Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan Horse Patched_c.LZI


  • This topic is locked This topic is locked
39 replies to this topic

#1 JayWichester

JayWichester

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 31 July 2012 - 10:27 PM

My AVG has been popping up with this ('this' being a alert for 'trojan horse patched_c.lzi') for the last 3 days, actually, but I didn't pay much attention until yesterday. My computer crashed twice and shut itself down once with a blue screen informing me that the shutdown was to prevent damage.

(Posted Image)

Now I can't do much of anything without AVG popping up with an alert for it, and when it asks if I want to move it to the vault I get informed it is either white listed or cannot be moved. I have 2 other programs that don't even find it TO ask about getting rid of it. (Spybot and Malwarebytes) I don't know if it disabled my firewall or if that was my bad, but it won't let me turn it back on. In between the crashes mentioned above I didn't have admin abilities but that seems to be fixed now. Also, whenever I click on Google search results I get redirected.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by Brandon at 22:59:23 on 2012-07-31
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.8190.6113 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = \blank.htm
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uStart Page = hxxp://www.facebook.com/?ref=hp
mStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
mRun: [JMB36X IDE Setup] "C:\Windows\RaidTool\xInsIDE.exe"
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [BYRUA_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
mRun: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBGAFIARQBFAC0AVgA2AFoASgBBAC0AQgBOADIAWQBRAC0ARgAzAFYAUwBSAC0AVgBXAFMAUgA0AC0AVgBZADcATQBaAA"&"inst=NwA3AC0ANAAwADYANwAxADIANgA2ADgALQBCAEEAKwAxAC0ASwBWADMAKwA3AC0AVAA0AC0ARgBQADkAKwA2AC0ATgAxAEYAKwAxAC0AQgBBAFIAOQBHACsAMQAtAFQAQgA5ACsAMgAtAEYATAArADkALQBYAE8AMwA2ACsAMQAtAEYAOQBNADcAQwArADUALQBGADkATQAxADAAQgArADEALQBGADkATQAxACsAMQAtAFgATwA5ACsAMQAtAEQARABUACsAMAA"&"prod=90"&"ver=9.0.894
StartupFolder: C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\Brandon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: gscdn.com\rfonline-full
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {8C292180-8BB2-495F-B94B-89FE9F2B530A} - hxxp://rfonline-full.gscdn.com/gscdn/ccr_downloader.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8B660343-15A9-43D3-8C31-1304BC680034} : DhcpNameServer = 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun-x64: [JMB36X IDE Setup] "C:\Windows\RaidTool\xInsIDE.exe"
mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [BYRUA_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
mRun-x64: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun-x64: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBGAFIARQBFAC0AVgA2AFoASgBBAC0AQgBOADIAWQBRAC0ARgAzAFYAUwBSAC0AVgBXAFMAUgA0AC0AVgBZADcATQBaAA"&"inst=NwA3AC0ANAAwADYANwAxADIANgA2ADgALQBCAEEAKwAxAC0ASwBWADMAKwA3AC0AVAA0AC0ARgBQADkAKwA2AC0ATgAxAEYAKwAxAC0AQgBBAFIAOQBHACsAMQAtAFQAQgA5ACsAMgAtAEYATAArADkALQBYAE8AMwA2ACsAMQAtAEYAOQBNADcAQwArADUALQBGADkATQAxADAAQgArADEALQBGADkATQAxACsAMQAtAFgATwA5ACsAMQAtAEQARABUACsAMAA"&"prod=90"&"ver=9.0.894
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\c7935esx.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/reader/view/#overview-page
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Brandon\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\c7935esx.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 BIOS;BIOS;C:\Windows\System32\drivers\BIOS64.sys [2009-11-8 14136]
R1 ElRawDisk;ElRawDisk;\??\C:\Windows\system32\drivers\ElRawDsk.sys --> C:\Windows\system32\drivers\ElRawDsk.sys [?]
R1 SBRE;SBRE;\??\C:\Windows\system32\drivers\SBREdrv.sys --> C:\Windows\system32\drivers\SBREdrv.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 21504]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-5-24 365568]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe [2009-6-26 68136]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-7-31 1027792]
R2 PDFsFilter;PDFsFilter;C:\Windows\system32\DRIVERS\PDFsFilter.sys --> C:\Windows\system32\DRIVERS\PDFsFilter.sys [?]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2011-7-9 7329648]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2011-7-9 719216]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2009-6-26 24652]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdLH6.sys --> C:\Windows\system32\drivers\AtihdLH6.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-7-9 1153368]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-5 250056]
S3 cpuz132;cpuz132;\??\C:\Windows\system32\drivers\cpuz132_x64.sys --> C:\Windows\system32\drivers\cpuz132_x64.sys [?]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2009-6-26 30528]
S3 hidkmdf;Filter Driver Service for HID-KMDF Interface layer;C:\Windows\system32\DRIVERS\hidkmdf.sys --> C:\Windows\system32\DRIVERS\hidkmdf.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-12 113120]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2012-7-23 24176]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\system32\DRIVERS\point64k.sys --> C:\Windows\system32\DRIVERS\point64k.sys [?]
S3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VJoystick;Virtual JoyStick KMDF HID Minidriver;C:\Windows\system32\DRIVERS\VJoystick.sys --> C:\Windows\system32\DRIVERS\VJoystick.sys [?]
S3 VKbms;Virtual HID Minidriver;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]
S3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;C:\Windows\system32\DRIVERS\lgvzandnetdiag64.sys --> C:\Windows\system32\DRIVERS\lgvzandnetdiag64.sys [?]
S3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;C:\Windows\system32\DRIVERS\lgvzandnetmdm64.sys --> C:\Windows\system32\DRIVERS\lgvzandnetmdm64.sys [?]
S3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;C:\Windows\system32\DRIVERS\lgvzandnetndis64.sys --> C:\Windows\system32\DRIVERS\lgvzandnetndis64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-6-27 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-07-31 21:06:47 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-31 05:01:10 -------- d-----w- C:\Users\Brandon\AppData\Local\GPUMonitor
2012-07-31 05:01:03 -------- d-----w- C:\iolo
2012-07-31 05:00:43 511328 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\CAPICOM\CAPICOM.DLL
2012-07-31 05:00:42 2154576 ----a-w- C:\Windows\System32\Incinerator64.dll
2012-07-31 05:00:42 2096360 ----a-w- C:\Windows\SysWow64\Incinerator32.dll
2012-07-31 05:00:41 82160 ----a-w- C:\Windows\System32\drivers\PDFsFilter.sys
2012-07-31 05:00:41 69000 ----a-w- C:\Windows\System32\offreg.dll
2012-07-31 05:00:41 56472 ----a-w- C:\Windows\System32\iolobtdfg.exe
2012-07-31 05:00:41 56200 ----a-w- C:\Windows\SysWow64\offreg.dll
2012-07-31 05:00:41 25072 ----a-w- C:\Windows\System32\smrgdf.exe
2012-07-31 05:00:41 -------- d-----w- C:\Program Files (x86)\iolo
2012-07-31 04:59:42 30752 ----a-w- C:\Windows\System32\drivers\ElRawDsk.sys
2012-07-31 04:59:37 74703 ----a-w- C:\Windows\SysWow64\mfc45.dat
2012-07-31 04:46:03 74703 ----a-w- C:\Windows\SysWOW64mfc45.dll
2012-07-31 04:46:03 -------- d-----w- C:\Users\Brandon\AppData\Roaming\iolo
2012-07-31 04:46:03 -------- d-----w- C:\ProgramData\iolo
2012-07-31 02:25:34 -------- d-----w- C:\Users\Brandon\AppData\Roaming\Curiolab
2012-07-31 01:55:09 57976 ----a-r- C:\Windows\System32\drivers\SBREDrv.sys
2012-07-30 22:06:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-30 01:22:03 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-23 21:52:50 -------- d-----w- C:\Program Files\PeerBlock
2012-07-11 15:00:49 2769408 ----a-w- C:\Windows\System32\win32k.sys
2012-07-10 04:50:56 -------- d-----w- C:\Users\Brandon\AppData\Local\Facebook
.
==================== Find3M ====================
.
2012-08-01 02:54:08 23080 ----a-w- C:\Windows\gdrv.sys
2012-07-27 12:58:09 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 12:58:09 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-05 16:47:28 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-05 16:22:47 1797120 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-05 16:22:46 1869824 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-04 15:29:59 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 19:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 00:22:56 347136 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 00:22:10 254464 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 00:05:11 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 00:04:25 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-05-14 21:09:09 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-14 21:09:08 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 23:00:20.77 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:05 PM

