIVERS\usbohci.sys
13:14:43.0056 5872 usbohci - ok
13:14:43.0128 5872 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
13:14:43.0140 5872 usbprint - ok
13:14:43.0231 5872 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
13:14:43.0235 5872 usbscan - ok
13:14:43.0295 5872 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:14:43.0301 5872 USBSTOR - ok
13:14:43.0505 5872 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
13:14:43.0683 5872 usbuhci - ok
13:14:43.0799 5872 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
13:14:43.0806 5872 usbvideo - ok
13:14:43.0860 5872 UxSms (9190f03c82547afa87367f1ceca88f3b) C:\Windows\System32\uxsms.dll
13:14:43.0868 5872 UxSms - ok
13:14:44.0628 5872 vds (c15a4a550cba7b9f1f68b72528e04ce1) C:\Windows\System32\vds.exe
13:14:44.0717 5872 vds - ok
13:14:44.0893 5872 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
13:14:44.0897 5872 vga - ok
13:14:44.0963 5872 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
13:14:44.0966 5872 VgaSave - ok
13:14:44.0998 5872 viaide (4f964e6828156f0ef3fa8d3a9a7895de) C:\Windows\system32\drivers\viaide.sys
13:14:45.0002 5872 viaide - ok
13:14:45.0255 5872 VMAuthdService (0fc29adb3f634ed3e535a76395b470b5) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
13:14:45.0257 5872 VMAuthdService - ok
13:14:45.0429 5872 vmci (87fc1dd880e8cac4faebb84af61a87c4) C:\Windows\system32\DRIVERS\vmci.sys
13:14:45.0461 5872 vmci - ok
13:14:45.0927 5872 VMnetAdapter (b259c31378bc855afd1b53f59311c251) C:\Windows\system32\DRIVERS\vmnetadapter.sys
13:14:45.0928 5872 VMnetAdapter - ok
13:14:46.0053 5872 VMnetBridge (dec4ce720ffeda939cf1ba315cfbd993) C:\Windows\system32\DRIVERS\vmnetbridge.sys
13:14:46.0055 5872 VMnetBridge - ok
13:14:46.0064 5872 VMnetDHCP - ok
13:14:46.0183 5872 VMnetuserif (227982e986c02b710630d7fc570caa77) C:\Windows\system32\drivers\vmnetuserif.sys
13:14:46.0184 5872 VMnetuserif - ok
13:14:48.0174 5872 VMUSBArbService (b5bb4513c3206d1d4f8a0f276ae424fa) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
13:14:48.0302 5872 VMUSBArbService - ok
13:14:48.0375 5872 VMware NAT Service - ok
13:14:57.0686 5872 VMwareHostd (0b82c21c79bc67ecf416f1e1655e5f65) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
13:14:58.0248 5872 VMwareHostd - ok
13:14:59.0331 5872 vmx86 (86aa5eae57e2eaef3b6f5c16b27e0ec4) C:\Windows\system32\drivers\vmx86.sys
13:14:59.0334 5872 vmx86 - ok
13:14:59.0602 5872 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
13:14:59.0612 5872 volmgr - ok
13:15:00.0277 5872 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
13:15:00.0293 5872 volmgrx - ok
13:15:00.0664 5872 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
13:15:00.0716 5872 volsnap - ok
13:15:00.0999 5872 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
13:15:01.0016 5872 vsmraid - ok
13:15:03.0048 5872 VSS (186bd53f8a408ad20f5a056c05678629) C:\Windows\system32\vssvc.exe
13:15:03.0142 5872 VSS - ok
13:15:04.0892 5872 vstor2-mntapi10-shared (6107e33a30c0b923f31c872e1980d2d1) C:\Windows\syswow64\drivers\vstor2-mntapi10-shared.sys
