Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG Reports a Rootkit


  • This topic is locked This topic is locked
33 replies to this topic

#1 Mikeyb1

Mikeyb1

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 30 November 2012 - 02:23 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455
Run by user at 9:05:33 on 2012-11-30
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3964.1267 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - LocalServer32 - <no file>
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
TB: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ShopAtHomeWatcher] C:\Users\user\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
StartupFolder: C:\Users\user\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Free YouTube to MP3 Converter - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: mswsock.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{50AC3B48-DE8B-4D5B-ADB5-EA2AF21CCA92} : DHCPNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\System32\NvMcTray.dll,NvTaskbarInit
x64-Run: [SmartMenu] C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-11-29 30568]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-9-26 27632]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-2-20 517632]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-29 711112]
R3 CAXHWBS3;CAXHWBS3;C:\Windows\System32\drivers\CAXHWBS3.sys [2009-6-2 287744]
R3 netr7364;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-5-24 626176]
R3 PCD5SRVC{8AAF211B-043E02A9-05040000};PCD5SRVC{8AAF211B-043E02A9-05040000} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [2008-9-9 25888]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Mp3Rocket Toolbar Helper;Mp3Rocket Toolbar Helper;C:\Program Files (x86)\MP3 Rocket Toolbar\MP3RocketSvc.exe --> C:\Program Files (x86)\MP3 Rocket Toolbar\MP3RocketSvc.exe [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2012-11-29 31800]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-23 89920]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-11-29 15:46:41 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-10-30 03:04:40 66395536 ----a-w- C:\Windows\System32\mrt.exe
2012-10-22 19:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2012-10-15 09:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-10-12 14:53:34 2769920 ----a-w- C:\Windows\System32\win32k.sys
2012-10-08 18:30:21 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-08 18:30:21 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-08 18:30:16 9575864 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-10-05 09:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-10-04 03:03:05 17811968 ----a-w- C:\Windows\System32\mshtml.dll
2012-10-04 02:24:36 10925568 ----a-w- C:\Windows\System32\ieframe.dll
2012-10-04 02:18:45 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-04 02:12:16 1346048 ----a-w- C:\Windows\System32\urlmon.dll
2012-10-04 02:11:22 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-04 02:10:43 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-04 02:10:19 237056 ----a-w- C:\Windows\System32\url.dll
2012-10-04 02:08:50 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2012-10-04 02:07:11 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-04 02:07:01 816640 ----a-w- C:\Windows\System32\jscript.dll
2012-10-04 02:06:55 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-04 02:05:40 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2012-10-04 02:04:55 2144768 ----a-w- C:\Windows\System32\iertutil.dll
2012-10-04 02:03:48 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2012-10-04 02:03:26 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-04 01:59:12 248320 ----a-w- C:\Windows\System32\ieui.dll
2012-10-03 23:00:04 12320768 ----a-w- C:\Windows\SysWow64\mshtml.dll
2012-10-03 22:35:48 9738240 ----a-w- C:\Windows\SysWow64\ieframe.dll
2012-10-03 22:30:48 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-03 22:22:51 1103872 ----a-w- C:\Windows\SysWow64\urlmon.dll
2012-10-03 22:21:58 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-03 22:21:57 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-03 22:20:53 231936 ----a-w- C:\Windows\SysWow64\url.dll
2012-10-03 22:19:28 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2012-10-03 22:18:27 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-03 22:18:10 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2012-10-03 22:18:01 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-03 22:16:41 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2012-10-03 22:16:03 1793024 ----a-w- C:\Windows\SysWow64\iertutil.dll
2012-10-03 22:15:16 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2012-10-03 22:14:47 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-03 22:11:09 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2012-10-02 09:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-09-30 01:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-25 16:31:19 91648 ----a-w- C:\Windows\System32\synceng.dll
2012-09-25 16:19:41 75776 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-21 09:46:04 200032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-09-21 09:46:00 225120 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2012-09-14 09:05:18 40800 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2012-09-13 13:45:46 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-13 13:28:08 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-06 13:21:50 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-09-06 13:21:50 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 11:42:35.46 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:15 AM

Posted 30 November 2012 - 09:25 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Mikeyb1

Mikeyb1
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 02 December 2012 - 05:26 PM

Results of screen317's Security Check version 0.99.56
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 10.1.4 Adobe Reader out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 8 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````




# AdwCleaner v2.011 - Logfile created 12/02/2012 at 14:56:00
# Updated 02/12/2012 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : user - USER-PC
# Boot Mode : Normal
# Running from : C:\Users\user\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Ask.com
Deleted on reboot : C:\Program Files (x86)\AVG Secure Search
Deleted on reboot : C:\Program Files (x86)\BabylonToolbar
Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
Deleted on reboot : C:\Program Files (x86)\Common Files\bProtectorForWindows
Deleted on reboot : C:\Program Files (x86)\Common Files\Plasmoo
Deleted on reboot : C:\Program Files (x86)\Dealio Toolbar
Deleted on reboot : C:\ProgramData\AVG Secure Search
Deleted on reboot : C:\ProgramData\Babylon
Deleted on reboot : C:\ProgramData\bProtectorForWindows
Deleted on reboot : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Deleted on reboot : C:\Windows\SysWOW64\bProtectorForWindows
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\user.js
File Deleted : C:\Users\Public\Desktop\eBay.lnk

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Dealio
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\searchresultstb
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\searchresultstb
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2769720
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Dealio
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.95

*************************

AdwCleaner[S1].txt - [15895 octets] - [02/12/2012 14:56:00]

########## EOF - C:\AdwCleaner[S1].txt - [15956 octets] ##########



RogueKiller V8.3.1 [Dec 2 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : user [Admin rights]
Mode : Scan -- Date : 12/02/2012 16:04:21

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : ShopAtHomeWatcher (C:\Users\user\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49} (c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\{55662437-DA8C-40c0-AADA-2C816A897A49} (c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{59661dd9-d784-c997-6fcb-04efdd7204ce}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{59661dd9-d784-c997-6fcb-04efdd7204ce}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND
[Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3500620AS ATA Device +++++
--- User ---
[MBR] 4da768ce367c9c7a11bd9ae5fadee83c
[BSP] e6ca4fe9e506005b50850561aedcff71 : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 463537 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 949324320 | Size: 13399 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_12022012_02d1604.txt >>
RKreport[1]_S_12022012_02d1604.txt

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:15 AM

Posted 02 December 2012 - 05:48 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Mikeyb1

Mikeyb1
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 02 December 2012 - 08:39 PM

Combofix appears to be stuck at stage32...it's been running for an hour or so.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:15 AM

Posted 02 December 2012 - 08:51 PM

lets give it till the the top of the hour and let me know if it has progressed
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Mikeyb1

Mikeyb1
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 02 December 2012 - 09:04 PM

No change...still stuck on 32...Safemode and re-run?

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:15 AM

Posted 02 December 2012 - 09:12 PM

yes try safe mode
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Mikeyb1

Mikeyb1
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 02 December 2012 - 10:24 PM

When Combofix launched in safe mode, it ran to stage_48 and froze. At around stage 38, it says access denied, admin permissions are needed to use the selected options. There are 2 user accounts on the computer, I ran combofix from both with the same results.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:15 AM

Posted 02 December 2012 - 10:26 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Mikeyb1

Mikeyb1
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 03 December 2012 - 10:37 AM