Posted 02 August 2012 - 06:23 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 JayWichester

JayWichester
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 02 August 2012 - 08:28 PM

Here's the log from Security Check

Results of screen317's Security Check version 0.99.43
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 22
Java™ 6 Update 32
Java version out of Date!
Adobe Flash Player 11.3.300.268
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
iolo Common Lib ioloServiceManager.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````


Combofix didn't pop up with a log, it didn't restart the computer at all, and after I ran it I got this message about 3 times

Posted Image

As far as how the computer is behaving, yesterday I started getting redirected randomly, whether I was Google searching or not. They usually open in new tabs, and I think it's still happening cuz I did get redirected on my way to photobucket to upload that screencap just now and I'm still getting the AVG pop ups.

Edited by JayWichester, 02 August 2012 - 09:57 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:05 PM

Posted 02 August 2012 - 10:20 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 JayWichester

JayWichester
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 04 August 2012 - 12:01 PM

I um, I didn't have a 'Repair your computer' option in my Advanced Boot Options menu. So. I realize that at this point I must be making this really difficult for you, and I fully wholeheartedly apologize.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:05 PM

Posted 04 August 2012 - 02:52 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 JayWichester

JayWichester
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 05 August 2012 - 02:44 PM

14:59:56.0106 5724 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
14:59:56.0558 5724 ============================================================
14:59:56.0558 5724 Current date / time: 2012/08/05 14:59:56.0558
14:59:56.0558 5724 SystemInfo:
14:59:56.0558 5724
14:59:56.0558 5724 OS Version: 6.0.6002 ServicePack: 2.0
14:59:56.0558 5724 Product type: Workstation
14:59:56.0558 5724 ComputerName: BRANDON-PC
14:59:56.0558 5724 UserName: Brandon
14:59:56.0558 5724 Windows directory: C:\Windows
14:59:56.0558 5724 System windows directory: C:\Windows
14:59:56.0558 5724 Running under WOW64
14:59:56.0558 5724 Processor architecture: Intel x64
14:59:56.0558 5724 Number of processors: 2
14:59:56.0558 5724 Page size: 0x1000
14:59:56.0558 5724 Boot type: Normal boot
14:59:56.0558 5724 ============================================================
14:59:57.0401 5724 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:00:05.0747 5724 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:00:05.0762 5724 Drive \Device\Harddisk2\DR2 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:00:05.0762 5724 Drive \Device\Harddisk3\DR3 - Size: 0xEE200000 (3.72 Gb), SectorSize: 0x200, Cylinders: 0x1E5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:00:05.0762 5724 ============================================================
15:00:05.0762 5724 \Device\Harddisk0\DR0:
15:00:05.0762 5724 MBR partitions:
15:00:05.0762 5724 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
15:00:05.0762 5724 \Device\Harddisk1\DR1:
15:00:05.0856 5724 MBR partitions:
15:00:05.0856 5724 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
15:00:05.0856 5724 \Device\Harddisk2\DR2:
15:00:05.0856 5724 MBR partitions:
15:00:05.0856 5724 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4000
15:00:05.0856 5724 \Device\Harddisk3\DR3:
15:00:05.0856 5724 MBR partitions:
15:00:05.0856 5724 ============================================================
15:00:05.0996 5724 C: <-> \Device\Harddisk2\DR2\Partition0
15:00:06.0027 5724 E: <-> \Device\Harddisk1\DR1\Partition0
15:00:06.0043 5724 B: <-> \Device\Harddisk0\DR0\Partition0
15:00:06.0043 5724 ============================================================
15:00:06.0043 5724 Initialize success
15:00:06.0043 5724 ============================================================
15:00:14.0515 4520 ============================================================
15:00:14.0515 4520 Scan started
15:00:14.0515 4520 Mode: Manual;
15:00:14.0515 4520 ============================================================
15:00:15.0856 4520 a016bus (25e6c904b273f97a5e6e2d16e859a70d) C:\Windows\system32\DRIVERS\a016bus.sys
15:00:15.0856 4520 a016bus - ok
15:00:15.0872 4520 a016mdfl (8676aaedea6e1bcc4b7d050a62ec0ed3) C:\Windows\system32\DRIVERS\a016mdfl.sys
15:00:15.0872 4520 a016mdfl - ok
15:00:15.0888 4520 a016mdm (451b692665e0a3d90a7c583d98a0fc47) C:\Windows\system32\DRIVERS\a016mdm.sys
15:00:15.0888 4520 a016mdm - ok
15:00:15.0919 4520 a016mgmt (1971b457b64377fa6243fc69b837c214) C:\Windows\system32\DRIVERS\a016mgmt.sys
15:00:15.0919 4520 a016mgmt - ok
15:00:15.0950 4520 a016obex (6042fc874ccb746173b80d73df293fd6) C:\Windows\system32\DRIVERS\a016obex.sys
15:00:15.0950 4520 a016obex - ok
15:00:15.0981 4520 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
15:00:15.0981 4520 ACPI - ok
15:00:16.0106 4520 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:00:16.0106 4520 AdobeFlashPlayerUpdateSvc - ok
15:00:16.0153 4520 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
15:00:16.0168 4520 adp94xx - ok
15:00:16.0215 4520 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
15:00:16.0215 4520 adpahci - ok
15:00:16.0231 4520 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
15:00:16.0231 4520 adpu160m - ok
15:00:16.0246 4520 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
15:00:16.0262 4520 adpu320 - ok
15:00:16.0278 4520 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
15:00:16.0278 4520 AeLookupSvc - ok
15:00:16.0340 4520 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
15:00:16.0340 4520 AFD - ok
15:00:16.0434 4520 AffinegyService (b29bc445561f1ac7b1daf67af954c36b) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
15:00:16.0434 4520 AffinegyService - ok
15:00:16.0449 4520 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
15:00:16.0449 4520 agp440 - ok
15:00:16.0480 4520 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
15:00:16.0496 4520 aic78xx - ok
15:00:16.0699 4520 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll
15:00:16.0699 4520 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
15:00:16.0699 4520 Akamai ( HiddenFile.Multi.Generic ) - warning
15:00:16.0699 4520 Akamai - detected HiddenFile.Multi.Generic (1)
15:00:16.0777 4520 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
15:00:16.0777 4520 ALG - ok
15:00:16.0808 4520 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
15:00:16.0808 4520 aliide - ok
15:00:16.0839 4520 AMD External Events Utility (514089cb4a7df38dc4dd936ade4114d3) C:\Windows\system32\atiesrxx.exe
15:00:16.0839 4520 AMD External Events Utility - ok
15:00:16.0886 4520 AMD FUEL Service - ok
15:00:16.0902 4520 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
15:00:16.0902 4520 amdide - ok
15:00:16.0933 4520 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
15:00:16.0948 4520 amdiox64 - ok
15:00:16.0964 4520 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
15:00:16.0964 4520 AmdK8 - ok
15:00:17.0292 4520 amdkmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
15:00:17.0448 4520 amdkmdag - ok
15:00:17.0557 4520 amdkmdap (9deb889d152f9c9dba98be8986084535) C:\Windows\system32\DRIVERS\atikmpag.sys
15:00:17.0572 4520 amdkmdap - ok
15:00:17.0604 4520 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
15:00:17.0604 4520 Appinfo - ok
15:00:17.0713 4520 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:00:17.0713 4520 Apple Mobile Device - ok
15:00:17.0744 4520 AppMgmt (3da98c07b18a676180fe7eed924d1673) C:\Windows\System32\appmgmts.dll
15:00:17.0744 4520 AppMgmt - ok
15:00:17.0760 4520 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
15:00:17.0775 4520 arc - ok
15:00:17.0791 4520 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
15:00:17.0791 4520 arcsas - ok
15:00:17.0806 4520 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
15:00:17.0822 4520 AsyncMac - ok
15:00:17.0838 4520 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
15:00:17.0838 4520 atapi - ok
15:00:17.0884 4520 AtiHDAudioService (c3941eac6a5cd621f002b12c9ee4857b) C:\Windows\system32\drivers\AtihdLH6.sys
15:00:17.0884 4520 AtiHDAudioService - ok
15:00:17.0931 4520 AtiHdmiService (3ac10a57313af6793ff1bac6146fcff7) C:\Windows\system32\drivers\AtiHdmi.sys
15:00:17.0947 4520 AtiHdmiService - ok
15:00:18.0290 4520 atikmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
15:00:18.0321 4520 atikmdag - ok
15:00:18.0430 4520 atksgt (09149d03629a44f4773e621c432d1d89) C:\Windows\system32\DRIVERS\atksgt.sys
15:00:18.0430 4520 atksgt - ok
15:00:18.0477 4520 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
15:00:18.0477 4520 AudioEndpointBuilder - ok
15:00:18.0477 4520 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
15:00:18.0477 4520 AudioSrv - ok
15:00:18.0727 4520 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
15:00:18.0742 4520 AVGIDSAgent - ok
15:00:18.0820 4520 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