13:15:04.0893 5872 vstor2-mntapi10-shared - ok
13:15:05.0946 5872 vToolbarUpdater11.0.2 (56e1e4442e4613fb2039a6b7421f4e58) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
13:15:05.0965 5872 vToolbarUpdater11.0.2 - ok
13:15:07.0541 5872 W32Time (ba29f34a61cb55c0dee29e787542edf4) C:\Windows\system32\w32time.dll
13:15:07.0622 5872 W32Time - ok
13:15:07.0887 5872 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
13:15:07.0891 5872 WacomPen - ok
13:15:08.0026 5872 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
13:15:08.0127 5872 Wanarp - ok
13:15:08.0147 5872 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
13:15:08.0149 5872 Wanarpv6 - ok
13:15:08.0349 5872 wcncsvc (055449247c490e24b968b44fe8a969eb) C:\Windows\System32\wcncsvc.dll
13:15:08.0444 5872 wcncsvc - ok
13:15:08.0472 5872 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
13:15:08.0479 5872 WcsPlugInService - ok
13:15:08.0626 5872 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
13:15:08.0631 5872 Wd - ok
13:15:09.0824 5872 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
13:15:09.0969 5872 Wdf01000 - ok
13:15:10.0046 5872 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
13:15:10.0055 5872 WdiServiceHost - ok
13:15:10.0064 5872 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
13:15:10.0069 5872 WdiSystemHost - ok
13:15:10.0433 5872 WebClient (3d4ab55f8178fd0cd3ca45cd0ec9cf5b) C:\Windows\System32\webclnt.dll
13:15:10.0444 5872 WebClient - ok
13:15:10.0670 5872 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
13:15:10.0681 5872 Wecsvc - ok
13:15:10.0821 5872 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
13:15:10.0829 5872 wercplsupport - ok
13:15:11.0020 5872 WerSvc (fc25242b3bcaf7e84d9184082274ae08) C:\Windows\System32\WerSvc.dll
13:15:11.0086 5872 WerSvc - ok
13:15:11.0366 5872 WinDefend - ok
13:15:11.0392 5872 WinHttpAutoProxySvc - ok
13:15:11.0883 5872 Winmgmt (ac98f38feab066a8f983d54ff3f4fd4c) C:\Windows\system32\wbem\WMIsvc.dll
13:15:11.0983 5872 Winmgmt - ok
13:15:13.0236 5872 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
13:15:13.0364 5872 WinRM - ok
13:15:15.0491 5872 Wlansvc (0a69955261c1b54206adc9beb89517de) C:\Windows\System32\wlansvc.dll
13:15:15.0558 5872 Wlansvc - ok
13:15:15.0711 5872 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:15:15.0714 5872 WmiAcpi - ok
13:15:16.0410 5872 wmiApSrv (d303322dd577c3deda1251ed2e7a496c) C:\Windows\system32\wbem\WmiApSrv.exe
13:15:16.0423 5872 wmiApSrv - ok
13:15:16.0745 5872 WMPNetworkSvc - ok
13:15:17.0317 5872 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
13:15:17.0328 5872 WPCSvc - ok
13:15:17.0420 5872 WPDBusEnum (a27c8f92d84e2ddc151978e4692c978e) C:\Windows\system32\wpdbusenum.dll
13:15:17.0428 5872 WPDBusEnum - ok
13:15:17.0574 5872 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
13:15:17.0584 5872 WpdUsb - ok
13:15:18.0617 5872 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:15:18.0694 5872 WPFFontCache_v0400 - ok
13:15:18.0725 5872 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