08:58:41.0505 4432 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
08:58:42.0245 4432 ============================================================
08:58:42.0245 4432 Current date / time: 2012/12/03 08:58:42.0245
08:58:42.0245 4432 SystemInfo:
08:58:42.0245 4432
08:58:42.0246 4432 OS Version: 6.0.6002 ServicePack: 2.0
08:58:42.0246 4432 Product type: Workstation
08:58:42.0246 4432 ComputerName: USER-PC
08:58:42.0246 4432 UserName: user
08:58:42.0246 4432 Windows directory: C:\Windows
08:58:42.0246 4432 System windows directory: C:\Windows
08:58:42.0246 4432 Running under WOW64
08:58:42.0246 4432 Processor architecture: Intel x64
08:58:42.0246 4432 Number of processors: 2
08:58:42.0246 4432 Page size: 0x1000
08:58:42.0246 4432 Boot type: Normal boot
08:58:42.0246 4432 ============================================================
08:58:44.0120 4432 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
08:58:44.0142 4432 ============================================================
08:58:44.0142 4432 \Device\Harddisk0\DR0:
08:58:44.0147 4432 MBR partitions:
08:58:44.0147 4432 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x389589E1
08:58:44.0147 4432 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38958A20, BlocksNum 0x1A2BE70
08:58:44.0147 4432 ============================================================
08:58:44.0218 4432 C: <-> \Device\Harddisk0\DR0\Partition1
08:58:44.0464 4432 D: <-> \Device\Harddisk0\DR0\Partition2
08:58:44.0465 4432 ============================================================
08:58:44.0465 4432 Initialize success
08:58:44.0465 4432 ============================================================
08:59:00.0091 4628 ============================================================
08:59:00.0091 4628 Scan started
08:59:00.0091 4628 Mode: Manual;
08:59:00.0091 4628 ============================================================
08:59:02.0176 4628 ================ Scan system memory ========================
08:59:02.0176 4628 System memory - ok
08:59:02.0176 4628 ================ Scan services =============================
08:59:02.0316 4628 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
08:59:02.0323 4628 ACPI - ok
08:59:02.0476 4628 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:59:02.0478 4628 AdobeARMservice - ok
08:59:02.0584 4628 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:59:02.0588 4628 AdobeFlashPlayerUpdateSvc - ok
08:59:02.0643 4628 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
08:59:02.0659 4628 adp94xx - ok
08:59:02.0686 4628 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
08:59:02.0696 4628 adpahci - ok
08:59:02.0715 4628 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
08:59:02.0720 4628 adpu160m - ok
08:59:02.0741 4628 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
08:59:02.0747 4628 adpu320 - ok
08:59:02.0796 4628 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:59:02.0797 4628 AeLookupSvc - ok
08:59:02.0854 4628 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
08:59:02.0863 4628 AFD - ok
08:59:02.0884 4628 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
08:59:02.0887 4628 agp440 - ok
08:59:02.0910 4628 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
08:59:02.0914 4628 aic78xx - ok
08:59:02.0938 4628 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
08:59:02.0941 4628 ALG - ok
08:59:02.0966 4628 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
08:59:02.0969 4628 aliide - ok
08:59:02.0989 4628 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
08:59:02.0991 4628 amdide - ok
08:59:03.0016 4628 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
08:59:03.0020 4628 AmdK8 - ok
08:59:03.0044 4628 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
08:59:03.0047 4628 Appinfo - ok
08:59:03.0131 4628 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:59:03.0133 4628 Apple Mobile Device - ok
08:59:03.0166 4628 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
08:59:03.0171 4628 arc - ok
08:59:03.0192 4628 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
08:59:03.0197 4628 arcsas - ok
08:59:03.0216 4628 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:59:03.0219 4628 AsyncMac - ok
08:59:03.0257 4628 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
08:59:03.0258 4628 atapi - ok
08:59:03.0314 4628 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:59:03.0325 4628 AudioEndpointBuilder - ok
08:59:03.0341 4628 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
08:59:03.0350 4628 AudioSrv - ok
08:59:03.0583 4628 [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
08:59:03.0748 4628 AVGIDSAgent - ok
08:59:03.0808 4628 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
08:59:03.0875 4628 AVGIDSDriver - ok
08:59:03.0903 4628 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
08:59:03.0906 4628 AVGIDSHA - ok
08:59:03.0932 4628 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
08:59:03.0982 4628 Avgldx64 - ok
08:59:03.0994 4628 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
08:59:03.0999 4628 Avgloga - ok
08:59:04.0041 4628 [ 767B4A485FB22AA0FC0BF5EEF00572B9 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
08:59:04.0089 4628 Avgmfx64 - ok
08:59:04.0124 4628 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
08:59:04.0155 4628 Avgrkx64 - ok
08:59:04.0168 4628 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
08:59:04.0173 4628 Avgtdia - ok
08:59:04.0206 4628 [ BFD698CC6E1DE2E0D23155DECC513D2F ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
08:59:04.0256 4628 avgtp - ok
08:59:04.0329 4628 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
08:59:04.0332 4628 avgwd - ok
08:59:04.0465 4628 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
08:59:04.0496 4628 BFE - ok
08:59:04.0567 4628 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
08:59:04.0619 4628 BITS - ok
08:59:04.0657 4628 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
08:59:04.0664 4628 blbdrive - ok
08:59:04.0801 4628 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:59:04.0806 4628 Bonjour Service - ok
08:59:04.0861 4628 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:59:04.0865 4628 bowser - ok
08:59:04.0891 4628 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
08:59:04.0894 4628 BrFiltLo - ok
08:59:04.0915 4628 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
08:59:04.0918 4628 BrFiltUp - ok
08:59:04.0946 4628 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
08:59:04.0951 4628 Browser - ok
08:59:04.0973 4628 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
08:59:04.0977 4628 Brserid - ok
08:59:04.0995 4628 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
08:59:04.0997 4628 BrSerWdm - ok
08:59:05.0019 4628 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
08:59:05.0022 4628 BrUsbMdm - ok
08:59:05.0042 4628 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
08:59:05.0093 4628 BrUsbSer - ok
08:59:05.0154 4628 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
08:59:05.0204 4628 BTHMODEM - ok
08:59:05.0270 4628 bxparoad - ok
08:59:05.0358 4628 [ 13C9B0406156A65A07D4BF9469091ED7 ] CAXHWBS3 C:\Windows\system32\DRIVERS\CAXHWBS3.sys
08:59:05.0369 4628 CAXHWBS3 - ok
08:59:05.0382 4628 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:59:05.0388 4628 cdfs - ok
08:59:05.0433 4628 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
08:59:05.0437 4628 cdrom - ok
08:59:05.0480 4628 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
08:59:05.0483 4628 CertPropSvc - ok
08:59:05.0507 4628 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
08:59:05.0542 4628 circlass - ok
08:59:05.0653 4628 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
08:59:05.0708 4628 CLFS - ok
08:59:05.0817 4628 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:59:05.0821 4628 clr_optimization_v2.0.50727_32 - ok
08:59:05.0896 4628 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:59:05.0900 4628 clr_optimization_v2.0.50727_64 - ok
08:59:05.0969 4628 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:59:05.0973 4628 clr_optimization_v4.0.30319_32 - ok
08:59:06.0001 4628 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:59:06.0007 4628 clr_optimization_v4.0.30319_64 - ok
08:59:06.0022 4628 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:59:06.0025 4628 cmdide - ok
08:59:06.0043 4628 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
08:59:06.0046 4628 Compbatt - ok
08:59:06.0055 4628 COMSysApp - ok
08:59:06.0082 4628 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
08:59:06.0085 4628 crcdisk - ok
08:59:06.0149 4628 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:59:06.0154 4628 CryptSvc - ok
08:59:06.0217 4628 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
08:59:06.0242 4628 DcomLaunch - ok
08:59:06.0287 4628 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:59:06.0291 4628 DfsC - ok
08:59:06.0404 4628 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
08:59:06.0470 4628 DFSR - ok
08:59:06.0498 4628 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
08:59:06.0505 4628 Dhcp - ok
08:59:06.0561 4628 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
08:59:06.0564 4628 disk - ok
08:59:06.0607 4628 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:59:06.0612 4628 Dnscache - ok
08:59:06.0661 4628 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
08:59:06.0666 4628 dot3svc - ok
08:59:06.0697 4628 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
08:59:06.0702 4628 DPS - ok
08:59:06.0731 4628 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:59:06.0764 4628 drmkaud - ok
08:59:06.0896 4628 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:59:06.0921 4628 DXGKrnl - ok
08:59:06.0946 4628 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
08:59:06.0951 4628 E1G60 - ok
08:59:06.0973 4628 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
08:59:06.0977 4628 EapHost - ok
08:59:07.0032 4628 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
08:59:07.0037 4628 Ecache - ok
08:59:07.0082 4628 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:59:07.0090 4628 ehRecvr - ok
08:59:07.0111 4628 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
08:59:07.0115 4628 ehSched - ok
08:59:07.0133 4628 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
08:59:07.0136 4628 ehstart - ok
08:59:07.0164 4628 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
08:59:07.0173 4628 elxstor - ok
08:59:07.0224 4628 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
08:59:07.0234 4628 EMDMgmt - ok
08:59:07.0250 4628 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:59:07.0253 4628 ErrDev - ok
08:59:07.0301 4628 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
08:59:07.0309 4628 EventSystem - ok
08:59:07.0358 4628 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
08:59:07.0364 4628 exfat - ok
08:59:07.0397 4628 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:59:07.0403 4628 fastfat - ok
08:59:07.0421 4628 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
08:59:07.0424 4628 fdc - ok
08:59:07.0447 4628 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
