Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

(another) Services.EXE Infected with Trojan Horse Patched_C.LYU


  • This topic is locked This topic is locked
25 replies to this topic

#1 dalley

dalley

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 21 August 2012 - 05:23 AM

Hello, unfortunately my Windows 7 Pro PC has fallen victim to this trojan.
The free AV software I am running (AVAST/AVG/Malwarebytes) detects it but
cannot remove it. It has disabled my MS Security Essentials Tools/Windows
Update and occasionally redirects my web browser. No Windows Firewall can
be enabled because of this issue so I was not able to accomplish that per
the preliminary instructions.

I have gone through the rest of the preliminary instructions before posting,
so hopefully someone can help me. Thanks in advance!

DDS FILE:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Edward at 2:45:40 on 2012-08-21
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3071.1818 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [HydraVisionDesktopManager] "c:\program files\ati technologies\hydravision\HydraDM.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files\amd avt\bin\kdbsync.exe" aml
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{B4EB56BF-AB43-4F9B-A7AD-110587303D67} : DhcpNameServer = 192.168.0.1 205.171.2.25
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 171064]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-8-17 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-8-17 353688]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-6-11 217600]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-8-17 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-8-17 57656]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-8-17 44808]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-6-11 8733696]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-6-11 295936]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l160x86.sys [2009-10-13 49152]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-2-23 86544]
R3 BENDER;Pinnacle DV/AV Capture;c:\windows\system32\drivers\bender.sys [2006-11-21 203264]
R3 Echo3G;Echo3G Service;c:\windows\system32\drivers\echo3g.sys [2011-11-23 211240]
R3 hypaudio;hypaudio;c:\windows\system32\drivers\hypaudio.sys [2010-11-30 1351168]
R3 hypkern;hypkern;c:\windows\system32\drivers\hypkern.sys [2010-11-30 164864]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-25 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra professional business 2011\RpcAgentSrv.exe [2011-2-3 93848]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-2 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-24 1343400]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]
.
=============== Created Last 30 ================
.
2012-08-19 21:09:19 -------- d-----w- c:\users\edward\appdata\roaming\SUPERAntiSpyware.com
2012-08-19 21:08:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-19 21:08:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-19 20:44:09 -------- d-----w- c:\program files\Marcos Velasco Security
2012-08-19 20:42:26 -------- d-----w- c:\users\edward\appdata\roaming\Malwarebytes
2012-08-19 20:42:17 -------- d-----w- c:\programdata\Malwarebytes
2012-08-19 20:42:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-19 20:42:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-19 10:53:42 -------- d-----w- c:\users\edward\appdata\roaming\AVG2012
2012-08-19 05:17:14 -------- d--h--w- C:\$AVG
2012-08-19 05:17:14 -------- d-----w- c:\windows\system32\drivers\AVG
2012-08-19 05:17:14 -------- d-----w- c:\programdata\AVG2012
2012-08-19 05:16:46 -------- d-----w- c:\program files\AVG
2012-08-19 05:15:04 -------- d-----w- c:\programdata\MFAData
2012-08-17 22:49:04 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-17 22:49:00 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-17 22:48:58 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-17 22:48:38 41224 ----a-w- c:\windows\avastSS.scr
2012-08-13 01:47:13 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-12 12:43:32 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f2cfcb5f-70d1-4726-897a-c210fe0120f6}\mpengine.dll
2012-08-12 04:56:55 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
.
==================== Find3M ====================
.
2012-08-15 14:10:04 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 14:10:04 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-12 02:40:48 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-06-11 20:50:42 159232 ----a-w- c:\windows\system32\clinfo.exe
2012-06-11 20:50:24 65024 ----a-w- c:\windows\system32\OpenVideo.dll
2012-06-11 20:50:14 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-06-11 20:49:22 13008896 ----a-w- c:\windows\system32\amdocl.dll
2012-06-11 18:58:44 8733696 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-06-11 18:35:40 58880 ----a-w- c:\windows\system32\coinst_8.98.dll
2012-06-11 18:00:32 20467712 ----a-w- c:\windows\system32\atioglxx.dll
2012-06-11 17:25:06 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-06-11 17:24:58 924160 ----a-w- c:\windows\system32\aticfx32.dll
2012-06-11 17:20:02 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:19:36 468992 ----a-w- c:\windows\system32\atieclxx.exe
2012-06-11 17:19:02 217600 ----a-w- c:\windows\system32\atiesrxx.exe
2012-06-11 17:17:50 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2012-06-11 17:17:40 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-06-11 17:17:32 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-06-11 17:16:48 6301696 ----a-w- c:\windows\system32\atidxx32.dll
2012-06-11 16:45:46 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-06-11 16:45:44 5480448 ----a-w- c:\windows\system32\atiumdag.dll
2012-06-11 16:45:38 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-06-11 16:43:18 4729344 ----a-w- c:\windows\system32\atiumdva.dll
2012-06-11 16:40:58 13277696 ----a-w- c:\windows\system32\aticaldd.dll
2012-06-11 16:26:52 368640 ----a-w- c:\windows\system32\atiadlxx.dll
2012-06-11 16:26:36 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-06-11 16:26:22 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-06-11 16:25:48 295936 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-06-11 16:25:12 42496 ----a-w- c:\windows\system32\atiuxpag.dll
2012-06-11 16:24:58 32768 ----a-w- c:\windows\system32\atiu9pag.dll
2012-06-11 16:24:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:23:10 56832 ----a-w- c:\windows\system32\atimpc32.dll
2012-06-11 16:23:10 56832 ----a-w- c:\windows\system32\amdpcom32.dll
2012-06-07 20:14:04 16 ----a-w- c:\windows\system32\msvcsv60.dll
2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
.
============= FINISH: 2:47:40.45 ===============


ATTACH.TXT:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/24/2011 4:54:59 AM
System Uptime: 8/21/2012 2:42:19 AM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5KC
Processor: Intel® Core™2 Quad CPU Q9300 @ 2.50GHz | LGA775 | 2497/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 279 GiB total, 170.747 GiB free.
D: is FIXED (NTFS) - 75 GiB total, 20.548 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: High Definition Audio Device
Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0883&SUBSYS_1043829F&REV_1000\4&196E0BAD&0&0001
Manufacturer: Microsoft
Name: High Definition Audio Device
PNP Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0883&SUBSYS_1043829F&REV_1000\4&196E0BAD&0&0001
Service: HdAudAddService
.
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&20D7719E&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&20D7719E&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP223: 7/11/2012 3:00:14 AM - Windows Update
RP224: 7/14/2012 3:30:18 AM - Windows Update
RP225: 7/18/2012 3:30:19 AM - Windows Update
RP226: 7/22/2012 3:30:28 AM - Windows Update
RP227: 7/26/2012 3:31:00 AM - Windows Update
RP228: 7/30/2012 3:30:36 AM - Windows Update
RP229: 8/5/2012 9:57:33 PM - Windows Update
RP230: 8/9/2012 5:43:33 AM - Windows Update
RP231: 8/17/2012 12:00:01 AM - Scheduled Checkpoint
RP232: 8/17/2012 3:39:13 PM - Removed WebEx Support Manager for Internet Explorer
RP233: 8/17/2012 3:48:04 PM - avast! Free Antivirus Setup
RP234: 8/18/2012 10:16:30 PM - Installed AVG 2012
RP235: 8/18/2012 10:16:54 PM - Installed AVG 2012
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Amazon MP3 Downloader 1.0.10
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
AmpegSVX
Antares Auto-Tune 3 DirectX
Applian FLV and Media Player 3.1.1.12
ATI AVIVO Codecs
avast! Free Antivirus
AVG 2012
AVI Player
Canon MP560 series MP Drivers
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
DVD Shrink 3.2
Echo3G PCI
EZdrummer
EZXNashville
EZXVintage
HydraVision
Jasc Paint Shop Pro 9
Java™ 6 Update 3
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Personal Folders Backup
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MV RegClean 5.0 English
Nero 7 Essentials
neroxml
Rock Songs
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
SereneScreen Marine Aquarium 3
SiSoftware Sandra Professional Business 2011
SONAR 8.5 Studio
SUPERAntiSpyware
UAD Powered Plug-Ins
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Waves Mercury Complete VST DX RTAS v1.01
WinX DVD Ripper 5.5.5
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
8/21/2012 2:45:21 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
8/21/2012 2:45:21 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
8/21/2012 2:44:09 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
8/21/2012 2:43:07 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000016, 0x00000002, 0x00000000, 0x82e3ef91). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 082112-41309-01.
8/20/2012 2:03:17 PM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver HP Universal Printing PCL 5 required for printer HP Color LaserJet 4700 (143.182.120.10) is unknown. Contact the administrator to install the driver before you log in again.
8/20/2012 2:03:15 PM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver Send To Microsoft OneNote 2010 Driver required for printer Send To OneNote 2010 is unknown. Contact the administrator to install the driver before you log in again.
8/20/2012 2:03:15 PM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver HP Universal Printing PCL 5 required for printer HP Universal Printing PCL 5 is unknown. Contact the administrator to install the driver before you log in again.
8/20/2012 2:03:14 PM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver HP Universal Printing PCL 5 required for printer Chp31j5pbcs.ch.intel.com is unknown. Contact the administrator to install the driver before you log in again.
8/17/2012 5:01:14 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
8/17/2012 5:01:14 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
8/17/2012 5:01:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
8/17/2012 5:01:07 PM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
8/17/2012 4:49:12 PM, Error: TermDD [56] - The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: 192.168.0.7.
.
==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:44 PM

Posted 22 August 2012 - 10:33 PM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flash-drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 dalley

dalley
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 23 August 2012 - 04:09 PM

Hi Gringo, thanks for the response. One quick note ... I am running a 32bit version of Windows so I had to d/l the 32 bit scan tool. Anyway, here are the logs:

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 23-08-2012 02
Ran by SYSTEM at 23-08-2012 13:51:50
Running from G:\
Windows 7 Professional (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641704 2012-06-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4273976 2012-07-03] (AVAST Software)
HKLM\...\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
HKU\Edward\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4777856 2012-07-09] (SUPERAntiSpyware.com)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25

