Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zero Acess Infection?


  • This topic is locked This topic is locked
31 replies to this topic

#1 Squidassist

Squidassist

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:43 AM

Posted 04 October 2012 - 10:38 PM

Heya, gang.

This is my first post here, so forgive me if I get 9/10 things wrong. That being said, everytime I tried to find more information on fixing this issue, good'ol Google lead me to you guys, so I surrendered to peer pressure and figured maybe you can help. :)

From the look of things, I think I have a Zero Acess Infection. Windows defender, security services and windows updater have all been pulled and no longer work, telling me they are uninstalled, off and unable to be turned on, or unable to be updated after a manual install... Tricky little bugger. I had an infection a few months back when the lady of the house delved too deeply into the mire of the internet and came out unclean. I thought I had removed all the torjans and spyware, and all scans with Mal-Bytes and AVG came up pristine, but it seems they might have been symptoms and not diseases. Now we are getting semi-regular computer drop outs (IE: No signal, reboot) that concern me and, when making sure windows was updated, I stumbled on this issue.

I've read your forum opening information and I've attached the files it asks for... I think. Take a gander! WARNING: Massive flood of text!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Bevans at 12:52:02 on 2012-10-05
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.61.1033.18.6142.3626 [GMT 9.5:30]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Steam\Steam.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\12.2.6\ScriptHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\regedit.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\SPYBOT~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - C:\Program Files (x86)\Yahoo!\Common\yiesrvc.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Steam] "C:\Steam\steam.exe" -silent
uRun: [KGShareApp] C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files (x86)\Yahoo!\Common\yiesrvc.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3262C484-6CA2-423D-A058-B5D2BF54C1A9} : DhcpNameServer = 10.1.1.1
TCP: Interfaces\{A7E5EBA7-38F6-4BC7-AEC0-D71859BDBB58} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll
BHO-X64: Yahoo! IE Services Button: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files (x86)\Yahoo!\Common\yiesrvc.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
mRun-x64: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 avgtp;avgtp;\??\C:\Windows\system32\drivers\avgtpx64.sys --> C:\Windows\system32\drivers\avgtpx64.sys [?]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Program Files\HWiNFO64\HWiNFO64A.SYS [2012-10-4 30592]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-28 63960]
R2 aksdf;aksdf;C:\Windows\system32\DRIVERS\aksdf.sys --> C:\Windows\system32\DRIVERS\aksdf.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-6-28 1258856]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-8-30 382312]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-9-4 722528]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Spybot - Search & Destroy\SDWinSec.exe [2010-8-29 1153368]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-8 250288]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-10-05 03:13:05 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0C287424-37CE-482E-80C9-66D6E640151D}\offreg.dll
2012-10-05 03:02:43 9308616 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0C287424-37CE-482E-80C9-66D6E640151D}\mpengine.dll
2012-10-05 03:00:23 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-10-05 03:00:20 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-10-05 02:43:15 -------- d-----w- C:\Users\Bevans\AppData\Local\{E5EC2EEE-3436-41E9-BE8D-B904DCCBFD33}
2012-10-05 00:42:06 -------- d-----w- C:\Users\Bevans\AppData\Local\etax2012
2012-10-05 00:40:23 -------- d-----w- C:\Program Files (x86)\etax2012
2012-10-04 07:09:38 -------- d-----w- C:\Program Files\HWiNFO64
2012-10-01 18:37:03 -------- d-----w- C:\Users\Bevans\.gimp-2.6
2012-09-26 02:15:14 -------- d-----w- C:\Users\Bevans\AppData\Local\Ubisoft Game Launcher
2012-09-26 02:15:12 -------- d-----w- C:\Users\Bevans\AppData\Roaming\Might & Magic Heroes VI
2012-09-25 22:12:15 -------- d-----w- C:\Program Files (x86)\Microsoft Games
2012-09-25 22:06:12 -------- d-----w- C:\Users\Bevans\AppData\Roaming\DAEMON Tools Lite
2012-09-20 13:33:56 -------- d-----w- C:\temp
2012-09-14 22:43:38 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-09-12 13:42:17 -------- d-----w- C:\Users\Bevans\AppData\Roaming\six-zsync
2012-09-12 13:29:32 -------- d-----w- C:\ProgramData\Tarma Installer
2012-09-12 13:01:20 -------- d-----w- C:\Users\Bevans\AppData\Local\ArmA 2 OA
2012-09-12 13:01:19 -------- d-----w- C:\Users\Bevans\AppData\Local\ArmA 2
2012-09-12 12:57:32 -------- d-----w- C:\Users\Bevans\AppData\Local\Downloaded Installations
2012-09-08 12:08:27 -------- d-----w- C:\Users\Bevans\AppData\Roaming\Malwarebytes
.
==================== Find3M ====================
.
2012-09-21 07:28:19 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-21 07:28:19 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-21 07:28:15 10213296 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-09-14 22:43:10 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-07 07:34:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-04 00:21:19 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-08-30 16:18:05 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-08-30 16:18:05 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-08-30 16:18:05 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-08-30 16:18:01 3266920 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-08-30 16:17:59 6198120 ----a-w- C:\Windows\System32\nvcpl.dll
2012-08-30 12:33:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-30 12:33:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-30 01:10:14 429416 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-08-24 06:13:16 384352 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-08-07 06:48:24 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-07-25 17:51:28 291680 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
.
============= FINISH: 12:53:05.29 ===============


So... What say you, boffins of the technological age? Can anyone help me? You shall be rewarded with a delicious strip of fresh cooked bacon, sent via snail mail or fax, your choice.

Thanks, everyone. :(

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:13 PM

Posted 04 October 2012 - 10:50 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Squidassist

Squidassist
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:43 AM

Posted 04 October 2012 - 11:09 PM

Thanks, Gringo... I mean, Amigo. ;)

Downloading, installing and running your instructions now and standing by for additional details.

Thanks again, guys and dolls. If my posts are hard to read, it's just because the sweat, blood and tears of frustration are making the keys sticky.

#4 Squidassist

Squidassist
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:43 AM

Posted 04 October 2012 - 11:24 PM

Results are in, Doctor:

Security Check:

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.0.1400
Java™ 6 Update 35
Java version out of Date!
Adobe Flash Player 11.4.402.278
Adobe Reader X (10.1.4)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

The AdwCleaner looks like it'll take a while, and I'm due at work in a bit, so more results as they happen.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:13 PM

Posted 04 October 2012 - 11:25 PM

Just let me have the reports and we will get thru this together



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Squidassist

Squidassist
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:43 AM

Posted 04 October 2012 - 11:34 PM

Spoke too soon. Stepped away to put on shoes and BAM!

AdwCleaner

# AdwCleaner v2.003 - Logfile created 10/05/2012 at 13:55:09
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Enterprise Service Pack 1 (64 bits)
# User : Bevans - NIC-PC
# Boot Mode : Normal
# Running from : C:\Users\Bevans\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
Deleted on reboot : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Users\Bevans\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Bevans\AppData\LocalLow\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-21-1383157132-2993539199-3655285611-1005\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Bevans\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [351 octets] - [05/10/2012 13:43:26]
AdwCleaner[S2].txt - [8744 octets] - [05/10/2012 13:55:09]

########## EOF - C:\AdwCleaner[S2].txt - [8804 octets] ##########


RougeKiller

RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Bevans [Admin rights]
Mode : Remove -- Date : 10/05/2012 14:00:52

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{16e69c0d-203b-d252-4d83-3b6d2e0cc6a9}\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{16e69c0d-203b-d252-4d83-3b6d2e0cc6a9}\L\00000004.@ --> REMOVED
[Del.Parent][FILE] 201d3dde : C:\Windows\Installer\{16e69c0d-203b-d252-4d83-3b6d2e0cc6a9}\L\201d3dde --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{16e69c0d-203b-d252-4d83-3b6d2e0cc6a9}\L --> REMOVED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD20EARS-00MVWB0 ATA Device +++++
--- User ---
[MBR] 6abf26270691d9490ad4b963ac31915c
[BSP] da383d90d28b47ed6a84e706b398e5b7 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1907627 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Okay, dashing away from the keys to earn sufficent money to cook that bacon for you, Gringo. Thanks again, mate! :D

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:13 PM

Posted 04 October 2012 - 11:41 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Squidassist

Squidassist
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:43 AM

Posted 05 October 2012 - 02:35 AM

Okay, I can't post the report, as it has now marked EVERYTHING on my computer as an illegal opperation in the reg and tells me it cannot be opened:

"Illegal operation attempted on a registry key that has been marked for deletion"

So far EVERY program has returned this reply... I hope you can help me fix that one up quickly, cos that's hindering all activity for now. :(

