Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win64.ZAccess.a


  • This topic is locked This topic is locked
36 replies to this topic

#1 jamiev

jamiev

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 18 October 2012 - 05:10 AM

Hello

My computer has contracted this virus, currently located in the system32 folder. AVG has detected it, but cannot shift it, please help

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 AM

Posted 18 October 2012 - 07:25 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jamiev

jamiev
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 19 October 2012 - 02:26 AM

Thank you for your help, before is the information you requested

DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by Jamie at 8:22:39 on 2012-10-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.5806.3379 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\AirPrint\airprint.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe
C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Roxio 2011\5.0\CPMonitor.exe
C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Users\Jamie\Downloads\SecurityCheck.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Defrag.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.atcomet.com/m/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01
uURLSearchHooks: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
mURLSearchHooks: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe"
mRun: [CPMonitor] "C:\Program Files (x86)\Roxio 2011\5.0\CPMonitor.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
StartupFolder: C:\Users\Jamie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BUFFAL~1.LNK - C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
StartupFolder: C:\Users\Jamie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NASSCH~1.LNK - C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{BBCE7B56-C63D-4DB8-8446-FE4788877563} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{EB67E911-867D-4C13-AE00-E3C7ECA0A89B} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{EB67E911-867D-4C13-AE00-E3C7ECA0A89B}\2456C6B696E6F5E4F5144435C4F5832343341364 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{EB67E911-867D-4C13-AE00-E3C7ECA0A89B}\35B4956453736333 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{EB67E911-867D-4C13-AE00-E3C7ECA0A89B}\E4054555B4 : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
mASetup: {9C450606-ED24-4958-92BA-B8940C99D441} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\8isxm8ym.default\
FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid={B978E409-4BBF-49D3-88AB-9E6C7141D38B}&mid=314e3eb9e57e2d0327db25c38bb924a8-d19f4c6e0b84ce63569c0020b6bce5d75f9b85a0&lang=en&ds=AVG&pr=fr&d=2012-05-22 20:43:58&v=12.2.5.32&sap=ku&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nprpjplug.dll
FF - plugin: C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\8isxm8ym.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Jamie\AppData\Roaming\Mozilla\plugins\npPxPlay.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-1-21 55856]
R0 Sahdad64;HDD Filter Driver;C:\Windows\System32\drivers\Sahdad64.sys [2010-12-11 27120]
R0 Saibad64;Volume Filter Driver;C:\Windows\System32\drivers\Saibad64.sys [2010-12-11 19952]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-7-26 291680]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-5 31080]
R1 SaibVdAd64;Virtual Disk Driver;C:\Windows\System32\drivers\SaibVdAd64.sys [2010-12-11 27632]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-6-2 457200]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AirPrint;AirPrint;C:\Program Files (x86)\AirPrint\airprint.exe -s --> C:\Program Files (x86)\AirPrint\airprint.exe -s [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 BOT4Service;BOT4Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-7-14 32240]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-25 13336]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-3 33672]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2011-11-3 827520]
R2 NasPmService;NAS PM Service;C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 --> C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 [?]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\SONY\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2009-12-25 93696]
R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsne64.sys [2009-12-25 75776]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2009-10-30 1353544]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2010-1-21 104960]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-25 2320920]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-9-14 642416]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-2-19 529776]
R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-2-19 386416]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-9-5 722528]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2010-1-21 19968]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-12-25 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-12-25 151936]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-6-1 244736]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2009-12-25 11392]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
R3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-1-21 571248]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-11-28 44736]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-1-13 1256040]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-12-25 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-21 133104]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-8-31 362992]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-7-16 354288]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-17 250808]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2009-12-25 52264]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-12-25 35104]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\System32\drivers\ewusbnet.sys [2010-8-31 132608]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-23 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-21 133104]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
S3 hwusbdev;Huawei DataCard USB PNP Device;C:\Windows\System32\drivers\ewusbdev.sys [2010-9-10 114560]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-8 114144]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-8-31 313840]
S3 RoxMediaDB13;RoxMediaDB13;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-7-16 1099248]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-1-21 120104]
S3 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2010-1-21 70952]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-1-21 427304]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-1-21 75048]
S3 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2010-1-21 91432]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-27 59392]
S3 TVICHW64;TVICHW64;C:\Windows\System32\drivers\TVicHW64.sys [2010-9-11 21200]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-2-19 115568]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-4 1255736]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\System32\drivers\WSDPrint.sys [2009-7-14 23040]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-10-18 10:45:32 -------- d-----w- C:\Program Files (x86)\Intelore
2012-10-18 10:15:11 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-18 10:13:59 -------- d-----w- C:\Users\Jamie\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
2012-10-18 07:18:10 -------- d-----w- C:\Users\Jamie\AppData\Local\Macromedia
2012-10-17 10:36:46 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-16 19:33:56 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-10-16 16:22:56 220160 ----a-w- C:\ProgramData\Microsoft\Media Tools\temp\tmpAA36.tmp
2012-10-15 07:22:34 220160 ----a-w- C:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll
2012-10-15 07:22:22 -------- d-----w- C:\Program Files (x86)\Mega Codec Pack
2012-10-12 19:29:02 -------- d-----w- C:\Users\Jamie\sdk tools
2012-10-12 19:26:54 -------- d-----w- C:\Users\Jamie\AppData\Local\Htc
2012-10-12 19:26:16 -------- d-----w- C:\Users\Jamie\AppData\Roaming\HTC
2012-10-12 19:24:48 -------- d-----w- C:\Users\Jamie\AppData\Local\Downloaded Installations
2012-10-12 19:24:26 -------- d-----w- C:\Program Files (x86)\Spirent Communications
2012-10-12 19:24:10 -------- d-----w- C:\Program Files (x86)\HTC
2012-09-20 20:07:28 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-09-20 20:06:40 -------- d-----w- C:\Program Files\iPod
2012-09-20 20:06:38 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-20 20:06:38 -------- d-----w- C:\Program Files\iTunes
2012-09-20 20:06:38 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M ====================
.
2012-10-17 11:40:22 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-05 19:57:36 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-08-24 14:43:16 384352 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-08-21 12:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 12:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-07-26 02:21:28 291680 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
.
============= FINISH: 8:23:40.36 ===============

VAIO Care
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Intelligent Network Service Manager
VAIO Content Metadata Manager Settings
VAIO Content Metadata XML Interface Library
VAIO Content Monitoring Settings
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data
VAIO Entertainment Platform
VAIO Event Service
VAIO Gate
VAIO Gate Default
VAIO Hardware Diagnostics
VAIO Marketing Tools
VAIO Media plus
VAIO Media plus Opening Movie
VAIO Movie Story MergeModules x64
VAIO Movie Story Template Data
VAIO Original Function Settings
VAIO Personalization Manager
VAIO Power Management
VAIO Premium Partners
VAIO Quick Web Access
VAIO Smart Network
VAIO Transfer Support
VAIO Update
VAIO Update Merge Module x64
VAIO Wallpaper Contents
VC 9.0 Runtime
VD64Inst
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.7
VU5x64
VU5x86
WIDCOMM Bluetooth Software
WinArchiver
Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
Windows Essentials Media Codec Pack 3.0
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
Wondershare PPT2DVD 3.9.0.223
ZoneAlarm Firewall
ZoneAlarm Free Firewall
ZoneAlarm Security
.
==== Event Viewer Messages From Past Week ========
.
19/10/2012 08:14:52, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
19/10/2012 08:14:52, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
19/10/2012 08:11:28, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
19/10/2012 08:10:36, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
19/10/2012 08:10:25, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.
19/10/2012 08:09:55, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect.
18/10/2012 08:22:00, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
16/10/2012 20:27:16, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff80003299766). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101612-60278-01.
.
==== End Of File ===========================

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
TuneUp Utilities
TuneUp Utilities Language Pack (en-US)
meta-iPod, the iTunes Cleaner 1.8
Java™ 6 Update 32
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
Mozilla Firefox (15.0.1)
Mozilla Thunderbird 11.0.1 Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm zatray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


Thank you

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 AM

Posted 19 October 2012 - 07:47 AM

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 jamiev

jamiev
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 21 October 2012 - 10:23 AM

Hello

This is the ADWCLEANER report

# AdwCleaner v2.005 - Logfile created 10/19/2012 at 16:17:25
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Jamie - JAMIE-VAIO
# Boot Mode : Normal
# Running from : C:\Users\Jamie\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Jamie\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\8isxm8ym.default\searchplugins\Askcom.xml
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ConduitEngine
Folder Deleted : C:\Program Files (x86)\NCH_EN
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\Jamie\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Jamie\AppData\Local\Conduit
Folder Deleted : C:\Users\Jamie\AppData\Local\Temp\avg@toolbar
Folder Deleted : C:\Users\Jamie\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Jamie\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Jamie\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Jamie\AppData\LocalLow\NCH_EN
Folder Deleted : C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\8isxm8ym.default\Conduit
Folder Deleted : C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\8isxm8ym.default\CT2801948
Folder Deleted : C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\8isxm8ym.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\NCH_EN
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{37483B40-C254-4A72-BDA4-22EE90182C1E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37483B40-C254-4A72-BDA4-22EE90182C1E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2801948
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{15EB4C29-4EDB-4A4D-915F-2481FE5319C3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\NCH_EN
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{15EB4C29-4EDB-4A4D-915F-2481FE5319C3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{37483B40-C254-4A72-BDA4-22EE90182C1E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{276CF3D3-E3EA-4D99-90D4-2173ED64482F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E9C7F0E-CCC5-4E2E-8BB4-CBD90342BFA4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D244BD21-ED73-490C-A709-19DBD7F16CBF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37483B40-C254-4A72-BDA4-22EE90182C1E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\NCH_EN Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{37483B40-C254-4A72-BDA4-22EE90182C1E}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{37483B40-C254-4A72-BDA4-22EE90182C1E}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{37483B40-C254-4A72-BDA4-22EE90182C1E}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-GB)

Profile name : default
File : C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\8isxm8ym.default\prefs.js

C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\8isxm8ym.default\user.js ... Deleted !