================================ Services (Whitelisted) ==================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" [116608 2011-08-11] (SUPERAntiSpyware.com)
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-07-03] (AVAST Software)
2 avgwd; "C:\Program Files\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
3 Macromedia Licensing Service; "C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe" [68096 2011-01-25] ()
3 NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [792112 2007-04-13] (Nero AG)
3 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [271920 2007-06-01] (Nero AG)
3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2011\RpcAgentSrv.exe [93848 2009-08-17] (SiSoftware)
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]

========================== Drivers (Whitelisted) =============

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [21256 2012-07-03] (AVAST Software)
2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [57656 2012-07-03] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [44784 2012-07-03] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [721000 2012-07-03] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [353688 2012-07-03] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [54232 2012-07-03] (AVAST Software)
3 AtcL001; C:\Windows\System32\DRIVERS\l160x86.sys [49152 2009-10-13] (Atheros Communications, Inc.)
0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [235216 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
3 BENDER; C:\Windows\System32\drivers\bender.sys [203264 2006-11-21] (Pinnacle Systems)
3 Echo3G; C:\Windows\System32\DRIVERS\echo3G.sys [211240 2011-11-23] (Echo Digital Audio Corp.)
3 hypaudio; C:\Windows\System32\DRIVERS\hypaudio.sys [1351168 2010-11-30] (Universal Audio, Inc.)
3 hypkern; C:\Windows\System32\drivers\hypkern.sys [164864 2010-11-30] ()
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21520 2010-06-29] (Microsoft Corporation)
3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2011\WNt500x86\Sandra.sys [23112 2009-08-07] (SiSoftware)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-23 13:51 - 2012-08-23 13:51 - 00000000 ____D C:\FRST
2012-08-21 01:42 - 2012-08-21 01:42 - 00000000 ____D C:\Windows\Minidump
2012-08-21 01:39 - 2012-08-21 02:16 - 00000000 ____D C:\Users\Edward\Desktop\virus
2012-08-19 13:09 - 2012-08-23 05:09 - 00000512 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 1e5d28b6-2c8f-41f6-a757-1502d868e433.job
2012-08-19 13:09 - 2012-08-23 01:00 - 00000512 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 8606bd1c-ef96-4c9d-b016-270a09b93a2f.job
2012-08-19 13:09 - 2012-08-19 13:09 - 00001968 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-08-19 13:09 - 2012-08-19 13:09 - 00000000 ____D C:\Users\Edward\AppData\Roaming\SUPERAntiSpyware.com
2012-08-19 13:08 - 2012-08-19 13:09 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-08-19 13:08 - 2012-08-19 13:08 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-08-19 12:53 - 2012-08-19 12:53 - 01116133 ____A C:\Users\Edward\Documents\list.txt - Complete.txt
2012-08-19 12:53 - 2012-08-19 12:53 - 00199636 ____A C:\Users\Edward\Documents\list.txt
2012-08-19 12:44 - 2012-08-19 12:44 - 00001327 ____A C:\Users\Public\Desktop\MV RegClean 5.0 English.lnk
2012-08-19 12:44 - 2012-08-19 12:44 - 00000000 ____D C:\Program Files\Marcos Velasco Security
2012-08-19 12:43 - 2012-08-19 12:43 - 00000000 ____D C:\Users\Edward\Downloads\mvregclean5enzip
2012-08-19 12:42 - 2012-08-19 12:42 - 00001074 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-19 12:42 - 2012-08-19 12:42 - 00000000 ____D C:\Users\Edward\AppData\Roaming\Malwarebytes
2012-08-19 12:42 - 2012-08-19 12:42 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-08-19 12:42 - 2012-08-19 12:42 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-08-19 12:42 - 2012-07-03 12:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-19 02:53 - 2012-08-19 02:53 - 00000000 ____D C:\Users\Edward\AppData\Roaming\AVG2012
2012-08-18 21:17 - 2012-08-23 08:44 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-08-18 21:17 - 2012-08-19 02:54 - 00000000 ____D C:\Users\All Users\AVG2012
2012-08-18 21:17 - 2012-08-18 21:17 - 00000942 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-08-18 21:17 - 2012-08-18 21:17 - 00000000 ___HD C:\$AVG
2012-08-18 21:16 - 2012-08-18 21:16 - 00000000 ____D C:\Program Files\AVG
2012-08-18 21:15 - 2012-08-23 08:44 - 00000000 ____D C:\Users\All Users\MFAData
2012-08-17 14:49 - 2012-08-17 14:49 - 00002082 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-08-17 14:49 - 2012-07-03 08:21 - 00721000 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-08-17 14:49 - 2012-07-03 08:21 - 00353688 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-08-17 14:49 - 2012-07-03 08:21 - 00054232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-08-17 14:49 - 2012-07-03 08:21 - 00044784 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-08-17 14:49 - 2012-07-03 08:21 - 00021256 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-08-17 14:48 - 2012-07-03 08:21 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-08-17 14:48 - 2012-07-03 08:21 - 00057656 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-08-17 14:48 - 2012-07-03 08:21 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-08-12 17:47 - 2012-08-12 17:47 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-08-07 02:53 - 2012-08-07 02:53 - 00000031 ____A C:\Users\Edward\cc.txt
2012-07-29 00:00 - 2012-08-23 12:44 - 00000448 ____A C:\Windows\setupact.log
2012-07-29 00:00 - 2012-07-29 00:00 - 00000000 ____A C:\Windows\setuperr.log

============ 3 Months Modified Files ========================

2012-08-23 12:49 - 2009-07-13 20:34 - 00015040 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-23 12:49 - 2009-07-13 20:34 - 00015040 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-23 12:44 - 2012-07-29 00:00 - 00000448 ____A C:\Windows\setupact.log
2012-08-23 12:44 - 2011-01-25 01:35 - 00036256 ____A C:\Windows\PFRO.log
2012-08-23 12:44 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-23 12:36 - 2011-01-24 04:02 - 00733518 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-23 12:10 - 2012-04-25 02:04 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-23 05:09 - 2012-08-19 13:09 - 00000512 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 1e5d28b6-2c8f-41f6-a757-1502d868e433.job
2012-08-23 01:00 - 2012-08-19 13:09 - 00000512 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 8606bd1c-ef96-4c9d-b016-270a09b93a2f.job
2012-08-20 12:29 - 2011-01-24 04:50 - 01846938 ____A C:\Windows\WindowsUpdate.log
2012-08-19 13:09 - 2012-08-19 13:09 - 00001968 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-08-19 12:53 - 2012-08-19 12:53 - 01116133 ____A C:\Users\Edward\Documents\list.txt - Complete.txt
2012-08-19 12:53 - 2012-08-19 12:53 - 00199636 ____A C:\Users\Edward\Documents\list.txt
2012-08-19 12:44 - 2012-08-19 12:44 - 00001327 ____A C:\Users\Public\Desktop\MV RegClean 5.0 English.lnk
2012-08-19 12:42 - 2012-08-19 12:42 - 00001074 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-18 21:17 - 2012-08-18 21:17 - 00000942 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-08-17 14:49 - 2012-08-17 14:49 - 00002082 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-08-17 14:48 - 2009-07-13 18:04 - 00002577 ____A C:\Windows\System32\config.nt
2012-08-17 14:42 - 2009-07-13 20:33 - 00414576 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-17 14:40 - 2011-01-24 11:18 - 00110800 ____A C:\Users\Edward\AppData\Local\GDIPFONTCACHEV1.DAT
2012-08-15 06:10 - 2012-04-25 02:04 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-15 06:10 - 2012-01-05 01:36 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-07 02:53 - 2012-08-07 02:53 - 00000031 ____A C:\Users\Edward\cc.txt
2012-07-29 00:00 - 2012-07-29 00:00 - 00000000 ____A C:\Windows\setuperr.log
2012-07-11 02:02 - 2009-07-13 18:04 - 00000627 ____A C:\Windows\win.ini
2012-07-11 02:01 - 2011-01-24 11:03 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-05 01:01 - 2011-02-02 00:44 - 2061345792 ____A C:\Users\Edward\Documents\Outlook backup.pst
2012-07-03 12:46 - 2012-08-19 12:42 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-03 08:21 - 2012-08-17 14:49 - 00721000 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-07-03 08:21 - 2012-08-17 14:49 - 00353688 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-07-03 08:21 - 2012-08-17 14:49 - 00054232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-07-03 08:21 - 2012-08-17 14:49 - 00044784 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-07-03 08:21 - 2012-08-17 14:49 - 00021256 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-07-03 08:21 - 2012-08-17 14:48 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-07-03 08:21 - 2012-08-17 14:48 - 00057656 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-07-03 08:21 - 2012-08-17 14:48 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-06-11 18:40 - 2012-07-11 02:00 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-11 12:50 - 2012-06-11 12:50 - 00159232 ____A C:\Windows\System32\clinfo.exe
2012-06-11 12:50 - 2012-06-11 12:50 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo.dll
2012-06-11 12:50 - 2012-06-11 12:50 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode.dll
2012-06-11 12:49 - 2012-06-11 12:49 - 13008896 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl.dll
2012-06-11 12:04 - 2012-06-11 12:04 - 00165054 ____A C:\Users\Edward\Documents\pspbrwse.jbf
2012-06-11 10:58 - 2012-06-11 10:58 - 08733696 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-06-11 10:35 - 2012-06-11 10:35 - 00058880 ____A (AMD) C:\Windows\System32\coinst_8.98.dll
2012-06-11 10:00 - 2011-12-05 18:56 - 20467712 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atioglxx.dll
2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\System32\atiapfxx.blb
2012-06-11 09:25 - 2012-06-11 09:25 - 00163840 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-06-11 09:24 - 2011-03-09 18:54 - 00924160 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx32.dll
2012-06-11 09:20 - 2011-03-09 18:51 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
2012-06-11 09:19 - 2012-06-11 09:19 - 00468992 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-06-11 09:19 - 2012-06-11 09:19 - 00217600 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-06-11 09:17 - 2012-06-11 09:17 - 00163840 ____A (AMD) C:\Windows\System32\atitmmxx.dll
2012-06-11 09:17 - 2012-06-11 09:17 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\System32\ati2edxx.dll
2012-06-11 09:17 - 2012-06-11 09:17 - 00020992 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-06-11 09:16 - 2012-02-14 19:07 - 06301696 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx32.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl.dll
2012-06-11 08:45 - 2011-03-09 18:28 - 05480448 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumdag.dll
2012-06-11 08:43 - 2011-03-09 18:21 - 04729344 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumdva.dll
2012-06-11 08:41 - 2012-06-11 08:41 - 02971136 ____A C:\Windows\System32\atiumdva.cap
2012-06-11 08:40 - 2012-06-11 08:40 - 13277696 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd.dll
2012-06-11 08:26 - 2011-12-05 18:12 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atigktxx.dll
2012-06-11 08:26 - 2011-12-05 18:12 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-06-11 08:26 - 2011-03-09 18:15 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2012-06-11 08:25 - 2012-06-11 08:25 - 00295936 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-06-11 08:25 - 2011-03-09 18:14 - 00042496 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxpag.dll
2012-06-11 08:24 - 2012-06-11 08:24 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-06-11 08:24 - 2011-03-09 18:14 - 00032768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9pag.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc32.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom32.dll
2012-06-08 20:41 - 2012-07-10 17:14 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-07 12:14 - 2011-02-02 02:56 - 00000016 ____A C:\Windows\System32\w3data.vss
2012-06-07 12:14 - 2011-02-02 02:56 - 00000016 ____A C:\Windows\System32\msvcsv60.dll
2012-06-07 12:14 - 2011-02-02 02:56 - 00000016 ____A C:\Windows\msocreg32.dat
2012-06-05 21:05 - 2012-07-10 17:14 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:05 - 2012-07-10 17:14 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:03 - 2012-07-10 17:14 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-02 14:19 - 2012-06-20 23:15 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-20 23:15 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-20 23:15 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-20 23:15 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-20 23:15 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:19 - 2012-06-20 23:14 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:12 - 2012-06-20 23:15 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-20 23:15 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:12 - 2012-06-20 23:14 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 01:07 - 2012-07-11 02:02 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 00:43 - 2012-07-11 02:02 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 00:33 - 2012-07-11 02:02 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 00:26 - 2012-07-11 02:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 00:25 - 2012-07-11 02:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 02:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 00:23 - 2012-07-11 02:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 00:21 - 2012-07-11 02:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 02:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 02:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 00:19 - 2012-07-11 02:02 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 00:17 - 2012-07-11 02:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 02:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 02:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-01 20:45 - 2012-07-10 17:14 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 20:45 - 2012-07-10 17:14 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 20:40 - 2012-07-10 17:14 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 20:40 - 2012-07-10 17:14 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 20:39 - 2012-07-10 17:14 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-05-27 13:33 - 2012-05-27 13:33 - 00011224 ____A C:\Users\Edward\CenturyLink_Configuration_Details.mht
2012-05-27 13:14 - 2011-01-25 03:07 - 00049362 ____A C:\Windows\DPINST.LOG
2012-05-26 13:22 - 2011-02-11 19:41 - 00800256 __ASH C:\Users\Edward\Thumbs.db