08:59:07.0449 4628 fdPHost - ok
08:59:07.0467 4628 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
08:59:07.0471 4628 FDResPub - ok
08:59:07.0490 4628 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:59:07.0494 4628 FileInfo - ok
08:59:07.0523 4628 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:59:07.0573 4628 Filetrace - ok
08:59:07.0629 4628 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:59:07.0651 4628 FLEXnet Licensing Service - ok
08:59:07.0671 4628 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
08:59:07.0674 4628 flpydisk - ok
08:59:07.0721 4628 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:59:07.0728 4628 FltMgr - ok
08:59:07.0793 4628 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
08:59:07.0818 4628 FontCache - ok
08:59:07.0874 4628 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:59:07.0875 4628 FontCache3.0.0.0 - ok
08:59:07.0904 4628 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:59:07.0906 4628 Fs_Rec - ok
08:59:07.0925 4628 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
08:59:07.0929 4628 gagp30kx - ok
08:59:07.0964 4628 [ 617DC2877015270914CA3C03873560D5 ] GameConsoleService C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
08:59:07.0969 4628 GameConsoleService - ok
08:59:08.0004 4628 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:59:08.0006 4628 GEARAspiWDM - ok
08:59:08.0068 4628 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
08:59:08.0085 4628 gpsvc - ok
08:59:08.0175 4628 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:59:08.0179 4628 gupdate - ok
08:59:08.0204 4628 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:59:08.0206 4628 gupdatem - ok
08:59:08.0249 4628 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
08:59:08.0255 4628 gusvc - ok
08:59:08.0316 4628 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
08:59:08.0341 4628 HDAudBus - ok
08:59:08.0368 4628 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
08:59:08.0372 4628 HidBth - ok
08:59:08.0386 4628 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
08:59:08.0389 4628 HidIr - ok
08:59:08.0443 4628 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll
08:59:08.0446 4628 hidserv - ok
08:59:08.0490 4628 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
08:59:08.0492 4628 HidUsb - ok
08:59:08.0522 4628 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
08:59:08.0532 4628 hkmsvc - ok
08:59:08.0661 4628 [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
08:59:08.0663 4628 HP Health Check Service - ok
08:59:08.0683 4628 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
08:59:08.0686 4628 HpCISSs - ok
08:59:08.0757 4628 [ AF2D47FCCA4B1502C564FDBCA163E495 ] HSF_DP C:\Windows\system32\DRIVERS\CAX_DP.sys
08:59:08.0790 4628 HSF_DP - ok
08:59:08.0846 4628 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:59:08.0913 4628 HTTP - ok
08:59:08.0936 4628 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
08:59:08.0940 4628 i2omp - ok
08:59:08.0969 4628 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
08:59:08.0973 4628 i8042prt - ok
08:59:09.0012 4628 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
08:59:09.0020 4628 iaStorV - ok
08:59:09.0097 4628 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:59:09.0124 4628 idsvc - ok
08:59:09.0156 4628 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
08:59:09.0159 4628 iirsp - ok
08:59:09.0214 4628 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
08:59:09.0231 4628 IKEEXT - ok
08:59:09.0294 4628 [ 1EDAB7F9B9DE4424BECCDEF950CE2FF0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
08:59:09.0336 4628 IntcAzAudAddService - ok
08:59:09.0353 4628 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
08:59:09.0357 4628 intelide - ok
08:59:09.0376 4628 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:59:09.0379 4628 intelppm - ok
08:59:09.0408 4628 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:59:09.0412 4628 IPBusEnum - ok
08:59:09.0459 4628 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:59:09.0463 4628 IpFilterDriver - ok
08:59:09.0474 4628 IpInIp - ok
08:59:09.0510 4628 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
08:59:09.0586 4628 IPMIDRV - ok
08:59:09.0617 4628 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
08:59:09.0623 4628 IPNAT - ok
08:59:09.0673 4628 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
08:59:09.0698 4628 iPod Service - ok
08:59:09.0722 4628 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:59:09.0725 4628 IRENUM - ok
08:59:09.0753 4628 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:59:09.0756 4628 isapnp - ok
08:59:09.0780 4628 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
08:59:09.0787 4628 iScsiPrt - ok
08:59:09.0812 4628 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
08:59:09.0815 4628 iteatapi - ok
08:59:09.0845 4628 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
08:59:09.0847 4628 iteraid - ok
08:59:09.0863 4628 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
08:59:09.0866 4628 kbdclass - ok
08:59:09.0888 4628 [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
08:59:09.0891 4628 kbdhid - ok
08:59:09.0921 4628 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
08:59:09.0925 4628 KeyIso - ok
08:59:09.0975 4628 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:59:10.0059 4628 KSecDD - ok
08:59:10.0084 4628 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
08:59:10.0090 4628 ksthunk - ok
08:59:10.0128 4628 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
08:59:10.0146 4628 KtmRm - ok
08:59:10.0193 4628 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll
08:59:10.0201 4628 LanmanServer - ok
08:59:10.0246 4628 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:59:10.0254 4628 LanmanWorkstation - ok
08:59:10.0294 4628 [ E75ADCFAFDEF3F4C3AF3332928D59926 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
08:59:10.0295 4628 LightScribeService - ok
08:59:10.0314 4628 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:59:10.0317 4628 lltdio - ok
08:59:10.0378 4628 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:59:10.0388 4628 lltdsvc - ok
08:59:10.0403 4628 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:59:10.0407 4628 lmhosts - ok
08:59:10.0442 4628 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
08:59:10.0446 4628 LSI_FC - ok
08:59:10.0500 4628 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
08:59:10.0504 4628 LSI_SAS - ok
08:59:10.0524 4628 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
08:59:10.0574 4628 LSI_SCSI - ok
08:59:10.0632 4628 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
08:59:10.0638 4628 luafv - ok
08:59:10.0757 4628 [ E6CB119EF2E148EAA1A247343550756E ] McciCMService C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
08:59:10.0762 4628 McciCMService - ok
08:59:10.0827 4628 [ BE3D584D7C021EB7D89166EECB83C341 ] McciCMService64 C:\Program Files\Common Files\Motive\McciCMService.exe
08:59:10.0833 4628 McciCMService64 - ok
08:59:10.0869 4628 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:59:10.0873 4628 Mcx2Svc - ok
08:59:10.0929 4628 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
08:59:10.0932 4628 mdmxsdk - ok
08:59:10.0971 4628 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
08:59:10.0974 4628 megasas - ok
08:59:10.0998 4628 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
08:59:11.0008 4628 MegaSR - ok
08:59:11.0028 4628 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
08:59:11.0032 4628 MMCSS - ok
08:59:11.0047 4628 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
08:59:11.0050 4628 Modem - ok
08:59:11.0079 4628 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:59:11.0082 4628 monitor - ok
08:59:11.0094 4628 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
08:59:11.0097 4628 mouclass - ok
08:59:11.0119 4628 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:59:11.0124 4628 mouhid - ok
08:59:11.0146 4628 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
08:59:11.0151 4628 MountMgr - ok
08:59:11.0165 4628 Mp3Rocket Toolbar Helper - ok
08:59:11.0207 4628 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
08:59:11.0211 4628 mpio - ok
08:59:11.0249 4628 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:59:11.0252 4628 mpsdrv - ok
08:59:11.0280 4628 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
08:59:11.0282 4628 Mraid35x - ok
08:59:11.0318 4628 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
08:59:11.0320 4628 MREMP50 - ok
08:59:11.0328 4628 MREMP50a64 - ok
08:59:11.0339 4628 MREMPR5 - ok
08:59:11.0348 4628 MRENDIS5 - ok
08:59:11.0368 4628 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
08:59:11.0371 4628 MRESP50 - ok
08:59:11.0378 4628 MRESP50a64 - ok
08:59:11.0426 4628 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:59:11.0431 4628 MRxDAV - ok
08:59:11.0487 4628 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:59:11.0492 4628 mrxsmb - ok
08:59:11.0538 4628 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:59:11.0604 4628 mrxsmb10 - ok
08:59:11.0618 4628 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:59:11.0624 4628 mrxsmb20 - ok
08:59:11.0654 4628 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
08:59:11.0657 4628 msahci - ok
08:59:11.0688 4628 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:59:11.0692 4628 msdsm - ok
08:59:11.0732 4628 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
08:59:11.0775 4628 MSDTC - ok
08:59:11.0812 4628 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:59:11.0819 4628 Msfs - ok
08:59:11.0836 4628 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:59:11.0840 4628 msisadrv - ok
08:59:11.0887 4628 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:59:11.0894 4628 MSiSCSI - ok
08:59:11.0901 4628 msiserver - ok
08:59:11.0932 4628 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:59:11.0934 4628 MSKSSRV - ok
08:59:11.0958 4628 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:59:11.0960 4628 MSPCLOCK - ok
08:59:11.0972 4628 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:59:11.0975 4628 MSPQM - ok
08:59:12.0020 4628 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:59:12.0028 4628 MsRPC - ok
08:59:12.0056 4628 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
08:59:12.0059 4628 mssmbios - ok
08:59:12.0073 4628 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:59:12.0076 4628 MSTEE - ok
08:59:12.0084 4628 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
08:59:12.0088 4628 Mup - ok
08:59:12.0114 4628 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
08:59:12.0132 4628 napagent - ok
08:59:12.0191 4628 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:59:12.0196 4628 NativeWifiP - ok
08:59:12.0260 4628 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
08:59:12.0285 4628 NDIS - ok
08:59:12.0301 4628 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:59:12.0306 4628 NdisTapi - ok
08:59:12.0323 4628 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:59:12.0326 4628 Ndisuio - ok
08:59:12.0372 4628 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:59:12.0377 4628 NdisWan - ok