13:15:18.0835 5872 ws2ifsl - ok
13:15:18.0957 5872 wscsvc (cb8ea6d95949384925ccfca21cc6dfd8) C:\Windows\system32\wscsvc.dll
13:15:19.0030 5872 wscsvc - ok
13:15:19.0039 5872 WSearch - ok
13:15:21.0269 5872 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
13:15:21.0488 5872 wuauserv - ok
13:15:23.0391 5872 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:15:23.0395 5872 WUDFRd - ok
13:15:23.0480 5872 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
13:15:23.0564 5872 wudfsvc - ok
13:15:24.0587 5872 xnacc (da1c23f65ef1894ab5b6ff79d81f544a) C:\Windows\system32\DRIVERS\xnacc.sys
13:15:24.0715 5872 xnacc - ok
13:15:25.0042 5872 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
13:15:25.0048 5872 xusb21 - ok
13:15:25.0227 5872 yukonx64 (07f7285220307aafb755d890295f0f9a) C:\Windows\system32\DRIVERS\yk60x64.sys
13:15:25.0237 5872 yukonx64 - ok
13:15:26.0054 5872 {55662437-DA8C-40c0-AADA-2C816A897A49} (1cacfef9e5dd866c5b79a135ee729e18) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
13:15:26.0057 5872 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
13:15:26.0197 5872 MBR (0x1B8) (5c86adec17b739c437e145e3b3fc2e6d) \Device\Harddisk0\DR0
13:15:26.0545 5872 \Device\Harddisk0\DR0 - ok
13:15:26.0554 5872 Boot (0x1200) (458ad80024246a8ecb5020d8e9460070) \Device\Harddisk0\DR0\Partition0
13:15:26.0558 5872 \Device\Harddisk0\DR0\Partition0 - ok
13:15:26.0568 5872 Boot (0x1200) (a63ec77ad1d6a53c0ee26907407e0b3a) \Device\Harddisk0\DR0\Partition1
13:15:26.0572 5872 \Device\Harddisk0\DR0\Partition1 - ok
13:15:26.0574 5872 ============================================================
13:15:26.0574 5872 Scan finished
13:15:26.0574 5872 ============================================================
13:15:26.0604 4608 Detected object count: 3
13:15:26.0604 4608 Actual detected object count: 3
13:21:53.0470 4608 c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll - copied to quarantine
13:21:53.0507 4608 HKLM\SYSTEM\ControlSet001\services\Akamai - will be deleted on reboot
13:21:53.0758 4608 HKLM\SYSTEM\ControlSet004\services\Akamai - will be deleted on reboot
13:21:54.0840 4608 c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll - will be deleted on reboot
13:21:54.0840 4608 Akamai ( HiddenFile.Multi.Generic ) - User select action: Delete
13:21:55.0059 4608 C:\Windows\system32\spooler.dll - copied to quarantine
13:21:55.0061 4608 HKLM\SYSTEM\ControlSet001\services\parvdm - will be deleted on reboot
13:21:55.0095 4608 HKLM\SYSTEM\ControlSet004\services\parvdm - will be deleted on reboot
13:21:55.0100 4608 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\svchost:netsvcs - cured
13:21:55.0108 4608 C:\Windows\system32\spooler.dll - will be deleted on reboot
13:21:55.0109 4608 parvdm ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
13:21:55.0121 4608 sptd ( LockedFile.Multi.Generic ) - skipped by user
13:21:55.0121 4608 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
13:22:39.0062 4900 Deinitialize success









