ZeroAccess:
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\@
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\L
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\L\00000004.@
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\L\201d3dde
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\00000008.@
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trz21C7.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trz264.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trz265.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trz37A6.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trz3A18.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trz3A4B.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trz3D73.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trz4057.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trz41CC.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trz41EC.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trz4373.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trz4774.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trz4890.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trz5A76.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trz5C5C.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trz5F1B.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trz637.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trz638.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trz6C2F.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trz717.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trz850D.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trz896A.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trz8BAD.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trz8F11.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trz9040.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trz93AE.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trz9DFF.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trzA48B.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trzA4F3.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trzA7E.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trzAC98.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trzADE1.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trzAFF5.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trzB5B7.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trzB80A.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trzB938.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trzBA05.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trzBB7D.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trzBCEB.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trzC7AA.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trzC7C6.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trzC7F9.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trzCD48.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trzCED7.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trzD2FC.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trzD31C.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trzD407.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trzD658.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trzD66A.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trzDBF5.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trzDCC2.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trzDDEA.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trzE05C.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trzE195.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trzE2B0.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trzE31C.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trzE3D6.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trzE3D7.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trzE6B2.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trzEE54.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trzF00B.tmp
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}\U\trzF25D.tmp

ZeroAccess:
C:\Users\Edward\AppData\Local\{6001f8b4-7794-2406-37bb-7889d3a45974}
C:\Users\Edward\AppData\Local\{6001f8b4-7794-2406-37bb-7889d3a45974}\@
C:\Users\Edward\AppData\Local\{6001f8b4-7794-2406-37bb-7889d3a45974}\L
C:\Users\Edward\AppData\Local\{6001f8b4-7794-2406-37bb-7889d3a45974}\U

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 12%
Total physical RAM: 4095.12 MB
Available physical RAM: 3578.59 MB
Total Pagefile: 4093.39 MB
Available Pagefile: 3580.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.3 MB

======================= Partitions =========================

2 Drive c: (Dalley1) (Fixed) (Total:279.36 GB) (Free:172.31 GB) NTFS
3 Drive d: (Dalley2) (Fixed) (Total:74.53 GB) (Free:20.55 GB) NTFS
5 Drive g: () (Removable) (Total:7.47 GB) (Free:7.47 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 279 GB 0 B
Disk 1 Online 74 GB 1024 KB
Disk 2 Online 7657 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 279 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Dalley1 NTFS Partition 279 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 74 GB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D Dalley2 NTFS Partition 74 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7655 MB 22 KB

==================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 7655 MB Healthy

==================================================================================

Last Boot: 2012-08-16 23:19

======================= End Of Log ==========================


Farbar Recovery Scan Tool Version: 23-08-2012 02
Ran by SYSTEM at 2012-08-23 13:58:30
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

=== End Of Search ===

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:44 PM

Posted 23 August 2012 - 06:20 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe C:\Windows\System32\services.exe
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\assembly\GAC\Desktop.ini 
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974}
C:\Users\Edward\AppData\Local\{6001f8b4-7794-2406-37bb-7889d3a45974}

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 dalley

dalley
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 23 August 2012 - 06:41 PM

Gringo, you mean the FRST program (not FRST64) for a 32 bit OS correct?

Here is the fix logfile:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 23-08-2012 02
Ran by SYSTEM at 2012-08-23 16:47:59 Run:1
Running from G:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\assembly\GAC_32\Desktop.ini not found.
C:\Windows\assembly\GAC_64\Desktop.ini not found.
C:\Windows\assembly\GAC\Desktop.ini moved successfully.
C:\Windows\Installer\{6001f8b4-7794-2406-37bb-7889d3a45974} moved successfully.
C:\Users\Edward\AppData\Local\{6001f8b4-7794-2406-37bb-7889d3a45974} moved successfully.

==== End of Fixlog ====

Edited by dalley, 23 August 2012 - 06:51 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:44 PM

Posted 23 August 2012 - 08:43 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 dalley

dalley
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 23 August 2012 - 09:33 PM

here is the combofix log, the only issue I see is that I still cannot start the MS Security Service. Otherwise, computer seems ok not getting any antivirus infection notifications