#9 Squidassist

Squidassist
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:43 AM

Posted 05 October 2012 - 05:41 AM

Okay, I can't post the report, as it has now marked EVERYTHING on my computer as an illegal opperation in the reg and tells me it cannot be opened:

"Illegal operation attempted on a registry key that has been marked for deletion"

So far EVERY program has returned this reply... I hope you can help me fix that one up quickly, cos that's hindering all activity for now. :(


The above is still happening... However, it appears that my "Favourites", stored under my Windows Username are NOT illegal operations, despite the fact that they open IE in order to be used... IE currently being an Illegal Operation. Go figure! Every desktop icon, exe, program ETC is still refusing to open with the above error, however using this "backdoor" method I can now post the log for you. Huzzar! :D

ComboFix 12-10-04.02 - Bevans 05/10/2012 16:45:29.1.8 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.61.1033.18.6142.3917 [GMT 9.5:30]
Running from: c:\users\Bevans\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\FlashPlayerInstaller.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-05 to 2012-10-05 )))))))))))))))))))))))))))))))
.
.
2012-10-05 07:20 . 2012-10-05 07:20 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-05 07:20 . 2012-10-05 07:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-05 03:02 . 2012-09-18 15:28 9308616 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C287424-37CE-482E-80C9-66D6E640151D}\mpengine.dll
2012-10-05 03:00 . 2012-10-05 03:00 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-10-05 03:00 . 2012-10-05 03:00 -------- d-----w- c:\program files\Microsoft Security Client
2012-10-05 00:42 . 2012-10-05 00:42 -------- d-----w- c:\users\Bevans\AppData\Local\etax2012
2012-10-05 00:40 . 2012-10-05 00:41 -------- d-----w- c:\program files (x86)\etax2012
2012-10-04 07:09 . 2012-10-04 07:09 -------- d-----w- c:\program files\HWiNFO64
2012-10-01 18:37 . 2012-10-01 18:38 -------- d-----w- c:\users\Bevans\.gimp-2.6
2012-09-26 02:15 . 2012-09-26 02:22 -------- d-----w- c:\users\Bevans\AppData\Local\Ubisoft Game Launcher
2012-09-26 02:15 . 2012-10-03 13:52 -------- d-----w- c:\users\Bevans\AppData\Roaming\Might & Magic Heroes VI
2012-09-25 22:12 . 2012-09-25 22:12 -------- d-----w- c:\program files (x86)\Microsoft Games
2012-09-25 22:06 . 2012-09-25 22:06 -------- d-----w- c:\users\Bevans\AppData\Roaming\DAEMON Tools Lite
2012-09-20 13:33 . 2012-09-20 13:33 -------- d-----w- C:\temp
2012-09-14 22:43 . 2012-09-14 22:43 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-14 22:43 . 2012-09-14 22:43 -------- d-----w- c:\program files (x86)\Java
2012-09-12 13:42 . 2012-09-12 13:42 -------- d-----w- c:\users\Bevans\AppData\Roaming\six-zsync
2012-09-12 13:01 . 2012-09-18 00:58 -------- d-----w- c:\users\Bevans\AppData\Local\ArmA 2 OA
2012-09-12 13:01 . 2012-09-12 13:01 -------- d-----w- c:\users\Bevans\AppData\Local\ArmA 2
2012-09-12 12:57 . 2012-09-12 13:47 -------- d-----w- c:\users\Bevans\AppData\Local\Downloaded Installations
2012-09-08 12:08 . 2012-09-08 12:08 -------- d-----w- c:\users\Bevans\AppData\Roaming\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 07:28 . 2012-04-07 21:37 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-21 07:28 . 2011-05-19 00:36 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-14 22:43 . 2010-08-29 22:21 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-07 07:34 . 2010-08-29 13:40 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-04 00:21 . 2012-09-04 00:21 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-08-30 19:14 . 2012-06-27 23:51 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-08-30 19:14 . 2011-12-31 08:22 14879080 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-08-30 19:14 . 2011-12-31 08:22 12465512 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-08-30 19:14 . 2011-12-31 08:22 15291752 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-08-30 19:14 . 2011-12-31 08:22 2725224 ----a-w- c:\windows\system32\nvapi64.dll
2012-08-30 16:18 . 2011-03-25 12:32 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-08-30 16:18 . 2011-03-25 12:32 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-08-30 16:18 . 2011-03-25 12:32 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-08-30 16:18 . 2011-03-25 12:31 3266920 ----a-w- c:\windows\system32\nvsvc64.dll
2012-08-30 16:17 . 2011-03-25 12:32 6198120 ----a-w- c:\windows\system32\nvcpl.dll
2012-08-30 12:33 . 2012-08-30 12:33 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 12:33 . 2012-08-30 12:33 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 01:10 . 2012-08-30 01:10 429416 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-08-24 06:13 . 2012-08-24 06:13 384352 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-08-07 06:48 . 2010-08-29 11:30 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-07-25 17:51 . 2012-07-25 17:51 291680 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-07-11 17:32 . 2010-08-29 11:54 59701280 ----a-w- c:\windows\system32\MRT.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\steam\steam.exe" [2012-08-04 1353080]
"KGShareApp"="c:\program files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-06-26 394752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-30 2596984]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-12 5167736]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-28 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-11-10 10567680]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-11-10 325632]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-01-06 676864]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-29 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-18 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-30 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2006-10-17 52760]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-25 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-04 31080]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\HWiNFO64\HWiNFO64A.SYS [2012-05-10 30592]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys [2006-12-13 65024]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 204288]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-13 193288]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-30 1258856]
S2 SBSDWSCService;SBSD Security Center Service;c:\spybot - search & destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-04 722528]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-01 51600]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-07-03 189288]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-22 347680]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 07:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 415816]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-02-18 4271688]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-02-18 2093128]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe
Wow6432Node-HKLM-Run-HF_G_Jul - c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe
Wow6432Node-HKLM-Run-ROC_ROC_JULY_P1 - c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe
AddRemove-BattlEye for A2 - c:\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe
AddRemove-Francesco's leveled creatures-items mod_is1 - c:\steam\steamapps\common\oblivion\data\Francesco's mod\Unistall data\Main files\unins000.exe
AddRemove-Half-Life Dedicated Server Update Tool - c:\steam\DEDICA~1\UNWISE.EXE
AddRemove-Oblivion mod manager_is1 - c:\steam\steamapps\common\oblivion\obmm\uninstall\unins000.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{5CD9D26B-14DF-4A57-8668-40A4DC44A474}_is1 - c:\steam\steamapps\common\vampire the masquerade - bloodlines\Vampire\unins000.exe
AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files (x86)\Common Files\BioWare\Uninstall Mass Effect 2.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Kodak\KODAK Share Button App\Listener.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-10-05 16:57:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-05 07:27
.
Pre-Run: 1,228,680,998,912 bytes free
Post-Run: 1,228,853,940,224 bytes free
.
- - End Of File - - 14F6A93F100E2CBEF403094B671FBBDE


Things of note: I disabled all my firewalls and real time protection ETC, however when I started the scan it warned me that AVG was still active. I realised that I hadn't right clicked the Tray Icon and picked "Temp Disable"... So I went ahead and did that. Once it was done I told the scanner to continue, however it warned me that it was STILL active. Confused, I clicked the Red X to close the program before it started the scan, thinking I would double check and make sure I'd disabled everything correctly... That, however, started the scan rather then closing. Remembering your warning not to perform any actions during the scan, I left it and crossed my fingers rather then risking causing a serious crash. That might explain -

A ) Why, at the top of the scan, it says AVG was "Active".
B ) Why I now can't acess files.

Either way, I'm delaying doing the obvious like rebooting or attempting to find a way to use the system restore tools until you get back to me. Given it's about 6am where you are, I guess I'll throw some coffee on. Hope this isn't a bothersome way to start your morning. :)

EDIT: Additional news - Windows updater just informed me it has downloaded 38 new updates, so despite nothing else working, part of the original issue is now resolved. A hearty cheer ripped through the crowd! :D I assume this is good news, however until everything else is up and running it's hard to get TOO excited.

Edited by Squidassist, 05 October 2012 - 05:49 AM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:13 PM

Posted 05 October 2012 - 07:38 AM

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer



please restart the computer and let me know how things are after


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Squidassist

Squidassist
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:43 AM

Posted 05 October 2012 - 08:19 AM


Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer



please restart the computer and let me know how things are after


gringo


*Hangs his head in shame* Oh dear... Ahem. Sorry. It's kinda getting late here. I'll pay more attention.

Yes, a reboot has restored my icons to their former, program starting glory! What steps should I take to be confident that this Zero Acess has been utterly destoryed? Should I dip one corner of the power supply into a well of pure oblivion so that the it surges with dark energy?... Or, is running one of the scans again sufficent?