MOST RECENT COMBOFIX:















ComboFix 12-07-02.01 - jake 07/03/2012 11:29:26.3.2 - x64
Running from: c:\users\jake\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\kikin
c:\program files (x86)\kikin\default_settings.xml
c:\program files (x86)\kikin\file_list.txt
c:\program files (x86)\kikin\ie_kikin.dll
c:\program files (x86)\kikin\kikin.ico
c:\program files (x86)\kikin\KikinBroker.exe
c:\program files (x86)\kikin\uninst.exe
c:\users\jake\AppData\Roaming\inst.exe
c:\users\jake\AppData\Roaming\kikin
c:\users\jake\AppData\Roaming\kikin\ff_kkes.xml
c:\users\jake\AppData\Roaming\kikin\ie_configuration.xml
c:\users\jake\AppData\Roaming\kikin\ie_kkes.xml
c:\users\jake\AppData\Roaming\kikin\ie_settings.xml
c:\users\jake\AppData\Roaming\vso_ts_preview.xml
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-06-03 to 2012-07-03 )))))))))))))))))))))))))))))))
.
.
2012-07-19 00:40 . 2012-07-19 00:40 -------- d-----w- C:\Updater
2012-07-03 18:57 . 2012-07-03 18:57 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-03 18:57 . 2012-07-03 18:57 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-07-03 18:57 . 2012-07-03 18:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-03 06:18 . 2012-07-03 15:13 -------- d-----w- c:\users\jake\AppData\Roaming\DVD Flick
2012-07-03 06:18 . 2003-01-26 20:41 40960 ----a-w- c:\windows\SysWow64\ssubtmr6.dll
2012-07-03 06:18 . 2008-08-31 20:27 28672 ----a-w- c:\windows\SysWow64\mousewheel.ocx
2012-07-03 06:18 . 2007-09-01 01:36 36864 ----a-w- c:\windows\SysWow64\trayicon_handler.ocx
2012-07-03 06:18 . 1998-06-24 07:00 164144 ----a-w- c:\windows\SysWow64\comct232.ocx
2012-07-03 06:17 . 2012-07-03 06:18 -------- d-----w- c:\program files (x86)\DVD Flick
2012-07-03 06:05 . 2012-07-03 06:05 82816 ----a-w- c:\users\jake\AppData\Roaming\pcouffin.sys
2012-07-03 05:58 . 2012-07-03 05:58 -------- d-----w- c:\users\jake\AppData\Roaming\Nero
2012-07-03 05:29 . 2012-07-03 06:25 -------- d-----w- c:\programdata\Nero
2012-07-03 05:29 . 2012-07-03 06:26 -------- d-----w- c:\program files (x86)\Common Files\Nero
2012-07-03 04:58 . 2012-07-03 06:05 -------- d-----w- c:\program files (x86)\Aimersoft
2012-07-03 03:54 . 2012-07-03 06:05 -------- d-----w- c:\users\jake\AppData\Roaming\Vso
2012-06-11 22:15 . 2012-06-11 22:15 -------- d-----w- c:\users\jake\AppData\Roaming\Adobe Mini Bridge CS5.1
2012-06-11 22:15 . 2012-06-11 22:15 -------- d-----w- c:\users\jake\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-22 19:32 . 2012-05-22 19:32 95744 ----a-w- c:\windows\system32\ciphdctr64.dll
2012-05-22 19:32 . 2012-05-22 19:32 83456 ----a-w- c:\windows\SysWow64\ciphdctr.dll
2012-04-19 11:50 . 2012-04-19 11:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-05 01:47 . 2012-05-29 04:57 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-04-05 01:47 . 2012-05-29 04:57 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 22:56 . 2011-12-13 08:55 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-23_23.10.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-24 05:13 . 2012-07-03 15:52 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-05-24 05:13 . 2012-07-03 15:52 16384 c:\windows\Temp\History\History.IE5\index.dat
+ 2012-05-24 05:13 . 2012-07-03 15:52 16384 c:\windows\Temp\Cookies\index.dat
- 2008-01-21 03:20 . 2012-05-23 20:35 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2012-07-03 15:52 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 02:23 . 2012-06-23 20:29 83208 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-05 21:30 . 2012-06-16 08:29 22276 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1598780828-4050427657-1058647235-1000_UserData.bin
- 2010-06-25 17:07 . 2010-06-25 17:07 35344 c:\windows\system32\drivers\npf.sys
+ 2011-02-11 21:23 . 2011-02-11 21:23 35344 c:\windows\system32\drivers\npf.sys
- 2009-07-05 21:30 . 2012-05-16 07:31 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-05 21:30 . 2012-06-25 05:35 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-05 21:30 . 2012-05-16 07:31 98304 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-05 21:30 . 2012-06-25 05:35 98304 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-05 21:30 . 2012-05-16 07:31 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-05 21:30 . 2012-06-25 05:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-04 06:05 . 2012-05-23 18:51 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-04 06:05 . 2012-06-23 20:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-04 06:05 . 2012-06-23 20:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-04 06:05 . 2012-05-23 18:51 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-07-03 05:19 . 2012-07-03 05:19 32256 c:\windows\Installer\30465a29.msi