ComboFix 12-08-22.03 - Edward 08/23/2012 19:12:36.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3071.2117 [GMT -7:00]
Running from: c:\users\Edward\Desktop\virus\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\xml90AA.tmp
c:\programdata\xml93C7.tmp
c:\programdata\xml953E.tmp
c:\windows\system32\msvcsv60.dll
c:\windows\system32\SET15E9.tmp
c:\windows\system32\SETF463.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-07-24 to 2012-08-24 )))))))))))))))))))))))))))))))
.
.
2012-08-24 02:20 . 2012-08-24 02:24 -------- d-----w- c:\users\Edward\AppData\Local\temp
2012-08-24 02:20 . 2012-08-24 02:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-23 21:51 . 2012-08-23 21:51 -------- d-----w- C:\FRST
2012-08-19 21:09 . 2012-08-19 21:09 -------- d-----w- c:\users\Edward\AppData\Roaming\SUPERAntiSpyware.com
2012-08-19 21:08 . 2012-08-19 21:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-19 21:08 . 2012-08-19 21:08 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-19 20:44 . 2012-08-19 20:44 -------- d-----w- c:\program files\Marcos Velasco Security
2012-08-19 20:42 . 2012-08-19 20:42 -------- d-----w- c:\users\Edward\AppData\Roaming\Malwarebytes
2012-08-19 20:42 . 2012-08-19 20:42 -------- d-----w- c:\programdata\Malwarebytes
2012-08-19 20:42 . 2012-08-19 20:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-19 20:42 . 2012-07-03 20:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-19 10:53 . 2012-08-19 10:53 -------- d-----w- c:\users\Edward\AppData\Roaming\AVG2012
2012-08-19 05:17 . 2012-08-24 00:37 -------- d-----w- c:\windows\system32\drivers\AVG
2012-08-19 05:17 . 2012-08-19 10:54 -------- d-----w- c:\programdata\AVG2012
2012-08-19 05:17 . 2012-08-19 05:17 -------- d-----w- C:\$AVG
2012-08-19 05:16 . 2012-08-19 05:16 -------- d-----w- c:\program files\AVG
2012-08-19 05:15 . 2012-08-24 00:37 -------- d-----w- c:\programdata\MFAData
2012-08-17 22:49 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-17 22:49 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-17 22:49 . 2012-07-03 16:21 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-17 22:49 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-17 22:49 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-17 22:48 . 2012-07-03 16:21 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-17 22:48 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-08-17 22:48 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-13 01:47 . 2012-08-13 01:47 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-12 12:43 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2CFCB5F-70D1-4726-897A-C210FE0120F6}\mpengine.dll
2012-08-12 04:56 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 14:10 . 2012-04-25 10:04 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 14:10 . 2012-01-05 09:36 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-12 02:40 . 2012-07-11 10:00 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-06-11 20:50 . 2012-06-11 20:50 159232 ----a-w- c:\windows\system32\clinfo.exe
2012-06-11 20:50 . 2012-06-11 20:50 65024 ----a-w- c:\windows\system32\OpenVideo.dll
2012-06-11 20:50 . 2012-06-11 20:50 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-06-11 20:49 . 2012-06-11 20:49 13008896 ----a-w- c:\windows\system32\amdocl.dll
2012-06-11 18:58 . 2012-06-11 18:58 8733696 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-06-11 18:35 . 2012-06-11 18:35 58880 ----a-w- c:\windows\system32\coinst_8.98.dll
2012-06-11 18:00 . 2011-12-06 02:56 20467712 ----a-w- c:\windows\system32\atioglxx.dll
2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-06-11 17:24 . 2011-03-10 02:54 924160 ----a-w- c:\windows\system32\aticfx32.dll
2012-06-11 17:20 . 2011-03-10 02:51 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:19 . 2012-06-11 17:19 468992 ----a-w- c:\windows\system32\atieclxx.exe
2012-06-11 17:19 . 2012-06-11 17:19 217600 ----a-w- c:\windows\system32\atiesrxx.exe
2012-06-11 17:17 . 2012-06-11 17:17 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2012-06-11 17:17 . 2012-06-11 17:17 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-06-11 17:16 . 2012-02-15 03:07 6301696 ----a-w- c:\windows\system32\atidxx32.dll
2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-06-11 16:45 . 2011-03-10 02:28 5480448 ----a-w- c:\windows\system32\atiumdag.dll
2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-06-11 16:43 . 2011-03-10 02:21 4729344 ----a-w- c:\windows\system32\atiumdva.dll
2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\system32\aticaldd.dll
2012-06-11 16:26 . 2011-03-10 02:15 368640 ----a-w- c:\windows\system32\atiadlxx.dll
2012-06-11 16:26 . 2011-12-06 02:12 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-06-11 16:26 . 2011-12-06 02:12 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-06-11 16:25 . 2012-06-11 16:25 295936 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-06-11 16:25 . 2011-03-10 02:14 42496 ----a-w- c:\windows\system32\atiuxpag.dll
2012-06-11 16:24 . 2011-03-10 02:14 32768 ----a-w- c:\windows\system32\atiu9pag.dll
2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\system32\atimpc32.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\system32\amdpcom32.dll
2012-06-06 05:05 . 2012-07-11 01:14 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-11 01:14 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-11 01:14 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:19 . 2012-06-21 07:14 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 07:15 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 07:15 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 07:15 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 07:15 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 07:15 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 07:15 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 07:14 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-06-21 07:15 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 08:33 . 2012-07-11 10:02 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-11 10:02 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-11 10:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 10:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 10:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 04:45 . 2012-07-11 01:14 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-11 01:14 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-11 01:14 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-11 01:14 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-11 01:14 219136 ----a-w- c:\windows\system32\ncrypt.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 4777856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-01 17:21 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 22:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Business 2011\RpcAgentSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 BENDER;Pinnacle DV/AV Capture;c:\windows\system32\drivers\bender.sys [x]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 Echo3G;Echo3G Service;c:\windows\system32\DRIVERS\echo3G.sys [x]
S3 hypaudio;hypaudio;c:\windows\system32\DRIVERS\hypaudio.sys [x]
S3 hypkern;hypkern;c:\windows\system32\drivers\hypkern.sys [x]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 14:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1 205.171.2.25
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
SafeBoot-MsMpSvc
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4944)
c:\program files\Common Files\Ahead\Lib\MediaLibraryNSE.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\atieclxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\sppsvc.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-08-23 19:31:30 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-24 02:31
.
Pre-Run: 184,595,558,400 bytes free
Post-Run: 184,523,304,960 bytes free
.
- - End Of File - - D19BF691B390EB9C8B03958803142EA2

Edited by dalley, 23 August 2012 - 09:42 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:44 PM

Posted 23 August 2012 - 09:49 PM

Greetings

Can you check and see if windows update is working?

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 dalley

dalley
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 23 August 2012 - 10:10 PM

Windows Update is giving an error WindowsUpdate_80246008 when trying to update & cannot start the MS Security Essentials, here are the log files:

19:56:44.0823 5444 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
19:56:45.0197 5444 ============================================================
19:56:45.0197 5444 Current date / time: 2012/08/23 19:56:45.0197
19:56:45.0197 5444 SystemInfo:
19:56:45.0197 5444
19:56:45.0197 5444 OS Version: 6.1.7601 ServicePack: 1.0
19:56:45.0197 5444 Product type: Workstation
19:56:45.0197 5444 ComputerName: EDWARD-PC
19:56:45.0197 5444 UserName: Edward
19:56:45.0197 5444 Windows directory: C:\Windows
19:56:45.0197 5444 System windows directory: C:\Windows
19:56:45.0197 5444 Processor architecture: Intel x86
19:56:45.0197 5444 Number of processors: 4
19:56:45.0197 5444 Page size: 0x1000
19:56:45.0197 5444 Boot type: Normal boot
19:56:45.0197 5444 ============================================================
19:56:45.0681 5444 Drive \Device\Harddisk0\DR0 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x219E8, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000050
19:56:47.0959 5444 Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:56:47.0974 5444 Drive \Device\Harddisk2\DR2 - Size: 0x1DE97FE00 (7.48 Gb), SectorSize: 0x200, Cylinders: 0x3D0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:56:47.0974 5444 ============================================================
19:56:47.0974 5444 \Device\Harddisk0\DR0:
19:56:47.0990 5444 MBR partitions:
19:56:47.0990 5444 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:56:47.0990 5444 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x22EB9000
19:56:47.0990 5444 \Device\Harddisk1\DR1:
19:56:47.0990 5444 MBR partitions:
19:56:47.0990 5444 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
19:56:47.0990 5444 \Device\Harddisk2\DR2:
19:56:47.0990 5444 MBR partitions:
19:56:47.0990 5444 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xB, StartLBA 0x2C, BlocksNum 0xEF3FA4
19:56:47.0990 5444 ============================================================
19:56:48.0005 5444 C: <-> \Device\Harddisk0\DR0\Partition2
19:56:48.0005 5444 D: <-> \Device\Harddisk1\DR1\Partition1
19:56:48.0005 5444 ============================================================
19:56:48.0005 5444 Initialize success
19:56:48.0005 5444 ============================================================
19:57:01.0952 4224 ============================================================
19:57:01.0952 4224 Scan started
19:57:01.0952 4224 Mode: Manual;
19:57:01.0952 4224 ============================================================
19:57:02.0513 4224 ================ Scan system memory ========================
19:57:02.0513 4224 System memory - ok
19:57:02.0513 4224 ================ Scan services =============================
19:57:02.0623 4224 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
19:57:02.0623 4224 !SASCORE - ok
19:57:02.0732 4224 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:57:02.0732 4224 1394ohci - ok
19:57:02.0779 4224 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:57:02.0779 4224 ACPI - ok
19:57:02.0810 4224 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:57:02.0810 4224 AcpiPmi - ok
19:57:02.0888 4224 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:57:02.0888 4224 AdobeARMservice - ok
19:57:02.0966 4224 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:57:02.0981 4224 AdobeFlashPlayerUpdateSvc - ok
19:57:02.0997 4224 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:57:03.0013 4224 adp94xx - ok
19:57:03.0028 4224 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:57:03.0028 4224 adpahci - ok
19:57:03.0044 4224 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:57:03.0044 4224 adpu320 - ok
19:57:03.0059 4224 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:57:03.0059 4224 AeLookupSvc - ok
19:57:03.0122 4224 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
19:57:03.0122 4224 AFD - ok
19:57:03.0153 4224 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
19:57:03.0153 4224 agp440 - ok
19:57:03.0184 4224 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
19:57:03.0184 4224 aic78xx - ok
19:57:03.0184 4224 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
19:57:03.0184 4224 ALG - ok
19:57:03.0200 4224 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
19:57:03.0200 4224 aliide - ok
19:57:03.0231 4224 [ B90A4332CF4C6580C845266A656DE4AB ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:57:03.0247 4224 AMD External Events Utility - ok
19:57:03.0247 4224 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:57:03.0247 4224 amdagp - ok
19:57:03.0293 4224 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
19:57:03.0293 4224 amdide - ok
19:57:03.0325 4224 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:57:03.0325 4224 AmdK8 - ok
19:57:03.0527 4224 [ 7844984A5E1E6F18D93AF9E9BCC65436 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:57:03.0683 4224 amdkmdag - ok
19:57:03.0715 4224 [ 202DEF509D76105B08741D36C3A7E4D7 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:57:03.0730 4224 amdkmdap - ok
19:57:03.0746 4224 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:57:03.0746 4224 AmdPPM - ok
19:57:03.0777 4224 [ E7F4D42D8076EC60E21715CD11743A0D ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:57:03.0777 4224 amdsata - ok
19:57:03.0808 4224 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:57:03.0824 4224 amdsbs - ok
19:57:03.0839 4224 [ 146459D2B08BFDCBFA856D9947043C81 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:57:03.0839 4224 amdxata - ok
19:57:03.0871 4224 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
19:57:03.0871 4224 AppID - ok
19:57:03.0902 4224 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:57:03.0902 4224 AppIDSvc - ok
19:57:03.0933 4224 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
19:57:03.0933 4224 Appinfo - ok
19:57:03.0980 4224 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
19:57:03.0980 4224 AppMgmt - ok
19:57:03.0995 4224 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
19:57:03.0995 4224 arc - ok
19:57:04.0011 4224 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:57:04.0011 4224 arcsas - ok
19:57:04.0042 4224 [ 1C1F3D6DDDC046C920C493A779649F66 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
19:57:04.0058 4224 aswFsBlk - ok
19:57:04.0073 4224 [ A48D8015AF2A0D8B4937613FFBFD28DE ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
19:57:04.0073 4224 aswMonFlt - ok
19:57:04.0073 4224 [ 4A951BEBA9E49410CDE478B6F6ABB252 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
19:57:04.0073 4224 aswRdr - ok
19:57:04.0105 4224 [ 73DBCF808E00580F2A47F93DD9B03876 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
19:57:04.0120 4224 aswSnx - ok
19:57:04.0136 4224 [ 6CBD7D3A33F498D09C831CDD732DA2E0 ] aswSP C:\Windows\system32\drivers\aswSP.sys
19:57:04.0136 4224 aswSP - ok
19:57:04.0151 4224 [ 7109A9AA551F37CD168C02368465957E ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
19:57:04.0167 4224 aswTdi - ok
19:57:04.0183 4224 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:57:04.0183 4224 AsyncMac - ok
19:57:04.0214 4224 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
19:57:04.0214 4224 atapi - ok
19:57:04.0229 4224 [ 20B956A7D7484915B647FA13569AB557 ] AtcL001 C:\Windows\system32\DRIVERS\l160x86.sys
19:57:04.0229 4224 AtcL001 - ok
19:57:04.0292 4224 [ 6ADC42CF4A6AB84975CA63DCCFAAF5D8 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
19:57:04.0292 4224 AtiHDAudioService - ok
19:57:04.0479 4224 [ 7844984A5E1E6F18D93AF9E9BCC65436 ] atikmdag C:\Windows\system32\drivers\atikmdag.sys
19:57:04.0526 4224 atikmdag - ok
19:57:04.0573 4224 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:57:04.0573 4224 AudioEndpointBuilder - ok
19:57:04.0588 4224 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:57:04.0588 4224 Audiosrv - ok
19:57:04.0651 4224 [ 2F7C0F3E39C45E0127FB78B2F18A41F3 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:57:04.0651 4224 avast! Antivirus - ok
19:57:04.0682 4224 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
19:57:04.0682 4224 AVGIDSHX - ok
19:57:04.0713 4224 [ DDA6A2A18841E4C9172BB85958B8D948 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
19:57:04.0713 4224 Avgldx86 - ok
19:57:04.0729 4224 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
19:57:04.0729 4224 Avgmfx86 - ok
19:57:04.0760 4224 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
19:57:04.0760 4224 Avgrkx86 - ok
19:57:04.0791 4224 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
19:57:04.0791 4224 avgwd - ok
19:57:04.0822 4224 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:57:04.0822 4224 AxInstSV - ok
19:57:04.0869 4224 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
19:57:04.0869 4224 b06bdrv - ok
19:57:04.0900 4224 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
19:57:04.0900 4224 b57nd60x - ok
19:57:04.0931 4224 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
19:57:04.0931 4224 BDESVC - ok
19:57:04.0947 4224 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
19:57:04.0947 4224 Beep - ok
19:57:04.0978 4224 [ FC6D0C2F327A5F716FDFDC24A305ACEB ] BENDER C:\Windows\system32\drivers\bender.sys
19:57:04.0978 4224 BENDER - ok
19:57:05.0025 4224 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
19:57:05.0041 4224 BFE - ok
19:57:05.0056 4224 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:57:05.0056 4224 blbdrive - ok
19:57:05.0103 4224 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:57:05.0103 4224 bowser - ok
19:57:05.0119 4224 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:57:05.0119 4224 BrFiltLo - ok
19:57:05.0119 4224 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:57:05.0119 4224 BrFiltUp - ok
19:57:05.0134 4224 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
19:57:05.0134 4224 BridgeMP - ok
19:57:05.0165 4224 [ 6E11F33D14D020F58D5E02E4D67DFA19 ] Browser C:\Windows\System32\browser.dll
19:57:05.0181 4224 Browser - ok
19:57:05.0181 4224 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:57:05.0197 4224 Brserid - ok
19:57:05.0197 4224 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:57:05.0197 4224 BrSerWdm - ok
19:57:05.0197 4224 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:57:05.0212 4224 BrUsbMdm - ok
19:57:05.0212 4224 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:57:05.0212 4224 BrUsbSer - ok
19:57:05.0212 4224 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:57:05.0228 4224 BTHMODEM - ok
19:57:05.0275 4224 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
19:57:05.0275 4224 bthserv - ok
19:57:05.0368 4224 catchme - ok
19:57:05.0399 4224 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:57:05.0399 4224 cdfs - ok
19:57:05.0462 4224 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
19:57:05.0462 4224 cdrom - ok
19:57:05.0493 4224 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
19:57:05.0493 4224 CertPropSvc - ok
19:57:05.0524 4224 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:57:05.0524 4224 circlass - ok
19:57:05.0555 4224 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
19:57:05.0555 4224 CLFS - ok
19:57:05.0602 4224 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:57:05.0602 4224 clr_optimization_v2.0.50727_32 - ok
19:57:05.0649 4224 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:57:05.0649 4224 clr_optimization_v4.0.30319_32 - ok
19:57:05.0665 4224 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:57:05.0665 4224 CmBatt - ok
19:57:05.0696 4224 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:57:05.0696 4224 cmdide - ok
19:57:05.0727 4224 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
19:57:05.0743 4224 CNG - ok
19:57:05.0758 4224 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:57:05.0758 4224 Compbatt - ok
19:57:05.0789 4224 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:57:05.0789 4224 CompositeBus - ok
19:57:05.0805 4224 COMSysApp - ok
19:57:05.0836 4224 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:57:05.0836 4224 crcdisk - ok
19:57:05.0883 4224 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:57:05.0883 4224 CryptSvc - ok
19:57:05.0930 4224 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
19:57:05.0930 4224 CSC - ok
19:57:05.0961 4224 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
19:57:05.0977 4224 CscService - ok
19:57:05.0992 4224 [ B6672F62F75FB952D7AE7CB4E80011A9 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
19:57:05.0992 4224 dc3d - ok
19:57:06.0023 4224 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
19:57:06.0023 4224 DcomLaunch - ok
19:57:06.0055 4224 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
19:57:06.0055 4224 defragsvc - ok
19:57:06.0086 4224 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:57:06.0086 4224 DfsC - ok
19:57:06.0117 4224 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:57:06.0117 4224 Dhcp - ok
19:57:06.0148 4224 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
19:57:06.0148 4224 discache - ok
19:57:06.0179 4224 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:57:06.0179 4224 Disk - ok
19:57:06.0211 4224 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:57:06.0211 4224 Dnscache - ok
19:57:06.0226 4224 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
19:57:06.0242 4224 dot3svc - ok
19:57:06.0257 4224 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