Windows has updated and replaced the missing WSE and Installer data into the system info, so so far so good.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:13 PM

Posted 05 October 2012 - 08:32 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Squidassist

Squidassist
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:43 AM

Posted 05 October 2012 - 08:53 AM

Your wish is my command!

TDSSKiller

23:09:18.0294 5772 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
23:09:19.0136 5772 ============================================================
23:09:19.0136 5772 Current date / time: 2012/10/05 23:09:19.0136
23:09:19.0136 5772 SystemInfo:
23:09:19.0136 5772
23:09:19.0136 5772 OS Version: 6.1.7601 ServicePack: 1.0
23:09:19.0136 5772 Product type: Workstation
23:09:19.0136 5772 ComputerName: NIC-PC
23:09:19.0136 5772 UserName: Bevans
23:09:19.0136 5772 Windows directory: C:\Windows
23:09:19.0136 5772 System windows directory: C:\Windows
23:09:19.0136 5772 Running under WOW64
23:09:19.0136 5772 Processor architecture: Intel x64
23:09:19.0136 5772 Number of processors: 8
23:09:19.0136 5772 Page size: 0x1000
23:09:19.0136 5772 Boot type: Normal boot
23:09:19.0136 5772 ============================================================
23:09:21.0445 5772 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3F161, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
23:09:21.0461 5772 ============================================================
23:09:21.0461 5772 \Device\Harddisk0\DR0:
23:09:21.0461 5772 MBR partitions:
23:09:21.0461 5772 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:09:21.0461 5772 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE8DD5800
23:09:21.0461 5772 ============================================================
23:09:21.0554 5772 C: <-> \Device\Harddisk0\DR0\Partition2
23:09:21.0554 5772 ============================================================
23:09:21.0554 5772 Initialize success
23:09:21.0554 5772 ============================================================
23:09:22.0553 5816 ============================================================
23:09:22.0553 5816 Scan started
23:09:22.0553 5816 Mode: Manual;
23:09:22.0553 5816 ============================================================
23:09:26.0281 5816 ================ Scan system memory ========================
23:09:26.0281 5816 System memory - ok
23:09:26.0281 5816 ================ Scan services =============================
23:09:28.0824 5816 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:09:28.0840 5816 1394ohci - ok
23:09:29.0011 5816 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:09:29.0042 5816 ACPI - ok
23:09:29.0198 5816 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:09:29.0230 5816 AcpiPmi - ok
23:09:29.0776 5816 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:09:29.0776 5816 AdobeARMservice - ok
23:09:30.0384 5816 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:09:30.0384 5816 AdobeFlashPlayerUpdateSvc - ok
23:09:30.0462 5816 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:09:30.0478 5816 adp94xx - ok
23:09:30.0524 5816 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:09:30.0540 5816 adpahci - ok
23:09:30.0587 5816 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:09:30.0602 5816 adpu320 - ok
23:09:30.0618 5816 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:09:30.0618 5816 AeLookupSvc - ok
23:09:30.0712 5816 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
23:09:30.0712 5816 AFD - ok
23:09:30.0774 5816 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:09:30.0790 5816 agp440 - ok
23:09:30.0836 5816 [ BC569A6C209D94F6643EE35710AEC1F6 ] aksdf C:\Windows\system32\DRIVERS\aksdf.sys
23:09:30.0836 5816 aksdf - ok
23:09:30.0852 5816 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
23:09:30.0852 5816 ALG - ok
23:09:30.0883 5816 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
23:09:30.0883 5816 aliide - ok
23:09:30.0961 5816 [ 5EC60409BD50953BD4F892B18840039E ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:09:30.0961 5816 AMD External Events Utility - ok
23:09:30.0961 5816 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
23:09:30.0961 5816 amdide - ok
23:09:30.0961 5816 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:09:30.0961 5816 AmdK8 - ok
23:09:33.0348 5816 [ 322E5C178990F116F00E3D923F4E6B1C ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
23:09:33.0473 5816 amdkmdag - ok
23:09:33.0613 5816 [ 961A81A84FDD700E361E8294528A37BA ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
23:09:33.0644 5816 amdkmdap - ok
23:09:33.0691 5816 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:09:33.0722 5816 AmdPPM - ok
23:09:33.0800 5816 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:09:33.0816 5816 amdsata - ok
23:09:33.0925 5816 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:09:33.0941 5816 amdsbs - ok
23:09:33.0988 5816 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:09:34.0003 5816 amdxata - ok
23:09:34.0097 5816 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
23:09:34.0112 5816 AppID - ok
23:09:34.0159 5816 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:09:34.0159 5816 AppIDSvc - ok
23:09:34.0222 5816 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
23:09:34.0222 5816 Appinfo - ok
23:09:34.0424 5816 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
23:09:34.0424 5816 AppMgmt - ok
23:09:34.0549 5816 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
23:09:34.0565 5816 arc - ok
23:09:34.0658 5816 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:09:34.0690 5816 arcsas - ok
23:09:35.0672 5816 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:09:35.0938 5816 aspnet_state - ok
23:09:36.0016 5816 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:09:36.0031 5816 AsyncMac - ok
23:09:36.0109 5816 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
23:09:36.0109 5816 atapi - ok
23:09:36.0390 5816 [ 230CF51113CD4B830B3BFD09B0D4C066 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
23:09:36.0406 5816 AtiHDAudioService - ok
23:09:37.0295 5816 [ 322E5C178990F116F00E3D923F4E6B1C ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
23:09:37.0326 5816 atikmdag - ok
23:09:37.0435 5816 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:09:37.0435 5816 AudioEndpointBuilder - ok
23:09:37.0466 5816 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:09:37.0466 5816 AudioSrv - ok
23:09:38.0184 5816 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
23:09:38.0231 5816 AVGIDSAgent - ok
23:09:38.0340 5816 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
23:09:38.0356 5816 AVGIDSDriver - ok
23:09:38.0387 5816 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
23:09:38.0387 5816 AVGIDSFilter - ok
23:09:38.0434 5816 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
23:09:38.0434 5816 AVGIDSHA - ok
23:09:38.0512 5816 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
23:09:38.0512 5816 Avgldx64 - ok
23:09:38.0574 5816 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
23:09:38.0574 5816 Avgmfx64 - ok
23:09:38.0652 5816 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
23:09:38.0652 5816 Avgrkx64 - ok
23:09:38.0730 5816 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
23:09:38.0730 5816 Avgtdia - ok
23:09:38.0761 5816 [ A313C4AE276E3C975A1BC27170AA23C6 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
23:09:38.0761 5816 avgtp - ok
23:09:38.0808 5816 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
23:09:38.0808 5816 avgwd - ok
23:09:38.0870 5816 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:09:38.0870 5816 AxInstSV - ok
23:09:38.0917 5816 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
23:09:38.0917 5816 b06bdrv - ok
23:09:38.0964 5816 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:09:38.0964 5816 b57nd60a - ok
23:09:39.0011 5816 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
23:09:39.0011 5816 BDESVC - ok
23:09:39.0026 5816 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
23:09:39.0042 5816 Beep - ok
23:09:39.0182 5816 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
23:09:39.0198 5816 BFE - ok
23:09:39.0354 5816 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
23:09:39.0354 5816 BITS - ok
23:09:39.0401 5816 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:09:39.0401 5816 blbdrive - ok
23:09:39.0463 5816 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:09:39.0479 5816 bowser - ok
23:09:39.0494 5816 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:09:39.0510 5816 BrFiltLo - ok
23:09:39.0510 5816 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:09:39.0510 5816 BrFiltUp - ok
23:09:39.0526 5816 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
23:09:39.0526 5816 BridgeMP - ok
23:09:39.0557 5816 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
23:09:39.0557 5816 Browser - ok
23:09:39.0619 5816 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:09:39.0635 5816 Brserid - ok
23:09:39.0650 5816 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:09:39.0650 5816 BrSerWdm - ok
23:09:39.0650 5816 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:09:39.0650 5816 BrUsbMdm - ok
23:09:39.0650 5816 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:09:39.0650 5816 BrUsbSer - ok
23:09:39.0666 5816 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:09:39.0666 5816 BTHMODEM - ok
23:09:39.0666 5816 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
23:09:39.0666 5816 bthserv - ok
23:09:39.0682 5816 catchme - ok
23:09:39.0682 5816 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:09:39.0682 5816 cdfs - ok
23:09:39.0713 5816 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:09:39.0713 5816 cdrom - ok
23:09:39.0775 5816 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
23:09:39.0775 5816 CertPropSvc - ok
23:09:39.0791 5816 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:09:39.0791 5816 circlass - ok
23:09:39.0838 5816 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
23:09:39.0838 5816 CLFS - ok
23:09:39.0916 5816 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:09:39.0931 5816 clr_optimization_v2.0.50727_32 - ok
23:09:39.0962 5816 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:09:39.0962 5816 clr_optimization_v2.0.50727_64 - ok
23:09:40.0025 5816 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:09:40.0134 5816 clr_optimization_v4.0.30319_32 - ok
23:09:40.0150 5816 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:09:40.0165 5816 clr_optimization_v4.0.30319_64 - ok
23:09:40.0165 5816 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:09:40.0165 5816 CmBatt - ok
23:09:40.0243 5816 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:09:40.0259 5816 cmdide - ok
23:09:40.0290 5816 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
23:09:40.0290 5816 CNG - ok
23:09:40.0306 5816 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:09:40.0306 5816 Compbatt - ok
23:09:40.0337 5816 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
23:09:40.0337 5816 CompositeBus - ok
23:09:40.0337 5816 COMSysApp - ok
23:09:40.0352 5816 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:09:40.0352 5816 crcdisk - ok
23:09:40.0368 5816 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:09:40.0368 5816 CryptSvc - ok
23:09:40.0430 5816 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
23:09:40.0446 5816 CSC - ok
23:09:40.0493 5816 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
23:09:40.0493 5816 CscService - ok
23:09:40.0555 5816 [ C7259495924D21F1AFA26467D9F4DAE0 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
23:09:40.0555 5816 dc3d - ok
23:09:40.0649 5816 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:09:40.0649 5816 DcomLaunch - ok
23:09:40.0758 5816 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
23:09:40.0758 5816 defragsvc - ok
23:09:40.0789 5816 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:09:40.0789 5816 DfsC - ok
23:09:40.0820 5816 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
23:09:40.0820 5816 Dhcp - ok
23:09:40.0836 5816 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
23:09:40.0836 5816 discache - ok
23:09:40.0883 5816 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:09:40.0883 5816 Disk - ok
23:09:41.0148 5816 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:09:41.0148 5816 Dnscache - ok