08:59:12.0391 4628 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:59:12.0395 4628 NDProxy - ok
08:59:12.0408 4628 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:59:12.0411 4628 NetBIOS - ok
08:59:12.0442 4628 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
08:59:12.0448 4628 netbt - ok
08:59:12.0462 4628 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
08:59:12.0464 4628 Netlogon - ok
08:59:12.0495 4628 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
08:59:12.0505 4628 Netman - ok
08:59:12.0527 4628 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
08:59:12.0584 4628 netprofm - ok
08:59:12.0634 4628 [ B69D6BB680C85243AF0263B3E01D5E77 ] netr7364 C:\Windows\system32\DRIVERS\netr7364.sys
08:59:12.0651 4628 netr7364 - ok
08:59:12.0680 4628 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:59:12.0685 4628 NetTcpPortSharing - ok
08:59:12.0706 4628 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
08:59:12.0710 4628 nfrd960 - ok
08:59:12.0729 4628 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
08:59:12.0736 4628 NlaSvc - ok
08:59:12.0777 4628 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:59:12.0780 4628 Npfs - ok
08:59:12.0793 4628 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
08:59:12.0797 4628 nsi - ok
08:59:12.0816 4628 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:59:12.0819 4628 nsiproxy - ok
08:59:12.0910 4628 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:59:12.0976 4628 Ntfs - ok
08:59:13.0025 4628 [ D4012918D3A3847B44B888D56BC095D6 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
08:59:13.0028 4628 NuidFltr - ok
08:59:13.0041 4628 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
08:59:13.0044 4628 Null - ok
08:59:13.0114 4628 [ 98350606682594521D56ECCB5D01ECF7 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx64.sys
08:59:13.0147 4628 NVENETFD - ok
08:59:13.0373 4628 [ E57F802BA29010C557B549392F7E3CA1 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:59:13.0560 4628 nvlddmkm - ok
08:59:13.0589 4628 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:59:13.0594 4628 nvraid - ok
08:59:13.0615 4628 [ 16D36074B84DA72D160233C8D132DC89 ] nvsmu C:\Windows\system32\drivers\nvsmu.sys
08:59:13.0618 4628 nvsmu - ok
08:59:13.0643 4628 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:59:13.0647 4628 nvstor - ok
08:59:13.0685 4628 [ CC015D29C3BE698D14BD9B5E23E33C0D ] nvsvc C:\Windows\system32\nvvsvc.exe
08:59:13.0692 4628 nvsvc - ok
08:59:13.0717 4628 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:59:13.0721 4628 nv_agp - ok
08:59:13.0732 4628 NwlnkFlt - ok
08:59:13.0744 4628 NwlnkFwd - ok
08:59:13.0809 4628 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
08:59:13.0812 4628 ohci1394 - ok
08:59:13.0876 4628 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
08:59:13.0902 4628 p2pimsvc - ok
08:59:13.0935 4628 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
08:59:13.0947 4628 p2psvc - ok
08:59:13.0973 4628 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
08:59:13.0978 4628 Parport - ok
08:59:14.0009 4628 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:59:14.0013 4628 partmgr - ok
08:59:14.0042 4628 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
08:59:14.0047 4628 PcaSvc - ok
08:59:14.0113 4628 [ 7204F835A4355D1AB2853E57C9FF177C ] PCD5SRVC{8AAF211B-043E02A9-05040000} C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms
08:59:14.0196 4628 PCD5SRVC{8AAF211B-043E02A9-05040000} - ok
08:59:14.0239 4628 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
08:59:14.0244 4628 pci - ok
08:59:14.0293 4628 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
08:59:14.0295 4628 pciide - ok
08:59:14.0327 4628 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
08:59:14.0334 4628 pcmcia - ok
08:59:14.0372 4628 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:59:14.0398 4628 PEAUTH - ok
08:59:14.0471 4628 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
08:59:14.0473 4628 PerfHost - ok
08:59:14.0554 4628 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
08:59:14.0630 4628 pla - ok
08:59:14.0685 4628 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:59:14.0695 4628 PlugPlay - ok
08:59:14.0751 4628 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
08:59:14.0761 4628 PNRPAutoReg - ok
08:59:14.0792 4628 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
08:59:14.0802 4628 PNRPsvc - ok
08:59:14.0845 4628 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:59:14.0861 4628 PolicyAgent - ok
08:59:14.0933 4628 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:59:14.0937 4628 PptpMiniport - ok
08:59:14.0957 4628 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
08:59:14.0960 4628 Processor - ok
08:59:14.0989 4628 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
08:59:14.0996 4628 ProfSvc - ok
08:59:15.0027 4628 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
08:59:15.0030 4628 ProtectedStorage - ok
08:59:15.0057 4628 [ 1D0A3F565397D08707F3D75B88586645 ] Ps2 C:\Windows\system32\DRIVERS\PS2.sys
08:59:15.0060 4628 Ps2 - ok
08:59:15.0105 4628 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
08:59:15.0109 4628 PSched - ok
08:59:15.0181 4628 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
08:59:15.0216 4628 ql2300 - ok
08:59:15.0249 4628 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
08:59:15.0253 4628 ql40xx - ok
08:59:15.0285 4628 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
08:59:15.0293 4628 QWAVE - ok
08:59:15.0308 4628 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:59:15.0311 4628 QWAVEdrv - ok
08:59:15.0319 4628 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:59:15.0321 4628 RasAcd - ok
08:59:15.0342 4628 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
08:59:15.0347 4628 RasAuto - ok
08:59:15.0360 4628 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:59:15.0364 4628 Rasl2tp - ok
08:59:15.0385 4628 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
08:59:15.0395 4628 RasMan - ok
08:59:15.0436 4628 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:59:15.0439 4628 RasPppoe - ok
08:59:15.0477 4628 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:59:15.0481 4628 RasSstp - ok
08:59:15.0541 4628 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:59:15.0599 4628 rdbss - ok
08:59:15.0615 4628 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:59:15.0617 4628 RDPCDD - ok
08:59:15.0659 4628 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
08:59:15.0667 4628 rdpdr - ok
08:59:15.0694 4628 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:59:15.0696 4628 RDPENCDD - ok
08:59:15.0743 4628 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:59:15.0749 4628 RDPWD - ok
08:59:15.0780 4628 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:59:15.0784 4628 RemoteAccess - ok
08:59:15.0832 4628 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:59:15.0840 4628 RemoteRegistry - ok
08:59:15.0879 4628 [ 9C3AC71A9934B884FAC567A8807E9C4D ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys
08:59:15.0882 4628 Revoflt - ok
08:59:15.0917 4628 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
08:59:15.0920 4628 RpcLocator - ok
08:59:15.0979 4628 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
08:59:15.0988 4628 RpcSs - ok
08:59:16.0005 4628 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:59:16.0012 4628 rspndr - ok
08:59:16.0026 4628 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
08:59:16.0029 4628 SamSs - ok
08:59:16.0048 4628 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:59:16.0052 4628 sbp2port - ok
08:59:16.0105 4628 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:59:16.0112 4628 SCardSvr - ok
08:59:16.0168 4628 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
08:59:16.0192 4628 Schedule - ok
08:59:16.0233 4628 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
08:59:16.0234 4628 SCPolicySvc - ok
08:59:16.0251 4628 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:59:16.0256 4628 SDRSVC - ok
08:59:16.0297 4628 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:59:16.0300 4628 secdrv - ok
08:59:16.0335 4628 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
08:59:16.0339 4628 seclogon - ok
08:59:16.0352 4628 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
08:59:16.0357 4628 SENS - ok
08:59:16.0375 4628 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
08:59:16.0379 4628 Serenum - ok
08:59:16.0400 4628 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
08:59:16.0404 4628 Serial - ok
08:59:16.0427 4628 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
08:59:16.0430 4628 sermouse - ok
08:59:16.0466 4628 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
08:59:16.0471 4628 SessionEnv - ok
08:59:16.0487 4628 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:59:16.0494 4628 sffdisk - ok
08:59:16.0511 4628 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:59:16.0514 4628 sffp_mmc - ok
08:59:16.0531 4628 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:59:16.0534 4628 sffp_sd - ok
08:59:16.0557 4628 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
08:59:16.0563 4628 sfloppy - ok
08:59:16.0647 4628 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:59:16.0656 4628 ShellHWDetection - ok
08:59:16.0672 4628 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
08:59:16.0676 4628 SiSRaid2 - ok
08:59:16.0705 4628 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
08:59:16.0709 4628 SiSRaid4 - ok
08:59:16.0814 4628 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
08:59:16.0872 4628 slsvc - ok
08:59:16.0914 4628 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
08:59:16.0919 4628 SLUINotify - ok
08:59:16.0970 4628 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:59:16.0973 4628 Smb - ok
08:59:16.0993 4628 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:59:16.0997 4628 SNMPTRAP - ok
08:59:17.0035 4628 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
08:59:17.0038 4628 spldr - ok
08:59:17.0085 4628 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
08:59:17.0123 4628 Spooler - ok
08:59:17.0220 4628 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
08:59:17.0231 4628 srv - ok
08:59:17.0274 4628 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:59:17.0279 4628 srv2 - ok
08:59:17.0326 4628 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:59:17.0332 4628 srvnet - ok
08:59:17.0352 4628 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:59:17.0360 4628 SSDPSRV - ok
08:59:17.0401 4628 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:59:17.0408 4628 SstpSvc - ok
08:59:17.0450 4628 [ 14B4DB4381E4A55F570D8BB699B791D6 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
08:59:17.0453 4628 StillCam - ok
08:59:17.0506 4628 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
08:59:17.0525 4628 stisvc - ok
08:59:17.0569 4628 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
08:59:17.0572 4628 swenum - ok
08:59:17.0646 4628 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
08:59:17.0662 4628 swprv - ok