15:00:18.0820 4520 AVGIDSDriver - ok
15:00:18.0836 4520 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
15:00:18.0836 4520 AVGIDSFilter - ok
15:00:18.0867 4520 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
15:00:18.0867 4520 AVGIDSHA - ok
15:00:18.0898 4520 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
15:00:18.0898 4520 Avgldx64 - ok
15:00:18.0914 4520 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
15:00:18.0914 4520 Avgmfx64 - ok
15:00:18.0945 4520 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
15:00:18.0945 4520 Avgrkx64 - ok
15:00:18.0976 4520 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
15:00:18.0976 4520 Avgtdia - ok
15:00:19.0039 4520 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
15:00:19.0039 4520 avgwd - ok
15:00:19.0086 4520 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
15:00:19.0086 4520 BFE - ok
15:00:19.0101 4520 BIOS (00cadb1bc2d0030f0b2a1063618b6bd7) C:\Windows\system32\drivers\BIOS64.sys
15:00:19.0117 4520 BIOS - ok
15:00:19.0132 4520 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
15:00:19.0148 4520 blbdrive - ok
15:00:19.0242 4520 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:00:19.0242 4520 Bonjour Service - ok
15:00:19.0273 4520 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
15:00:19.0273 4520 bowser - ok
15:00:19.0288 4520 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
15:00:19.0288 4520 BrFiltLo - ok
15:00:19.0288 4520 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
15:00:19.0304 4520 BrFiltUp - ok
15:00:19.0320 4520 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
15:00:19.0320 4520 Browser - ok
15:00:19.0335 4520 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
15:00:19.0351 4520 Brserid - ok
15:00:19.0366 4520 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
15:00:19.0366 4520 BrSerWdm - ok
15:00:19.0382 4520 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
15:00:19.0382 4520 BrUsbMdm - ok
15:00:19.0398 4520 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
15:00:19.0398 4520 BrUsbSer - ok
15:00:19.0398 4520 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
15:00:19.0398 4520 BTHMODEM - ok
15:00:19.0413 4520 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
15:00:19.0413 4520 cdfs - ok
15:00:19.0444 4520 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
15:00:19.0444 4520 cdrom - ok
15:00:19.0476 4520 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
15:00:19.0476 4520 CertPropSvc - ok
15:00:19.0476 4520 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
15:00:19.0491 4520 circlass - ok
15:00:19.0522 4520 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
15:00:19.0522 4520 CLFS - ok
15:00:19.0616 4520 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:00:19.0616 4520 clr_optimization_v2.0.50727_32 - ok
15:00:19.0663 4520 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:00:19.0663 4520 clr_optimization_v2.0.50727_64 - ok
15:00:19.0725 4520 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:00:19.0725 4520 clr_optimization_v4.0.30319_32 - ok
15:00:19.0788 4520 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:00:19.0788 4520 clr_optimization_v4.0.30319_64 - ok
15:00:19.0803 4520 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
15:00:19.0803 4520 cmdide - ok
15:00:19.0819 4520 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
15:00:19.0819 4520 Compbatt - ok
15:00:19.0819 4520 COMSysApp - ok
15:00:19.0866 4520 cpuz132 (c9c25778efe890baa4087e32937016a0) C:\Windows\system32\drivers\cpuz132_x64.sys
15:00:19.0866 4520 cpuz132 - ok
15:00:19.0881 4520 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
15:00:19.0881 4520 crcdisk - ok
15:00:19.0928 4520 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
15:00:19.0928 4520 CryptSvc - ok
15:00:19.0975 4520 CSC (f60f50c8ed3fcbe358430b95fe27d09c) C:\Windows\system32\drivers\csc.sys
15:00:19.0990 4520 CSC - ok
15:00:20.0037 4520 CscService (1b5f256d31836ed2ba60b3a6c800200c) C:\Windows\System32\cscsvc.dll
15:00:20.0037 4520 CscService - ok
15:00:20.0100 4520 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
15:00:20.0100 4520 DcomLaunch - ok
15:00:20.0131 4520 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
15:00:20.0131 4520 DfsC - ok
15:00:20.0256 4520 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
15:00:20.0318 4520 DFSR - ok
15:00:20.0427 4520 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
15:00:20.0427 4520 Dhcp - ok
15:00:20.0443 4520 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
15:00:20.0458 4520 disk - ok
15:00:20.0474 4520 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
15:00:20.0474 4520 Dnscache - ok
15:00:20.0505 4520 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
15:00:20.0505 4520 dot3svc - ok
15:00:20.0536 4520 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
15:00:20.0536 4520 DPS - ok
15:00:20.0568 4520 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
15:00:20.0568 4520 drmkaud - ok
15:00:20.0599 4520 dump_wmimmc - ok
15:00:20.0661 4520 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
15:00:20.0661 4520 DXGKrnl - ok
15:00:20.0708 4520 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
15:00:20.0708 4520 E1G60 - ok
15:00:20.0724 4520 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
15:00:20.0724 4520 EapHost - ok
15:00:20.0770 4520 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
15:00:20.0770 4520 Ecache - ok
15:00:20.0833 4520 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
15:00:20.0833 4520 ehRecvr - ok
15:00:20.0848 4520 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
15:00:20.0848 4520 ehSched - ok
15:00:20.0864 4520 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
15:00:20.0864 4520 ehstart - ok
15:00:20.0895 4520 ElRawDisk (627350a11295d82bf78d155b12ffd0ef) C:\Windows\system32\drivers\ElRawDsk.sys
15:00:20.0895 4520 ElRawDisk - ok
15:00:20.0911 4520 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
15:00:20.0926 4520 elxstor - ok
15:00:20.0973 4520 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
15:00:20.0973 4520 EMDMgmt - ok
15:00:20.0989 4520 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
15:00:20.0989 4520 ErrDev - ok
15:00:21.0051 4520 ES lite Service (dcd7487d00aa4dffaeb4c8b086af1134) C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
15:00:21.0051 4520 ES lite Service - ok
15:00:21.0098 4520 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
15:00:21.0098 4520 EventSystem - ok
15:00:21.0145 4520 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
15:00:21.0160 4520 exfat - ok
15:00:21.0192 4520 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
15:00:21.0207 4520 fastfat - ok
15:00:21.0238 4520 Fax (989a776a2ff32a148fcf15c44058b129) C:\Windows\system32\fxssvc.exe
15:00:21.0254 4520 Fax - ok
15:00:21.0270 4520 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
15:00:21.0270 4520 fdc - ok
15:00:21.0301 4520 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
15:00:21.0301 4520 fdPHost - ok
15:00:21.0301 4520 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
15:00:21.0301 4520 FDResPub - ok
15:00:21.0316 4520 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
15:00:21.0316 4520 FileInfo - ok
15:00:21.0332 4520 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
15:00:21.0332 4520 Filetrace - ok
15:00:21.0348 4520 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:00:21.0348 4520 flpydisk - ok
15:00:21.0363 4520 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
15:00:21.0363 4520 FltMgr - ok
15:00:21.0457 4520 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
15:00:21.0457 4520 FontCache - ok
15:00:21.0535 4520 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:00:21.0535 4520 FontCache3.0.0.0 - ok
15:00:21.0582 4520 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
15:00:21.0582 4520 Fs_Rec - ok
15:00:21.0613 4520 fvevol (849e38db7d829962d0233a0a252b60c3) C:\Windows\system32\DRIVERS\fvevol.sys
15:00:21.0628 4520 fvevol - ok
15:00:21.0644 4520 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
15:00:21.0644 4520 gagp30kx - ok
15:00:21.0660 4520 gdrv (46e2828bca26b31fa5a1dd4d84df633d) C:\Windows\gdrv.sys
15:00:21.0675 4520 gdrv - ok
15:00:21.0706 4520 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:00:21.0706 4520 GEARAspiWDM - ok
15:00:21.0753 4520 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
15:00:21.0753 4520 gpsvc - ok
15:00:21.0909 4520 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
15:00:21.0940 4520 GVTDrv64 - ok
15:00:22.0096 4520 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
15:00:22.0096 4520 HdAudAddService - ok
15:00:22.0159 4520 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:00:22.0174 4520 HDAudBus - ok
15:00:22.0190 4520 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
15:00:22.0190 4520 HidBth - ok
15:00:22.0206 4520 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
15:00:22.0206 4520 HidIr - ok
15:00:22.0221 4520 hidkmdf (207c7ed27ba6add3985a90671c931b55) C:\Windows\system32\DRIVERS\hidkmdf.sys
15:00:22.0221 4520 hidkmdf - ok
15:00:22.0252 4520 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
15:00:22.0252 4520 hidserv - ok
15:00:22.0268 4520 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