19:57:06.0257 4224 DPS - ok
19:57:06.0289 4224 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:57:06.0289 4224 drmkaud - ok
19:57:06.0335 4224 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:57:06.0351 4224 DXGKrnl - ok
19:57:06.0382 4224 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
19:57:06.0382 4224 EapHost - ok
19:57:06.0445 4224 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
19:57:06.0507 4224 ebdrv - ok
19:57:06.0538 4224 [ 855D309F9D24DF147FA7BAC6FCE9FA74 ] Echo3G C:\Windows\system32\DRIVERS\echo3G.sys
19:57:06.0538 4224 Echo3G - ok
19:57:06.0569 4224 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
19:57:06.0569 4224 EFS - ok
19:57:06.0632 4224 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:57:06.0632 4224 ehRecvr - ok
19:57:06.0647 4224 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
19:57:06.0663 4224 ehSched - ok
19:57:06.0694 4224 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:57:06.0694 4224 elxstor - ok
19:57:06.0694 4224 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:57:06.0694 4224 ErrDev - ok
19:57:06.0725 4224 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
19:57:06.0725 4224 EventSystem - ok
19:57:06.0741 4224 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
19:57:06.0757 4224 exfat - ok
19:57:06.0757 4224 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:57:06.0772 4224 fastfat - ok
19:57:06.0819 4224 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
19:57:06.0835 4224 Fax - ok
19:57:06.0850 4224 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:57:06.0850 4224 fdc - ok
19:57:06.0866 4224 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
19:57:06.0866 4224 fdPHost - ok
19:57:06.0866 4224 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
19:57:06.0881 4224 FDResPub - ok
19:57:06.0881 4224 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:57:06.0881 4224 FileInfo - ok
19:57:06.0897 4224 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:57:06.0897 4224 Filetrace - ok
19:57:06.0913 4224 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:57:06.0913 4224 flpydisk - ok
19:57:06.0928 4224 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:57:06.0928 4224 FltMgr - ok
19:57:06.0975 4224 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
19:57:06.0975 4224 FontCache - ok
19:57:07.0022 4224 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:57:07.0022 4224 FontCache3.0.0.0 - ok
19:57:07.0037 4224 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:57:07.0037 4224 FsDepends - ok
19:57:07.0069 4224 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:57:07.0069 4224 Fs_Rec - ok
19:57:07.0115 4224 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:57:07.0115 4224 fvevol - ok
19:57:07.0131 4224 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:57:07.0131 4224 gagp30kx - ok
19:57:07.0178 4224 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
19:57:07.0178 4224 gpsvc - ok
19:57:07.0193 4224 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:57:07.0193 4224 hcw85cir - ok
19:57:07.0240 4224 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:57:07.0240 4224 HdAudAddService - ok
19:57:07.0256 4224 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:57:07.0256 4224 HDAudBus - ok
19:57:07.0271 4224 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:57:07.0271 4224 HidBatt - ok
19:57:07.0271 4224 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:57:07.0271 4224 HidBth - ok
19:57:07.0287 4224 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:57:07.0303 4224 HidIr - ok
19:57:07.0303 4224 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
19:57:07.0318 4224 hidserv - ok
19:57:07.0349 4224 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:57:07.0349 4224 HidUsb - ok
19:57:07.0381 4224 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:57:07.0381 4224 hkmsvc - ok
19:57:07.0412 4224 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:57:07.0412 4224 HomeGroupListener - ok
19:57:07.0443 4224 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:57:07.0443 4224 HomeGroupProvider - ok
19:57:07.0474 4224 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:57:07.0474 4224 HpSAMD - ok
19:57:07.0521 4224 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:57:07.0521 4224 HTTP - ok
19:57:07.0568 4224 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:57:07.0568 4224 hwpolicy - ok
19:57:07.0630 4224 [ 062CEBFB3CC75D5D31F8A8523752E289 ] hypaudio C:\Windows\system32\DRIVERS\hypaudio.sys
19:57:07.0646 4224 hypaudio - ok
19:57:07.0661 4224 [ 5C021D31759CBDC39B687F715AAFA927 ] hypkern C:\Windows\system32\drivers\hypkern.sys
19:57:07.0661 4224 hypkern - ok
19:57:07.0708 4224 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:57:07.0708 4224 i8042prt - ok
19:57:07.0739 4224 [ A3CAE5D281DB4CFF7CFF8233507EE5AD ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:57:07.0739 4224 iaStorV - ok
19:57:07.0802 4224 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:57:07.0802 4224 idsvc - ok
19:57:07.0833 4224 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:57:07.0833 4224 iirsp - ok
19:57:07.0880 4224 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
19:57:07.0895 4224 IKEEXT - ok
19:57:07.0895 4224 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
19:57:07.0911 4224 intelide - ok
19:57:07.0927 4224 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:57:07.0927 4224 intelppm - ok
19:57:07.0958 4224 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:57:07.0958 4224 IPBusEnum - ok
19:57:07.0958 4224 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:57:07.0958 4224 IpFilterDriver - ok
19:57:07.0989 4224 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:57:08.0005 4224 iphlpsvc - ok
19:57:08.0036 4224 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:57:08.0036 4224 IPMIDRV - ok
19:57:08.0036 4224 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:57:08.0051 4224 IPNAT - ok
19:57:08.0067 4224 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:57:08.0067 4224 IRENUM - ok
19:57:08.0098 4224 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:57:08.0098 4224 isapnp - ok
19:57:08.0114 4224 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:57:08.0114 4224 iScsiPrt - ok
19:57:08.0145 4224 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:57:08.0145 4224 kbdclass - ok
19:57:08.0161 4224 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:57:08.0176 4224 kbdhid - ok
19:57:08.0176 4224 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
19:57:08.0176 4224 KeyIso - ok
19:57:08.0207 4224 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:57:08.0207 4224 KSecDD - ok
19:57:08.0223 4224 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:57:08.0223 4224 KSecPkg - ok
19:57:08.0254 4224 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
19:57:08.0254 4224 KtmRm - ok
19:57:08.0270 4224 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
19:57:08.0270 4224 LanmanServer - ok
19:57:08.0301 4224 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:57:08.0317 4224 LanmanWorkstation - ok
19:57:08.0348 4224 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:57:08.0348 4224 lltdio - ok
19:57:08.0363 4224 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:57:08.0363 4224 lltdsvc - ok
19:57:08.0379 4224 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
19:57:08.0379 4224 lmhosts - ok
19:57:08.0395 4224 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:57:08.0395 4224 LSI_FC - ok
19:57:08.0410 4224 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:57:08.0410 4224 LSI_SAS - ok
19:57:08.0426 4224 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:57:08.0426 4224 LSI_SAS2 - ok
19:57:08.0441 4224 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:57:08.0441 4224 LSI_SCSI - ok
19:57:08.0457 4224 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
19:57:08.0457 4224 luafv - ok
19:57:08.0488 4224 [ B8EAC4507EB4655377B1E094FCE7F12E ] Macromedia Licensing Service C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
19:57:08.0488 4224 Macromedia Licensing Service - ok
19:57:08.0519 4224 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:57:08.0519 4224 Mcx2Svc - ok
19:57:08.0535 4224 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:57:08.0535 4224 megasas - ok
19:57:08.0551 4224 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:57:08.0551 4224 MegaSR - ok
19:57:08.0582 4224 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
19:57:08.0582 4224 MMCSS - ok
19:57:08.0582 4224 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
19:57:08.0582 4224 Modem - ok
19:57:08.0629 4224 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:57:08.0629 4224 monitor - ok
19:57:08.0675 4224 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:57:08.0675 4224 mouclass - ok
19:57:08.0691 4224 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:57:08.0691 4224 mouhid - ok
19:57:08.0722 4224 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:57:08.0722 4224 mountmgr - ok
19:57:08.0769 4224 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:57:08.0769 4224 MpFilter - ok
19:57:08.0785 4224 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
19:57:08.0785 4224 mpio - ok
19:57:08.0785 4224 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:57:08.0800 4224 mpsdrv - ok
19:57:08.0847 4224 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:57:08.0863 4224 MpsSvc - ok
19:57:08.0894 4224 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:57:08.0894 4224 MRxDAV - ok
19:57:08.0941 4224 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:57:08.0941 4224 mrxsmb - ok
19:57:08.0956 4224 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:57:08.0956 4224 mrxsmb10 - ok
19:57:08.0972 4224 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:57:08.0987 4224 mrxsmb20 - ok
19:57:09.0019 4224 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
19:57:09.0019 4224 msahci - ok
19:57:09.0034 4224 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:57:09.0034 4224 msdsm - ok
19:57:09.0050 4224 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
19:57:09.0050 4224 MSDTC - ok
19:57:09.0081 4224 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:57:09.0097 4224 Msfs - ok
19:57:09.0097 4224 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:57:09.0097 4224 mshidkmdf - ok
19:57:09.0128 4224 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:57:09.0128 4224 msisadrv - ok
19:57:09.0159 4224 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:57:09.0159 4224 MSiSCSI - ok
19:57:09.0159 4224 msiserver - ok
19:57:09.0190 4224 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:57:09.0190 4224 MSKSSRV - ok
19:57:09.0190 4224 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:57:09.0190 4224 MSPCLOCK - ok
19:57:09.0206 4224 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:57:09.0206 4224 MSPQM - ok
19:57:09.0221 4224 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:57:09.0221 4224 MsRPC - ok
19:57:09.0237 4224 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:57:09.0237 4224 mssmbios - ok
19:57:09.0237 4224 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:57:09.0237 4224 MSTEE - ok
19:57:09.0237 4224 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:57:09.0237 4224 MTConfig - ok
19:57:09.0268 4224 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
19:57:09.0268 4224 MTsensor - ok
19:57:09.0268 4224 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
19:57:09.0268 4224 Mup - ok
19:57:09.0299 4224 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
19:57:09.0315 4224 napagent - ok
19:57:09.0346 4224 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:57:09.0362 4224 NativeWifiP - ok
19:57:09.0455 4224 [ 6D8FCDD5BB3B676EF58FA234073492C6 ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
19:57:09.0455 4224 NBService - ok
19:57:09.0502 4224 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:57:09.0518 4224 NDIS - ok
19:57:09.0533 4224 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:57:09.0533 4224 NdisCap - ok
19:57:09.0549 4224 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:57:09.0549 4224 NdisTapi - ok
19:57:09.0580 4224 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:57:09.0580 4224 Ndisuio - ok
19:57:09.0611 4224 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:57:09.0611 4224 NdisWan - ok
19:57:09.0643 4224 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:57:09.0643 4224 NDProxy - ok
19:57:09.0658 4224 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:57:09.0658 4224 NetBIOS - ok
19:57:09.0689 4224 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:57:09.0689 4224 NetBT - ok
19:57:09.0721 4224 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
19:57:09.0721 4224 Netlogon - ok
19:57:09.0752 4224 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
19:57:09.0752 4224 Netman - ok
19:57:09.0767 4224 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
19:57:09.0767 4224 netprofm - ok
19:57:09.0783 4224 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:57:09.0783 4224 NetTcpPortSharing - ok
19:57:09.0814 4224 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:57:09.0814 4224 nfrd960 - ok
19:57:09.0861 4224 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:57:09.0861 4224 NisDrv - ok