Deleted : user_pref("CT2801948..clientLogIsEnabled", true);
Deleted : user_pref("CT2801948..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2801948..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2801948.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2801948.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2801948.AppTrackingLastCheckTime", "Sat Apr 02 2011 13:49:25 GMT+0100 (GMT Daylight Tim[...]
Deleted : user_pref("CT2801948.BrowserCompStateIsOpen_129797777221477754", true);
Deleted : user_pref("CT2801948.BrowserCompStateIsOpen_129799503686523541", true);
Deleted : user_pref("CT2801948.BrowserCompStateIsOpen_129815072111847605", true);
Deleted : user_pref("CT2801948.CTID", "CT2801948");
Deleted : user_pref("CT2801948.CurrentServerDate", "19-10-2012");
Deleted : user_pref("CT2801948.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2801948.DialogsGetterLastCheckTime", "Tue Oct 16 2012 16:35:35 GMT+0100 (GMT Daylight T[...]
Deleted : user_pref("CT2801948.DownloadReferralCookieData", "");
Deleted : user_pref("CT2801948.EMailNotifierPollDate", "Fri Apr 01 2011 12:03:53 GMT+0100 (GMT Daylight Time)"[...]
Deleted : user_pref("CT2801948.FirstServerDate", "1-4-2011");
Deleted : user_pref("CT2801948.FirstTime", true);
Deleted : user_pref("CT2801948.FirstTimeFF3", true);
Deleted : user_pref("CT2801948.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2801948.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2801948.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2801948.HasUserGlobalKeys", true);
Deleted : user_pref("CT2801948.Initialize", true);
Deleted : user_pref("CT2801948.InitializeCommonPrefs", true);
Deleted : user_pref("CT2801948.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2801948.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2801948.InstalledDate", "Fri Apr 01 2011 12:03:53 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2801948.InvalidateCache", false);
Deleted : user_pref("CT2801948.IsGrouping", false);
Deleted : user_pref("CT2801948.IsMulticommunity", false);
Deleted : user_pref("CT2801948.IsOpenThankYouPage", true);
Deleted : user_pref("CT2801948.IsOpenUninstallPage", true);
Deleted : user_pref("CT2801948.LanguagePackLastCheckTime", "Fri Oct 19 2012 08:17:15 GMT+0100 (GMT Daylight Ti[...]
Deleted : user_pref("CT2801948.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2801948.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2801948.LastLogin_3.12.0.7", "Tue Apr 24 2012 14:12:36 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2801948.LastLogin_3.12.2.3", "Wed Jun 20 2012 19:10:16 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2801948.LastLogin_3.13.0.6", "Fri Jul 20 2012 22:18:44 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2801948.LastLogin_3.14.1.0", "Thu Aug 23 2012 17:27:31 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2801948.LastLogin_3.15.1.0", "Fri Oct 19 2012 16:04:47 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2801948.LastLogin_3.3.3.2", "Fri Apr 01 2011 12:03:53 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2801948.LatestVersion", "3.15.1.0");
Deleted : user_pref("CT2801948.Locale", "en-us");
Deleted : user_pref("CT2801948.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2801948.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2801948.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2801948.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2801948.RadioIsPodcast", false);
Deleted : user_pref("CT2801948.RadioLastCheckTime", "Sat Apr 02 2011 13:49:25 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2801948.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2801948.RadioLastUpdateServer", "129307496595170000");
Deleted : user_pref("CT2801948.RadioMediaID", "21435220");
Deleted : user_pref("CT2801948.RadioMediaType", "Media Player");
Deleted : user_pref("CT2801948.RadioMenuSelectedID", "EBRadioMenu_CT280194821435220");
Deleted : user_pref("CT2801948.RadioStationName", "Virgin%20Radio%20Classic%20Rock");
Deleted : user_pref("CT2801948.RadioStationURL", "hxxp://www.smgradio.com/core/audio/wmp/live.asx?service=vcbb[...]
Deleted : user_pref("CT2801948.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2801948.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT280[...]
Deleted : user_pref("CT2801948.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2801948.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2801948.SearchInNewTabLastCheckTime", "Fri Oct 19 2012 08:17:14 GMT+0100 (GMT Daylight [...]
Deleted : user_pref("CT2801948.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2801948.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2801948.ServiceMapLastCheckTime", "Fri Oct 19 2012 08:17:14 GMT+0100 (GMT Daylight Time[...]
Deleted : user_pref("CT2801948.SettingsLastCheckTime", "Fri Oct 19 2012 16:04:46 GMT+0100 (GMT Daylight Time)"[...]
Deleted : user_pref("CT2801948.SettingsLastUpdate", "1350318800");
Deleted : user_pref("CT2801948.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2801948.ThirdPartyComponentsLastCheck", "Fri Apr 01 2011 12:03:51 GMT+0100 (GMT Dayligh[...]
Deleted : user_pref("CT2801948.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2801948.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2801948.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2801948");
Deleted : user_pref("CT2801948.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2801948.UserID", "UN99353510033321898");
Deleted : user_pref("CT2801948.alertChannelId", "1194029");
Deleted : user_pref("CT2801948.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2801948.globalFirstTimeInfoLastCheckTime", "Sat Apr 02 2011 13:49:25 GMT+0100 (GMT Dayl[...]
Deleted : user_pref("CT2801948.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2801948.initDone", true);
Deleted : user_pref("CT2801948.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2801948.myStuffEnabled", true);
Deleted : user_pref("CT2801948.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2801948.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2801948.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2801948.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2801948.revertSettingsEnabled", true);
Deleted : user_pref("CT2801948.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2801948.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2801948.testingCtid", "");
Deleted : user_pref("CT2801948.toolbarAppMetaDataLastCheckTime", "Fri Oct 19 2012 08:17:14 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT2801948.toolbarContextMenuLastCheckTime", "Fri Apr 01 2011 12:03:54 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT2801948.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2801948/CT2801948[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1194029/1189706/UK", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/UK", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2801948", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2801948",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2801948/CT2801948[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/idel.gif", "[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/minimize.gif[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/play.gif", "[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/stop.gif", "[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/vol.gif", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", false);
Deleted : user_pref("CommunityToolbar.EngineOwner", "");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{37483b40-c254-4a72-bda4-22ee90182c1e}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "nch_en");
Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2801948");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{37483b40-c254-4a72-bda4-22ee90182c1e}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "nch_en");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2801948");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2801948");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri Apr 01 2011 12:03:57 GMT+01[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Jun 19 2011 08:11:42 GMT+0100 (GMT D[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 0);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jul 01 2011 18:00:01 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "{7a7f66dc-c0b6-4192-ae05-bcc867f2830a}");
Deleted : user_pref("CommunityToolbar.globalUserId", "25a7ef13-5d41-4a27-93b0-00a7430446b4");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.killedEngine", true);
Deleted : user_pref("CommunityToolbar.undefined", "");
Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\12.2.5.32");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid={B978E409-4BBF-49D3-88AB-9E6C7141D38B}&[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [23266 octets] - [19/10/2012 16:17:25]

########## EOF - C:\AdwCleaner[S2].txt - [23327 octets] ##########

The roguekiller program does not work however and the scaning stage does not end. The program has been running for 8+ hours now with nothing changing

Thank you for your help with this

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 AM

Posted 21 October 2012 - 01:17 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 jamiev

jamiev
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 22 October 2012 - 12:29 PM

Hello

Im sorry but combofix doesnt work. I get as far as starting the program and it stalls on Output folder: C:\32788R22FWJFW. I have not touchs computer, turned off anti virus and firewall while this takes place