08:59:17.0707 4628 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
08:59:17.0709 4628 Symc8xx - ok
08:59:17.0741 4628 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
08:59:17.0744 4628 Sym_hi - ok
08:59:17.0763 4628 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
08:59:17.0766 4628 Sym_u3 - ok
08:59:17.0817 4628 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
08:59:17.0842 4628 SysMain - ok
08:59:17.0863 4628 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:59:17.0868 4628 TabletInputService - ok
08:59:17.0914 4628 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
08:59:17.0927 4628 TapiSrv - ok
08:59:17.0943 4628 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
08:59:17.0948 4628 TBS - ok
08:59:18.0025 4628 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:59:18.0058 4628 Tcpip - ok
08:59:18.0100 4628 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
08:59:18.0115 4628 Tcpip6 - ok
08:59:18.0157 4628 [ FD8FDE859E38E40A20085EBB0C22B416 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:59:18.0160 4628 tcpipreg - ok
08:59:18.0182 4628 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:59:18.0184 4628 TDPIPE - ok
08:59:18.0203 4628 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:59:18.0206 4628 TDTCP - ok
08:59:18.0246 4628 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:59:18.0250 4628 tdx - ok
08:59:18.0271 4628 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
08:59:18.0275 4628 TermDD - ok
08:59:18.0307 4628 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
08:59:18.0319 4628 TermService - ok
08:59:18.0354 4628 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
08:59:18.0360 4628 Themes - ok
08:59:18.0383 4628 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
08:59:18.0385 4628 THREADORDER - ok
08:59:18.0406 4628 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
08:59:18.0413 4628 TrkWks - ok
08:59:18.0471 4628 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:59:18.0473 4628 TrustedInstaller - ok
08:59:18.0507 4628 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:59:18.0510 4628 tssecsrv - ok
08:59:18.0532 4628 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
08:59:18.0599 4628 tunmp - ok
08:59:18.0651 4628 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:59:18.0654 4628 tunnel - ok
08:59:18.0685 4628 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
08:59:18.0689 4628 uagp35 - ok
08:59:18.0724 4628 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:59:18.0732 4628 udfs - ok
08:59:18.0776 4628 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:59:18.0781 4628 UI0Detect - ok
08:59:18.0811 4628 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:59:18.0815 4628 uliagpkx - ok
08:59:18.0839 4628 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
08:59:18.0849 4628 uliahci - ok
08:59:18.0878 4628 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
08:59:18.0883 4628 UlSata - ok
08:59:18.0902 4628 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
08:59:18.0907 4628 ulsata2 - ok
08:59:18.0944 4628 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
08:59:18.0947 4628 umbus - ok
08:59:18.0965 4628 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
08:59:18.0975 4628 upnphost - ok
08:59:19.0025 4628 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
08:59:19.0028 4628 USBAAPL64 - ok
08:59:19.0096 4628 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:59:19.0100 4628 usbccgp - ok
08:59:19.0128 4628 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:59:19.0132 4628 usbcir - ok
08:59:19.0180 4628 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
08:59:19.0183 4628 usbehci - ok
08:59:19.0230 4628 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:59:19.0238 4628 usbhub - ok
08:59:19.0265 4628 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
08:59:19.0267 4628 usbohci - ok
08:59:19.0302 4628 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
08:59:19.0305 4628 usbprint - ok
08:59:19.0359 4628 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
08:59:19.0362 4628 usbscan - ok
08:59:19.0386 4628 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:59:19.0389 4628 USBSTOR - ok
08:59:19.0405 4628 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
08:59:19.0408 4628 usbuhci - ok
08:59:19.0459 4628 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
08:59:19.0464 4628 UxSms - ok
08:59:19.0517 4628 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
08:59:19.0593 4628 vds - ok
08:59:19.0616 4628 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:59:19.0619 4628 vga - ok
08:59:19.0649 4628 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
08:59:19.0652 4628 VgaSave - ok
08:59:19.0675 4628 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
08:59:19.0679 4628 viaide - ok
08:59:19.0702 4628 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:59:19.0705 4628 volmgr - ok
08:59:19.0762 4628 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:59:19.0772 4628 volmgrx - ok
08:59:19.0816 4628 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:59:19.0823 4628 volsnap - ok
08:59:19.0861 4628 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
08:59:19.0866 4628 vsmraid - ok
08:59:19.0931 4628 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
08:59:19.0966 4628 VSS - ok
08:59:20.0059 4628 [ 7DB85B78309C05C9F06F469ED976DC9E ] vToolbarUpdater13.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
08:59:20.0068 4628 vToolbarUpdater13.2.0 - ok
08:59:20.0120 4628 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
08:59:20.0137 4628 W32Time - ok
08:59:20.0172 4628 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
08:59:20.0175 4628 WacomPen - ok
08:59:20.0241 4628 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
08:59:20.0246 4628 Wanarp - ok
08:59:20.0254 4628 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:59:20.0256 4628 Wanarpv6 - ok
08:59:20.0285 4628 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:59:20.0301 4628 wcncsvc - ok
08:59:20.0330 4628 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:59:20.0335 4628 WcsPlugInService - ok
08:59:20.0362 4628 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
08:59:20.0365 4628 Wd - ok
08:59:20.0409 4628 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:59:20.0435 4628 Wdf01000 - ok
08:59:20.0457 4628 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:59:20.0464 4628 WdiServiceHost - ok
08:59:20.0470 4628 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:59:20.0475 4628 WdiSystemHost - ok
08:59:20.0498 4628 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
08:59:20.0512 4628 WebClient - ok
08:59:20.0546 4628 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:59:20.0553 4628 Wecsvc - ok
08:59:20.0583 4628 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:59:20.0590 4628 wercplsupport - ok
08:59:20.0637 4628 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
08:59:20.0643 4628 WerSvc - ok
08:59:20.0685 4628 [ 8A22B0C097336AACE9BBCEB81EC6FD63 ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
08:59:20.0711 4628 winachsf - ok
08:59:20.0729 4628 WinDefend - ok
08:59:20.0740 4628 WinHttpAutoProxySvc - ok
08:59:20.0819 4628 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:59:20.0825 4628 Winmgmt - ok
08:59:20.0895 4628 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
08:59:20.0947 4628 WinRM - ok
08:59:21.0013 4628 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
08:59:21.0038 4628 Wlansvc - ok
08:59:21.0059 4628 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
08:59:21.0062 4628 WmiAcpi - ok
08:59:21.0112 4628 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:59:21.0117 4628 wmiApSrv - ok
08:59:21.0129 4628 WMPNetworkSvc - ok
08:59:21.0152 4628 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:59:21.0159 4628 WPCSvc - ok
08:59:21.0196 4628 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:59:21.0202 4628 WPDBusEnum - ok
08:59:21.0246 4628 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
08:59:21.0249 4628 WpdUsb - ok
08:59:21.0404 4628 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:59:21.0415 4628 WPFFontCache_v0400 - ok
08:59:21.0433 4628 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:59:21.0436 4628 ws2ifsl - ok
08:59:21.0466 4628 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\system32\wscsvc.dll
08:59:21.0472 4628 wscsvc - ok
08:59:21.0483 4628 WSearch - ok
08:59:21.0589 4628 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
08:59:21.0665 4628 wuauserv - ok
08:59:21.0719 4628 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:59:21.0723 4628 WUDFRd - ok
08:59:21.0759 4628 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:59:21.0793 4628 wudfsvc - ok
08:59:21.0817 4628 [ 1912006552F36FE7E61AEED34BBDDAE8 ] XAudio C:\Windows\system32\DRIVERS\xaudio64.sys
08:59:21.0823 4628 XAudio - ok
08:59:21.0830 4628 XAudioService - ok
08:59:21.0899 4628 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
08:59:21.0906 4628 YahooAUService - ok
08:59:21.0922 4628 ================ Scan global ===============================
08:59:21.0947 4628 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
08:59:21.0999 4628 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
08:59:22.0035 4628 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
08:59:22.0084 4628 [ B8844F93D2C5F1DCDB179AAA9AF134B7 ] C:\Windows\system32\services.exe
08:59:22.0160 4628 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
08:59:22.0160 4628 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
08:59:22.0161 4628 ================ Scan MBR ==================================
08:59:22.0184 4628 [ 81CD5EC01DB0CE57EDD853F82462EF27 ] \Device\Harddisk0\DR0
08:59:22.0675 4628 \Device\Harddisk0\DR0 - ok
08:59:22.0690 4628 ================ Scan VBR ==================================
08:59:22.0831 4628 [ 8D1CA09794DE86BB4E86104F3635F48E ] \Device\Harddisk0\DR0\Partition1
08:59:22.0835 4628 \Device\Harddisk0\DR0\Partition1 - ok
08:59:22.0869 4628 [ A70F436686F2696A404D9C327A9DC9C6 ] \Device\Harddisk0\DR0\Partition2
08:59:22.0872 4628 \Device\Harddisk0\DR0\Partition2 - ok
08:59:22.0873 4628 ============================================================
08:59:22.0873 4628 Scan finished
08:59:22.0873 4628 ============================================================
08:59:22.0890 4608 Detected object count: 1
08:59:22.0890 4608 Actual detected object count: 1
09:01:22.0052 4608 C:\Windows\system32\services.exe - copied to quarantine
09:01:24.0291 4608 C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine
09:01:24.0348 4608 C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine
09:01:24.0420 4608 C:\Users\user\AppData\Local\{59661dd9-d784-c997-6fcb-04efdd7204ce}\@ - copied to quarantine
09:03:37.0539 4608 Backup copy not found, trying to cure infected file..
09:03:37.0540 4608 C:\Windows\system32\services.exe - Cure failed (FFFFFFFF)
09:03:37.0540 4608 C:\Windows\system32\services.exe - processing error
09:03:37.0540 4608 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Cure
09:35:13.0871 4900 Deinitialize success