23:09:41.0444 5816 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:09:41.0444 5816 dot3svc - ok
23:09:41.0507 5816 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
23:09:41.0507 5816 DPS - ok
23:09:41.0554 5816 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:09:41.0554 5816 drmkaud - ok
23:09:41.0585 5816 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:09:41.0600 5816 DXGKrnl - ok
23:09:41.0616 5816 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
23:09:41.0616 5816 EapHost - ok
23:09:41.0663 5816 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
23:09:41.0835 5816 ebdrv - ok
23:09:41.0881 5816 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
23:09:41.0881 5816 EFS - ok
23:09:41.0944 5816 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:09:41.0959 5816 ehRecvr - ok
23:09:41.0975 5816 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
23:09:41.0975 5816 ehSched - ok
23:09:42.0006 5816 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:09:42.0006 5816 elxstor - ok
23:09:42.0053 5816 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:09:42.0053 5816 ErrDev - ok
23:09:42.0069 5816 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
23:09:42.0069 5816 EventSystem - ok
23:09:42.0100 5816 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
23:09:42.0115 5816 exfat - ok
23:09:42.0147 5816 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:09:42.0147 5816 fastfat - ok
23:09:42.0209 5816 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
23:09:42.0225 5816 Fax - ok
23:09:42.0240 5816 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:09:42.0256 5816 fdc - ok
23:09:42.0256 5816 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
23:09:42.0256 5816 fdPHost - ok
23:09:42.0271 5816 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
23:09:42.0271 5816 FDResPub - ok
23:09:42.0287 5816 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:09:42.0287 5816 FileInfo - ok
23:09:42.0303 5816 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:09:42.0303 5816 Filetrace - ok
23:09:42.0318 5816 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:09:42.0334 5816 flpydisk - ok
23:09:42.0381 5816 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:09:42.0381 5816 FltMgr - ok
23:09:42.0459 5816 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
23:09:42.0459 5816 FontCache - ok
23:09:42.0552 5816 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:09:42.0552 5816 FontCache3.0.0.0 - ok
23:09:42.0552 5816 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:09:42.0568 5816 FsDepends - ok
23:09:42.0630 5816 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:09:42.0630 5816 Fs_Rec - ok
23:09:42.0661 5816 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:09:42.0661 5816 fvevol - ok
23:09:42.0677 5816 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:09:42.0693 5816 gagp30kx - ok
23:09:42.0771 5816 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
23:09:42.0786 5816 gpsvc - ok
23:09:42.0864 5816 [ D8BF3C594BD17A37960362E6C6739B90 ] Hardlock C:\Windows\system32\drivers\hardlock.sys
23:09:42.0864 5816 Hardlock - ok
23:09:42.0880 5816 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:09:42.0880 5816 hcw85cir - ok
23:09:42.0942 5816 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:09:42.0958 5816 HdAudAddService - ok
23:09:42.0989 5816 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:09:42.0989 5816 HDAudBus - ok
23:09:43.0005 5816 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:09:43.0005 5816 HidBatt - ok
23:09:43.0020 5816 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:09:43.0020 5816 HidBth - ok
23:09:43.0020 5816 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:09:43.0020 5816 HidIr - ok
23:09:43.0036 5816 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
23:09:43.0036 5816 hidserv - ok
23:09:43.0083 5816 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:09:43.0083 5816 HidUsb - ok
23:09:43.0114 5816 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:09:43.0114 5816 hkmsvc - ok
23:09:43.0176 5816 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:09:43.0176 5816 HomeGroupListener - ok
23:09:43.0192 5816 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:09:43.0192 5816 HomeGroupProvider - ok
23:09:43.0317 5816 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:09:43.0317 5816 HpSAMD - ok
23:09:43.0379 5816 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:09:43.0379 5816 HTTP - ok
23:09:43.0504 5816 [ F78FF50C486D530504B7D2BB36B1ED22 ] HWiNFO32 C:\Program Files\HWiNFO64\HWiNFO64A.SYS
23:09:43.0504 5816 HWiNFO32 - ok
23:09:43.0551 5816 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:09:43.0551 5816 hwpolicy - ok
23:09:43.0582 5816 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:09:43.0582 5816 i8042prt - ok
23:09:43.0613 5816 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:09:43.0613 5816 iaStorV - ok
23:09:43.0691 5816 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:09:43.0707 5816 IDriverT - ok
23:09:43.0753 5816 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:09:43.0753 5816 idsvc - ok
23:09:43.0785 5816 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:09:43.0785 5816 iirsp - ok
23:09:43.0831 5816 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
23:09:43.0831 5816 IKEEXT - ok
23:09:43.0847 5816 IntcAzAudAddService - ok
23:09:43.0863 5816 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
23:09:43.0863 5816 intelide - ok
23:09:43.0878 5816 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:09:43.0878 5816 intelppm - ok
23:09:43.0894 5816 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:09:43.0894 5816 IPBusEnum - ok
23:09:43.0941 5816 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:09:43.0956 5816 IpFilterDriver - ok
23:09:43.0987 5816 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:09:44.0003 5816 iphlpsvc - ok
23:09:44.0019 5816 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:09:44.0019 5816 IPMIDRV - ok
23:09:44.0019 5816 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:09:44.0019 5816 IPNAT - ok
23:09:44.0050 5816 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:09:44.0050 5816 IRENUM - ok
23:09:44.0065 5816 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:09:44.0065 5816 isapnp - ok
23:09:44.0081 5816 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:09:44.0081 5816 iScsiPrt - ok
23:09:44.0112 5816 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:09:44.0112 5816 kbdclass - ok
23:09:44.0143 5816 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
23:09:44.0143 5816 kbdhid - ok
23:09:44.0143 5816 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
23:09:44.0143 5816 KeyIso - ok
23:09:44.0190 5816 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:09:44.0190 5816 KSecDD - ok
23:09:44.0221 5816 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:09:44.0221 5816 KSecPkg - ok
23:09:44.0237 5816 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:09:44.0237 5816 ksthunk - ok
23:09:44.0268 5816 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
23:09:44.0268 5816 KtmRm - ok
23:09:44.0284 5816 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
23:09:44.0284 5816 LanmanServer - ok
23:09:44.0315 5816 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:09:44.0315 5816 LanmanWorkstation - ok
23:09:44.0346 5816 Lbd - ok
23:09:44.0377 5816 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
23:09:44.0377 5816 LGBusEnum - ok
23:09:44.0393 5816 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
23:09:44.0393 5816 LGVirHid - ok
23:09:44.0409 5816 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:09:44.0409 5816 lltdio - ok
23:09:44.0455 5816 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:09:44.0455 5816 lltdsvc - ok
23:09:44.0471 5816 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:09:44.0471 5816 lmhosts - ok
23:09:44.0487 5816 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:09:44.0502 5816 LSI_FC - ok
23:09:44.0502 5816 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:09:44.0502 5816 LSI_SAS - ok
23:09:44.0518 5816 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:09:44.0533 5816 LSI_SAS2 - ok
23:09:44.0533 5816 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:09:44.0549 5816 LSI_SCSI - ok
23:09:44.0565 5816 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
23:09:44.0565 5816 luafv - ok
23:09:44.0596 5816 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:09:44.0596 5816 Mcx2Svc - ok
23:09:44.0627 5816 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:09:44.0627 5816 megasas - ok
23:09:44.0627 5816 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:09:44.0643 5816 MegaSR - ok
23:09:44.0658 5816 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
23:09:44.0658 5816 MMCSS - ok
23:09:44.0674 5816 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
23:09:44.0674 5816 Modem - ok
23:09:44.0689 5816 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:09:44.0705 5816 monitor - ok
23:09:44.0736 5816 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:09:44.0736 5816 mouclass - ok
23:09:44.0752 5816 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:09:44.0752 5816 mouhid - ok
23:09:44.0783 5816 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:09:44.0783 5816 mountmgr - ok
23:09:44.0814 5816 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
23:09:44.0830 5816 mpio - ok
23:09:44.0845 5816 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:09:44.0845 5816 mpsdrv - ok
23:09:44.0923 5816 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:09:44.0923 5816 MpsSvc - ok
23:09:44.0955 5816 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:09:44.0955 5816 MRxDAV - ok
23:09:44.0986 5816 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:09:44.0986 5816 mrxsmb - ok
23:09:45.0017 5816 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:09:45.0017 5816 mrxsmb10 - ok
23:09:45.0064 5816 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:09:45.0064 5816 mrxsmb20 - ok
23:09:45.0079 5816 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
23:09:45.0079 5816 msahci - ok
23:09:45.0142 5816 [ 8E46A7BAC823DD82D4FB2A34C3DF4C1D ] MSCSPTISRV C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
23:09:45.0142 5816 MSCSPTISRV - ok
23:09:45.0189 5816 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:09:45.0189 5816 msdsm - ok
23:09:45.0189 5816 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
23:09:45.0204 5816 MSDTC - ok
23:09:45.0220 5816 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:09:45.0220 5816 Msfs - ok
23:09:45.0235 5816 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:09:45.0235 5816 mshidkmdf - ok
23:09:45.0267 5816 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:09:45.0267 5816 msisadrv - ok
23:09:45.0282 5816 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:09:45.0282 5816 MSiSCSI - ok
23:09:45.0282 5816 msiserver - ok
23:09:45.0298 5816 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:09:45.0298 5816 MSKSSRV - ok
23:09:45.0313 5816 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:09:45.0313 5816 MSPCLOCK - ok
23:09:45.0329 5816 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:09:45.0329 5816 MSPQM - ok
23:09:45.0360 5816 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:09:45.0360 5816 MsRPC - ok
23:09:45.0376 5816 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
23:09:45.0376 5816 mssmbios - ok
23:09:45.0391 5816 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:09:45.0391 5816 MSTEE - ok
23:09:45.0407 5816 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:09:45.0407 5816 MTConfig - ok
23:09:45.0423 5816 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
23:09:45.0423 5816 Mup - ok
23:09:45.0485 5816 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
23:09:45.0485 5816 napagent - ok
23:09:45.0516 5816 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:09:45.0516 5816 NativeWifiP - ok
23:09:45.0610 5816 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:09:45.0610 5816 NDIS - ok
23:09:45.0641 5816 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:09:45.0641 5816 NdisCap - ok
23:09:45.0657 5816 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:09:45.0657 5816 NdisTapi - ok
23:09:45.0688 5816 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:09:45.0688 5816 Ndisuio - ok
23:09:45.0735 5816 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:09:45.0735 5816 NdisWan - ok