Delete file: C:\32788R22FWJFW\023.dat
Delete file: C:\32788R22FWJFW\023v.dat
Delete file: C:\32788R22FWJFW\023w7.dat
Delete file: C:\32788R22FWJFW\ActiveDrv.vbs
Delete file: C:\32788R22FWJFW\AppDataFile.cfx
Delete file: C:\32788R22FWJFW\AppDataFolder.cfx
Delete file: C:\32788R22FWJFW\appinit.bad
Delete file: C:\32788R22FWJFW\asp.str
Delete file: C:\32788R22FWJFW\Assoc.cmd
Delete file: C:\32788R22FWJFW\Auto-RC.cmd
Delete file: C:\32788R22FWJFW\av.cmd
Delete file: C:\32788R22FWJFW\av.vbs
Delete file: C:\32788R22FWJFW\AWF.cmd
Delete file: C:\32788R22FWJFW\badclsid.c
Delete file: C:\32788R22FWJFW\BFE.dat
Delete file: C:\32788R22FWJFW\Boot-Rk.cmd
Delete file: C:\32788R22FWJFW\Boot.bat
Delete file: C:\32788R22FWJFW\BootDrv.vbs
Delete file: C:\32788R22FWJFW\c.bat
Delete file: C:\32788R22FWJFW\Catch-sub.cmd
Delete file: C:\32788R22FWJFW\catchme.3XE
Delete file: C:\32788R22FWJFW\CF-Script.cmd
Delete file: C:\32788R22FWJFW\clsid.c
Delete file: C:\32788R22FWJFW\Combo-Fix.sys
Delete file: C:\32788R22FWJFW\Combobatch.bat
Delete file: C:\32788R22FWJFW\ComboFix-Download.3XE
Delete file: C:\32788R22FWJFW\Create.cmd
Delete file: C:\32788R22FWJFW\Creg.dat
Delete file: C:\32788R22FWJFW\CregC.cmd
Delete file: C:\32788R22FWJFW\CregC.dat
Delete file: C:\32788R22FWJFW\dd.3XE
Delete file: C:\32788R22FWJFW\ddsDo.sed
Delete file: C:\32788R22FWJFW\DelClsid.bat
Delete file: C:\32788R22FWJFW\DelClsid64.bat
Delete file: C:\32788R22FWJFW\DesktopFile.cfx
Delete file: C:\32788R22FWJFW\Dnl.dat
Delete file: C:\32788R22FWJFW\DPF.str
Delete file: C:\32788R22FWJFW\DrvRun.vbs
Delete file: C:\32788R22FWJFW\dumphive.3XE
Delete file: C:\32788R22FWJFW\embedded.sed
Delete file: C:\32788R22FWJFW\EN-US\iexplore.exe
Remove folder: C:\32788R22FWJFW\EN-US\
Delete file: C:\32788R22FWJFW\ERDNT.e_e
Delete file: C:\32788R22FWJFW\ERDNTDOS.LOC
Delete file: C:\32788R22FWJFW\ERDNTWIN.LOC
Delete file: C:\32788R22FWJFW\ERUNT.3XE
Delete file: C:\32788R22FWJFW\ERUNT.LOC
Delete file: C:\32788R22FWJFW\Exe.reg
Delete file: C:\32788R22FWJFW\extract.3XE
Delete file: C:\32788R22FWJFW\FavoriteFolder.cfx
Delete file: C:\32788R22FWJFW\FavoritesFile.cfx
Delete file: C:\32788R22FWJFW\FD-SV.cmd
Delete file: C:\32788R22FWJFW\ffdefstr.dll
Delete file: C:\32788R22FWJFW\ffext.pif
Delete file: C:\32788R22FWJFW\FileKill.3XE
Delete file: C:\32788R22FWJFW\files.pif
Delete file: C:\32788R22FWJFW\Fin.dat
Delete file: C:\32788R22FWJFW\FIND3M.bat
Delete file: C:\32788R22FWJFW\firefox.exe
Delete file: C:\32788R22FWJFW\FIXLSP.bat
Delete file: C:\32788R22FWJFW\FIXLSP64.cmd
Delete file: C:\32788R22FWJFW\FKMGen.cmd
Delete file: C:\32788R22FWJFW\fl0.bat
Delete file: C:\32788R22FWJFW\GetHive.cmd
Delete file: C:\32788R22FWJFW\grep.3XE
Delete file: C:\32788R22FWJFW\gsar.3XE
Delete file: C:\32788R22FWJFW\handle.3XE
Delete file: C:\32788R22FWJFW\hidec.3XE
Delete file: C:\32788R22FWJFW\history.bat
Delete file: C:\32788R22FWJFW\hwid.pif
Delete file: C:\32788R22FWJFW\iexplore.exe
Delete file: C:\32788R22FWJFW\image001.gif
Delete file: C:\32788R22FWJFW\Imefile.dat
Delete file: C:\32788R22FWJFW\Install-RC.cmd
Delete file: C:\32788R22FWJFW\iphlpsvc.vista.dat
Delete file: C:\32788R22FWJFW\iphlpsvc.w7.dat
Delete file: C:\32788R22FWJFW\katch.cmd
Delete file: C:\32788R22FWJFW\Kill-All.cmd
Delete file: C:\32788R22FWJFW\KNetSvcs.vbs
Delete file: C:\32788R22FWJFW\Ksvchost.vbs
Delete file: C:\32788R22FWJFW\Lang.bat
Delete file: C:\32788R22FWJFW\License\Curl - license.txt
Delete file: C:\32788R22FWJFW\License\dumphive-license.txt
Delete file: C:\32788R22FWJFW\License\EXTRACT.TXT
Delete file: C:\32788R22FWJFW\License\FI - license.txt
Delete file: C:\32788R22FWJFW\License\firefox.exe
Delete file: C:\32788R22FWJFW\License\iexplore.exe
Delete file: C:\32788R22FWJFW\License\mtee.txt
Delete file: C:\32788R22FWJFW\License\ncmd.cfxxe
Delete file: C:\32788R22FWJFW\License\pv_5_2_2.zip
Delete file: C:\32788R22FWJFW\License\streamtools.zip
Delete file: C:\32788R22FWJFW\License\UnxUtilsDist.com
Delete file: C:\32788R22FWJFW\License\UnxUtilsDist.html
Delete file: C:\32788R22FWJFW\License\UnxUtilsDist.pif
Delete file: C:\32788R22FWJFW\License\Zip - license.txt
Remove folder: C:\32788R22FWJFW\License\
Delete file: C:\32788R22FWJFW\List-B.bat
Delete file: C:\32788R22FWJFW\List-C.bat
Delete file: C:\32788R22FWJFW\List-D.bat
Delete file: C:\32788R22FWJFW\List.bat
Delete file: C:\32788R22FWJFW\lnkread.vbs
Delete file: C:\32788R22FWJFW\LocalAppDataFile.cfx
Delete file: C:\32788R22FWJFW\LocalAppDataFolder.cfx
Delete file: C:\32788R22FWJFW\LocalService.dat
Delete file: C:\32788R22FWJFW\LocalServiceNetworkRestricted.dat
Delete file: C:\32788R22FWJFW\LocalSettingsFile.cfx
Delete file: C:\32788R22FWJFW\LocalSystemNetworkRestricted.dat
Delete file: C:\32788R22FWJFW\mbr.3XE
Delete file: C:\32788R22FWJFW\mbr.chk
Delete file: C:\32788R22FWJFW\md5sum.pif
Delete file: C:\32788R22FWJFW\md5sum00.pif
Delete file: C:\32788R22FWJFW\MDWht.dat
Delete file: C:\32788R22FWJFW\MoveIt.bat
Delete file: C:\32788R22FWJFW\MpsSvc.dat
Delete file: C:\32788R22FWJFW\mtee.3XE
Delete file: C:\32788R22FWJFW\mynul.dat
Delete file: C:\32788R22FWJFW\ncmd.com
Delete file: C:\32788R22FWJFW\ndis_combofix.dat
Delete file: C:\32788R22FWJFW\ND_.bat
Delete file: C:\32788R22FWJFW\ND_64.bat
Delete file: C:\32788R22FWJFW\netsvc.bad.dat
Delete file: C:\32788R22FWJFW\netsvc.dat
Delete file: C:\32788R22FWJFW\netsvc.vista.dat
Delete file: C:\32788R22FWJFW\netsvc.xp.dat
Delete file: C:\32788R22FWJFW\NetworkService.dat
Delete file: C:\32788R22FWJFW\nir.pif
Delete file: C:\32788R22FWJFW\NirCmd.3XE
Delete file: C:\32788R22FWJFW\NirCmd.chm
Delete file: C:\32788R22FWJFW\NirCmdC.3XE
Delete file: C:\32788R22FWJFW\NirScript.dat
Delete file: C:\32788R22FWJFW\NT-OS.cmd
Remove folder: C:\32788R22FWJFW\N_\
Delete file: C:\32788R22FWJFW\OSid.vbs
Delete file: C:\32788R22FWJFW\P.cmd
Delete file: C:\32788R22FWJFW\pausep.3XE
Delete file: C:\32788R22FWJFW\PersonalFile.cfx
Delete file: C:\32788R22FWJFW\PersonalFolder.cfx
Delete file: C:\32788R22FWJFW\pev.3XE
Delete file: C:\32788R22FWJFW\pevb.3XE
Delete file: C:\32788R22FWJFW\Policies.dat
Delete file: C:\32788R22FWJFW\powp.dat
Delete file: C:\32788R22FWJFW\Prep.inf
Delete file: C:\32788R22FWJFW\ProfilesFile.cfx
Delete file: C:\32788R22FWJFW\ProfilesFolder.cfx
Delete file: C:\32788R22FWJFW\ProgramsFile.cfx
Delete file: C:\32788R22FWJFW\ProgramsFolder.cfx
Delete file: C:\32788R22FWJFW\Purity.dat
Delete file: C:\32788R22FWJFW\PV.3XE
Delete file: C:\32788R22FWJFW\pv.com
Delete file: C:\32788R22FWJFW\RCLink.dat
Delete file: C:\32788R22FWJFW\REGDACL.sed
Delete file: C:\32788R22FWJFW\RegDo.sed
Delete file: C:\32788R22FWJFW\region.dat
Delete file: C:\32788R22FWJFW\RegScan.cmd
Delete file: C:\32788R22FWJFW\RegScan64.cmd
Delete file: C:\32788R22FWJFW\restore_pt.vbs
Delete file: C:\32788R22FWJFW\Rkey.cmd
Delete file: C:\32788R22FWJFW\rmbr.3XE
Delete file: C:\32788R22FWJFW\rogues.dat
Delete file: C:\32788R22FWJFW\run2.sed
Delete file: C:\32788R22FWJFW\Rust.str
Delete file: C:\32788R22FWJFW\s0rt.3XE
Delete file: C:\32788R22FWJFW\safeboot.dat
Delete file: C:\32788R22FWJFW\safeboot.def.dat
Delete file: C:\32788R22FWJFW\safeboot.def.vista.dat
Delete file: C:\32788R22FWJFW\Safeboot.def.w7.dat
Delete file: C:\32788R22FWJFW\sed.3XE
Delete file: C:\32788R22FWJFW\SetEnvmt.bat
Delete file: C:\32788R22FWJFW\setpath.3XE
Delete file: C:\32788R22FWJFW\ShAccess.dat
Delete file: C:\32788R22FWJFW\SnapShot.cmd
Delete file: C:\32788R22FWJFW\sqlite3.3XE
Delete file: C:\32788R22FWJFW\SRestore.cmd
Delete file: C:\32788R22FWJFW\srizbi.md5
Delete file: C:\32788R22FWJFW\StartMenuFile.cfx
Delete file: C:\32788R22FWJFW\StartMenuFolder.cfx
Delete file: C:\32788R22FWJFW\StartUpFile.cfx
Delete file: C:\32788R22FWJFW\SuppScan.cmd
Delete file: C:\32788R22FWJFW\SvcDrv.vbs
Delete file: C:\32788R22FWJFW\svchost.dat
Delete file: C:\32788R22FWJFW\svchost.vista.dat
Delete file: C:\32788R22FWJFW\svchost.vista.x64.dat
Delete file: C:\32788R22FWJFW\svchost.w7.dat
Delete file: C:\32788R22FWJFW\svchost.w7.x64.dat
Delete file: C:\32788R22FWJFW\svc_wht.dat
Delete file: C:\32788R22FWJFW\swreg.3XE
Delete file: C:\32788R22FWJFW\swsc.3XE
Delete file: C:\32788R22FWJFW\swxcacls.3XE
Delete file: C:\32788R22FWJFW\system_ini.dat
Delete file: C:\32788R22FWJFW\tail.3XE
Delete file: C:\32788R22FWJFW\TemplatesFile.cfx
Delete file: C:\32788R22FWJFW\TemplatesFolder.cfx
Delete file: C:\32788R22FWJFW\toolbar.sed
Delete file: C:\32788R22FWJFW\UndoW7_XP.dat
Delete file: C:\32788R22FWJFW\Update-CF.cmd
Delete file: C:\32788R22FWJFW\VBR.pif
Delete file: C:\32788R22FWJFW\VInfo
Delete file: C:\32788R22FWJFW\VInfo2
Delete file: C:\32788R22FWJFW\VINFO3
Delete file: C:\32788R22FWJFW\Vipev.dat
Delete file: C:\32788R22FWJFW\vistaMcode.dat
Delete file: C:\32788R22FWJFW\vistareg.dat
Delete file: C:\32788R22FWJFW\vun.dat
Delete file: C:\32788R22FWJFW\VwinTemp.dacl
Delete file: C:\32788R22FWJFW\w7Mcode.dat
Delete file: C:\32788R22FWJFW\w7reg.dat
Delete file: C:\32788R22FWJFW\Wmi_rem.vbs
Delete file: C:\32788R22FWJFW\w_sock.dll
Delete file: C:\32788R22FWJFW\xpmcode.dat
Delete file: C:\32788R22FWJFW\xpreg.dat
Delete file: C:\32788R22FWJFW\XPSBoot.reg
Delete file: C:\32788R22FWJFW\zDomain.dat
Delete file: C:\32788R22FWJFW\zhsvc.dat
Delete file: C:\32788R22FWJFW\zip.3XE
Extract: 023.dat
Extract: 023v.dat
Extract: 023w7.dat
Extract: AWF.cmd
Extract: ActiveDrv.vbs
Extract: AppDataFile.cfx
Extract: AppDataFolder.cfx
Extract: Assoc.cmd
Extract: Auto-RC.cmd
Extract: BFE.dat
Extract: Boot-Rk.cmd
Extract: Boot.bat
Extract: BootDrv.vbs
Extract: CF-Script.cmd
Extract: Catch-sub.cmd
Extract: Combo-Fix.sys
Extract: ComboFix-Download.3XE
Extract: Combobatch.bat
Extract: Create.cmd
Extract: Creg.dat
Extract: CregC.cmd
Extract: CregC.dat
Extract: DPF.str
Extract: DelClsid.bat
Extract: DelClsid64.bat
Extract: DesktopFile.cfx
Extract: Dnl.dat
Extract: DrvRun.vbs
Extract: ERDNT.e_e
Extract: ERDNTDOS.LOC
Extract: ERDNTWIN.LOC
Extract: ERUNT.3XE
Extract: ERUNT.LOC
Extract: Exe.reg
Extract: FD-SV.cmd
Extract: FIND3M.bat
Extract: FIXLSP.bat
Extract: FIXLSP64.cmd
Extract: FKMGen.cmd
Extract: FavoriteFolder.cfx
Extract: FavoritesFile.cfx
Extract: FileKill.3XE
Extract: Fin.dat
Extract: GetHive.cmd
Extract: Imefile.dat
Extract: Install-RC.cmd
Extract: KNetSvcs.vbs
Extract: Kill-All.cmd
Extract: Ksvchost.vbs
Extract: Lang.bat
Extract: List-B.bat
Extract: List-C.bat
Extract: List-D.bat
Extract: List.bat
Extract: LocalAppDataFile.cfx
Extract: LocalAppDataFolder.cfx
Extract: LocalService.dat
Extract: LocalServiceNetworkRestricted.dat
Extract: LocalSettingsFile.cfx
Extract: LocalSystemNetworkRestricted.dat
Extract: MDWht.dat
Extract: MoveIt.bat
Extract: MpsSvc.dat
Extract: ND_.bat
Extract: ND_64.bat
Extract: NT-OS.cmd
Extract: NetworkService.dat
Extract: NirCmd.3XE
Extract: NirCmd.chm
Extract: NirCmdC.3XE
Extract: NirScript.dat
Extract: OSid.vbs
Extract: P.cmd
Extract: PV.3XE
Extract: PersonalFile.cfx
Extract: PersonalFolder.cfx
Extract: Policies.dat
Extract: Prep.inf
Extract: ProfilesFile.cfx
Extract: ProfilesFolder.cfx
Extract: ProgramsFile.cfx
Extract: ProgramsFolder.cfx
Extract: Purity.dat
Extract: RCLink.dat
Extract: REGDACL.sed
Extract: RegDo.sed
Extract: RegScan.cmd
Extract: RegScan64.cmd
Extract: Rkey.cmd
Extract: Rust.str
Extract: SRestore.cmd
Extract: Safeboot.def.w7.dat
Extract: SetEnvmt.bat
Extract: ShAccess.dat
Extract: SnapShot.cmd
Extract: StartMenuFile.cfx
Extract: StartMenuFolder.cfx
Extract: StartUpFile.cfx
Extract: SuppScan.cmd
Extract: SvcDrv.vbs
Extract: TemplatesFile.cfx
Extract: TemplatesFolder.cfx
Extract: UndoW7_XP.dat
Extract: Update-CF.cmd
Extract: VBR.pif
Extract: VINFO3
Extract: VInfo
Extract: VInfo2
Extract: Vipev.dat
Extract: VwinTemp.dacl
Extract: Wmi_rem.vbs
Extract: XPSBoot.reg
Extract: appinit.bad
Extract: asp.str
Extract: av.cmd
Extract: av.vbs
Extract: badclsid.c
Extract: c.bat
Extract: catchme.3XE
Extract: clsid.c
Extract: dd.3XE
Extract: ddsDo.sed
Extract: dumphive.3XE
Extract: embedded.sed
Extract: extract.3XE
Extract: ffdefstr.dll
Extract: ffext.pif
Extract: files.pif
Extract: firefox.exe
Extract: fl0.bat
Extract: grep.3XE
Extract: gsar.3XE
Extract: handle.3XE
Extract: hidec.3XE
Extract: history.bat
Extract: hwid.pif
Extract: iexplore.exe
Extract: image001.gif
Extract: iphlpsvc.vista.dat
Extract: iphlpsvc.w7.dat
Extract: katch.cmd
Extract: lnkread.vbs
Extract: mbr.3XE
Extract: mbr.chk
Extract: md5sum.pif
Extract: md5sum00.pif
Extract: mtee.3XE
Extract: mynul.dat
Extract: ncmd.com
Extract: ndis_combofix.dat
Extract: netsvc.bad.dat
Extract: netsvc.dat
Extract: netsvc.vista.dat
Extract: netsvc.xp.dat
Extract: nir.pif
Extract: pausep.3XE
Extract: pev.3XE
Extract: pevb.3XE
Extract: powp.dat
Extract: pv.com
Extract: region.dat
Extract: restore_pt.vbs
Extract: rmbr.3XE
Extract: rogues.dat
Extract: run2.sed
Extract: s0rt.3XE
Extract: safeboot.dat
Extract: safeboot.def.dat
Extract: safeboot.def.vista.dat
Extract: sed.3XE
Extract: setpath.3XE
Extract: sqlite3.3XE
Extract: srizbi.md5
Extract: svc_wht.dat
Extract: svchost.dat
Extract: svchost.vista.dat
Extract: svchost.vista.x64.dat
Extract: svchost.w7.dat
Extract: svchost.w7.x64.dat
Extract: swreg.3XE
Extract: swsc.3XE
Extract: swxcacls.3XE
Extract: system_ini.dat
Extract: tail.3XE
Extract: toolbar.sed
Extract: vistaMcode.dat
Extract: vistareg.dat
Extract: vun.dat
Extract: w7Mcode.dat
Extract: w7reg.dat
Extract: w_sock.dll
Extract: xpmcode.dat
Extract: xpreg.dat
Extract: zDomain.dat
Extract: zhsvc.dat
Extract: zip.3XE
Output folder: C:\32788R22FWJFW\EN-US
Extract: iexplore.exe
Output folder: C:\32788R22FWJFW\License
Extract: Curl - license.txt
Extract: EXTRACT.TXT
Extract: FI - license.txt
Extract: UnxUtilsDist.com
Extract: UnxUtilsDist.html
Extract: UnxUtilsDist.pif
Extract: Zip - license.txt
Extract: dumphive-license.txt
Extract: firefox.exe
Extract: iexplore.exe
Extract: mtee.txt
Extract: ncmd.cfxxe
Extract: pv_5_2_2.zip
Extract: streamtools.zip
Output folder: C:\32788R22FWJFW\N_
Output folder: C:\32788R22FWJFW