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-29 19:09:43
-----------------------------
19:09:43.566 OS Version: Windows x64 6.0.6002 Service Pack 2
19:09:43.567 Number of processors: 2 586 0x1706
19:09:43.568 ComputerName: USER-PC UserName: user
19:09:46.022 Initialize success
19:12:40.918 AVAST engine defs: 12112901
19:13:55.110 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
19:13:55.114 Disk 0 Vendor: ST3500620AS HP26 Size: 476940MB BusType: 3
19:13:55.117 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000061
19:13:55.120 Disk 1 Vendor: Size: 476940MB BusType: 0
19:13:55.145 Disk 0 MBR read successfully
19:13:55.149 Disk 0 MBR scan
19:13:55.155 Disk 0 unknown MBR code
19:13:55.160 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 463537 MB offset 63
19:13:55.200 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 13399 MB offset 949324320
19:13:55.247 Disk 0 scanning C:\Windows\system32\drivers
19:14:08.450 Service scanning
19:14:32.728 Modules scanning
19:14:32.738 Disk 0 trace - called modules:
19:14:33.099 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
19:14:33.106 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800493b5b0]
19:14:33.113 3 CLASSPNP.SYS[fffffa6000b97c33] -> nt!IofCallDriver -> [0xfffffa8003dde930]
19:14:33.120 5 acpi.sys[fffffa60008f3fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa8004875060]
19:14:35.560 AVAST engine scan C:\Windows
19:14:40.383 AVAST engine scan C:\Windows\system32
19:17:26.037 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
19:17:28.994 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
19:19:49.328 AVAST engine scan C:\Windows\system32\drivers
19:20:09.643 AVAST engine scan C:\Users\user
19:22:05.349 File: C:\Users\user\AppData\Local\{59661dd9-d784-c997-6fcb-04efdd7204ce}\U\00000001.@ **INFECTED** Win32:Malware-gen
19:24:09.736 File: C:\Users\user\AppData\Roaming\rpcnc.dll **INFECTED** Win32:Medfos [Trj]
19:25:35.844 Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
19:25:35.846 The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-03 09:04:32
-----------------------------
09:04:32.637 OS Version: Windows x64 6.0.6002 Service Pack 2
09:04:32.638 Number of processors: 2 586 0x1706
09:04:32.639 ComputerName: USER-PC UserName: user
09:04:35.466 Initialize success
09:09:43.424 AVAST engine defs: 12120200
09:16:33.111 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
09:16:33.115 Disk 0 Vendor: ST3500620AS HP26 Size: 476940MB BusType: 3
09:16:33.146 Disk 0 MBR read successfully
09:16:33.150 Disk 0 MBR scan
09:16:33.192 Disk 0 unknown MBR code
09:16:33.196 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 463537 MB offset 63
09:16:33.218 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 13399 MB offset 949324320
09:16:33.265 Disk 0 scanning C:\Windows\system32\drivers
09:16:47.528 Service scanning
09:17:11.734 Modules scanning
09:17:11.745 Disk 0 trace - called modules:
09:17:11.783 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
09:17:11.789 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800495c060]
09:17:11.796 3 CLASSPNP.SYS[fffffa6000b91c33] -> nt!IofCallDriver -> [0xfffffa80048a2520]
09:17:11.803 5 acpi.sys[fffffa60008f3fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa8004899060]
09:17:14.073 AVAST engine scan C:\Windows
09:17:18.912 AVAST engine scan C:\Windows\system32
09:19:54.994 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
09:19:57.579 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
09:22:37.884 AVAST engine scan C:\Windows\system32\drivers
09:23:36.075 AVAST engine scan C:\Users\user
09:29:19.546 Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
09:29:19.591 The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:15 AM