+ 2011-11-03 04:06 . 2012-06-17 10:03 34144 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\oisicon.exe
- 2011-11-03 04:06 . 2012-05-12 10:16 34144 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\oisicon.exe
- 2011-11-03 04:06 . 2012-05-12 10:16 42848 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\msouc.exe
+ 2011-11-03 04:06 . 2012-06-17 10:03 42848 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\msouc.exe
+ 2011-11-03 04:06 . 2012-06-17 10:03 19296 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\cagicon.exe
- 2011-11-03 04:06 . 2012-05-12 10:16 19296 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\cagicon.exe
+ 2012-07-03 19:37 . 2012-07-03 19:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-23 23:08 . 2012-05-23 23:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-03 19:37 . 2012-07-03 19:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-23 23:08 . 2012-05-23 23:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-03-17 22:49 . 2006-03-17 22:49 368640 c:\windows\SysWOW64\twnlib4.dll
+ 2012-05-29 04:57 . 2012-04-05 01:47 227720 c:\windows\SysWOW64\javaws.exe
+ 2012-05-29 04:55 . 2012-05-29 04:54 174024 c:\windows\SysWOW64\javaw.exe
+ 2012-05-29 04:55 . 2012-05-29 04:54 174024 c:\windows\SysWOW64\java.exe
+ 2008-07-04 17:23 . 2008-07-04 17:23 802816 c:\windows\SysWOW64\imagXRA7.dll
+ 2008-07-04 17:23 . 2008-07-04 17:23 258048 c:\windows\SysWOW64\imagXR7.dll
+ 2008-07-04 17:23 . 2008-07-04 17:23 497296 c:\windows\SysWOW64\imagXpr7.dll
- 2010-06-25 17:07 . 2010-06-25 17:07 369168 c:\windows\system32\wpcap.dll
+ 2011-02-11 21:23 . 2011-02-11 21:23 369168 c:\windows\system32\wpcap.dll
+ 2009-07-06 18:01 . 2012-07-03 00:55 736476 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 15:45 . 2012-06-23 20:29 124390 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 12:46 . 2012-05-23 20:32 708234 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-05-27 19:34 708234 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-05-23 20:32 144208 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2012-05-27 19:34 144208 c:\windows\system32\perfc009.dat
- 2010-06-25 17:07 . 2010-06-25 17:07 106000 c:\windows\system32\Packet.dll
+ 2011-02-11 21:23 . 2011-02-11 21:23 106000 c:\windows\system32\Packet.dll
+ 2009-12-10 18:47 . 2012-05-28 18:44 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-12-10 18:47 . 2012-05-10 20:55 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-12-16 19:58 . 2011-12-24 00:23 542368 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-System.dat
+ 2011-12-16 19:58 . 2012-07-03 19:16 542368 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-System.dat
+ 2011-12-16 19:58 . 2012-07-03 19:16 782282 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-S-1-5-21-1598780828-4050427657-1058647235-1000-12288.dat
+ 2011-01-11 19:26 . 2012-06-03 22:56 281696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-07-03 05:19 . 2012-07-03 05:19 106496 c:\windows\Installer\30465a23.msi
+ 2012-05-29 05:00 . 2012-05-29 05:00 176128 c:\windows\Installer\1afccf7c.msi
+ 2012-05-29 04:59 . 2012-05-29 04:59 457216 c:\windows\Installer\1afccf76.msi
+ 2012-05-29 04:54 . 2012-05-29 04:54 863744 c:\windows\Installer\1afccf72.msi
+ 2012-06-27 11:04 . 2012-06-27 11:04 348160 c:\windows\Installer\129c0d31.msi
- 2011-11-03 04:06 . 2012-05-12 10:16 415584 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pubs.exe
+ 2011-11-03 04:06 . 2012-06-17 10:03 415584 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pubs.exe
- 2011-11-03 04:06 . 2012-05-12 10:16 303456 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\outicon.exe
+ 2011-11-03 04:06 . 2012-06-17 10:03 303456 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\outicon.exe
+ 2011-11-03 04:06 . 2012-06-17 10:03 571232 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\misc.exe
- 2011-11-03 04:06 . 2012-05-12 10:16 571232 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\misc.exe
- 2011-11-03 04:06 . 2012-05-12 10:16 326496 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\joticon.exe
+ 2011-11-03 04:06 . 2012-06-17 10:03 326496 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\joticon.exe