15:00:22.0268 4520 HidUsb - ok
15:00:22.0284 4520 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
15:00:22.0284 4520 hkmsvc - ok
15:00:22.0315 4520 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
15:00:22.0315 4520 HpCISSs - ok
15:00:22.0362 4520 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
15:00:22.0377 4520 HTTP - ok
15:00:22.0393 4520 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
15:00:22.0393 4520 i2omp - ok
15:00:22.0424 4520 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
15:00:22.0424 4520 i8042prt - ok
15:00:22.0440 4520 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
15:00:22.0455 4520 iaStorV - ok
15:00:22.0533 4520 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:00:22.0533 4520 IDriverT - ok
15:00:22.0627 4520 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:00:22.0642 4520 idsvc - ok
15:00:22.0642 4520 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
15:00:22.0642 4520 iirsp - ok
15:00:22.0689 4520 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
15:00:22.0689 4520 IKEEXT - ok
15:00:22.0783 4520 IntcAzAudAddService (4b071aebbc13d60430ee0371b262f681) C:\Windows\system32\drivers\RTKVHD64.sys
15:00:22.0798 4520 IntcAzAudAddService - ok
15:00:22.0892 4520 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
15:00:22.0892 4520 intelide - ok
15:00:22.0908 4520 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
15:00:22.0908 4520 intelppm - ok
15:00:23.0001 4520 ioloSystemService (228431b4214e2f540b6b6367b2a65e05) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
15:00:23.0001 4520 ioloSystemService - ok
15:00:23.0048 4520 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
15:00:23.0048 4520 IPBusEnum - ok
15:00:23.0064 4520 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:00:23.0064 4520 IpFilterDriver - ok
15:00:23.0110 4520 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
15:00:23.0110 4520 iphlpsvc - ok
15:00:23.0110 4520 IpInIp - ok
15:00:23.0142 4520 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
15:00:23.0142 4520 IPMIDRV - ok
15:00:23.0157 4520 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
15:00:23.0157 4520 IPNAT - ok
15:00:23.0235 4520 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
15:00:23.0235 4520 iPod Service - ok
15:00:23.0251 4520 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
15:00:23.0251 4520 IRENUM - ok
15:00:23.0251 4520 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
15:00:23.0251 4520 isapnp - ok
15:00:23.0282 4520 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
15:00:23.0282 4520 iScsiPrt - ok
15:00:23.0298 4520 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
15:00:23.0298 4520 iteatapi - ok
15:00:23.0329 4520 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
15:00:23.0329 4520 iteraid - ok
15:00:23.0360 4520 JRAID (db85fe8d6cbaa2047cb4da1b2c193d76) C:\Windows\system32\DRIVERS\jraid.sys
15:00:23.0360 4520 JRAID - ok
15:00:23.0376 4520 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
15:00:23.0376 4520 kbdclass - ok
15:00:23.0391 4520 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
15:00:23.0391 4520 kbdhid - ok
15:00:23.0407 4520 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
15:00:23.0407 4520 KeyIso - ok
15:00:23.0454 4520 KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:\Windows\system32\Drivers\ksecdd.sys
15:00:23.0454 4520 KSecDD - ok
15:00:23.0469 4520 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
15:00:23.0469 4520 ksthunk - ok
15:00:23.0516 4520 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
15:00:23.0516 4520 KtmRm - ok
15:00:23.0563 4520 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
15:00:23.0563 4520 LanmanServer - ok
15:00:23.0594 4520 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
15:00:23.0594 4520 LanmanWorkstation - ok
15:00:23.0625 4520 LHidFilt (24e09882ba51b9830ae029888a3aaf18) C:\Windows\system32\DRIVERS\LHidFilt.Sys
15:00:23.0641 4520 LHidFilt - ok
15:00:23.0672 4520 lirsgt (5ea407821bb3104c31a705175ab4f309) C:\Windows\system32\DRIVERS\lirsgt.sys
15:00:23.0672 4520 lirsgt - ok
15:00:23.0688 4520 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
15:00:23.0688 4520 lltdio - ok
15:00:23.0719 4520 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
15:00:23.0734 4520 lltdsvc - ok
15:00:23.0734 4520 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
15:00:23.0734 4520 lmhosts - ok
15:00:23.0766 4520 LMouFilt (2f94325d8c10e2b715f3d753c2422aac) C:\Windows\system32\DRIVERS\LMouFilt.Sys
15:00:23.0766 4520 LMouFilt - ok
15:00:23.0766 4520 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
15:00:23.0781 4520 LSI_FC - ok
15:00:23.0797 4520 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
15:00:23.0797 4520 LSI_SAS - ok
15:00:23.0812 4520 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
15:00:23.0828 4520 LSI_SCSI - ok
15:00:23.0844 4520 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
15:00:23.0844 4520 luafv - ok
15:00:23.0875 4520 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
15:00:23.0875 4520 Mcx2Svc - ok
15:00:23.0890 4520 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
15:00:23.0890 4520 megasas - ok
15:00:23.0922 4520 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
15:00:23.0937 4520 MegaSR - ok
15:00:23.0953 4520 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
15:00:23.0953 4520 MMCSS - ok
15:00:23.0968 4520 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
15:00:23.0968 4520 Modem - ok
15:00:24.0000 4520 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
15:00:24.0000 4520 monitor - ok
15:00:24.0015 4520 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
15:00:24.0015 4520 mouclass - ok
15:00:24.0031 4520 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
15:00:24.0031 4520 mouhid - ok
15:00:24.0062 4520 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
15:00:24.0062 4520 MountMgr - ok
15:00:24.0124 4520 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:00:24.0140 4520 MozillaMaintenance - ok
15:00:24.0171 4520 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
15:00:24.0171 4520 mpio - ok
15:00:24.0187 4520 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
15:00:24.0187 4520 mpsdrv - ok
15:00:24.0202 4520 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
15:00:24.0218 4520 Mraid35x - ok
15:00:24.0234 4520 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
15:00:24.0234 4520 MRxDAV - ok
15:00:24.0265 4520 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:00:24.0265 4520 mrxsmb - ok
15:00:24.0312 4520 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:00:24.0312 4520 mrxsmb10 - ok
15:00:24.0327 4520 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:00:24.0327 4520 mrxsmb20 - ok
15:00:24.0343 4520 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
15:00:24.0343 4520 msahci - ok
15:00:24.0358 4520 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
15:00:24.0358 4520 msdsm - ok
15:00:24.0390 4520 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
15:00:24.0405 4520 MSDTC - ok
15:00:24.0421 4520 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
15:00:24.0421 4520 Msfs - ok
15:00:24.0436 4520 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
15:00:24.0436 4520 msisadrv - ok
15:00:24.0483 4520 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
15:00:24.0483 4520 MSiSCSI - ok
15:00:24.0483 4520 msiserver - ok
15:00:24.0514 4520 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
15:00:24.0514 4520 MSKSSRV - ok
15:00:24.0546 4520 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
15:00:24.0546 4520 MSPCLOCK - ok
15:00:24.0546 4520 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
15:00:24.0561 4520 MSPQM - ok
15:00:24.0577 4520 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
15:00:24.0592 4520 MsRPC - ok
15:00:24.0608 4520 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
15:00:24.0608 4520 mssmbios - ok
15:00:24.0624 4520 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
15:00:24.0624 4520 MSTEE - ok
15:00:24.0624 4520 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
15:00:24.0624 4520 Mup - ok
15:00:24.0670 4520 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
15:00:24.0670 4520 napagent - ok
15:00:24.0686 4520 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
15:00:24.0686 4520 NativeWifiP - ok
15:00:24.0748 4520 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
15:00:24.0748 4520 NDIS - ok
15:00:24.0780 4520 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
15:00:24.0780 4520 NdisTapi - ok
15:00:24.0780 4520 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
15:00:24.0780 4520 Ndisuio - ok
15:00:24.0811 4520 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
15:00:24.0811 4520 NdisWan - ok
15:00:24.0826 4520 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
15:00:24.0826 4520 NDProxy - ok
15:00:24.0858 4520 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
15:00:24.0858 4520 NetBIOS - ok
15:00:24.0889 4520 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
15:00:24.0904 4520 netbt - ok
15:00:24.0920 4520 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
15:00:24.0920 4520 Netlogon - ok