23:09:45.0750 5816 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:09:45.0750 5816 NDProxy - ok
23:09:45.0766 5816 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:09:45.0766 5816 NetBIOS - ok
23:09:45.0797 5816 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:09:45.0797 5816 NetBT - ok
23:09:45.0813 5816 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
23:09:45.0813 5816 Netlogon - ok
23:09:45.0844 5816 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
23:09:45.0844 5816 Netman - ok
23:09:45.0875 5816 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:09:45.0906 5816 NetMsmqActivator - ok
23:09:45.0906 5816 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:09:45.0922 5816 NetPipeActivator - ok
23:09:45.0937 5816 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
23:09:45.0937 5816 netprofm - ok
23:09:45.0937 5816 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:09:45.0937 5816 NetTcpActivator - ok
23:09:45.0953 5816 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:09:45.0953 5816 NetTcpPortSharing - ok
23:09:45.0969 5816 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:09:45.0969 5816 nfrd960 - ok
23:09:46.0000 5816 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:09:46.0000 5816 NlaSvc - ok
23:09:46.0015 5816 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:09:46.0015 5816 Npfs - ok
23:09:46.0031 5816 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
23:09:46.0031 5816 nsi - ok
23:09:46.0047 5816 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:09:46.0047 5816 nsiproxy - ok
23:09:46.0109 5816 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:09:46.0140 5816 Ntfs - ok
23:09:46.0203 5816 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
23:09:46.0203 5816 Null - ok
23:09:46.0265 5816 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
23:09:46.0265 5816 NVHDA - ok
23:09:46.0733 5816 [ BF7A24A71E1932200D864BC1CE15E596 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:09:46.0780 5816 nvlddmkm - ok
23:09:46.0827 5816 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:09:46.0842 5816 nvraid - ok
23:09:46.0905 5816 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:09:46.0905 5816 nvstor - ok
23:09:47.0029 5816 [ 43F91595049DE14C4B61D1E76436164F ] NVSvc C:\Windows\system32\nvvsvc.exe
23:09:47.0045 5816 NVSvc - ok
23:09:47.0154 5816 [ 322B69422836F97B76F4AA59B47507BA ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
23:09:47.0326 5816 nvUpdatusService - ok
23:09:47.0373 5816 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:09:47.0388 5816 nv_agp - ok
23:09:47.0419 5816 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:09:47.0419 5816 ohci1394 - ok
23:09:47.0435 5816 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:09:47.0451 5816 p2pimsvc - ok
23:09:47.0575 5816 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
23:09:47.0575 5816 p2psvc - ok
23:09:47.0638 5816 [ 753A8F339F231D2B857E2CCD51A6E6CA ] PACSPTISVR C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
23:09:47.0638 5816 PACSPTISVR - ok
23:09:47.0669 5816 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:09:47.0669 5816 Parport - ok
23:09:47.0700 5816 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:09:47.0700 5816 partmgr - ok
23:09:47.0716 5816 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:09:47.0716 5816 PcaSvc - ok
23:09:47.0747 5816 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
23:09:47.0763 5816 pci - ok
23:09:47.0763 5816 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
23:09:47.0763 5816 pciide - ok
23:09:47.0794 5816 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:09:47.0794 5816 pcmcia - ok
23:09:47.0809 5816 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
23:09:47.0809 5816 pcw - ok
23:09:47.0825 5816 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:09:47.0841 5816 PEAUTH - ok
23:09:47.0856 5816 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
23:09:47.0872 5816 PeerDistSvc - ok
23:09:47.0934 5816 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:09:47.0934 5816 PerfHost - ok
23:09:48.0168 5816 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
23:09:48.0184 5816 pla - ok
23:09:48.0246 5816 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:09:48.0246 5816 PlugPlay - ok
23:09:48.0277 5816 PnkBstrA - ok
23:09:48.0277 5816 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:09:48.0293 5816 PNRPAutoReg - ok
23:09:48.0293 5816 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:09:48.0293 5816 PNRPsvc - ok
23:09:48.0340 5816 [ 32D374C60778253B81FA76C2FE19E155 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
23:09:48.0355 5816 Point64 - ok
23:09:48.0387 5816 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:09:48.0387 5816 PolicyAgent - ok
23:09:48.0418 5816 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
23:09:48.0418 5816 Power - ok
23:09:48.0465 5816 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:09:48.0465 5816 PptpMiniport - ok
23:09:48.0465 5816 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:09:48.0465 5816 Processor - ok
23:09:48.0527 5816 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
23:09:48.0605 5816 ProfSvc - ok
23:09:48.0621 5816 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:09:48.0652 5816 ProtectedStorage - ok
23:09:48.0714 5816 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:09:48.0714 5816 Psched - ok
23:09:48.0761 5816 [ 5D6C8E778F0218FCD2CCA0EFBC9766CA ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
23:09:48.0761 5816 PxHlpa64 - ok
23:09:48.0808 5816 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:09:48.0870 5816 ql2300 - ok
23:09:48.0886 5816 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:09:48.0917 5816 ql40xx - ok
23:09:48.0948 5816 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
23:09:48.0948 5816 QWAVE - ok
23:09:48.0948 5816 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:09:48.0948 5816 QWAVEdrv - ok
23:09:48.0995 5816 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:09:48.0995 5816 RasAcd - ok
23:09:49.0011 5816 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:09:49.0042 5816 RasAgileVpn - ok
23:09:49.0057 5816 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
23:09:49.0104 5816 RasAuto - ok
23:09:49.0135 5816 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:09:49.0151 5816 Rasl2tp - ok
23:09:49.0182 5816 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
23:09:49.0198 5816 RasMan - ok
23:09:49.0213 5816 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:09:49.0213 5816 RasPppoe - ok
23:09:49.0229 5816 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:09:49.0229 5816 RasSstp - ok
23:09:49.0245 5816 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:09:49.0245 5816 rdbss - ok
23:09:49.0260 5816 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:09:49.0260 5816 rdpbus - ok
23:09:49.0260 5816 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:09:49.0260 5816 RDPCDD - ok
23:09:49.0307 5816 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
23:09:49.0307 5816 RDPDR - ok
23:09:49.0338 5816 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:09:49.0338 5816 RDPENCDD - ok
23:09:49.0338 5816 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:09:49.0338 5816 RDPREFMP - ok
23:09:49.0401 5816 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
23:09:49.0416 5816 RdpVideoMiniport - ok
23:09:49.0463 5816 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:09:49.0463 5816 RDPWD - ok
23:09:49.0510 5816 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:09:49.0525 5816 rdyboost - ok
23:09:49.0557 5816 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:09:49.0557 5816 RemoteAccess - ok
23:09:49.0588 5816 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:09:49.0588 5816 RemoteRegistry - ok
23:09:49.0588 5816 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:09:49.0603 5816 RpcEptMapper - ok
23:09:49.0619 5816 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
23:09:49.0619 5816 RpcLocator - ok
23:09:49.0681 5816 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
23:09:49.0681 5816 RpcSs - ok
23:09:49.0713 5816 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:09:49.0713 5816 rspndr - ok
23:09:49.0759 5816 [ 4FBDA07EF0A3097CE14C5CABF723B278 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
23:09:49.0759 5816 RTL8167 - ok
23:09:49.0806 5816 [ FC00C0DE6DC83DE1B2B01420E2195B21 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
23:09:49.0806 5816 RTL8192su - ok
23:09:49.0837 5816 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
23:09:49.0837 5816 s3cap - ok
23:09:49.0837 5816 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
23:09:49.0853 5816 SamSs - ok
23:09:49.0869 5816 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:09:49.0869 5816 sbp2port - ok
23:09:49.0884 5816 SBRE - ok
23:09:49.0900 5816 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Spybot - Search & Destroy\SDWinSec.exe
23:09:49.0915 5816 SBSDWSCService - ok
23:09:49.0915 5816 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:09:49.0931 5816 SCardSvr - ok
23:09:49.0947 5816 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:09:49.0947 5816 scfilter - ok
23:09:49.0993 5816 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
23:09:50.0009 5816 Schedule - ok
23:09:50.0056 5816 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:09:50.0056 5816 SCPolicySvc - ok
23:09:50.0134 5816 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:09:50.0149 5816 SDRSVC - ok
23:09:50.0165 5816 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:09:50.0165 5816 secdrv - ok
23:09:50.0196 5816 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
23:09:50.0196 5816 seclogon - ok
23:09:50.0196 5816 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
23:09:50.0196 5816 SENS - ok
23:09:50.0212 5816 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:09:50.0212 5816 SensrSvc - ok
23:09:50.0227 5816 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:09:50.0227 5816 Serenum - ok
23:09:50.0274 5816 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:09:50.0274 5816 Serial - ok
23:09:50.0305 5816 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:09:50.0305 5816 sermouse - ok
23:09:50.0337 5816 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
23:09:50.0337 5816 SessionEnv - ok
23:09:50.0493 5816 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:09:50.0493 5816 sffdisk - ok
23:09:50.0524 5816 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:09:50.0524 5816 sffp_mmc - ok
23:09:50.0524 5816 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:09:50.0524 5816 sffp_sd - ok
23:09:50.0539 5816 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:09:50.0539 5816 sfloppy - ok
23:09:50.0586 5816 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:09:50.0586 5816 SharedAccess - ok
23:09:50.0617 5816 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:09:50.0617 5816 ShellHWDetection - ok
23:09:50.0633 5816 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:09:50.0633 5816 SiSRaid2 - ok
23:09:50.0649 5816 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:09:50.0664 5816 SiSRaid4 - ok
23:09:50.0758 5816 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
23:09:50.0758 5816 SkypeUpdate - ok
23:09:50.0789 5816 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:09:50.0789 5816 Smb - ok
23:09:50.0805 5816 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:09:50.0805 5816 SNMPTRAP - ok
23:09:50.0820 5816 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
23:09:50.0820 5816 spldr - ok
23:09:50.0867 5816 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
23:09:50.0867 5816 Spooler - ok
23:09:50.0992 5816 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
23:09:51.0023 5816 sppsvc - ok
23:09:51.0039 5816 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:09:51.0039 5816 sppuinotify - ok
23:09:51.0163 5816 [ A15860E920B02C9A7CE8F3A6C2FF1E3A ] sptd C:\Windows\System32\Drivers\sptd.sys
23:09:51.0163 5816 sptd - ok
23:09:51.0210 5816 [ E3E6C96B0EF4492C3C8FD0DEEF4E35A1 ] SPTISRV C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
23:09:51.0210 5816 SPTISRV - ok
23:09:51.0241 5816 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
23:09:51.0257 5816 srv - ok
23:09:51.0304 5816 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:09:51.0304 5816 srv2 - ok