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 AM

Posted 22 October 2012 - 12:43 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 jamiev

jamiev
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 23 October 2012 - 02:59 AM

Thank you for all your help on this. I have further problems with Combofix on safemode. There are no restarts, it takes less than a minute to complete. Also I cannot find where the log goes once complete? Please can you help?

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 AM

Posted 23 October 2012 - 04:39 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 jamiev

jamiev
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 23 October 2012 - 07:13 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-23 13:09:05
-----------------------------
13:09:05.307 OS Version: Windows x64 6.1.7601 Service Pack 1
13:09:05.307 Number of processors: 4 586 0x2502
13:09:05.308 ComputerName: JAMIE-VAIO UserName: Jamie
13:09:07.694 Initialize success
13:10:13.123 AVAST engine download error: 0
13:11:19.606 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:11:19.609 Disk 0 Vendor: TOSHIBA_ GJ00 Size: 305245MB BusType: 3
13:11:19.613 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000070
13:11:19.617 Disk 1 Vendor: RICOH 02 Size: 305245MB BusType: 0
13:11:19.621 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000071
13:11:19.625 Disk 2 Vendor: RICOH 02 Size: 305245MB BusType: 0
13:11:19.647 Disk 0 MBR read successfully
13:11:19.651 Disk 0 MBR scan
13:11:19.655 Disk 0 Windows 7 default MBR code
13:11:19.667 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10594 MB offset 2048
13:11:19.681 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 21698560
13:11:19.687 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 294549 MB offset 21903360
13:11:19.716 Disk 0 scanning C:\Windows\system32\drivers
13:11:28.654 Service scanning
13:12:08.821 Modules scanning
13:12:08.828 Disk 0 trace - called modules:
13:12:08.851 ntoskrnl.exe CLASSPNP.SYS disk.sys Sahdad64.sys ACPI.sys iaStor.sys
13:12:08.857 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007c65060]
13:12:08.861 3 CLASSPNP.SYS[fffff88001b7c43f] -> nt!IofCallDriver -> [0xfffffa8007ad5a20]
13:12:08.867 5 Sahdad64.sys[fffff88001b07e25] -> nt!IofCallDriver -> [0xfffffa8005bfd7c0]
13:12:08.873 7 ACPI.sys[fffff88000d5c7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005c00050]
13:12:08.878 Scan finished successfully
13:12:31.405 Disk 0 MBR has been saved successfully to "C:\Users\Jamie\Desktop\MBR.dat"
13:12:31.412 The log file has been saved successfully to "C:\Users\Jamie\Desktop\aswMBR.txt"

#12 jamiev

jamiev
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 23 October 2012 - 07:15 AM