15:00:24.0936 4520 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
15:00:24.0936 4520 Netman - ok
15:00:24.0967 4520 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
15:00:24.0967 4520 netprofm - ok
15:00:25.0045 4520 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:00:25.0060 4520 NetTcpPortSharing - ok
15:00:25.0076 4520 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
15:00:25.0076 4520 nfrd960 - ok
15:00:25.0107 4520 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
15:00:25.0107 4520 NlaSvc - ok
15:00:25.0123 4520 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
15:00:25.0123 4520 Npfs - ok
15:00:25.0138 4520 NPPTNT2 - ok
15:00:25.0154 4520 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
15:00:25.0154 4520 nsi - ok
15:00:25.0170 4520 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
15:00:25.0170 4520 nsiproxy - ok
15:00:25.0232 4520 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
15:00:25.0263 4520 Ntfs - ok
15:00:25.0341 4520 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
15:00:25.0341 4520 Null - ok
15:00:25.0357 4520 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
15:00:25.0357 4520 nvraid - ok
15:00:25.0372 4520 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
15:00:25.0388 4520 nvstor - ok
15:00:25.0388 4520 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
15:00:25.0404 4520 nv_agp - ok
15:00:25.0404 4520 NwlnkFlt - ok
15:00:25.0404 4520 NwlnkFwd - ok
15:00:25.0435 4520 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
15:00:25.0435 4520 ohci1394 - ok
15:00:25.0466 4520 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:00:25.0482 4520 p2pimsvc - ok
15:00:25.0482 4520 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:00:25.0482 4520 p2psvc - ok
15:00:25.0497 4520 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
15:00:25.0513 4520 Parport - ok
15:00:25.0528 4520 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
15:00:25.0528 4520 partmgr - ok
15:00:25.0591 4520 pbfilter (7c0582921913d00180ec2b8518ba135c) C:\Program Files\PeerBlock\pbfilter.sys
15:00:25.0591 4520 pbfilter - ok
15:00:25.0622 4520 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
15:00:25.0622 4520 PcaSvc - ok
15:00:25.0622 4520 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
15:00:25.0622 4520 pci - ok
15:00:25.0653 4520 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
15:00:25.0653 4520 pciide - ok
15:00:25.0669 4520 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
15:00:25.0684 4520 pcmcia - ok
15:00:25.0716 4520 PDFsFilter (8570c04d9dbfddd2ccf655deb4d84715) C:\Windows\system32\DRIVERS\PDFsFilter.sys
15:00:25.0716 4520 PDFsFilter - ok
15:00:25.0747 4520 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
15:00:25.0747 4520 PEAUTH - ok
15:00:25.0809 4520 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
15:00:25.0825 4520 PerfHost - ok
15:00:25.0887 4520 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
15:00:25.0887 4520 pla - ok
15:00:25.0918 4520 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
15:00:25.0918 4520 PlugPlay - ok
15:00:25.0981 4520 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:00:25.0981 4520 PNRPAutoReg - ok
15:00:25.0981 4520 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:00:25.0996 4520 PNRPsvc - ok
15:00:26.0043 4520 Point64 (524afd218390c4a8806b48cdff54ad3a) C:\Windows\system32\DRIVERS\point64k.sys
15:00:26.0059 4520 Point64 - ok
15:00:26.0090 4520 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
15:00:26.0106 4520 PolicyAgent - ok
15:00:26.0137 4520 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
15:00:26.0152 4520 PptpMiniport - ok
15:00:26.0168 4520 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
15:00:26.0168 4520 Processor - ok
15:00:26.0246 4520 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
15:00:26.0246 4520 ProfSvc - ok
15:00:26.0277 4520 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
15:00:26.0277 4520 ProtectedStorage - ok
15:00:26.0293 4520 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
15:00:26.0293 4520 PSched - ok
15:00:26.0340 4520 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
15:00:26.0355 4520 ql2300 - ok
15:00:26.0371 4520 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
15:00:26.0371 4520 ql40xx - ok
15:00:26.0402 4520 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
15:00:26.0402 4520 QWAVE - ok
15:00:26.0418 4520 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
15:00:26.0418 4520 QWAVEdrv - ok
15:00:26.0433 4520 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
15:00:26.0433 4520 RasAcd - ok
15:00:26.0464 4520 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
15:00:26.0464 4520 RasAuto - ok
15:00:26.0496 4520 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:00:26.0496 4520 Rasl2tp - ok
15:00:26.0511 4520 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
15:00:26.0527 4520 RasMan - ok
15:00:26.0542 4520 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
15:00:26.0542 4520 RasPppoe - ok
15:00:26.0558 4520 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
15:00:26.0574 4520 RasSstp - ok
15:00:26.0605 4520 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
15:00:26.0605 4520 rdbss - ok
15:00:26.0620 4520 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:00:26.0620 4520 RDPCDD - ok
15:00:26.0652 4520 rdpdr (ae23e79b13feb62939e2ca1189e71735) C:\Windows\system32\DRIVERS\rdpdr.sys
15:00:26.0667 4520 rdpdr - ok
15:00:26.0683 4520 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
15:00:26.0683 4520 RDPENCDD - ok
15:00:26.0730 4520 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
15:00:26.0730 4520 RDPWD - ok
15:00:26.0761 4520 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
15:00:26.0761 4520 RemoteAccess - ok
15:00:26.0776 4520 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
15:00:26.0792 4520 RemoteRegistry - ok
15:00:26.0792 4520 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
15:00:26.0792 4520 RpcLocator - ok
15:00:26.0839 4520 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
15:00:26.0839 4520 RpcSs - ok
15:00:26.0854 4520 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
15:00:26.0854 4520 rspndr - ok
15:00:26.0870 4520 RTHDMIAzAudService - ok
15:00:26.0901 4520 RTL8169 (faeeed5a8949e6ba611a7b738ad28cee) C:\Windows\system32\DRIVERS\Rtlh64.sys
15:00:26.0917 4520 RTL8169 - ok
15:00:26.0932 4520 RzSynapse (24510c4a77aba3b07aefa840db888637) C:\Windows\system32\DRIVERS\RzSynapse.sys
15:00:26.0964 4520 RzSynapse - ok
15:00:26.0995 4520 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
15:00:26.0995 4520 SamSs - ok
15:00:27.0010 4520 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
15:00:27.0010 4520 sbp2port - ok
15:00:27.0042 4520 SBRE (9aceb2a2362fc87a3825963e61ba9076) C:\Windows\system32\drivers\SBREdrv.sys
15:00:27.0042 4520 SBRE - ok
15:00:27.0322 4520 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
15:00:27.0322 4520 SBSDWSCService - ok
15:00:27.0385 4520 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
15:00:27.0385 4520 SCardSvr - ok
15:00:27.0416 4520 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
15:00:27.0432 4520 Schedule - ok
15:00:27.0447 4520 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
15:00:27.0447 4520 SCPolicySvc - ok
15:00:27.0463 4520 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
15:00:27.0463 4520 SDRSVC - ok
15:00:27.0510 4520 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:00:27.0510 4520 secdrv - ok
15:00:27.0525 4520 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
15:00:27.0525 4520 seclogon - ok
15:00:27.0525 4520 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
15:00:27.0525 4520 SENS - ok
15:00:27.0556 4520 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
15:00:27.0556 4520 Serenum - ok
15:00:27.0588 4520 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
15:00:27.0588 4520 Serial - ok
15:00:27.0603 4520 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
15:00:27.0603 4520 sermouse - ok
15:00:27.0619 4520 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
15:00:27.0619 4520 SessionEnv - ok
15:00:27.0634 4520 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
15:00:27.0634 4520 sffdisk - ok
15:00:27.0650 4520 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
15:00:27.0650 4520 sffp_mmc - ok
15:00:27.0666 4520 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
15:00:27.0666 4520 sffp_sd - ok
15:00:27.0681 4520 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
15:00:27.0681 4520 sfloppy - ok
15:00:27.0712 4520 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
15:00:27.0712 4520 ShellHWDetection - ok
15:00:27.0728 4520 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
15:00:27.0728 4520 SiSRaid2 - ok
15:00:27.0759 4520 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
15:00:27.0759 4520 SiSRaid4 - ok
15:00:27.0853 4520 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
15:00:27.0868 4520 slsvc - ok
15:00:27.0962 4520 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
15:00:27.0962 4520 SLUINotify - ok
15:00:28.0009 4520 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
15:00:28.0009 4520 Smb - ok
15:00:28.0040 4520 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