19:57:09.0908 4224 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
19:57:09.0908 4224 NisSrv - ok
19:57:09.0939 4224 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:57:09.0955 4224 NlaSvc - ok
19:57:10.0064 4224 [ 060DAF68493AD7ADF104413E5A62AFA8 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
19:57:10.0079 4224 NMIndexingService - ok
19:57:10.0142 4224 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:57:10.0142 4224 Npfs - ok
19:57:10.0157 4224 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
19:57:10.0157 4224 nsi - ok
19:57:10.0189 4224 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:57:10.0189 4224 nsiproxy - ok
19:57:10.0235 4224 [ 33C3093D09017CFE2E219F2472BFF6EB ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:57:10.0267 4224 Ntfs - ok
19:57:10.0313 4224 [ EF2B9A14EC5DD74ADE3417FAF1B45E16 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
19:57:10.0313 4224 NuidFltr - ok
19:57:10.0329 4224 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
19:57:10.0329 4224 Null - ok
19:57:10.0376 4224 [ AF2EEC9580C1D32FB7EAF105D9784061 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:57:10.0376 4224 nvraid - ok
19:57:10.0391 4224 [ 9283C58EBAA2618F93482EB5DABCEC82 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:57:10.0391 4224 nvstor - ok
19:57:10.0423 4224 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:57:10.0423 4224 nv_agp - ok
19:57:10.0501 4224 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:57:10.0501 4224 odserv - ok
19:57:10.0516 4224 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:57:10.0516 4224 ohci1394 - ok
19:57:10.0547 4224 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:57:10.0547 4224 ose - ok
19:57:10.0579 4224 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:57:10.0594 4224 p2pimsvc - ok
19:57:10.0610 4224 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
19:57:10.0625 4224 p2psvc - ok
19:57:10.0641 4224 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:57:10.0641 4224 Parport - ok
19:57:10.0672 4224 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:57:10.0672 4224 partmgr - ok
19:57:10.0672 4224 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
19:57:10.0672 4224 Parvdm - ok
19:57:10.0688 4224 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:57:10.0703 4224 PcaSvc - ok
19:57:10.0703 4224 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
19:57:10.0719 4224 pci - ok
19:57:10.0719 4224 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
19:57:10.0719 4224 pciide - ok
19:57:10.0735 4224 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:57:10.0750 4224 pcmcia - ok
19:57:10.0766 4224 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
19:57:10.0766 4224 pcw - ok
19:57:10.0797 4224 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:57:10.0797 4224 PEAUTH - ok
19:57:10.0844 4224 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:57:10.0906 4224 PeerDistSvc - ok
19:57:10.0969 4224 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
19:57:11.0000 4224 pla - ok
19:57:11.0047 4224 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:57:11.0047 4224 PlugPlay - ok
19:57:11.0078 4224 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:57:11.0078 4224 PNRPAutoReg - ok
19:57:11.0093 4224 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:57:11.0093 4224 PNRPsvc - ok
19:57:11.0125 4224 [ 60A044879C4FA76314494F5FDDC43B93 ] Point32 C:\Windows\system32\DRIVERS\point32.sys
19:57:11.0125 4224 Point32 - ok
19:57:11.0156 4224 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:57:11.0156 4224 PolicyAgent - ok
19:57:11.0187 4224 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
19:57:11.0187 4224 Power - ok
19:57:11.0218 4224 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:57:11.0218 4224 PptpMiniport - ok
19:57:11.0234 4224 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:57:11.0234 4224 Processor - ok
19:57:11.0265 4224 [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc C:\Windows\system32\profsvc.dll
19:57:11.0281 4224 ProfSvc - ok
19:57:11.0281 4224 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:57:11.0281 4224 ProtectedStorage - ok
19:57:11.0312 4224 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:57:11.0312 4224 Psched - ok
19:57:11.0343 4224 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:57:11.0374 4224 ql2300 - ok
19:57:11.0390 4224 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:57:11.0390 4224 ql40xx - ok
19:57:11.0421 4224 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
19:57:11.0421 4224 QWAVE - ok
19:57:11.0437 4224 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:57:11.0437 4224 QWAVEdrv - ok
19:57:11.0452 4224 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:57:11.0452 4224 RasAcd - ok
19:57:11.0468 4224 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:57:11.0468 4224 RasAgileVpn - ok
19:57:11.0483 4224 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
19:57:11.0483 4224 RasAuto - ok
19:57:11.0499 4224 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:57:11.0499 4224 Rasl2tp - ok
19:57:11.0546 4224 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
19:57:11.0561 4224 RasMan - ok
19:57:11.0577 4224 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:57:11.0577 4224 RasPppoe - ok
19:57:11.0593 4224 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:57:11.0593 4224 RasSstp - ok
19:57:11.0624 4224 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:57:11.0624 4224 rdbss - ok
19:57:11.0639 4224 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:57:11.0639 4224 rdpbus - ok
19:57:11.0671 4224 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:57:11.0671 4224 RDPCDD - ok
19:57:11.0686 4224 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:57:11.0686 4224 RDPDR - ok
19:57:11.0702 4224 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:57:11.0702 4224 RDPENCDD - ok
19:57:11.0717 4224 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:57:11.0717 4224 RDPREFMP - ok
19:57:11.0749 4224 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:57:11.0749 4224 RDPWD - ok
19:57:11.0780 4224 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:57:11.0795 4224 rdyboost - ok
19:57:11.0811 4224 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
19:57:11.0827 4224 RemoteAccess - ok
19:57:11.0842 4224 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:57:11.0842 4224 RemoteRegistry - ok
19:57:11.0873 4224 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:57:11.0873 4224 RpcEptMapper - ok
19:57:11.0889 4224 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
19:57:11.0889 4224 RpcLocator - ok
19:57:11.0905 4224 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
19:57:11.0905 4224 RpcSs - ok
19:57:11.0936 4224 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:57:11.0936 4224 rspndr - ok
19:57:11.0967 4224 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
19:57:11.0967 4224 s3cap - ok
19:57:11.0967 4224 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
19:57:11.0983 4224 SamSs - ok
19:57:12.0029 4224 [ 230FD3749904CA045EA5EC0AA14006E9 ] SANDRA C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2011\WNt500x86\Sandra.sys
19:57:12.0029 4224 SANDRA - ok
19:57:12.0045 4224 [ 46DDC984860A694D1CA838A773FF1974 ] SandraAgentSrv C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2011\RpcAgentSrv.exe
19:57:12.0045 4224 SandraAgentSrv - ok
19:57:12.0107 4224 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:57:12.0107 4224 SASDIFSV - ok
19:57:12.0123 4224 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:57:12.0123 4224 SASKUTIL - ok
19:57:12.0139 4224 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:57:12.0154 4224 sbp2port - ok
19:57:12.0170 4224 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:57:12.0185 4224 SCardSvr - ok
19:57:12.0217 4224 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:57:12.0217 4224 scfilter - ok
19:57:12.0263 4224 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
19:57:12.0279 4224 Schedule - ok
19:57:12.0279 4224 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:57:12.0279 4224 SCPolicySvc - ok
19:57:12.0310 4224 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:57:12.0326 4224 SDRSVC - ok
19:57:12.0341 4224 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:57:12.0341 4224 secdrv - ok
19:57:12.0373 4224 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
19:57:12.0373 4224 seclogon - ok
19:57:12.0404 4224 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
19:57:12.0404 4224 SENS - ok
19:57:12.0435 4224 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:57:12.0435 4224 SensrSvc - ok
19:57:12.0466 4224 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:57:12.0466 4224 Serenum - ok
19:57:12.0482 4224 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:57:12.0482 4224 Serial - ok
19:57:12.0497 4224 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:57:12.0497 4224 sermouse - ok
19:57:12.0529 4224 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
19:57:12.0529 4224 SessionEnv - ok
19:57:12.0560 4224 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:57:12.0560 4224 sffdisk - ok
19:57:12.0575 4224 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:57:12.0575 4224 sffp_mmc - ok
19:57:12.0607 4224 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:57:12.0607 4224 sffp_sd - ok
19:57:12.0622 4224 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:57:12.0622 4224 sfloppy - ok
19:57:12.0669 4224 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:57:12.0669 4224 SharedAccess - ok
19:57:12.0685 4224 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:57:12.0685 4224 ShellHWDetection - ok
19:57:12.0700 4224 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:57:12.0700 4224 sisagp - ok
19:57:12.0716 4224 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:57:12.0716 4224 SiSRaid2 - ok
19:57:12.0731 4224 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:57:12.0731 4224 SiSRaid4 - ok
19:57:12.0763 4224 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:57:12.0763 4224 Smb - ok
19:57:12.0794 4224 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:57:12.0794 4224 SNMPTRAP - ok
19:57:12.0809 4224 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
19:57:12.0809 4224 spldr - ok
19:57:12.0841 4224 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe
19:57:12.0841 4224 Spooler - ok
19:57:12.0919 4224 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
19:57:12.0997 4224 sppsvc - ok
19:57:13.0028 4224 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:57:13.0028 4224 sppuinotify - ok
19:57:13.0059 4224 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:57:13.0059 4224 srv - ok
19:57:13.0106 4224 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:57:13.0106 4224 srv2 - ok
19:57:13.0121 4224 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:57:13.0121 4224 srvnet - ok
19:57:13.0153 4224 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:57:13.0168 4224 SSDPSRV - ok
19:57:13.0168 4224 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:57:13.0184 4224 SstpSvc - ok
19:57:13.0199 4224 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:57:13.0199 4224 stexstor - ok
19:57:13.0231 4224 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
19:57:13.0246 4224 StiSvc - ok
19:57:13.0262 4224 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
19:57:13.0262 4224 storflt - ok
19:57:13.0293 4224 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
19:57:13.0293 4224 StorSvc - ok
19:57:13.0324 4224 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:57:13.0340 4224 storvsc - ok
19:57:13.0340 4224 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
19:57:13.0340 4224 swenum - ok
19:57:13.0371 4224 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
19:57:13.0371 4224 swprv - ok
19:57:13.0433 4224 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
19:57:13.0465 4224 SysMain - ok
19:57:13.0480 4224 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:57:13.0480 4224 TabletInputService - ok
19:57:13.0496 4224 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
19:57:13.0496 4224 TapiSrv - ok
19:57:13.0527 4224 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
19:57:13.0527 4224 TBS - ok
19:57:13.0589 4224 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:57:13.0636 4224 Tcpip - ok
19:57:13.0683 4224 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:57:13.0683 4224 TCPIP6 - ok
19:57:13.0714 4224 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:57:13.0714 4224 tcpipreg - ok
19:57:13.0745 4224 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:57:13.0745 4224 TDPIPE - ok
19:57:13.0777 4224 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:57:13.0777 4224 TDTCP - ok
19:57:13.0808 4224 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:57:13.0808 4224 tdx - ok
19:57:13.0823 4224 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:57:13.0823 4224 TermDD - ok
19:57:13.0855 4224 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
19:57:13.0870 4224 TermService - ok
19:57:13.0886 4224 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
19:57:13.0886 4224 Themes - ok
19:57:13.0901 4224 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