- 2011-11-03 04:06 . 2012-05-12 10:16 469856 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\inficon.exe
+ 2011-11-03 04:06 . 2012-06-17 10:03 469856 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\inficon.exe
- 2011-11-03 04:06 . 2012-05-12 10:16 178528 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\grvicons.exe
+ 2011-11-03 04:06 . 2012-06-17 10:03 178528 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\grvicons.exe
+ 2008-07-04 17:23 . 2008-07-04 17:23 1757184 c:\windows\SysWOW64\imagX7.dll
+ 2008-01-21 03:20 . 2012-07-03 15:52 1015808 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2012-05-23 20:35 1015808 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-05-17 10:01 . 2012-05-17 10:01 3447808 c:\windows\Installer\582259b.msp
+ 2011-11-03 04:06 . 2012-06-17 10:03 1479520 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\xlicons.exe
- 2011-11-03 04:06 . 2012-05-12 10:16 1479520 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\xlicons.exe
+ 2011-11-03 04:06 . 2012-06-17 10:03 1858400 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\wordicon.exe
- 2011-11-03 04:06 . 2012-05-12 10:16 1858400 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\wordicon.exe
+ 2011-11-03 04:06 . 2012-06-17 10:03 3792736 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pptico.exe
- 2011-11-03 04:06 . 2012-05-12 10:16 3792736 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pptico.exe
+ 2011-11-03 04:06 . 2012-06-17 10:03 1449312 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\accicons.exe
- 2011-11-03 04:06 . 2012-05-12 10:16 1449312 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\accicons.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-12 01:10 2068536 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-12 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-10-06 59240]
"Akamai NetSession Interface"="c:\users\jake\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-11 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-12-18 197928]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-08-31 996616]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-10 421736]
"TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" [2011-12-22 296056]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2011-08-23 103536]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-12 1104440]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CodeMeter Control Center.lnk - c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe [2010-5-3 6872976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-3 1153824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe [2008-09-26 89088]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - IPNAT
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-11 19:11]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-11 19:11]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1598780828-4050427657-1058647235-1000Core.job
- c:\users\jake\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-12 00:38]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1598780828-4050427657-1058647235-1000UA.job
- c:\users\jake\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-12 00:38]
.
2012-06-23 c:\windows\Tasks\HPCeeScheduleForjake.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-01-20 19:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [BU]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2011-11-05 980368]
"combofix"="c:\combofix\CF21910.3XE" [2008-01-21 363008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
fasttrackinstallerservice
SilverLink
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 64.6.43.63:3128
uInternet Settings,ProxyOverride = *.local;<local>
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA} - c:\program files (x86)\kikin\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\06\1d\00\1f\1e?"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe
c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe
c:\program files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files (x86)\SMINST\BLService.exe
c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Completion time: 2012-07-03 12:56:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-03 19:56
ComboFix2.txt 2012-05-24 03:29
ComboFix3.txt 2012-05-23 23:30
.
Pre-Run: 17,012,981,760 bytes free
Post-Run: 18,246,430,720 bytes free
.
- - End Of File - - 21CF13D81E3BB207C76D0704BCAE4814