12:53:44.0099 3528 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
12:53:44.0786 3528 ============================================================
12:53:44.0787 3528 Current date / time: 2012/10/23 12:53:44.0786
12:53:44.0787 3528 SystemInfo:
12:53:44.0787 3528
12:53:44.0787 3528 OS Version: 6.1.7601 ServicePack: 1.0
12:53:44.0787 3528 Product type: Workstation
12:53:44.0787 3528 ComputerName: JAMIE-VAIO
12:53:44.0788 3528 UserName: Jamie
12:53:44.0788 3528 Windows directory: C:\Windows
12:53:44.0788 3528 System windows directory: C:\Windows
12:53:44.0788 3528 Running under WOW64
12:53:44.0788 3528 Processor architecture: Intel x64
12:53:44.0788 3528 Number of processors: 4
12:53:44.0788 3528 Page size: 0x1000
12:53:44.0788 3528 Boot type: Normal boot
12:53:44.0788 3528 ============================================================
12:53:46.0448 3528 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:53:46.0460 3528 ============================================================
12:53:46.0460 3528 \Device\Harddisk0\DR0:
12:53:46.0461 3528 MBR partitions:
12:53:46.0461 3528 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14B1800, BlocksNum 0x32000
12:53:46.0461 3528 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x14E3800, BlocksNum 0x23F4AAB0
12:53:46.0461 3528 ============================================================
12:53:46.0494 3528 C: <-> \Device\Harddisk0\DR0\Partition2
12:53:46.0494 3528 ============================================================
12:53:46.0494 3528 Initialize success
12:53:46.0494 3528 ============================================================
12:53:54.0870 5868 ============================================================
12:53:54.0870 5868 Scan started
12:53:54.0870 5868 Mode: Manual;
12:53:54.0870 5868 ============================================================
12:53:55.0192 5868 ================ Scan system memory ========================
12:53:55.0192 5868 System memory - ok
12:53:55.0192 5868 ================ Scan services =============================
12:53:55.0367 5868 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:53:55.0487 5868 1394ohci - ok
12:53:55.0658 5868 [ A15069EEC83EBC54150564B2585CFDBA ] 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
12:53:55.0664 5868 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 - ok
12:53:55.0819 5868 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
12:53:55.0847 5868 ACDaemon - ok
12:53:55.0892 5868 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:53:56.0258 5868 ACPI - ok
12:53:56.0283 5868 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:53:56.0291 5868 AcpiPmi - ok
12:53:56.0357 5868 [ 3FD8DC2C9735C2AA70155102CFB93EDA ] AdobeActiveFileMonitor7.0 C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
12:53:56.0360 5868 AdobeActiveFileMonitor7.0 - ok
12:53:56.0437 5868 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:53:56.0439 5868 AdobeARMservice - ok
12:53:56.0692 5868 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:53:56.0697 5868 AdobeFlashPlayerUpdateSvc - ok
12:53:56.0736 5868 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:53:56.0971 5868 adp94xx - ok
12:53:57.0000 5868 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:53:57.0145 5868 adpahci - ok
12:53:57.0170 5868 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:53:57.0236 5868 adpu320 - ok
12:53:57.0274 5868 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:53:57.0275 5868 AeLookupSvc - ok
12:53:57.0351 5868 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
12:53:57.0452 5868 AFD - ok
12:53:57.0476 5868 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:53:57.0493 5868 agp440 - ok
12:53:57.0512 5868 AirPrint - ok
12:53:57.0542 5868 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:53:57.0554 5868 ALG - ok
12:53:57.0571 5868 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
12:53:57.0741 5868 aliide - ok
12:53:57.0759 5868 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
12:53:57.0823 5868 amdide - ok
12:53:57.0854 5868 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
12:53:57.0945 5868 AmdK8 - ok
12:53:57.0957 5868 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
12:53:57.0973 5868 AmdPPM - ok
12:53:58.0002 5868 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:53:58.0202 5868 amdsata - ok
12:53:58.0226 5868 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
12:53:58.0296 5868 amdsbs - ok
12:53:58.0323 5868 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:53:58.0324 5868 amdxata - ok
12:53:58.0356 5868 [ 1661F9C9E4B0049FA0A5E30264375A87 ] ApfiltrService C:\Windows\system32\drivers\Apfiltr.sys
12:53:58.0369 5868 ApfiltrService - ok
12:53:58.0406 5868 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
12:53:58.0597 5868 AppID - ok
12:53:58.0624 5868 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:53:58.0625 5868 AppIDSvc - ok
12:53:58.0677 5868 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
12:53:58.0728 5868 Appinfo - ok
12:53:58.0776 5868 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:53:58.0777 5868 Apple Mobile Device - ok
12:53:58.0823 5868 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
12:53:58.0840 5868 arc - ok
12:53:58.0870 5868 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:53:58.0962 5868 arcsas - ok
12:53:58.0991 5868 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
12:53:59.0001 5868 ArcSoftKsUFilter - ok
12:53:59.0175 5868 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:53:59.0331 5868 aspnet_state - ok
12:53:59.0366 5868 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:53:59.0381 5868 AsyncMac - ok
12:53:59.0523 5868 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
12:53:59.0538 5868 atapi - ok
12:53:59.0585 5868 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
12:53:59.0665 5868 athr - ok
12:53:59.0840 5868 [ 89A3D56CE4044F35B9D08DD37193BBFC ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:54:00.0133 5868 atikmdag - ok
12:54:00.0168 5868 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:54:00.0172 5868 AudioEndpointBuilder - ok
12:54:00.0182 5868 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:54:00.0187 5868 AudioSrv - ok
12:54:00.0470 5868 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
12:54:00.0501 5868 AVGIDSAgent - ok
12:54:00.0665 5868 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
12:54:00.0666 5868 AVGIDSDriver - ok
12:54:00.0761 5868 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
12:54:00.0762 5868 AVGIDSFilter - ok
12:54:00.0779 5868 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
12:54:00.0780 5868 AVGIDSHA - ok
12:54:00.0823 5868 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
12:54:00.0838 5868 Avgldx64 - ok
12:54:00.0868 5868 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
12:54:00.0870 5868 Avgmfx64 - ok
12:54:01.0038 5868 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
12:54:01.0039 5868 Avgrkx64 - ok
12:54:01.0076 5868 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
12:54:01.0092 5868 Avgtdia - ok
12:54:01.0142 5868 [ A313C4AE276E3C975A1BC27170AA23C6 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
12:54:01.0165 5868 avgtp - ok
12:54:01.0187 5868 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
12:54:01.0189 5868 avgwd - ok
12:54:01.0219 5868 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:54:01.0235 5868 AxInstSV - ok
12:54:01.0268 5868 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
12:54:01.0393 5868 b06bdrv - ok
12:54:01.0427 5868 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:54:01.0495 5868 b57nd60a - ok
12:54:01.0525 5868 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:54:01.0588 5868 BDESVC - ok
12:54:01.0608 5868 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:54:01.0620 5868 Beep - ok
12:54:01.0779 5868 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
12:54:01.0790 5868 BFE - ok
12:54:01.0819 5868 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
12:54:01.0832 5868 blbdrive - ok
12:54:02.0089 5868 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:54:02.0092 5868 Bonjour Service - ok
12:54:02.0165 5868 [ F4BA084CBDE9B67C57BC7891C0225EA8 ] BOT4Service C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
12:54:02.0166 5868 BOT4Service - ok
12:54:02.0195 5868 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:54:02.0196 5868 bowser - ok
12:54:02.0217 5868 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
12:54:02.0226 5868 BrFiltLo - ok
12:54:02.0245 5868 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
12:54:02.0308 5868 BrFiltUp - ok
12:54:02.0574 5868 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
12:54:02.0638 5868 BridgeMP - ok
12:54:02.0674 5868 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
12:54:02.0677 5868 Browser - ok
12:54:02.0705 5868 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:54:02.0777 5868 Brserid - ok
12:54:02.0813 5868 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:54:02.0903 5868 BrSerWdm - ok
12:54:02.0928 5868 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:54:02.0992 5868 BrUsbMdm - ok
12:54:03.0009 5868 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:54:03.0123 5868 BrUsbSer - ok
12:54:03.0223 5868 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
12:54:03.0237 5868 BthEnum - ok
12:54:03.0268 5868 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
12:54:03.0409 5868 BTHMODEM - ok
12:54:03.0442 5868 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
12:54:03.0558 5868 BthPan - ok
12:54:03.0664 5868 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
12:54:03.0831 5868 BTHPORT - ok
12:54:03.0866 5868 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:54:03.0931 5868 bthserv - ok
12:54:03.0962 5868 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
12:54:03.0975 5868 BTHUSB - ok
12:54:04.0007 5868 [ 6E04458E98DAF28826482E41A7A62DF5 ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
12:54:04.0021 5868 btusbflt - ok
12:54:04.0050 5868 [ 4BDBDB86ABBA924E029FB2683BE7C505 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
12:54:04.0114 5868 btwaudio - ok
12:54:04.0149 5868 [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
12:54:04.0238 5868 btwavdt - ok
12:54:04.0312 5868 [ 31DA517946FFE416442E864592548F8A ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
12:54:04.0329 5868 btwdins - ok
12:54:04.0353 5868 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
12:54:04.0363 5868 btwl2cap - ok
12:54:04.0391 5868 [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid C:\Windows\system32\drivers\btwrchid.sys
12:54:04.0508 5868 btwrchid - ok
12:54:04.0520 5868 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:54:04.0585 5868 cdfs - ok
12:54:04.0614 5868 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:54:04.0681 5868 cdrom - ok
12:54:04.0704 5868 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
12:54:04.0769 5868 CertPropSvc - ok
12:54:04.0786 5868 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
12:54:04.0802 5868 circlass - ok
12:54:04.0831 5868 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:54:04.0910 5868 CLFS - ok
12:54:04.0963 5868 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:54:04.0988 5868 clr_optimization_v2.0.50727_32 - ok
12:54:05.0031 5868 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:54:05.0051 5868 clr_optimization_v2.0.50727_64 - ok
12:54:05.0125 5868 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:54:05.0324 5868 clr_optimization_v4.0.30319_32 - ok
12:54:05.0347 5868 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:54:05.0779 5868 clr_optimization_v4.0.30319_64 - ok
12:54:05.0800 5868 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
12:54:05.0813 5868 CmBatt - ok
12:54:05.0846 5868 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:54:05.0913 5868 cmdide - ok
12:54:05.0947 5868 [ C4943B6C962E4B82197542447AD599F4 ] CNG C:\Windows\system32\Drivers\cng.sys
12:54:06.0004 5868 CNG - ok
12:54:06.0018 5868 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
12:54:06.0019 5868 Compbatt - ok
12:54:06.0045 5868 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:54:06.0057 5868 CompositeBus - ok
12:54:06.0061 5868 COMSysApp - ok
12:54:06.0092 5868 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:54:06.0155 5868 crcdisk - ok
12:54:06.0184 5868 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:54:06.0185 5868 CryptSvc - ok
12:54:06.0207 5868 [ 7AF9DAC504FBD047CBC3E64AE52C92BF ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
12:54:06.0217 5868 dc3d - ok
12:54:06.0244 5868 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:54:06.0248 5868 DcomLaunch - ok
12:54:06.0274 5868 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:54:06.0278 5868 defragsvc - ok
12:54:06.0313 5868 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:54:06.0365 5868 DfsC - ok
12:54:06.0400 5868 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
12:54:06.0404 5868 Dhcp - ok
12:54:06.0439 5868 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:54:06.0441 5868 discache - ok
12:54:06.0475 5868 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
12:54:06.0576 5868 Disk - ok
12:54:06.0602 5868 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:54:06.0606 5868 Dnscache - ok
12:54:06.0636 5868 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:54:06.0700 5868 dot3svc - ok
12:54:06.0725 5868 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
12:54:06.0728 5868 DPS - ok
12:54:06.0761 5868 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:54:06.0773 5868 drmkaud - ok
12:54:06.0815 5868 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:54:06.0832 5868 DXGKrnl - ok
12:54:06.0875 5868 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:54:06.0877 5868 EapHost - ok
12:54:06.0958 5868 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
12:54:07.0185 5868 ebdrv - ok
12:54:07.0216 5868 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
12:54:07.0218 5868 EFS - ok
12:54:07.0287 5868 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:54:07.0299 5868 ehRecvr - ok
12:54:07.0328 5868 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:54:07.0392 5868 ehSched - ok
12:54:07.0437 5868 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:54:07.0554 5868 elxstor - ok
12:54:07.0570 5868 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:54:07.0579 5868 ErrDev - ok
12:54:07.0619 5868 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:54:07.0622 5868 EventSystem - ok