19:57:13.0901 4224 THREADORDER - ok
19:57:13.0933 4224 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
19:57:13.0933 4224 TrkWks - ok
19:57:13.0964 4224 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:57:13.0964 4224 TrustedInstaller - ok
19:57:13.0979 4224 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:57:13.0979 4224 tssecsrv - ok
19:57:14.0026 4224 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:57:14.0026 4224 TsUsbFlt - ok
19:57:14.0057 4224 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:57:14.0073 4224 tunnel - ok
19:57:14.0089 4224 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:57:14.0089 4224 uagp35 - ok
19:57:14.0104 4224 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:57:14.0104 4224 udfs - ok
19:57:14.0120 4224 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:57:14.0120 4224 UI0Detect - ok
19:57:14.0167 4224 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:57:14.0167 4224 uliagpkx - ok
19:57:14.0182 4224 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
19:57:14.0198 4224 umbus - ok
19:57:14.0198 4224 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:57:14.0198 4224 UmPass - ok
19:57:14.0229 4224 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
19:57:14.0245 4224 UmRdpService - ok
19:57:14.0260 4224 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
19:57:14.0276 4224 upnphost - ok
19:57:14.0291 4224 [ 7E72E7D7E0757D59481D530FD2B0BFAE ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:57:14.0291 4224 usbccgp - ok
19:57:14.0323 4224 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:57:14.0323 4224 usbcir - ok
19:57:14.0323 4224 [ 1C333BFD60F2FED2C7AD5DAF533CB742 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:57:14.0323 4224 usbehci - ok
19:57:14.0354 4224 [ 9D22AAD9AC6A07C691A1113E5F860868 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:57:14.0354 4224 usbhub - ok
19:57:14.0369 4224 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:57:14.0369 4224 usbohci - ok
19:57:14.0369 4224 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:57:14.0369 4224 usbprint - ok
19:57:14.0385 4224 [ BF63EBFC6979FEFB2BC03DF7989A0C1A ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
19:57:14.0385 4224 USBSTOR - ok
19:57:14.0401 4224 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:57:14.0401 4224 usbuhci - ok
19:57:14.0416 4224 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
19:57:14.0416 4224 UxSms - ok
19:57:14.0416 4224 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
19:57:14.0432 4224 VaultSvc - ok
19:57:14.0447 4224 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:57:14.0447 4224 vdrvroot - ok
19:57:14.0494 4224 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
19:57:14.0510 4224 vds - ok
19:57:14.0541 4224 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:57:14.0541 4224 vga - ok
19:57:14.0541 4224 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:57:14.0541 4224 VgaSave - ok
19:57:14.0557 4224 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:57:14.0557 4224 vhdmp - ok
19:57:14.0588 4224 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:57:14.0588 4224 viaagp - ok
19:57:14.0603 4224 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
19:57:14.0603 4224 ViaC7 - ok
19:57:14.0603 4224 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
19:57:14.0619 4224 viaide - ok
19:57:14.0619 4224 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
19:57:14.0619 4224 vmbus - ok
19:57:14.0635 4224 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
19:57:14.0635 4224 VMBusHID - ok
19:57:14.0650 4224 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:57:14.0650 4224 volmgr - ok
19:57:14.0666 4224 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:57:14.0666 4224 volmgrx - ok
19:57:14.0681 4224 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:57:14.0681 4224 volsnap - ok
19:57:14.0697 4224 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:57:14.0713 4224 vsmraid - ok
19:57:14.0759 4224 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
19:57:14.0775 4224 VSS - ok
19:57:14.0791 4224 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:57:14.0791 4224 vwifibus - ok
19:57:14.0822 4224 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
19:57:14.0837 4224 W32Time - ok
19:57:14.0853 4224 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:57:14.0853 4224 WacomPen - ok
19:57:14.0869 4224 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:57:14.0869 4224 WANARP - ok
19:57:14.0869 4224 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:57:14.0884 4224 Wanarpv6 - ok
19:57:14.0931 4224 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:57:14.0962 4224 WatAdminSvc - ok
19:57:14.0993 4224 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
19:57:15.0040 4224 wbengine - ok
19:57:15.0040 4224 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:57:15.0056 4224 WbioSrvc - ok
19:57:15.0087 4224 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:57:15.0103 4224 wcncsvc - ok
19:57:15.0118 4224 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:57:15.0118 4224 WcsPlugInService - ok
19:57:15.0134 4224 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:57:15.0134 4224 Wd - ok
19:57:15.0165 4224 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:57:15.0181 4224 Wdf01000 - ok
19:57:15.0212 4224 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:57:15.0212 4224 WdiServiceHost - ok
19:57:15.0227 4224 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:57:15.0243 4224 WdiSystemHost - ok
19:57:15.0337 4224 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
19:57:15.0352 4224 WebClient - ok
19:57:15.0368 4224 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:57:15.0383 4224 Wecsvc - ok
19:57:15.0383 4224 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:57:15.0399 4224 wercplsupport - ok
19:57:15.0415 4224 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
19:57:15.0415 4224 WerSvc - ok
19:57:15.0430 4224 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:57:15.0430 4224 WfpLwf - ok
19:57:15.0461 4224 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:57:15.0461 4224 WIMMount - ok
19:57:15.0524 4224 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:57:15.0539 4224 WinDefend - ok
19:57:15.0539 4224 WinHttpAutoProxySvc - ok
19:57:15.0586 4224 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:57:15.0586 4224 Winmgmt - ok
19:57:15.0633 4224 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
19:57:15.0664 4224 WinRM - ok
19:57:15.0711 4224 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:57:15.0742 4224 Wlansvc - ok
19:57:15.0805 4224 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:57:15.0805 4224 WmiAcpi - ok
19:57:15.0836 4224 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:57:15.0851 4224 wmiApSrv - ok
19:57:15.0883 4224 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:57:15.0898 4224 WMPNetworkSvc - ok
19:57:15.0914 4224 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:57:15.0914 4224 WPCSvc - ok
19:57:15.0945 4224 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:57:15.0945 4224 WPDBusEnum - ok
19:57:15.0961 4224 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:57:15.0961 4224 ws2ifsl - ok
19:57:15.0976 4224 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
19:57:15.0992 4224 wscsvc - ok
19:57:16.0023 4224 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
19:57:16.0023 4224 WSDPrintDevice - ok
19:57:16.0023 4224 [ 7DC0270CFD4A05B4112E3EBBF083B595 ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
19:57:16.0023 4224 WSDScan - ok
19:57:16.0039 4224 WSearch - ok
19:57:16.0117 4224 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
19:57:16.0148 4224 wuauserv - ok
19:57:16.0163 4224 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:57:16.0179 4224 WudfPf - ok
19:57:16.0210 4224 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:57:16.0210 4224 WUDFRd - ok
19:57:16.0257 4224 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:57:16.0257 4224 wudfsvc - ok
19:57:16.0288 4224 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
19:57:16.0288 4224 WwanSvc - ok
19:57:16.0319 4224 ================ Scan global ===============================
19:57:16.0335 4224 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
19:57:16.0366 4224 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
19:57:16.0382 4224 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
19:57:16.0413 4224 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
19:57:16.0444 4224 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
19:57:16.0444 4224 [Global] - ok
19:57:16.0444 4224 ================ Scan MBR ==================================
19:57:16.0460 4224 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:57:16.0600 4224 \Device\Harddisk0\DR0 - ok
19:57:16.0600 4224 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
19:57:16.0772 4224 \Device\Harddisk1\DR1 - ok
19:57:16.0787 4224 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
19:57:16.0787 4224 \Device\Harddisk2\DR2 - ok
19:57:16.0787 4224 ================ Scan VBR ==================================
19:57:16.0787 4224 [ 3853705FF91A9872F8A4E131C1CDA460 ] \Device\Harddisk0\DR0\Partition1
19:57:16.0787 4224 \Device\Harddisk0\DR0\Partition1 - ok
19:57:16.0803 4224 [ AA34242D27DFA42170F33FD1DCD50491 ] \Device\Harddisk0\DR0\Partition2
19:57:16.0803 4224 \Device\Harddisk0\DR0\Partition2 - ok
19:57:16.0803 4224 [ 6D90B63067BE5B3B0F01BB3F6C84F9D3 ] \Device\Harddisk1\DR1\Partition1
19:57:16.0803 4224 \Device\Harddisk1\DR1\Partition1 - ok
19:57:16.0803 4224 [ BD7D4C39A4B80B6DE1ED7D3786DA7F5F ] \Device\Harddisk2\DR2\Partition1
19:57:16.0803 4224 \Device\Harddisk2\DR2\Partition1 - ok
19:57:16.0803 4224 ============================================================
19:57:16.0803 4224 Scan finished
19:57:16.0803 4224 ============================================================
19:57:16.0819 1976 Detected object count: 0
19:57:16.0819 1976 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-23 19:59:06
-----------------------------
19:59:06.918 OS Version: Windows 6.1.7601 Service Pack 1
19:59:06.918 Number of processors: 4 586 0x1706
19:59:06.918 ComputerName: EDWARD-PC UserName: Edward
19:59:07.745 Initialize success
19:59:07.854 AVAST engine defs: 12082400
19:59:34.717 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
19:59:34.717 Disk 0 Vendor: ST3300620AS 3.AAE Size: 286168MB BusType: 3
19:59:34.717 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-3
19:59:34.717 Disk 1 Vendor: WDC_WD800JD-00HKA0 13.03G13 Size: 76319MB BusType: 3
19:59:34.733 Disk 0 MBR read successfully
19:59:34.748 Disk 0 MBR scan
19:59:34.748 Disk 0 Windows 7 default MBR code
19:59:34.748 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:59:34.764 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 286066 MB offset 206848
19:59:34.780 Disk 0 scanning sectors +586070016
19:59:34.826 Disk 0 scanning C:\Windows\system32\drivers
19:59:40.474 Service scanning
19:59:53.032 Modules scanning
19:59:58.102 Disk 0 trace - called modules:
19:59:58.117 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
19:59:58.117 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8622b030]
19:59:58.133 3 CLASSPNP.SYS[8b3d359e] -> nt!IofCallDriver -> [0x85cda918]
19:59:58.133 5 ACPI.sys[8b0913d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x85d43908]
19:59:58.648 AVAST engine scan C:\Windows
20:00:01.237 AVAST engine scan C:\Windows\system32
20:01:29.268 AVAST engine scan C:\Windows\system32\drivers
20:01:39.252 AVAST engine scan C:\Users\Edward
20:05:18.885 AVAST engine scan C:\ProgramData
20:09:57.136 Scan finished successfully
20:10:10.152 Disk 0 MBR has been saved successfully to "C:\Users\Edward\Desktop\virus\MBR.dat"
20:10:10.152 The log file has been saved successfully to "C:\Users\Edward\Desktop\virus\aswMBR.txt"

Edited by dalley, 23 August 2012 - 10:13 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:44 PM

Posted 23 August 2012 - 10:23 PM

I have uploaded a file that I want you to run and if it asks to merge please allow


restart the computer and check the updates again



Gringo

Attached Files


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 dalley

dalley
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 24 August 2012 - 04:23 PM

ok I ran the reg file and Windows Update is working. All else seems good except the Microsoft Security Essentials still will not start

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:44 PM

Posted 24 August 2012 - 04:47 PM

OK now lets uninstall MSe restart the computer and reinstall it


tell me if it woke back up



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 dalley

dalley
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 24 August 2012 - 06:00 PM

ok the MSSE reinstall worked and it is back up and running with the latest definitions

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:44 PM

Posted 24 August 2012 - 06:06 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 dalley

dalley
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 24 August 2012 - 06:37 PM

Gringo, is there a link to CFScript? I cant seem to download it




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users