23:09:51.0351 5816 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:09:51.0351 5816 srvnet - ok
23:09:51.0382 5816 [ ED161B91FDF7EAA39469D72D463D5F4E ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
23:09:51.0397 5816 sscdbus - ok
23:09:51.0413 5816 [ 4CB09E77593DBD8D7AF33B37375CA715 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
23:09:51.0413 5816 sscdmdfl - ok
23:09:51.0429 5816 [ C7B4CF53497A6E5363F3439427663882 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
23:09:51.0429 5816 sscdmdm - ok
23:09:51.0460 5816 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:09:51.0460 5816 SSDPSRV - ok
23:09:51.0475 5816 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:09:51.0475 5816 SstpSvc - ok
23:09:51.0491 5816 StarOpen - ok
23:09:51.0507 5816 Steam Client Service - ok
23:09:51.0553 5816 [ A766CCAD980235FF34E7F8089D3175A3 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
23:09:51.0553 5816 Stereo Service - ok
23:09:51.0569 5816 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:09:51.0569 5816 stexstor - ok
23:09:51.0616 5816 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
23:09:51.0616 5816 stisvc - ok
23:09:51.0647 5816 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
23:09:51.0647 5816 storflt - ok
23:09:51.0663 5816 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
23:09:51.0663 5816 StorSvc - ok
23:09:51.0678 5816 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
23:09:51.0678 5816 storvsc - ok
23:09:51.0678 5816 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
23:09:51.0678 5816 swenum - ok
23:09:51.0725 5816 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
23:09:51.0725 5816 swprv - ok
23:09:51.0725 5816 Synth3dVsc - ok
23:09:51.0787 5816 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
23:09:51.0803 5816 SysMain - ok
23:09:51.0865 5816 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:09:51.0865 5816 TabletInputService - ok
23:09:51.0897 5816 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:09:51.0897 5816 TapiSrv - ok
23:09:51.0912 5816 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
23:09:51.0928 5816 TBS - ok
23:09:52.0021 5816 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:09:52.0053 5816 Tcpip - ok
23:09:52.0068 5816 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:09:52.0068 5816 TCPIP6 - ok
23:09:52.0115 5816 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:09:52.0115 5816 tcpipreg - ok
23:09:52.0115 5816 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:09:52.0115 5816 TDPIPE - ok
23:09:52.0146 5816 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:09:52.0146 5816 TDTCP - ok
23:09:52.0209 5816 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:09:52.0209 5816 tdx - ok
23:09:52.0224 5816 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
23:09:52.0240 5816 TermDD - ok
23:09:52.0287 5816 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
23:09:52.0302 5816 TermService - ok
23:09:52.0333 5816 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
23:09:52.0333 5816 Themes - ok
23:09:52.0365 5816 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
23:09:52.0365 5816 THREADORDER - ok
23:09:52.0396 5816 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
23:09:52.0396 5816 TrkWks - ok
23:09:52.0474 5816 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:09:52.0474 5816 TrustedInstaller - ok
23:09:52.0505 5816 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:09:52.0521 5816 tssecsrv - ok
23:09:52.0552 5816 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:09:52.0567 5816 TsUsbFlt - ok
23:09:52.0567 5816 tsusbhub - ok
23:09:52.0614 5816 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:09:52.0630 5816 tunnel - ok
23:09:52.0645 5816 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:09:52.0645 5816 uagp35 - ok
23:09:52.0677 5816 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:09:52.0677 5816 udfs - ok
23:09:52.0692 5816 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:09:52.0692 5816 UI0Detect - ok
23:09:52.0708 5816 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:09:52.0708 5816 uliagpkx - ok
23:09:52.0739 5816 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
23:09:52.0739 5816 umbus - ok
23:09:52.0755 5816 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:09:52.0755 5816 UmPass - ok
23:09:52.0786 5816 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
23:09:52.0786 5816 UmRdpService - ok
23:09:52.0801 5816 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
23:09:52.0801 5816 upnphost - ok
23:09:52.0833 5816 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:09:52.0848 5816 usbccgp - ok
23:09:52.0879 5816 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:09:52.0895 5816 usbcir - ok
23:09:52.0911 5816 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:09:52.0911 5816 usbehci - ok
23:09:52.0942 5816 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:09:52.0942 5816 usbhub - ok
23:09:52.0957 5816 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:09:52.0957 5816 usbohci - ok
23:09:52.0973 5816 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:09:52.0973 5816 usbprint - ok
23:09:52.0989 5816 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:09:52.0989 5816 USBSTOR - ok
23:09:52.0989 5816 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:09:52.0989 5816 usbuhci - ok
23:09:53.0004 5816 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
23:09:53.0004 5816 UxSms - ok
23:09:53.0020 5816 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
23:09:53.0020 5816 VaultSvc - ok
23:09:53.0020 5816 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:09:53.0020 5816 vdrvroot - ok
23:09:53.0082 5816 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
23:09:53.0082 5816 vds - ok
23:09:53.0113 5816 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:09:53.0129 5816 vga - ok
23:09:53.0129 5816 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
23:09:53.0129 5816 VgaSave - ok
23:09:53.0145 5816 VGPU - ok
23:09:53.0160 5816 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:09:53.0160 5816 vhdmp - ok
23:09:53.0191 5816 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
23:09:53.0207 5816 viaide - ok
23:09:53.0223 5816 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
23:09:53.0223 5816 vmbus - ok
23:09:53.0238 5816 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
23:09:53.0238 5816 VMBusHID - ok
23:09:53.0254 5816 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:09:53.0254 5816 volmgr - ok
23:09:53.0269 5816 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:09:53.0285 5816 volmgrx - ok
23:09:53.0285 5816 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:09:53.0316 5816 volsnap - ok
23:09:53.0332 5816 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:09:53.0332 5816 vsmraid - ok
23:09:53.0394 5816 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
23:09:53.0410 5816 VSS - ok
23:09:53.0519 5816 [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
23:09:53.0519 5816 vToolbarUpdater12.2.6 - ok
23:09:53.0535 5816 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
23:09:53.0535 5816 vwifibus - ok
23:09:53.0550 5816 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:09:53.0550 5816 vwififlt - ok
23:09:53.0566 5816 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
23:09:53.0566 5816 W32Time - ok
23:09:53.0581 5816 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:09:53.0581 5816 WacomPen - ok
23:09:53.0597 5816 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:09:53.0597 5816 WANARP - ok
23:09:53.0597 5816 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:09:53.0597 5816 Wanarpv6 - ok
23:09:53.0675 5816 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
23:09:53.0691 5816 WatAdminSvc - ok
23:09:53.0769 5816 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
23:09:53.0769 5816 wbengine - ok
23:09:53.0784 5816 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:09:53.0784 5816 WbioSrvc - ok
23:09:53.0831 5816 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:09:53.0831 5816 wcncsvc - ok
23:09:53.0847 5816 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:09:53.0847 5816 WcsPlugInService - ok
23:09:53.0862 5816 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:09:53.0862 5816 Wd - ok
23:09:53.0878 5816 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:09:53.0878 5816 Wdf01000 - ok
23:09:53.0893 5816 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:09:53.0893 5816 WdiServiceHost - ok
23:09:53.0893 5816 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:09:53.0909 5816 WdiSystemHost - ok
23:09:53.0940 5816 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
23:09:53.0940 5816 WebClient - ok
23:09:53.0956 5816 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:09:53.0956 5816 Wecsvc - ok
23:09:53.0971 5816 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:09:53.0971 5816 wercplsupport - ok
23:09:53.0987 5816 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
23:09:53.0987 5816 WerSvc - ok
23:09:54.0003 5816 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:09:54.0003 5816 WfpLwf - ok
23:09:54.0003 5816 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:09:54.0003 5816 WIMMount - ok
23:09:54.0018 5816 WinDefend - ok
23:09:54.0034 5816 WinHttpAutoProxySvc - ok
23:09:54.0065 5816 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:09:54.0065 5816 Winmgmt - ok
23:09:54.0205 5816 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
23:09:54.0221 5816 WinRM - ok
23:09:54.0283 5816 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
23:09:54.0283 5816 WinUsb - ok
23:09:54.0315 5816 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
23:09:54.0315 5816 Wlansvc - ok
23:09:54.0502 5816 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:09:54.0517 5816 wlidsvc - ok
23:09:54.0564 5816 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:09:54.0564 5816 WmiAcpi - ok
23:09:54.0580 5816 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:09:54.0580 5816 wmiApSrv - ok
23:09:54.0595 5816 WMPNetworkSvc - ok
23:09:54.0595 5816 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:09:54.0595 5816 WPCSvc - ok
23:09:54.0627 5816 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:09:54.0627 5816 WPDBusEnum - ok
23:09:54.0642 5816 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:09:54.0642 5816 ws2ifsl - ok
23:09:54.0673 5816 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
23:09:54.0673 5816 wscsvc - ok
23:09:54.0673 5816 WSearch - ok
23:09:54.0751 5816 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
23:09:54.0767 5816 wuauserv - ok
23:09:54.0783 5816 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:09:54.0783 5816 WudfPf - ok
23:09:54.0829 5816 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:09:54.0829 5816 WUDFRd - ok
23:09:54.0861 5816 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:09:54.0861 5816 wudfsvc - ok
23:09:54.0876 5816 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
23:09:54.0876 5816 WwanSvc - ok
23:09:54.0876 5816 ================ Scan global ===============================
23:09:54.0892 5816 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:09:54.0923 5816 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
23:09:54.0923 5816 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
23:09:54.0954 5816 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:09:55.0110 5816 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:09:55.0110 5816 [Global] - ok
23:09:55.0110 5816 ================ Scan MBR ==================================
23:09:55.0141 5816 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:09:56.0235 5816 \Device\Harddisk0\DR0 - ok
23:09:56.0251 5816 ================ Scan VBR ==================================
23:09:56.0251 5816 [ 56719953A3AE5BBE307BB85886A92C6E ] \Device\Harddisk0\DR0\Partition1
23:09:56.0251 5816 \Device\Harddisk0\DR0\Partition1 - ok
23:09:56.0267 5816 [ 40ECBAF276544AAA341E541589FED5AC ] \Device\Harddisk0\DR0\Partition2
23:09:56.0298 5816 \Device\Harddisk0\DR0\Partition2 - ok
23:09:56.0298 5816 ============================================================
23:09:56.0298 5816 Scan finished
23:09:56.0298 5816 ============================================================
23:09:56.0298 5808 Detected object count: 0
23:09:56.0298 5808 Actual detected object count: 0

aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-05 23:12:11
-----------------------------
23:12:11.446 OS Version: Windows x64 6.1.7601 Service Pack 1
23:12:11.446 Number of processors: 8 586 0x1A05
23:12:11.446 ComputerName: NIC-PC UserName: Bevans
23:12:13.583 Initialize success
23:13:49.525 AVAST engine defs: 12100501
23:13:54.548 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP6T0L0-c
23:13:54.548 Disk 0 Vendor: WDC_WD20EARS-00MVWB0 50.0AB50 Size: 1907729MB BusType: 3
23:13:54.564 Disk 0 MBR read successfully
23:13:54.564 Disk 0 MBR scan
23:13:54.564 Disk 0 Windows 7 default MBR code
23:13:54.564 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:13:54.579 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1907627 MB offset 206848
23:13:54.595 Disk 0 scanning C:\Windows\system32\drivers
23:14:03.924 Service scanning
23:14:22.909 Modules scanning
23:14:22.909 Disk 0 trace - called modules:
23:14:22.940 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80051cd2c0]<<sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
23:14:22.940 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80062b3790]
23:14:22.940 3 CLASSPNP.SYS[fffff88001a5943f] -> nt!IofCallDriver -> [0xfffffa8006089580]
23:14:22.956 5 ACPI.sys[fffff880011a47a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP6T0L0-c[0xfffffa80060a3680]
23:14:22.956 \Driver\atapi[0xfffffa800604b480] -> IRP_MJ_CREATE -> 0xfffffa80051cd2c0
23:14:25.592 AVAST engine scan C:\Windows
23:14:47.557 AVAST engine scan C:\Windows\system32
23:18:02.745 AVAST engine scan C:\Windows\system32\drivers
23:18:14.554 AVAST engine scan C:\Users\Bevans
23:19:27.000 AVAST engine scan C:\ProgramData
23:21:34.219 Scan finished successfully
23:22:39.754 Disk 0 MBR has been saved successfully to "C:\Users\Bevans\Desktop\MBR.dat"
23:22:39.754 The log file has been saved successfully to "C:\Users\Bevans\Desktop\aswMBR.txt"