15:00:28.0040 4520 SNMPTRAP - ok
15:00:28.0071 4520 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
15:00:28.0071 4520 spldr - ok
15:00:28.0087 4520 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
15:00:28.0087 4520 Spooler - ok
15:00:28.0165 4520 sptd (88e5162e58c8919cc873f5d8946197cf) C:\Windows\System32\Drivers\sptd.sys
15:00:28.0212 4520 sptd - ok
15:00:28.0258 4520 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
15:00:28.0258 4520 srv - ok
15:00:28.0290 4520 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
15:00:28.0290 4520 srv2 - ok
15:00:28.0321 4520 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
15:00:28.0321 4520 srvnet - ok
15:00:28.0336 4520 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
15:00:28.0336 4520 SSDPSRV - ok
15:00:28.0383 4520 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
15:00:28.0383 4520 SstpSvc - ok
15:00:28.0430 4520 Steam Client Service - ok
15:00:28.0461 4520 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
15:00:28.0461 4520 stisvc - ok
15:00:28.0477 4520 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
15:00:28.0477 4520 swenum - ok
15:00:28.0524 4520 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
15:00:28.0524 4520 swprv - ok
15:00:28.0555 4520 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
15:00:28.0555 4520 Symc8xx - ok
15:00:28.0555 4520 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
15:00:28.0555 4520 Sym_hi - ok
15:00:28.0570 4520 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
15:00:28.0570 4520 Sym_u3 - ok
15:00:28.0570 4520 SysInfo - ok
15:00:28.0695 4520 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
15:00:28.0695 4520 SysMain - ok
15:00:28.0711 4520 T2Fltr - ok
15:00:28.0726 4520 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
15:00:28.0726 4520 TabletInputService - ok
15:00:29.0038 4520 TabletServicePen (0314b23f5f6661483084b9ce0822d0bf) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
15:00:29.0054 4520 TabletServicePen - ok
15:00:29.0148 4520 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
15:00:29.0148 4520 TapiSrv - ok
15:00:29.0179 4520 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
15:00:29.0179 4520 TBS - ok
15:00:29.0288 4520 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
15:00:29.0319 4520 Tcpip - ok
15:00:29.0397 4520 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
15:00:29.0413 4520 Tcpip6 - ok
15:00:29.0460 4520 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
15:00:29.0460 4520 tcpipreg - ok
15:00:29.0491 4520 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
15:00:29.0491 4520 TDPIPE - ok
15:00:29.0491 4520 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
15:00:29.0491 4520 TDTCP - ok
15:00:29.0522 4520 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
15:00:29.0522 4520 tdx - ok
15:00:29.0553 4520 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
15:00:29.0553 4520 TermDD - ok
15:00:29.0584 4520 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
15:00:29.0600 4520 TermService - ok
15:00:29.0631 4520 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
15:00:29.0631 4520 Themes - ok
15:00:29.0662 4520 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
15:00:29.0662 4520 THREADORDER - ok
15:00:29.0772 4520 TouchServicePen (be897cae477dd8a149b3db77472af87d) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
15:00:29.0772 4520 TouchServicePen - ok
15:00:29.0803 4520 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
15:00:29.0818 4520 TrkWks - ok
15:00:29.0865 4520 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
15:00:29.0865 4520 TrustedInstaller - ok
15:00:29.0896 4520 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:00:29.0896 4520 tssecsrv - ok
15:00:29.0928 4520 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
15:00:29.0928 4520 tunmp - ok
15:00:29.0959 4520 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
15:00:29.0959 4520 tunnel - ok
15:00:29.0974 4520 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
15:00:29.0974 4520 uagp35 - ok
15:00:30.0006 4520 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
15:00:30.0006 4520 udfs - ok
15:00:30.0037 4520 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
15:00:30.0037 4520 UI0Detect - ok
15:00:30.0052 4520 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
15:00:30.0052 4520 uliagpkx - ok
15:00:30.0084 4520 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
15:00:30.0084 4520 uliahci - ok
15:00:30.0115 4520 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
15:00:30.0115 4520 UlSata - ok
15:00:30.0130 4520 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
15:00:30.0130 4520 ulsata2 - ok
15:00:30.0146 4520 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
15:00:30.0146 4520 umbus - ok
15:00:30.0177 4520 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys
15:00:30.0177 4520 UMPass - ok
15:00:30.0208 4520 UmRdpService (dc5e34f189b827199b9cc8481c648269) C:\Windows\System32\umrdp.dll
15:00:30.0208 4520 UmRdpService - ok
15:00:30.0224 4520 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
15:00:30.0224 4520 upnphost - ok
15:00:30.0286 4520 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
15:00:30.0302 4520 USBAAPL64 - ok
15:00:30.0349 4520 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
15:00:30.0349 4520 usbaudio - ok
15:00:30.0364 4520 usbbus - ok
15:00:30.0427 4520 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
15:00:30.0427 4520 usbccgp - ok
15:00:30.0458 4520 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
15:00:30.0458 4520 usbcir - ok
15:00:30.0458 4520 UsbDiag - ok
15:00:30.0489 4520 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
15:00:30.0489 4520 usbehci - ok
15:00:30.0520 4520 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
15:00:30.0520 4520 usbhub - ok
15:00:30.0536 4520 USBModem - ok
15:00:30.0552 4520 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
15:00:30.0552 4520 usbohci - ok
15:00:30.0567 4520 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
15:00:30.0567 4520 usbprint - ok
15:00:30.0598 4520 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
15:00:30.0598 4520 usbscan - ok
15:00:30.0630 4520 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:00:30.0630 4520 USBSTOR - ok
15:00:30.0645 4520 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
15:00:30.0645 4520 usbuhci - ok
15:00:30.0661 4520 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
15:00:30.0661 4520 UxSms - ok
15:00:30.0692 4520 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
15:00:30.0692 4520 vds - ok
15:00:30.0723 4520 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
15:00:30.0723 4520 vga - ok
15:00:30.0723 4520 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
15:00:30.0723 4520 VgaSave - ok
15:00:30.0739 4520 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
15:00:30.0739 4520 viaide - ok
15:00:30.0817 4520 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
15:00:30.0817 4520 Viewpoint Manager Service - ok
15:00:30.0832 4520 VJoystick (b7f49333d2513eb1edaffdc269a23b68) C:\Windows\system32\DRIVERS\VJoystick.sys
15:00:30.0832 4520 VJoystick - ok
15:00:30.0848 4520 VKbms (3b59bb6d10cf969dbe4db93d9ead7fb4) C:\Windows\system32\DRIVERS\VKbms.sys
15:00:30.0848 4520 VKbms - ok
15:00:30.0879 4520 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
15:00:30.0879 4520 volmgr - ok
15:00:30.0910 4520 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
15:00:30.0910 4520 volmgrx - ok
15:00:30.0926 4520 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
15:00:30.0926 4520 volsnap - ok
15:00:30.0942 4520 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
15:00:30.0942 4520 vsmraid - ok
15:00:31.0004 4520 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
15:00:31.0020 4520 VSS - ok
15:00:31.0207 4520 vzandnetdiag (81843561a47a00aa302bfb7c5b678126) C:\Windows\system32\DRIVERS\lgvzandnetdiag64.sys
15:00:31.0222 4520 vzandnetdiag - ok
15:00:31.0254 4520 vzandnetmodem (818ca779c2457f328335fa48d507ef07) C:\Windows\system32\DRIVERS\lgvzandnetmdm64.sys
15:00:31.0254 4520 vzandnetmodem - ok
15:00:31.0285 4520 vzandnetndis (9125f20cb20b814fe2b4504f8ab5dc8a) C:\Windows\system32\DRIVERS\lgvzandnetndis64.sys
15:00:31.0285 4520 vzandnetndis - ok
15:00:31.0316 4520 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
15:00:31.0316 4520 W32Time - ok
15:00:31.0347 4520 wacmoumonitor (8d7d3a085b7b73d178d4c15106f16f3b) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
15:00:31.0347 4520 wacmoumonitor - ok
15:00:31.0347 4520 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
15:00:31.0347 4520 wacommousefilter - ok
15:00:31.0378 4520 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
15:00:31.0378 4520 WacomPen - ok
15:00:31.0394 4520 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
15:00:31.0394 4520 wacomvhid - ok
15:00:31.0441 4520 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
15:00:31.0441 4520 Wanarp - ok
15:00:31.0441 4520 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
15:00:31.0441 4520 Wanarpv6 - ok
15:00:31.0488 4520 wbengine (48eee289df9e4989128b2283f3eeacc6) C:\Windows\system32\wbengine.exe
15:00:31.0503 4520 wbengine - ok