Posted 03 December 2012 - 01:05 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Mikeyb1

Mikeyb1
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 03 December 2012 - 02:01 PM

The "services" scan is taking forever and is still running...the first scan finished just fine.

#14 Mikeyb1

Mikeyb1
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 03 December 2012 - 05:13 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-12-2012
Ran by SYSTEM at 03-12-2012 15:20:55
Running from F:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [15853088 2008-10-12] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [82464 2008-10-12] (NVIDIA Corporation)
HKLM\...\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [x]
HKLM-x32\...\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE [12288 2008-07-21] (Microsoft)
HKLM-x32\...\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2008-09-11] (CyberLink Corp.)
HKLM-x32\...\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [1152296 2008-10-17] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [189736 2008-10-17] (CyberLink)
HKLM-x32\...\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [1148200 2008-09-26] (CyberLink Corp.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [296056 2011-12-31] (RealNetworks, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3143800 2012-11-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [x]
HKLM-x32\...\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 [x]
HKU\Default\...\Run: [HPADVISOR] [x]
HKU\Default User\...\Run: [HPADVISOR] [x]
HKU\Doug\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [1689144 2010-06-29] (Hewlett-Packard)
HKU\Doug\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-03-28] (Google Inc.)
HKU\user\...\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [1689144 2010-06-29] (Hewlett-Packard)
HKU\user\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\user\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2008-08-22] (Hewlett-Packard Company)
HKU\user\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-03-28] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\All Users\Start Menu\Programs\Startup\PictureMover.lnk
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\user\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()

==================== Services (Whitelisted) ===================

2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5814392 2012-11-06] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
2 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [517632 2010-04-30] (Alcatel-Lucent)
2 vToolbarUpdater13.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-29] ()
2 XAudioService; C:\Windows\System32\DRIVERS\xaudio64.exe work [434688 2008-09-04] (Conexant Systems, Inc.)
2 Mp3Rocket Toolbar Helper; C:\Program Files (x86)\MP3 Rocket Toolbar\MP3RocketSvc.exe [x]