Two things, however. In addition, I started this crusade of cleaning based on the fact I've been getting Blue Screened (More like Black Screened. A No Signal warning, followed by Keyboard and mouse lights going off and a reboot). I wouldn't ask, except that before we started this cleaning it was a 'once a week' style event, but now it's happened twice in an hour since I started rebooting. Do you think the following error is related? Or should I be looking elsewhere for answers on that?

Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.256.4
Locale ID: 3081

Additional information about the problem:
BCCode: 116
BCP1: FFFFFA80084C84E0
BCP2: FFFFF8800FD12004
BCP3: FFFFFFFFC000009A
BCP4: 0000000000000004
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1

Files that help describe the problem:
C:\Windows\Minidump\100512-43212-01.dmp
C:\Users\Bevans\AppData\Local\Temp\WER-112086-0.sysdata.xml

Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt

Also, for some reason, my desktop icons now appear scattered on the desktop when I reboot. Call it OCD, but the fact that they are arranged as thou the virus scanning software I removed from the desktop was still there is perplexing. Is this an expected outcome?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:13 PM

Posted 05 October 2012 - 09:02 AM

Greetings

At this time in the game it is hard to say if it is malware related - we have removed some heavy virus so I would like to know if you keep getting them

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Squidassist

Squidassist
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:43 AM

Posted 05 October 2012 - 09:14 AM

One log, for your viewing pleasure.

ComboFix

omboFix 12-10-04.02 - Bevans 05/10/2012 23:36:38.2.8 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.61.1033.18.6142.4431 [GMT 9.5:30]
Running from: c:\users\Bevans\Desktop\ComboFix.exe
Command switches used :: c:\users\Bevans\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-05 to 2012-10-05 )))))))))))))))))))))))))))))))
.
.
2012-10-05 14:10 . 2012-10-05 14:10 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-05 14:10 . 2012-10-05 14:10 -------- d-----w- c:\users\Nic\AppData\Local\temp
2012-10-05 14:10 . 2012-10-05 14:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-05 13:24 . 2012-10-05 13:24 -------- d-----w- c:\program files\Microsoft Device Center
2012-10-05 13:21 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-10-05 13:21 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-10-05 07:37 . 2012-10-05 07:37 -------- d-----w- c:\users\Bevans\AppData\Local\VirtualStore
2012-10-05 07:32 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-10-05 00:42 . 2012-10-05 00:42 -------- d-----w- c:\users\Bevans\AppData\Local\etax2012
2012-10-05 00:40 . 2012-10-05 00:41 -------- d-----w- c:\program files (x86)\etax2012
2012-10-04 07:09 . 2012-10-04 07:09 -------- d-----w- c:\program files\HWiNFO64
2012-10-01 18:37 . 2012-10-01 18:38 -------- d-----w- c:\users\Bevans\.gimp-2.6
2012-09-26 02:15 . 2012-09-26 02:22 -------- d-----w- c:\users\Bevans\AppData\Local\Ubisoft Game Launcher
2012-09-26 02:15 . 2012-10-03 13:52 -------- d-----w- c:\users\Bevans\AppData\Roaming\Might & Magic Heroes VI
2012-09-25 22:12 . 2012-09-25 22:12 -------- d-----w- c:\program files (x86)\Microsoft Games
2012-09-25 22:06 . 2012-09-25 22:06 -------- d-----w- c:\users\Bevans\AppData\Roaming\DAEMON Tools Lite
2012-09-20 13:33 . 2012-09-20 13:33 -------- d-----w- C:\temp
2012-09-14 22:43 . 2012-09-14 22:43 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-14 22:43 . 2012-09-14 22:43 -------- d-----w- c:\program files (x86)\Java
2012-09-12 13:42 . 2012-09-12 13:42 -------- d-----w- c:\users\Bevans\AppData\Roaming\six-zsync
2012-09-12 13:01 . 2012-09-18 00:58 -------- d-----w- c:\users\Bevans\AppData\Local\ArmA 2 OA
2012-09-12 13:01 . 2012-09-12 13:01 -------- d-----w- c:\users\Bevans\AppData\Local\ArmA 2
2012-09-12 12:57 . 2012-09-12 13:47 -------- d-----w- c:\users\Bevans\AppData\Local\Downloaded Installations
2012-09-08 12:08 . 2012-09-08 12:08 -------- d-----w- c:\users\Bevans\AppData\Roaming\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 07:28 . 2012-04-07 21:37 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-21 07:28 . 2011-05-19 00:36 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-14 22:43 . 2010-08-29 22:21 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-07 07:34 . 2010-08-29 13:40 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-04 00:21 . 2012-09-04 00:21 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-08-30 19:14 . 2012-06-27 23:51 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-08-30 19:14 . 2011-12-31 08:22 14879080 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-08-30 19:14 . 2011-12-31 08:22 12465512 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-08-30 19:14 . 2011-12-31 08:22 15291752 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-08-30 19:14 . 2011-12-31 08:22 2725224 ----a-w- c:\windows\system32\nvapi64.dll
2012-08-30 16:18 . 2011-03-25 12:32 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-08-30 16:18 . 2011-03-25 12:32 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-08-30 16:18 . 2011-03-25 12:32 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-08-30 16:18 . 2011-03-25 12:31 3266920 ----a-w- c:\windows\system32\nvsvc64.dll
2012-08-30 16:17 . 2011-03-25 12:32 6198120 ----a-w- c:\windows\system32\nvcpl.dll
2012-08-30 15:13 . 2010-08-29 11:54 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-30 01:10 . 2012-08-30 01:10 429416 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-08-24 06:13 . 2012-08-24 06:13 384352 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-07-25 17:51 . 2012-07-25 17:51 291680 ----a-w- c:\windows\system32\drivers\avgldx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\steam\steam.exe" [2012-08-04 1353080]
"KGShareApp"="c:\program files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-06-26 394752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-30 2596984]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-12 5167736]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-11-10 10567680]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-11-10 325632]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-01-06 676864]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-29 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-18 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-30 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2006-10-17 52760]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-25 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-04 31080]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\HWiNFO64\HWiNFO64A.SYS [2012-05-10 30592]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys [2006-12-13 65024]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 204288]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-13 193288]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-30 1258856]
S2 SBSDWSCService;SBSD Security Center Service;c:\spybot - search & destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-04 722528]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2012-05-27 52320]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-07-03 189288]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-26 46176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-22 347680]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 27736912
*NewlyCreated* - ASWMBR
*Deregistered* - 27736912
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 07:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 415816]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-02-18 4271688]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-02-18 2093128]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-26 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-26 2004584]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-BattlEye for A2 - c:\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe
AddRemove-Francesco's leveled creatures-items mod_is1 - c:\steam\steamapps\common\oblivion\data\Francesco's mod\Unistall data\Main files\unins000.exe
AddRemove-Half-Life Dedicated Server Update Tool - c:\steam\DEDICA~1\UNWISE.EXE
AddRemove-Oblivion mod manager_is1 - c:\steam\steamapps\common\oblivion\obmm\uninstall\unins000.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{5CD9D26B-14DF-4A57-8668-40A4DC44A474}_is1 - c:\steam\steamapps\common\vampire the masquerade - bloodlines\Vampire\unins000.exe
AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files (x86)\Common Files\BioWare\Uninstall Mass Effect 2.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-05 23:42:25
ComboFix-quarantined-files.txt 2012-10-05 14:12
ComboFix2.txt 2012-10-05 07:27
.
Pre-Run: 1,228,031,438,848 bytes free
Post-Run: 1,228,148,109,312 bytes free
.
- - End Of File - - 6858541CE7C88D426258D2E10D093C2F




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users