12:54:07.0652 5868 [ 53913561A7089C9A4649CE4E42F6101B ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
12:54:07.0713 5868 ewusbnet - ok
12:54:07.0732 5868 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:54:07.0800 5868 exfat - ok
12:54:07.0840 5868 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:54:07.0932 5868 fastfat - ok
12:54:07.0970 5868 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
12:54:07.0980 5868 Fax - ok
12:54:08.0011 5868 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
12:54:08.0023 5868 fdc - ok
12:54:08.0051 5868 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:54:08.0177 5868 fdPHost - ok
12:54:08.0204 5868 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:54:08.0206 5868 FDResPub - ok
12:54:08.0237 5868 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:54:08.0238 5868 FileInfo - ok
12:54:08.0249 5868 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:54:08.0252 5868 Filetrace - ok
12:54:08.0268 5868 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
12:54:08.0279 5868 flpydisk - ok
12:54:08.0307 5868 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:54:08.0309 5868 FltMgr - ok
12:54:08.0401 5868 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
12:54:08.0480 5868 FontCache - ok
12:54:08.0566 5868 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:54:08.0907 5868 FontCache3.0.0.0 - ok
12:54:08.0937 5868 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:54:08.0987 5868 FsDepends - ok
12:54:09.0013 5868 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
12:54:09.0025 5868 fssfltr - ok
12:54:09.0307 5868 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
12:54:09.0456 5868 fsssvc - ok
12:54:09.0485 5868 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:54:09.0486 5868 Fs_Rec - ok
12:54:09.0516 5868 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:54:09.0519 5868 fvevol - ok
12:54:09.0553 5868 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:54:09.0567 5868 gagp30kx - ok
12:54:09.0591 5868 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:54:09.0601 5868 GEARAspiWDM - ok
12:54:09.0690 5868 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
12:54:09.0696 5868 gpsvc - ok
12:54:09.0744 5868 [ 626A24ED1228580B9518C01930936DF9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:54:09.0745 5868 gupdate - ok
12:54:11.0089 5868 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:54:11.0091 5868 gupdatem - ok
12:54:11.0213 5868 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:54:11.0291 5868 gusvc - ok
12:54:11.0332 5868 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:54:11.0346 5868 hcw85cir - ok
12:54:11.0479 5868 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:54:11.0549 5868 HdAudAddService - ok
12:54:11.0583 5868 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:54:11.0611 5868 HDAudBus - ok
12:54:11.0723 5868 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\drivers\HECIx64.sys
12:54:11.0733 5868 HECIx64 - ok
12:54:11.0767 5868 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
12:54:11.0846 5868 HidBatt - ok
12:54:11.0871 5868 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:54:11.0960 5868 HidBth - ok
12:54:11.0985 5868 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
12:54:12.0001 5868 HidIr - ok
12:54:12.0127 5868 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
12:54:12.0130 5868 hidserv - ok
12:54:12.0151 5868 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:54:12.0164 5868 HidUsb - ok
12:54:12.0191 5868 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:54:12.0204 5868 hkmsvc - ok
12:54:12.0237 5868 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:54:12.0393 5868 HomeGroupListener - ok
12:54:12.0444 5868 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:54:12.0450 5868 HomeGroupProvider - ok
12:54:12.0490 5868 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:54:12.0856 5868 HpSAMD - ok
12:54:13.0061 5868 [ 5ECEC779312AD35B1B19951A4B53FAC1 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
12:54:13.0074 5868 HPSLPSVC - ok
12:54:13.0251 5868 [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys
12:54:13.0267 5868 HTCAND64 - ok
12:54:13.0295 5868 [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
12:54:13.0310 5868 htcnprot - ok
12:54:13.0354 5868 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:54:13.0361 5868 HTTP - ok
12:54:13.0400 5868 [ D96A290F699081AE737390C0FE329D7C ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
12:54:13.0464 5868 hwdatacard - ok
12:54:13.0537 5868 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:54:13.0538 5868 hwpolicy - ok
12:54:13.0580 5868 [ 230C041AF8DF1D2308C3AC5146E3FF4F ] hwusbdev C:\Windows\system32\DRIVERS\ewusbdev.sys
12:54:13.0654 5868 hwusbdev - ok
12:54:13.0688 5868 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:54:13.0735 5868 i8042prt - ok
12:54:13.0767 5868 [ 073A606333B6F7BBF20AA856DF7F0997 ] iaStor C:\Windows\system32\drivers\iaStor.sys
12:54:13.0771 5868 iaStor - ok
12:54:13.0814 5868 [ CC800D2D9FD467542BAC7C186C4774AD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
12:54:13.0815 5868 IAStorDataMgrSvc - ok
12:54:13.0966 5868 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:54:14.0031 5868 iaStorV - ok
12:54:14.0144 5868 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:54:14.0301 5868 idsvc - ok
12:54:14.0549 5868 [ 2835C0808BA40FA8BC141E6015EB2414 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
12:54:14.0855 5868 igfx - ok
12:54:14.0866 5868 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:54:14.0876 5868 iirsp - ok
12:54:14.0924 5868 [ AD5DF6F4FBBC798636EDC66BFEC7D0DE ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
12:54:14.0926 5868 IJPLMSVC - ok
12:54:14.0978 5868 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
12:54:14.0990 5868 IKEEXT - ok
12:54:15.0038 5868 [ 36FDF367A1DABFF903E2214023D71368 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
12:54:15.0106 5868 Impcd - ok
12:54:15.0181 5868 [ 0F144E5F46CB9043004B5E84AA4BCA6A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:54:15.0204 5868 IntcAzAudAddService - ok
12:54:15.0245 5868 [ D248AAE81C156C0D47A77CD61BC24CD4 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
12:54:15.0304 5868 IntcDAud - ok
12:54:15.0326 5868 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
12:54:15.0340 5868 intelide - ok
12:54:15.0368 5868 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
12:54:15.0369 5868 intelppm - ok
12:54:15.0408 5868 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:54:15.0411 5868 IPBusEnum - ok
12:54:15.0466 5868 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:54:15.0577 5868 IpFilterDriver - ok
12:54:15.0619 5868 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:54:15.0674 5868 IPMIDRV - ok
12:54:15.0700 5868 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:54:15.0833 5868 IPNAT - ok
12:54:16.0270 5868 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:54:16.0300 5868 iPod Service - ok
12:54:16.0369 5868 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:54:16.0370 5868 IRENUM - ok
12:54:16.0397 5868 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:54:16.0406 5868 isapnp - ok
12:54:16.0434 5868 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:54:16.0502 5868 iScsiPrt - ok
12:54:16.0651 5868 [ 1152F8BEB568F2F72F1C5C32A1F4E529 ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
12:54:16.0652 5868 ISWKL - ok
12:54:16.0811 5868 [ EF46EF3A790C42BBA9B5AFA2586448DB ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
12:54:16.0819 5868 IswSvc - ok
12:54:16.0855 5868 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:54:16.0866 5868 kbdclass - ok
12:54:16.0883 5868 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:54:16.0894 5868 kbdhid - ok
12:54:16.0918 5868 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
12:54:16.0919 5868 KeyIso - ok
12:54:16.0939 5868 [ DA1E991A61CFDD755A589E206B97644B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:54:16.0940 5868 KSecDD - ok
12:54:16.0978 5868 [ 7E33198D956943A4F11A5474C1E9106F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:54:16.0980 5868 KSecPkg - ok
12:54:17.0052 5868 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:54:17.0061 5868 ksthunk - ok
12:54:17.0113 5868 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:54:17.0323 5868 KtmRm - ok
12:54:17.0363 5868 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
12:54:17.0407 5868 LanmanServer - ok
12:54:17.0446 5868 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:54:17.0450 5868 LanmanWorkstation - ok
12:54:17.0464 5868 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:54:17.0465 5868 lltdio - ok
12:54:17.0508 5868 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:54:17.0632 5868 lltdsvc - ok
12:54:17.0712 5868 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:54:17.0714 5868 lmhosts - ok
12:54:17.0790 5868 [ 5460828F8951D310B42B442877603B8D ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
12:54:17.0793 5868 LMS - ok
12:54:17.0827 5868 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:54:17.0893 5868 LSI_FC - ok
12:54:17.0921 5868 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:54:18.0198 5868 LSI_SAS - ok
12:54:18.0221 5868 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
12:54:18.0231 5868 LSI_SAS2 - ok
12:54:18.0275 5868 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:54:18.0508 5868 LSI_SCSI - ok
12:54:18.0534 5868 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:54:18.0536 5868 luafv - ok
12:54:18.0571 5868 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:54:18.0815 5868 Mcx2Svc - ok
12:54:18.0853 5868 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
12:54:18.0868 5868 megasas - ok
12:54:18.0910 5868 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
12:54:19.0097 5868 MegaSR - ok
12:54:19.0202 5868 [ 7C4C76B39D5525C4A465E0BE32528E19 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
12:54:20.0236 5868 Microsoft Office Groove Audit Service - ok
12:54:20.0306 5868 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:54:20.0309 5868 MMCSS - ok
12:54:20.0394 5868 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:54:20.0404 5868 Modem - ok
12:54:20.0431 5868 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:54:20.0431 5868 monitor - ok
12:54:20.0480 5868 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:54:20.0490 5868 mouclass - ok
12:54:20.0538 5868 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:54:21.0061 5868 mouhid - ok
12:54:21.0091 5868 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:54:21.0602 5868 mountmgr - ok
12:54:24.0260 5868 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:54:25.0304 5868 MozillaMaintenance - ok
12:54:25.0332 5868 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
12:54:26.0400 5868 mpio - ok
12:54:26.0441 5868 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:54:26.0500 5868 mpsdrv - ok
12:54:26.0609 5868 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:54:26.0702 5868 MRxDAV - ok
12:54:26.0740 5868 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:54:26.0741 5868 mrxsmb - ok
12:54:26.0771 5868 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:54:26.0774 5868 mrxsmb10 - ok
12:54:26.0791 5868 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:54:26.0792 5868 mrxsmb20 - ok
12:54:26.0847 5868 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
12:54:27.0167 5868 msahci - ok
12:54:27.0193 5868 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:54:27.0237 5868 msdsm - ok
12:54:27.0254 5868 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:54:27.0271 5868 MSDTC - ok
12:54:27.0316 5868 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:54:27.0405 5868 Msfs - ok
12:54:27.0463 5868 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:54:27.0465 5868 mshidkmdf - ok
12:54:27.0505 5868 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:54:27.0506 5868 msisadrv - ok
12:54:27.0534 5868 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:54:27.0619 5868 MSiSCSI - ok
12:54:27.0625 5868 msiserver - ok
12:54:27.0661 5868 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:54:27.0672 5868 MSKSSRV - ok
12:54:27.0685 5868 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:54:27.0694 5868 MSPCLOCK - ok
12:54:27.0701 5868 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:54:27.0709 5868 MSPQM - ok
12:54:27.0745 5868 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:54:27.0867 5868 MsRPC - ok
12:54:27.0897 5868 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:54:27.0898 5868 mssmbios - ok
12:54:27.0934 5868 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:54:27.0942 5868 MSTEE - ok
12:54:27.0957 5868 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
12:54:27.0966 5868 MTConfig - ok
12:54:27.0983 5868 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:54:27.0984 5868 Mup - ok
12:54:28.0043 5868 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
12:54:28.0106 5868 napagent - ok
12:54:28.0161 5868 NasPmService - ok
12:54:28.0195 5868 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:54:28.0198 5868 NativeWifiP - ok
12:54:28.0262 5868 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
12:54:28.0350 5868 NDIS - ok
12:54:28.0383 5868 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:54:28.0391 5868 NdisCap - ok
12:54:28.0405 5868 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:54:28.0415 5868 NdisTapi - ok
12:54:28.0449 5868 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:54:28.0450 5868 Ndisuio - ok
12:54:28.0485 5868 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:54:28.0741 5868 NdisWan - ok
12:54:28.0773 5868 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:54:28.0786 5868 NDProxy - ok
12:54:28.0839 5868 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:54:29.0062 5868 NetBIOS - ok
12:54:29.0102 5868 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:54:29.0236 5868 NetBT - ok
12:54:29.0253 5868 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
12:54:29.0254 5868 Netlogon - ok
12:54:29.0289 5868 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:54:29.0294 5868 Netman - ok
12:54:29.0325 5868 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:54:29.0881 5868 NetMsmqActivator - ok
12:54:29.0906 5868 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:54:29.0907 5868 NetPipeActivator - ok
12:54:29.0958 5868 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:54:29.0964 5868 netprofm - ok