15:00:31.0519 4520 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
15:00:31.0519 4520 wcncsvc - ok
15:00:31.0566 4520 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
15:00:31.0566 4520 WcsPlugInService - ok
15:00:31.0597 4520 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
15:00:31.0597 4520 Wd - ok
15:00:31.0628 4520 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:00:31.0644 4520 Wdf01000 - ok
15:00:31.0659 4520 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
15:00:31.0659 4520 WdiServiceHost - ok
15:00:31.0659 4520 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
15:00:31.0659 4520 WdiSystemHost - ok
15:00:31.0690 4520 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
15:00:31.0690 4520 WebClient - ok
15:00:31.0722 4520 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
15:00:31.0722 4520 Wecsvc - ok
15:00:31.0737 4520 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
15:00:31.0737 4520 wercplsupport - ok
15:00:31.0753 4520 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
15:00:31.0753 4520 WerSvc - ok
15:00:31.0784 4520 WinDefend - ok
15:00:31.0784 4520 WinHttpAutoProxySvc - ok
15:00:31.0862 4520 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
15:00:31.0862 4520 Winmgmt - ok
15:00:31.0940 4520 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
15:00:31.0956 4520 WinRM - ok
15:00:32.0049 4520 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
15:00:32.0049 4520 Wlansvc - ok
15:00:32.0190 4520 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:00:32.0190 4520 wlidsvc - ok
15:00:32.0268 4520 WmBEnum (e7f4937b613b1e4294100c9d4efc36a9) C:\Windows\system32\drivers\WmBEnum.sys
15:00:32.0268 4520 WmBEnum - ok
15:00:32.0470 4520 WmFilter (6f6f2b263002b243d3501c7e6c8fc11d) C:\Windows\system32\drivers\WmFilter.sys
15:00:32.0486 4520 WmFilter - ok
15:00:32.0595 4520 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:00:32.0595 4520 WmiAcpi - ok
15:00:32.0642 4520 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
15:00:32.0642 4520 wmiApSrv - ok
15:00:32.0673 4520 WMPNetworkSvc - ok
15:00:32.0689 4520 WmVirHid (52b4fcc6afaec0ffd80bda63f9b140cd) C:\Windows\system32\drivers\WmVirHid.sys
15:00:32.0689 4520 WmVirHid - ok
15:00:32.0720 4520 WmXlCore (395b3e7fba81bdc4501641b3b2cf2e20) C:\Windows\system32\drivers\WmXlCore.sys
15:00:32.0720 4520 WmXlCore - ok
15:00:32.0751 4520 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
15:00:32.0751 4520 WPCSvc - ok
15:00:32.0767 4520 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
15:00:32.0767 4520 WPDBusEnum - ok
15:00:32.0798 4520 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
15:00:32.0798 4520 WpdUsb - ok
15:00:32.0954 4520 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:00:32.0954 4520 WPFFontCache_v0400 - ok
15:00:32.0970 4520 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
15:00:32.0970 4520 ws2ifsl - ok
15:00:32.0985 4520 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
15:00:33.0001 4520 wscsvc - ok
15:00:33.0001 4520 WSearch - ok
15:00:33.0094 4520 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
15:00:33.0110 4520 wuauserv - ok
15:00:33.0235 4520 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:00:33.0235 4520 WUDFRd - ok
15:00:33.0266 4520 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
15:00:33.0266 4520 wudfsvc - ok
15:00:33.0328 4520 X6va001 - ok
15:00:33.0391 4520 xnacc (da1c23f65ef1894ab5b6ff79d81f544a) C:\Windows\system32\DRIVERS\xnacc.sys
15:00:33.0422 4520 xnacc - ok
15:00:33.0453 4520 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
15:00:33.0453 4520 \Device\Harddisk0\DR0 - ok
15:00:33.0453 4520 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
15:00:33.0484 4520 \Device\Harddisk1\DR1 - ok
15:00:33.0500 4520 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk2\DR2
15:00:33.0750 4520 \Device\Harddisk2\DR2 - ok
15:00:33.0750 4520 MBR (0x1B8) (c6f30d7f54a20865b8a5475fb90f4a9a) \Device\Harddisk3\DR3
15:00:33.0750 4520 \Device\Harddisk3\DR3 - ok
15:00:33.0750 4520 Boot (0x1200) (de58c6e4a78151ac7df2d466b35fe87e) \Device\Harddisk0\DR0\Partition0
15:00:33.0750 4520 \Device\Harddisk0\DR0\Partition0 - ok
15:00:33.0750 4520 Boot (0x1200) (f02b30a590998f634a83ee8e2c0f8cf2) \Device\Harddisk1\DR1\Partition0
15:00:33.0750 4520 \Device\Harddisk1\DR1\Partition0 - ok
15:00:33.0968 4520 Boot (0x1200) (2335888f5964fd5d4765ec4109890480) \Device\Harddisk2\DR2\Partition0
15:00:33.0968 4520 \Device\Harddisk2\DR2\Partition0 - ok
15:00:33.0968 4520 ============================================================
15:00:33.0968 4520 Scan finished
15:00:33.0968 4520 ============================================================
15:00:33.0984 6092 Detected object count: 1
15:00:33.0984 6092 Actual detected object count: 1
15:05:31.0512 6092 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
15:05:31.0512 6092 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-31 16:33:42
-----------------------------
16:33:42.763 OS Version: Windows x64 6.0.6002 Service Pack 2
16:33:42.763 Number of processors: 2 586 0x402
16:33:42.764 ComputerName: BRANDON-PC UserName: Brandon
16:33:44.876 Initialize success
16:36:40.663 AVAST engine defs: 12073102
16:41:07.676 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
16:41:07.678 Disk 0 Vendor: WDC_WD10EADS-65P6B0 01.00A01 Size: 953869MB BusType: 3
16:41:07.679 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-3
16:41:07.680 Disk 1 Vendor: ST3250410AS 4.AAA Size: 238474MB BusType: 3
16:41:07.682 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T0L0-0
16:41:07.683 Disk 2 Vendor: ST31000528AS CC3E Size: 953868MB BusType: 3
16:41:07.695 Disk 1 MBR read successfully
16:41:07.697 Disk 1 MBR scan
16:41:07.700 Disk 1 Windows VISTA default MBR code
16:41:07.705 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238472 MB offset 2048
16:41:07.728 Disk 1 scanning C:\Windows\system32\drivers
16:41:15.453 Service scanning
16:41:34.685 Modules scanning
16:41:34.690 Disk 1 trace - called modules:
16:41:34.841 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa8007bf52c0]<<spmn.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
16:41:34.845 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8009405060]
16:41:34.848 3 CLASSPNP.SYS[fffffa6000fcec33] -> nt!IofCallDriver -> [0xfffffa8007bc8580]
16:41:34.851 5 acpi.sys[fffffa600079afde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-3[0xfffffa8007c08060]
16:41:34.854 \Driver\atapi[0xfffffa8007bab060] -> IRP_MJ_CREATE -> 0xfffffa8007bf52c0
16:41:37.850 AVAST engine scan C:\Windows
16:41:40.083 AVAST engine scan C:\Windows\system32
16:43:37.834 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
16:43:40.069 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
16:45:02.395 AVAST engine scan C:\Windows\system32\drivers
16:45:13.161 AVAST engine scan C:\Users\Brandon
17:00:24.105 AVAST engine scan C:\ProgramData
17:03:25.473 Scan finished successfully
17:06:02.016 Disk 1 MBR has been saved successfully to "C:\Users\Brandon\Desktop\MBR.dat"
17:06:02.019 The log file has been saved successfully to "C:\Users\Brandon\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-05 15:07:08
-----------------------------
15:07:08.883 OS Version: Windows x64 6.0.6002 Service Pack 2
15:07:08.883 Number of processors: 2 586 0x402
15:07:08.883 ComputerName: BRANDON-PC UserName: Brandon
15:07:10.269 Initialize success
15:08:20.863 AVAST engine defs: 12080501
15:12:52.795 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:12:52.796 Disk 0 Vendor: ST31000528AS CC3E Size: 953868MB BusType: 3
15:12:52.798 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-2
15:12:52.799 Disk 1 Vendor: WDC_WD10EADS-65P6B0 01.00A01 Size: 953869MB BusType: 3
15:12:52.800 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T1L0-3
15:12:52.802 Disk 2 Vendor: ST3250410AS 4.AAA Size: 238474MB BusType: 3
15:12:52.810 Disk 2 MBR read successfully
15:12:52.812 Disk 2 MBR scan
15:12:52.815 Disk 2 Windows VISTA default MBR code
15:12:52.820 Disk 2 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238472 MB offset 2048
15:12:52.843 Disk 2 scanning C:\Windows\system32\drivers
15:13:00.658 Service scanning
15:13:18.769 Modules scanning
15:13:18.775 Disk 2 trace - called modules:
15:13:18.798 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
15:13:18.800 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0xfffffa8009284790]
15:13:18.803 3 CLASSPNP.SYS[fffffa6000dd3c33] -> nt!IofCallDriver -> [0xfffffa8007ce7900]
15:13:18.805 5 acpi.sys[fffffa6000814fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-3[0xfffffa8007cf8940]
15:13:19.881 AVAST engine scan C:\Windows
15:13:22.530 AVAST engine scan C:\Windows\system32
15:15:02.896 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
15:15:04.982 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
15:16:29.852 AVAST engine scan C:\Windows\system32\drivers
15:16:39.123 AVAST engine scan C:\Users\Brandon
15:29:11.499 AVAST engine scan C:\ProgramData
15:31:25.012 Scan finished successfully
15:43:47.756 Disk 2 MBR has been saved successfully to "C:\Users\Brandon\Desktop\MBR.dat"
15:43:47.759 The log file has been saved successfully to "C:\Users\Brandon\Desktop\aswMBR.txt"