#7 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:03:47 AM

Posted 03 July 2012 - 08:20 PM

The .CBS log shows an issue wherein Windows is unable to repair several things...of them, the most important I've highlighted for you but showing the pertinent data in bold, and or underlined:

2012-05-29 18:17:43, Info CSI 00000222 [SR] Cannot repair me
mber file [l:24{12}]"settings.ini"
of Microsoft-Windows-Sidebar, Version = 6.0.6
001.18000, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, Vers
ionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, Ty
peName neutral, PublicKey neutral in the store, hash mismatch

2012-05-29 18:17:48, Info CSI 00000227 [SR] Cannot repair me
mber file [l:24{12}]"settings.ini"
of Microsoft-Windows-Sidebar, Version = 6.0.6
001.18000, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, Vers
ionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, Ty
peName neutral, PublicKey neutral in the store, hash mismatch

2012-05-29 18:27:06, Info CSI 00000337 [SR] Cannot repair me
mber file [l:30{15}]"dfsrres.dll.mui"
of Microsoft-Windows-DFSR-Core-ClientOnly.
Resources, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Cult
ure = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf385
6ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file
is missing

2012-05-29 18:27:07, Info CSI 00000339 [SR] Cannot repair me
mber file [l:24{12}]"settings.ini"
of Microsoft-Windows-Sidebar, Version = 6.0.6
001.18000, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope
= 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName ne
utral, PublicKey neutral in the store, hash mismatch

2012-05-29 18:27:07, Info CSI 0000033a [SR] Cannot verify co
mponent files for Microsoft-Windows-VirtualDiskService-BasicProvider.Resources
,
Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture = [l:10
{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35},
Type neutral, TypeName neutral, PublicKey neutral, manifest may be damaged
(TRU
E)

2012-05-29 18:27:07, Info CSI 0000033c [SR] Cannot repair me
mber file [l:24{12}]"settings.ini"
of Microsoft-Windows-Sidebar, Version = 6.0.6
001.18000, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, Vers
ionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, Ty
peName neutral, PublicKey neutral in the store, hash mismatch

2012-05-29 18:27:07, Info CSI 0000033e [SR] Cannot repair me
mber file [l:24{12}]"settings.ini"
of Microsoft-Windows-Sidebar, Version = 6.0.6
001.18000, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope
= 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName ne
utral, PublicKey neutral in the store, hash mismatch

2012-05-29 18:27:07, Info CSI 00000342 [SR] Could not reproj
ect corrupted file
[ml:520{260},l:72{36}]"\??\C:\Program Files\Windows Sidebar"\
[l:24{12}]"settings.ini"; source file in store is also corrupted

2012-05-29 18:27:07, Info CSI 00000343 [SR] Cannot repair me
mber file [l:30{15}]"dfsrres.dll.mui"
of Microsoft-Windows-DFSR-Core-ClientOnly.
Resources, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Cult
ure = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf385
6ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file
is missing

2012-05-29 18:27:07, Info CSI 00000345 [SR] Could not reproj
ect corrupted file
[ml:520{260},l:58{29}]"\??\C:\Windows\System32\en-US"\[l:30{1
5}]"dfsrres.dll.mui"; source file in store is also corrupted

2012-05-29 18:27:07, Info CSI 00000347 [SR] Cannot repair me
mber file [l:24{12}]"settings.ini"
of Microsoft-Windows-Sidebar, Version = 6.0.6
001.18000, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, Vers
ionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, Ty
peName neutral, PublicKey neutral in the store, hash mismatch

2012-05-29 18:27:07, Info CSI 0000034b [SR] Could not reproj
ect corrupted file
[ml:520{260},l:84{42}]"\??\C:\Program Files (x86)\Windows Sid
ebar"\[l:24{12}]"settings.ini"; source file in store is also corrupted


...so basically, Windows is crippled to some small extent but nonetheless, crippled in those several aspects. At this point, the best advice I can give is to perform a repair install. This way, you would still retain your files/folders that you created and programs you've installed, but Windows at least would be overwritten such that you would then have something similar to a fresh install without losing your data. Let me know how you wish to proceed. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#8 dixonshane32

dixonshane32
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 04 July 2012 - 03:48 PM

For repair install: I do not have a vista disk but I do have a "D:\recovery" drive, these are equal?
Also curious, did you notice anything else in the logs?

#9 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:03:47 AM

Posted 05 July 2012 - 08:31 AM

For repair install: I do not have a vista disk but I do have a "D:\recovery" drive, these are equal?
Also curious, did you notice anything else in the logs?

I didn't go beyond the .cbs log because of it's findings. I thought since the system is corrupted and cannot be repaired as it stands, then what would be the point? As to the D:\ recovery you would have to tell me what's on that drive. If it's a factory recovery image, then I'd have to say you would stand to lose all of your files is you use it. You should know better than I what it is and what it does. Take a look at your owner's manual that came with it.

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#10 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:03:47 AM

Posted 09 July 2012 - 08:27 AM

Still with us dixonshane32?

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#11 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:03:47 AM

Posted 12 July 2012 - 10:02 AM

Due to the lack of feedback in over a week, this Topic is closed to prevent others from posting here. If you need continued support, please create a new thread and detail what issues you are experiencing. Please include a link to this thread with your request so your assistant can see what has been done to date. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users