12:54:30.0036 5868 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:54:30.0037 5868 NetTcpActivator - ok
12:54:30.0044 5868 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:54:30.0046 5868 NetTcpPortSharing - ok
12:54:30.0087 5868 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:54:30.0147 5868 nfrd960 - ok
12:54:30.0181 5868 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:54:30.0185 5868 NlaSvc - ok
12:54:30.0219 5868 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:54:30.0221 5868 Npfs - ok
12:54:30.0259 5868 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:54:30.0261 5868 nsi - ok
12:54:30.0297 5868 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:54:30.0298 5868 nsiproxy - ok
12:54:30.0391 5868 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:54:30.0422 5868 Ntfs - ok
12:54:30.0467 5868 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:54:30.0474 5868 Null - ok
12:54:30.0512 5868 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:54:30.0574 5868 nvraid - ok
12:54:30.0605 5868 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:54:30.0652 5868 nvstor - ok
12:54:30.0681 5868 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:54:30.0720 5868 nv_agp - ok
12:54:30.0784 5868 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:54:30.0839 5868 odserv - ok
12:54:30.0870 5868 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:54:30.0930 5868 ohci1394 - ok
12:54:30.0990 5868 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:54:31.0038 5868 ose - ok
12:54:31.0107 5868 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:54:31.0146 5868 p2pimsvc - ok
12:54:31.0190 5868 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:54:31.0332 5868 p2psvc - ok
12:54:31.0361 5868 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
12:54:31.0572 5868 Parport - ok
12:54:31.0604 5868 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:54:31.0654 5868 partmgr - ok
12:54:31.0690 5868 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:54:31.0693 5868 PcaSvc - ok
12:54:31.0706 5868 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
12:54:31.0708 5868 pci - ok
12:54:31.0738 5868 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
12:54:31.0748 5868 pciide - ok
12:54:31.0811 5868 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
12:54:31.0886 5868 pcmcia - ok
12:54:31.0918 5868 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:54:31.0919 5868 pcw - ok
12:54:31.0952 5868 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:54:31.0957 5868 PEAUTH - ok
12:54:32.0078 5868 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:54:32.0089 5868 PerfHost - ok
12:54:32.0153 5868 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
12:54:32.0239 5868 pla - ok
12:54:32.0414 5868 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:54:32.0418 5868 PlugPlay - ok
12:54:32.0888 5868 [ 627FA58ADC043704F9D14CA44340956F ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
12:54:33.0067 5868 PMBDeviceInfoProvider - ok
12:54:33.0090 5868 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:54:33.0099 5868 PNRPAutoReg - ok
12:54:33.0141 5868 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:54:33.0144 5868 PNRPsvc - ok
12:54:33.0448 5868 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
12:54:33.0458 5868 Point64 - ok
12:54:33.0508 5868 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:54:33.0597 5868 PolicyAgent - ok
12:54:33.0633 5868 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
12:54:33.0639 5868 Power - ok
12:54:33.0698 5868 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:54:33.0843 5868 PptpMiniport - ok
12:54:33.0934 5868 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
12:54:33.0945 5868 Processor - ok
12:54:33.0974 5868 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
12:54:33.0977 5868 ProfSvc - ok
12:54:33.0997 5868 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:54:33.0999 5868 ProtectedStorage - ok
12:54:34.0040 5868 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:54:34.0061 5868 Psched - ok
12:54:34.0084 5868 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
12:54:34.0085 5868 PxHlpa64 - ok
12:54:34.0165 5868 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:54:34.0332 5868 ql2300 - ok
12:54:34.0369 5868 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:54:34.0431 5868 ql40xx - ok
12:54:34.0696 5868 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:54:35.0237 5868 QWAVE - ok
12:54:35.0270 5868 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:54:35.0271 5868 QWAVEdrv - ok
12:54:35.0300 5868 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:54:35.0308 5868 RasAcd - ok
12:54:35.0338 5868 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:54:35.0347 5868 RasAgileVpn - ok
12:54:35.0380 5868 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:54:35.0429 5868 RasAuto - ok
12:54:35.0462 5868 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:54:35.0550 5868 Rasl2tp - ok
12:54:35.0728 5868 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
12:54:35.0806 5868 RasMan - ok
12:54:35.0842 5868 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:54:35.0851 5868 RasPppoe - ok
12:54:35.0857 5868 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:54:35.0867 5868 RasSstp - ok
12:54:35.0899 5868 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:54:35.0918 5868 rdbss - ok
12:54:35.0964 5868 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
12:54:35.0973 5868 rdpbus - ok
12:54:36.0003 5868 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:54:36.0004 5868 RDPCDD - ok
12:54:36.0015 5868 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:54:36.0016 5868 RDPENCDD - ok
12:54:36.0030 5868 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:54:36.0031 5868 RDPREFMP - ok
12:54:36.0066 5868 [ 6D76E6433574B058ADCB0C50DF834492 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:54:36.0127 5868 RDPWD - ok
12:54:36.0165 5868 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:54:36.0168 5868 rdyboost - ok
12:54:36.0264 5868 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:54:36.0324 5868 RemoteAccess - ok
12:54:36.0366 5868 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:54:36.0921 5868 RemoteRegistry - ok
12:54:36.0988 5868 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
12:54:37.0154 5868 RFCOMM - ok
12:54:37.0194 5868 [ 5CA4ABD888B602551B59BAA26941C167 ] rimspci C:\Windows\system32\drivers\rimssne64.sys
12:54:37.0405 5868 rimspci - ok
12:54:37.0426 5868 [ BB6E138AEB351728959DA5E2731D8140 ] risdsnpe C:\Windows\system32\drivers\risdsne64.sys
12:54:37.0516 5868 risdsnpe - ok
12:54:37.0566 5868 [ CAF88D6573D21CD2AA27001DDBFDC74D ] RMCAST C:\Windows\system32\DRIVERS\RMCAST.sys
12:54:37.0567 5868 RMCAST - ok
12:54:37.0635 5868 [ D151224BC11078895A60FA970728FF59 ] Roxio UPnP Renderer 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
12:54:37.0733 5868 Roxio UPnP Renderer 10 - ok
12:54:37.0753 5868 [ 5022A927944878BD750960BD21E751AF ] Roxio Upnp Server 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
12:54:37.0779 5868 Roxio Upnp Server 10 - ok
12:54:37.0941 5868 [ 053A0D66B1982D93A20062E4DA40B29B ] RoxMediaDB13 C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe
12:54:37.0947 5868 RoxMediaDB13 - ok
12:54:38.0079 5868 [ 495C85B15470374A9499451893742EE6 ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe
12:54:38.0081 5868 RoxWatch12 - ok
12:54:38.0149 5868 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:54:38.0151 5868 RpcEptMapper - ok
12:54:38.0173 5868 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:54:38.0187 5868 RpcLocator - ok
12:54:38.0236 5868 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
12:54:38.0240 5868 RpcSs - ok
12:54:38.0322 5868 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:54:38.0323 5868 rspndr - ok
12:54:41.0198 5868 [ 27DB9153D259D632D15483DEEAB799ED ] Sahdad64 C:\Windows\system32\Drivers\Sahdad64.sys
12:54:41.0199 5868 Sahdad64 - ok
12:54:43.0221 5868 [ F77849D909B90BCACFCF7295AECF299B ] Saibad64 C:\Windows\system32\Drivers\Saibad64.sys
12:54:43.0222 5868 Saibad64 - ok
12:54:43.0254 5868 [ 704D415290A568F68DE20942DAC23F7E ] SaibVdAd64 C:\Windows\system32\Drivers\SaibVdAd64.sys
12:54:43.0263 5868 SaibVdAd64 - ok
12:54:43.0287 5868 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
12:54:43.0289 5868 SamSs - ok
12:54:43.0406 5868 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:54:43.0467 5868 sbp2port - ok
12:54:43.0508 5868 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:54:43.0907 5868 SCardSvr - ok
12:54:43.0937 5868 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:54:43.0987 5868 scfilter - ok
12:54:44.0042 5868 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
12:54:44.0054 5868 Schedule - ok
12:54:44.0086 5868 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:54:44.0087 5868 SCPolicySvc - ok
12:54:44.0127 5868 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
12:54:44.0340 5868 sdbus - ok
12:54:44.0377 5868 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:54:44.0601 5868 SDRSVC - ok
12:54:44.0641 5868 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:54:44.0643 5868 secdrv - ok
12:54:44.0682 5868 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
12:54:44.0849 5868 seclogon - ok
12:54:44.0880 5868 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
12:54:44.0882 5868 SENS - ok
12:54:44.0905 5868 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:54:44.0913 5868 SensrSvc - ok
12:54:44.0941 5868 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
12:54:45.0071 5868 Serenum - ok
12:54:45.0102 5868 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
12:54:45.0228 5868 Serial - ok
12:54:45.0254 5868 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:54:45.0267 5868 sermouse - ok
12:54:45.0352 5868 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
12:54:45.0496 5868 SessionEnv - ok
12:54:45.0527 5868 [ 70F9C476B62DE4F2823E918A6C181ADE ] SFEP C:\Windows\system32\drivers\SFEP.sys
12:54:45.0537 5868 SFEP - ok
12:54:45.0575 5868 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:54:45.0648 5868 sffdisk - ok
12:54:45.0704 5868 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:54:45.0803 5868 sffp_mmc - ok
12:54:45.0834 5868 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:54:45.0842 5868 sffp_sd - ok
12:54:45.0878 5868 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
12:54:46.0020 5868 sfloppy - ok
12:54:46.0155 5868 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:54:46.0159 5868 ShellHWDetection - ok
12:54:46.0212 5868 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
12:54:46.0257 5868 SiSRaid2 - ok
12:54:46.0278 5868 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:54:46.0291 5868 SiSRaid4 - ok
12:54:46.0315 5868 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:54:46.0328 5868 Smb - ok
12:54:46.0379 5868 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:54:46.0437 5868 SNMPTRAP - ok
12:54:46.0932 5868 [ 98886C88A1CB13D61672AE2C638B7E1C ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
12:54:46.0952 5868 SOHCImp - ok
12:54:47.0011 5868 [ 442A13F395546F4564C377296D43B564 ] SOHDBSvr C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
12:54:47.0023 5868 SOHDBSvr - ok
12:54:47.0078 5868 [ 556681BE668D71DC162391A45422B52C ] SOHDms C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
12:54:47.0509 5868 SOHDms - ok
12:54:47.0529 5868 [ 72B46103E4111439109ACF5882627C24 ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
12:54:47.0542 5868 SOHDs - ok
12:54:47.0567 5868 [ 725B6E9CD1959271AC993DC035E1606D ] SOHPlMgr C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
12:54:47.0635 5868 SOHPlMgr - ok
12:54:47.0666 5868 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:54:47.0667 5868 spldr - ok
12:54:47.0705 5868 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
12:54:47.0710 5868 Spooler - ok
12:54:47.0883 5868 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
12:54:47.0904 5868 sppsvc - ok
12:54:47.0935 5868 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:54:47.0946 5868 sppuinotify - ok
12:54:48.0028 5868 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
12:54:48.0031 5868 srv - ok
12:54:48.0079 5868 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:54:48.0302 5868 srv2 - ok
12:54:48.0339 5868 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:54:48.0862 5868 srvnet - ok
12:54:49.0204 5868 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:54:49.0284 5868 SSDPSRV - ok
12:54:49.0306 5868 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:54:49.0384 5868 SstpSvc - ok
12:54:49.0428 5868 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
12:54:49.0438 5868 stexstor - ok
12:54:49.0521 5868 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
12:54:49.0531 5868 StillCam - ok
12:54:49.0688 5868 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
12:54:49.0700 5868 stisvc - ok
12:54:49.0723 5868 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
12:54:49.0732 5868 swenum - ok
12:54:49.0769 5868 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
12:54:49.0778 5868 swprv - ok
12:54:49.0865 5868 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
12:54:50.0052 5868 SysMain - ok
12:54:50.0222 5868 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:54:50.0285 5868 TabletInputService - ok
12:54:50.0320 5868 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:54:50.0379 5868 TapiSrv - ok
12:54:50.0798 5868 [ 93F0F5EF8A4CA261372DF98B31B2BD05 ] tbhsd C:\Windows\system32\drivers\tbhsd.sys
12:54:50.0808 5868 tbhsd - ok
12:54:50.0907 5868 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
12:54:50.0910 5868 TBS - ok
12:54:51.0006 5868 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:54:51.0106 5868 Tcpip - ok
12:54:51.0140 5868 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:54:51.0153 5868 TCPIP6 - ok
12:54:51.0188 5868 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:54:51.0239 5868 tcpipreg - ok
12:54:51.0271 5868 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:54:51.0283 5868 TDPIPE - ok
12:54:51.0303 5868 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:54:51.0315 5868 TDTCP - ok
12:54:51.0351 5868 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:54:51.0461 5868 tdx - ok
12:54:51.0498 5868 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:54:51.0512 5868 TermDD - ok