And also, later today I'm going out of town for about 2 weeks.

Edited by JayWichester, 05 August 2012 - 02:46 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:05 PM

Posted 05 August 2012 - 03:33 PM

OK lets try this


I want you to run FRST but from safe mode and get me the report


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 JayWichester

JayWichester
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 05 August 2012 - 04:01 PM

It can't start it in safe mode. It got stuck for like 10 minutes loading windows files, twice, and in between it had to do a disc check.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:05 PM

Posted 05 August 2012 - 04:14 PM

Greetings


I would like you to go here to see how to make a recovery disk for vista 64Bit to allow us to get into the recover environment

http://www.vistax64.com/tutorials/141820-create-recovery-disc.html

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 JayWichester

JayWichester
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 05 August 2012 - 04:47 PM

I don't have a Windows installation disc. And I don't have much time left before I need to leave. Can I come back for help when I get back?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:05 PM

Posted 05 August 2012 - 04:57 PM

Greetings


I will lock this for now and when you get back send me a PM and I will open it - hopefully by then you will have found a install CD or our tools may have been updated



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:05 PM

Posted 17 August 2012 - 09:39 PM

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 JayWichester

JayWichester
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 18 August 2012 - 12:22 PM

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: Brandon [Admin rights]
Mode: Scan -- Date: 08/18/2012 13:20:17

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[SUSP PATH] HKLM\[...]\Wow6432Node\Run : BYRUA_AGENT (C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : c:\windows\installer\{5dc271b0-dc8a-a1e2-6683-20ef3f954d53}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{5dc271b0-dc8a-a1e2-6683-20ef3f954d53}\L --> FOUND
[ZeroAccess][FILE] @ : c:\users\brandon\appdata\local\{5dc271b0-dc8a-a1e2-6683-20ef3f954d53}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\users\brandon\appdata\local\{5dc271b0-dc8a-a1e2-6683-20ef3f954d53}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\users\brandon\appdata\local\{5dc271b0-dc8a-a1e2-6683-20ef3f954d53}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND
[Susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST31000528AS ATA Device +++++
--- User ---
[MBR] 129347b322dda872cf6fbf55dbdeedd8
[BSP] 6c4d4fa33409fcbafd06b715fac3d46a : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD10EADS-65P6B0 ATA Device +++++
--- User ---
[MBR] 265f5a18694681f86f913bf72f8b6d7f
[BSP] a40ae462d9700b160861ade108c22b47 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: ST3250410AS ATA Device +++++
--- User ---
[MBR] 709d8f9c8e968fd65d02db6d7be894d7
[BSP] 4ef459fc335264cf6b0e73e64b323a44 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 238472 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt





#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:05 PM

Posted 18 August 2012 - 01:33 PM

--Run RogueKiller--

  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator" to start
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users