12:54:51.0555 5868 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
12:54:51.0567 5868 TermService - ok
12:54:51.0592 5868 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
12:54:51.0595 5868 Themes - ok
12:54:51.0631 5868 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
12:54:51.0634 5868 THREADORDER - ok
12:54:51.0662 5868 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
12:54:51.0851 5868 TrkWks - ok
12:54:51.0912 5868 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:54:51.0965 5868 TrustedInstaller - ok
12:54:52.0000 5868 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:54:52.0077 5868 tssecsrv - ok
12:54:52.0122 5868 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:54:52.0124 5868 TsUsbFlt - ok
12:54:53.0118 5868 [ B66983B129D26C8D13E4055DB5134BE5 ] TuneUp.Defrag C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
12:54:53.0179 5868 TuneUp.Defrag - ok
12:54:53.0273 5868 [ 06057242AE20DE851DFCBB6863F1C9BC ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
12:54:53.0290 5868 TuneUp.UtilitiesSvc - ok
12:54:53.0564 5868 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
12:54:53.0565 5868 TuneUpUtilitiesDrv - ok
12:54:53.0600 5868 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:54:53.0691 5868 tunnel - ok
12:54:53.0729 5868 [ 1A006963644C7FDE5BE60036F3A43E68 ] TVICHW64 C:\Windows\system32\DRIVERS\TVICHW64.SYS
12:54:53.0743 5868 TVICHW64 - ok
12:54:53.0770 5868 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
12:54:53.0785 5868 uagp35 - ok
12:54:53.0836 5868 [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
12:54:53.0837 5868 uCamMonitor - ok
12:54:53.0877 5868 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:54:53.0968 5868 udfs - ok
12:54:54.0020 5868 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:54:54.0034 5868 UI0Detect - ok
12:54:54.0063 5868 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:54:54.0075 5868 uliagpkx - ok
12:54:54.0100 5868 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:54:54.0111 5868 umbus - ok
12:54:54.0230 5868 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:54:54.0232 5868 UmPass - ok
12:54:54.0348 5868 [ 9E89C2D6945389270DE067CE51FF7425 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
12:54:54.0368 5868 UNS - ok
12:54:54.0400 5868 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
12:54:54.0457 5868 upnphost - ok
12:54:54.0594 5868 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
12:54:54.0609 5868 USBAAPL64 - ok
12:54:54.0648 5868 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:54:54.0712 5868 usbccgp - ok
12:54:54.0747 5868 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:54:54.0814 5868 usbcir - ok
12:54:54.0846 5868 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
12:54:54.0857 5868 usbehci - ok
12:54:54.0887 5868 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:54:54.0954 5868 usbhub - ok
12:54:54.0990 5868 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:54:55.0005 5868 usbohci - ok
12:54:55.0041 5868 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:54:55.0051 5868 usbprint - ok
12:54:55.0084 5868 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:54:55.0095 5868 usbscan - ok
12:54:55.0145 5868 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:54:55.0162 5868 USBSTOR - ok
12:54:55.0209 5868 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:54:55.0225 5868 usbuhci - ok
12:54:55.0275 5868 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
12:54:55.0347 5868 usbvideo - ok
12:54:55.0389 5868 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
12:54:55.0393 5868 UxSms - ok
12:54:55.0535 5868 [ DCC46AA99A1DB65296D1FE5B30CFE0CF ] UxTuneUp C:\Windows\System32\uxtuneup.dll
12:54:55.0539 5868 UxTuneUp - ok
12:54:55.0592 5868 [ 6B31C9CB94927DBEEB62E15275F4CC54 ] VAIO Event Service C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
12:54:55.0595 5868 VAIO Event Service - ok
12:54:55.0777 5868 [ B8C9A7010AFD5CBBE194CB9EF7C4FD14 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
12:54:55.0783 5868 VAIO Power Management - ok
12:54:55.0799 5868 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
12:54:55.0801 5868 VaultSvc - ok
12:54:55.0854 5868 [ 6A740F5FF3246C3BE3DD317299EFC88E ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
12:54:55.0859 5868 VCFw - ok
12:54:55.0906 5868 [ 10E212BFB7EAB152A64C1AAEC2F7F4E0 ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
12:54:55.0914 5868 VcmIAlzMgr - ok
12:54:55.0957 5868 [ 7A88CFD3FE99F2C9B95A6E2A08B96E14 ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
12:54:55.0961 5868 VcmINSMgr - ok
12:54:56.0021 5868 [ 8EFAACCC7BFA1E9031EFDFB01A1B0D69 ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
12:54:56.0089 5868 VcmXmlIfHelper - ok
12:54:56.0164 5868 [ D347D3ABE070AA09C22FC37121555D52 ] VCService C:\Program Files\Sony\VAIO Care\VCService.exe
12:54:56.0165 5868 VCService - ok
12:54:56.0187 5868 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:54:56.0188 5868 vdrvroot - ok
12:54:56.0227 5868 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
12:54:56.0233 5868 vds - ok
12:54:56.0277 5868 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:54:56.0288 5868 vga - ok
12:54:56.0303 5868 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
12:54:56.0314 5868 VgaSave - ok
12:54:56.0354 5868 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:54:56.0417 5868 vhdmp - ok
12:54:56.0445 5868 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
12:54:56.0460 5868 viaide - ok
12:54:56.0599 5868 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:54:56.0651 5868 volmgr - ok
12:54:56.0680 5868 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:54:56.0685 5868 volmgrx - ok
12:54:56.0718 5868 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:54:56.0722 5868 volsnap - ok
12:54:56.0772 5868 [ 239D8D72730226CD460BDC8CA0A23D43 ] Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys
12:54:56.0776 5868 Vsdatant - ok
12:54:56.0820 5868 vsmon - ok
12:54:56.0901 5868 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:54:57.0013 5868 vsmraid - ok
12:54:57.0098 5868 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
12:54:57.0120 5868 VSS - ok
12:54:57.0342 5868 [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
12:54:57.0348 5868 vToolbarUpdater12.2.6 - ok
12:54:57.0421 5868 [ FB4A1695D2D74F9C92CA5E84795CDBE1 ] VUAgent C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
12:54:57.0429 5868 VUAgent - ok
12:54:57.0449 5868 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:54:57.0459 5868 vwifibus - ok
12:54:57.0486 5868 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:54:57.0497 5868 vwififlt - ok
12:54:57.0576 5868 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
12:54:57.0577 5868 vwifimp - ok
12:54:57.0729 5868 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
12:54:57.0757 5868 W32Time - ok
12:54:57.0802 5868 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
12:54:57.0816 5868 WacomPen - ok
12:54:57.0843 5868 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:54:57.0859 5868 WANARP - ok
12:54:57.0943 5868 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:54:57.0945 5868 Wanarpv6 - ok
12:54:58.0005 5868 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:54:58.0209 5868 WatAdminSvc - ok
12:54:58.0285 5868 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
12:54:58.0393 5868 wbengine - ok
12:54:58.0597 5868 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:54:58.0665 5868 WbioSrvc - ok
12:54:58.0707 5868 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:54:58.0776 5868 wcncsvc - ok
12:54:58.0818 5868 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:54:58.0838 5868 WcsPlugInService - ok
12:54:58.0871 5868 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
12:54:58.0932 5868 Wd - ok
12:54:58.0971 5868 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:54:59.0032 5868 Wdf01000 - ok
12:54:59.0059 5868 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:54:59.0064 5868 WdiServiceHost - ok
12:54:59.0091 5868 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:54:59.0096 5868 WdiSystemHost - ok
12:54:59.0131 5868 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
12:54:59.0190 5868 WebClient - ok
12:54:59.0222 5868 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:54:59.0288 5868 Wecsvc - ok
12:54:59.0308 5868 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:54:59.0314 5868 wercplsupport - ok
12:54:59.0345 5868 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
12:54:59.0399 5868 WerSvc - ok
12:54:59.0429 5868 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:54:59.0439 5868 WfpLwf - ok
12:54:59.0455 5868 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:54:59.0467 5868 WIMMount - ok
12:54:59.0553 5868 WinDefend - ok
12:54:59.0581 5868 WinHttpAutoProxySvc - ok
12:54:59.0647 5868 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:54:59.0651 5868 Winmgmt - ok
12:54:59.0711 5868 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
12:54:59.0896 5868 WinRM - ok
12:54:59.0941 5868 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:54:59.0951 5868 WinUsb - ok
12:54:59.0987 5868 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
12:54:59.0995 5868 Wlansvc - ok
12:55:00.0074 5868 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:55:00.0093 5868 wlcrasvc - ok
12:55:00.0264 5868 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:55:00.0281 5868 wlidsvc - ok
12:55:00.0312 5868 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:55:00.0321 5868 WmiAcpi - ok
12:55:00.0355 5868 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:55:00.0419 5868 wmiApSrv - ok
12:55:00.0430 5868 WMPNetworkSvc - ok
12:55:00.0468 5868 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:55:00.0477 5868 WPCSvc - ok
12:55:00.0595 5868 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:55:00.0650 5868 WPDBusEnum - ok
12:55:00.0692 5868 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:55:00.0693 5868 ws2ifsl - ok
12:55:00.0746 5868 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
12:55:00.0752 5868 wscsvc - ok
12:55:00.0787 5868 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
12:55:00.0798 5868 WSDPrintDevice - ok
12:55:00.0920 5868 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
12:55:00.0929 5868 WSDScan - ok
12:55:00.0936 5868 WSearch - ok
12:55:00.0978 5868 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:55:00.0980 5868 WudfPf - ok
12:55:01.0000 5868 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:55:01.0003 5868 WUDFRd - ok
12:55:01.0031 5868 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:55:01.0034 5868 wudfsvc - ok
12:55:01.0087 5868 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
12:55:01.0151 5868 WwanSvc - ok
12:55:01.0202 5868 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
12:55:01.0209 5868 yukonw7 - ok
12:55:01.0245 5868 ================ Scan global ===============================
12:55:01.0291 5868 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:55:01.0319 5868 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
12:55:01.0327 5868 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
12:55:01.0344 5868 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:55:01.0368 5868 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
12:55:01.0379 5868 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
12:55:01.0379 5868 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
12:55:01.0382 5868 ================ Scan MBR ==================================
12:55:01.0400 5868 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:55:01.0662 5868 \Device\Harddisk0\DR0 - ok
12:55:01.0663 5868 ================ Scan VBR ==================================
12:55:01.0679 5868 [ 8622A8DE59B40547465405193049C85F ] \Device\Harddisk0\DR0\Partition1
12:55:01.0682 5868 \Device\Harddisk0\DR0\Partition1 - ok
12:55:01.0697 5868 [ ADA16683EF442165A8E8A922C5273FF8 ] \Device\Harddisk0\DR0\Partition2
12:55:01.0699 5868 \Device\Harddisk0\DR0\Partition2 - ok
12:55:01.0700 5868 ============================================================
12:55:01.0700 5868 Scan finished
12:55:01.0700 5868 ============================================================
12:55:01.0720 5872 Detected object count: 1
12:55:01.0720 5872 Actual detected object count: 1
12:55:07.0009 5872 C:\Windows\system32\services.exe - copied to quarantine
12:55:14.0273 5872 C:\Windows\installer\{3d458ef0-df60-4cc3-632e-b76a8efe88cc}\@ - copied to quarantine
12:55:14.0275 5872 C:\Windows\installer\{3d458ef0-df60-4cc3-632e-b76a8efe88cc}\L\00000004.@ - copied to quarantine
12:55:14.0507 5872 C:\Windows\installer\{3d458ef0-df60-4cc3-632e-b76a8efe88cc}\L\201d3dde - copied to quarantine
12:55:14.0610 5872 C:\Windows\installer\{3d458ef0-df60-4cc3-632e-b76a8efe88cc}\U\00000004.@ - copied to quarantine
12:55:14.0663 5872 C:\Windows\installer\{3d458ef0-df60-4cc3-632e-b76a8efe88cc}\U\00000008.@ - copied to quarantine
12:55:14.0667 5872 C:\Windows\installer\{3d458ef0-df60-4cc3-632e-b76a8efe88cc}\U\000000cb.@ - copied to quarantine
12:55:14.0670 5872 C:\Windows\installer\{3d458ef0-df60-4cc3-632e-b76a8efe88cc}\U\80000000.@ - copied to quarantine
12:55:14.0675 5872 C:\Windows\installer\{3d458ef0-df60-4cc3-632e-b76a8efe88cc}\U\80000032.@ - copied to quarantine
12:55:14.0678 5872 C:\Windows\installer\{3d458ef0-df60-4cc3-632e-b76a8efe88cc}\U\80000064.@ - copied to quarantine
13:01:23.0779 5872 Backup copy not found, trying to cure infected file..
13:01:23.0780 5872 C:\Windows\system32\services.exe - Cure failed (FFFFFFFF)
13:01:23.0780 5872 C:\Windows\system32\services.exe - processing error
13:01:23.0780 5872 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Cure
13:07:44.0284 4704 Deinitialize success

I conducted these the right way round, as instucted. I just posted the results on here the wrong way! Sorry

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 AM

Posted 23 October 2012 - 12:01 PM

Hello


That removed a rootkit - I would like you to try and run combofix for me now again


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 jamiev

jamiev
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 25 October 2012 - 12:25 PM

Hello

I run combofix both in normal mode and safe mode and still get the same problem.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 AM

Posted 25 October 2012 - 01:25 PM

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
ComboFix /nombr
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users