==================== Drivers (Whitelisted) =====================

1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)
0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.)
0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [111456 2012-10-05] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [30568 2012-11-29] (AVG Technologies)
3 CAXHWBS3; C:\Windows\System32\Drivers\CAXHWBS3.sys [287744 2008-09-10] (Conexant Systems, Inc.)
3 HSF_DP; C:\Windows\System32\DRIVERS\CAX_DP.sys [1486336 2008-09-10] (Conexant Systems, Inc.)
3 Ps2; C:\Windows\System32\Drivers\Ps2.sys [21504 2006-09-07] ()
1 bxparoad; \??\C:\Windows\system32\drivers\bxparoad.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 PCD5SRVC{8AAF211B-043E02A9-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-12-03 06:58 - 2012-12-03 07:04 - 04732416 ____A (AVAST Software) C:\Users\user\Desktop\aswMBR.exe
2012-12-03 06:58 - 2012-12-03 06:58 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\user\Desktop\tdsskiller.exe
2012-12-02 19:05 - 2012-12-02 19:11 - 00000000 ___SD C:\ComboFix
2012-12-02 14:23 - 2012-12-02 14:23 - 00001632 ____A C:\Users\user\Desktop\RKreport[4]_D_12022012_02d1623.txt
2012-12-02 14:22 - 2012-12-02 14:22 - 00002094 ____A C:\Users\user\Desktop\RKreport[3]_S_12022012_02d1622.txt
2012-12-02 14:05 - 2012-12-02 14:05 - 00002446 ____A C:\Users\user\Desktop\RKreport[2]_D_12022012_02d1605.txt
2012-12-02 14:04 - 2012-12-02 14:04 - 00002353 ____A C:\Users\user\Desktop\RKreport[1]_S_12022012_02d1604.txt
2012-12-02 14:02 - 2012-12-02 14:21 - 00000000 ____D C:\Users\user\Desktop\RK_Quarantine
2012-12-02 14:02 - 2012-12-02 14:02 - 00752128 ____A C:\Users\user\Desktop\RogueKiller.exe
2012-12-02 14:02 - 2012-12-02 14:02 - 00015956 ____A C:\Users\user\Desktop\AdwCleaner[S1].txt
2012-12-02 12:56 - 2012-12-02 12:56 - 00015956 ____A C:\AdwCleaner[S1].txt
2012-12-02 12:54 - 2012-12-02 12:55 - 00540743 ____A C:\Users\user\Desktop\adwcleaner.exe
2012-12-02 12:53 - 2012-12-02 12:53 - 00001133 ____A C:\Users\user\Desktop\checkup.txt
2012-12-02 11:54 - 2012-12-02 11:54 - 00856731 ____A C:\Users\user\Desktop\SecurityCheck.exe
2012-11-30 10:22 - 2012-11-30 10:22 - 00006500 ____A C:\Users\user\Desktop\attach.txt
2012-11-30 10:22 - 2012-11-30 09:42 - 00017913 ____A C:\Users\user\Desktop\dds.txt
2012-11-30 07:05 - 2012-11-30 07:01 - 00688992 ____R (Swearware) C:\Users\user\Desktop\dds.com
2012-11-29 18:12 - 2012-11-30 06:56 - 00002525 ____A C:\scu.dat
2012-11-29 17:29 - 2012-11-29 17:29 - 00000000 ____D C:\Program Files (x86)\ESET
2012-11-29 17:25 - 2012-12-03 07:29 - 00004418 ____A C:\Users\user\Desktop\aswMBR.txt
2012-11-29 17:25 - 2012-12-03 07:29 - 00000512 ____A C:\Users\user\Desktop\MBR.dat
2012-11-29 14:00 - 2012-11-29 14:00 - 00000000 ____A C:\Windows\setuperr.log
2012-11-29 14:00 - 2012-11-29 14:00 - 00000000 ____A C:\Windows\setupact.log
2012-11-29 13:59 - 2012-11-29 13:59 - 00012875 ____A C:\Users\user\Desktop\hijackthis.log
2012-11-29 13:57 - 2012-11-29 13:57 - 00388608 ____A (Trend Micro Inc.) C:\Users\user\Desktop\HijackThis.exe
2012-11-29 13:55 - 2012-11-29 13:55 - 00000000 ____D C:\Users\user\Desktop\avenger
2012-11-29 13:54 - 2012-11-29 13:54 - 00724952 ____A C:\Users\user\Desktop\avenger.zip
2012-11-29 13:03 - 2012-10-03 19:03 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-29 13:03 - 2012-10-03 18:24 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-29 13:03 - 2012-10-03 18:18 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-29 13:03 - 2012-10-03 18:12 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-29 13:03 - 2012-10-03 18:11 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-29 13:03 - 2012-10-03 18:10 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-29 13:03 - 2012-10-03 18:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-29 13:03 - 2012-10-03 18:08 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-29 13:03 - 2012-10-03 18:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-29 13:03 - 2012-10-03 18:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-29 13:03 - 2012-10-03 18:06 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-29 13:03 - 2012-10-03 18:05 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-29 13:03 - 2012-10-03 18:04 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-29 13:03 - 2012-10-03 18:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-29 13:03 - 2012-10-03 18:03 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-29 13:03 - 2012-10-03 17:59 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-29 13:03 - 2012-10-03 15:00 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-11-29 13:03 - 2012-10-03 14:35 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-11-29 13:03 - 2012-10-03 14:30 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-11-29 13:03 - 2012-10-03 14:22 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-11-29 13:03 - 2012-10-03 14:21 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-11-29 13:03 - 2012-10-03 14:21 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-11-29 13:03 - 2012-10-03 14:20 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-11-29 13:03 - 2012-10-03 14:19 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-11-29 13:03 - 2012-10-03 14:18 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-11-29 13:03 - 2012-10-03 14:18 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-11-29 13:03 - 2012-10-03 14:18 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-11-29 13:03 - 2012-10-03 14:16 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-11-29 13:03 - 2012-10-03 14:16 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-11-29 13:03 - 2012-10-03 14:15 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-11-29 13:03 - 2012-10-03 14:14 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-11-29 13:03 - 2012-10-03 14:11 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-11-29 11:32 - 2012-11-29 11:32 - 00000765 ____A C:\Users\user\Desktop\NTREGOPT.lnk
2012-11-29 11:32 - 2012-11-29 11:32 - 00000765 ____A C:\Users\Doug\Desktop\NTREGOPT.lnk
2012-11-29 11:32 - 2012-11-29 11:32 - 00000746 ____A C:\Users\user\Desktop\ERUNT.lnk
2012-11-29 11:32 - 2012-11-29 11:32 - 00000746 ____A C:\Users\Doug\Desktop\ERUNT.lnk
2012-11-29 11:32 - 2012-11-29 11:32 - 00000000 ____D C:\Program Files (x86)\ERUNT
2012-11-29 11:23 - 2012-12-03 07:01 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-11-29 11:17 - 2012-11-29 11:20 - 96932124 ____A C:\Users\user\Downloads\avg_arl_ffi_all_120_120823a5411.rar
2012-11-29 11:07 - 2012-11-29 11:07 - 00075592 ____A C:\Users\user\Local Settings\GDIPFONTCACHEV1.DAT
2012-11-29 11:07 - 2012-11-29 11:07 - 00075592 ____A C:\Users\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-11-29 11:07 - 2012-11-29 11:07 - 00075592 ____A C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-29 10:24 - 2012-10-12 06:53 - 02769920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-29 10:24 - 2012-09-25 08:31 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-11-29 10:24 - 2012-09-25 08:19 - 00075776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2012-11-29 10:24 - 2012-09-13 05:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-11-29 10:24 - 2012-09-13 05:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-11-29 10:24 - 2012-08-29 03:40 - 04699520 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-11-29 10:24 - 2012-08-24 08:07 - 00218624 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-11-29 10:24 - 2012-08-24 07:53 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-11-29 10:24 - 2012-06-01 16:20 - 01268736 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-11-29 10:24 - 2012-06-01 16:20 - 00174592 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-11-29 10:24 - 2012-06-01 16:20 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-11-29 10:24 - 2012-06-01 16:02 - 00985088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-11-29 10:24 - 2012-06-01 16:02 - 00133120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-11-29 10:24 - 2012-06-01 16:02 - 00098304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-11-29 09:52 - 2012-12-03 10:11 - 00476360 ____A C:\Windows\WindowsUpdate.log
2012-11-29 09:46 - 2012-11-29 09:46 - 00001023 ____A C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2012-11-29 09:46 - 2012-11-29 09:46 - 00001023 ____A C:\Users\All Users\Desktop\Revo Uninstaller Pro.lnk
2012-11-29 09:46 - 2012-11-29 09:46 - 00000000 ____D C:\Users\user\Local Settings\VS Revo Group
2012-11-29 09:46 - 2012-11-29 09:46 - 00000000 ____D C:\Users\user\Local Settings\Application Data\VS Revo Group
2012-11-29 09:46 - 2012-11-29 09:46 - 00000000 ____D C:\Users\user\AppData\Local\VS Revo Group
2012-11-29 09:46 - 2012-11-29 09:46 - 00000000 ____D C:\Program Files\VS Revo Group
2012-11-29 09:46 - 2009-12-30 09:21 - 00031800 ____A (VS Revo Group) C:\Windows\System32\Drivers\revoflt.sys
2012-11-29 08:24 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-11-29 08:24 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-11-29 08:24 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-11-29 08:24 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-11-29 08:24 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-11-29 08:24 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-11-29 08:24 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-11-29 08:24 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-11-29 08:20 - 2012-11-29 11:32 - 00000000 ____D C:\Windows\erdnt
2012-11-29 08:20 - 2012-11-29 08:20 - 00000000 ____D C:\Qoobox
2012-11-29 08:17 - 2012-12-02 16:30 - 05009299 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe
2012-11-29 08:17 - 2012-11-06 08:49 - 07921688 ____A (VS Revo Group ) C:\Users\user\Desktop\RevoUninProSetup.exe
2012-11-29 08:17 - 2012-11-06 08:48 - 00791393 ____A (Lars Hederer ) C:\Users\user\Desktop\erunt-setup.exe
2012-11-29 07:55 - 2012-11-29 07:55 - 00000000 ____D C:\Users\user\Application Data\AVG2013
2012-11-29 07:55 - 2012-11-29 07:55 - 00000000 ____D C:\Users\user\AppData\Roaming\AVG2013
2012-11-29 07:47 - 2012-11-29 07:47 - 00000874 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2012-11-29 07:47 - 2012-11-29 07:47 - 00000874 ____A C:\Users\All Users\Desktop\AVG 2013.lnk
2012-11-29 07:47 - 2012-11-29 07:47 - 00000000 ____D C:\Users\user\Local Settings\AVG Secure Search
2012-11-29 07:47 - 2012-11-29 07:47 - 00000000 ____D C:\Users\user\Local Settings\Application Data\AVG Secure Search
2012-11-29 07:47 - 2012-11-29 07:47 - 00000000 ____D C:\Users\user\Application Data\TuneUp Software
2012-11-29 07:47 - 2012-11-29 07:47 - 00000000 ____D C:\Users\user\AppData\Roaming\TuneUp Software
2012-11-29 07:47 - 2012-11-29 07:47 - 00000000 ____D C:\Users\user\AppData\Local\AVG Secure Search
2012-11-29 07:46 - 2012-11-29 07:47 - 00000000 ____D C:\Users\All Users\AVG2013
2012-11-29 07:46 - 2012-11-29 07:47 - 00000000 ____D C:\Users\All Users\Application Data\AVG2013
2012-11-29 07:46 - 2012-11-29 07:46 - 00030568 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-11-29 07:46 - 2012-11-29 07:46 - 00000000 ___HD C:\$AVG
2012-11-29 07:45 - 2012-11-29 07:45 - 00000000 ____D C:\Program Files (x86)\AVG
2012-11-29 07:27 - 2012-12-03 06:15 - 00000000 ____D C:\Users\All Users\MFAData
2012-11-29 07:27 - 2012-12-03 06:15 - 00000000 ____D C:\Users\All Users\Application Data\MFAData
2012-11-29 07:27 - 2012-11-29 11:24 - 00000000 ____D C:\Users\user\Local Settings\Avg2013
2012-11-29 07:27 - 2012-11-29 11:24 - 00000000 ____D C:\Users\user\Local Settings\Application Data\Avg2013
2012-11-29 07:27 - 2012-11-29 11:24 - 00000000 ____D C:\Users\user\AppData\Local\Avg2013
2012-11-29 07:27 - 2012-11-29 07:27 - 00000000 ____D C:\Users\user\Local Settings\MFAData
2012-11-29 07:27 - 2012-11-29 07:27 - 00000000 ____D C:\Users\user\Local Settings\Application Data\MFAData
2012-11-29 07:27 - 2012-11-29 07:27 - 00000000 ____D C:\Users\user\AppData\Local\MFAData
2012-11-29 07:26 - 2012-11-29 07:40 - 04424392 ____A (AVG Technologies) C:\Users\user\Downloads\avg_free_stb_all_2013_2793_cnet.exe
2012-11-29 07:18 - 2012-12-02 19:38 - 00020290 ____A C:\Windows\PFRO.log
2012-11-29 07:18 - 2012-11-29 13:44 - 02237064 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-28 07:30 - 2012-11-28 07:30 - 00000000 ____D C:\Users\user\Application Data\Malwarebytes
2012-11-28 07:30 - 2012-11-28 07:30 - 00000000 ____D C:\Users\user\AppData\Roaming\Malwarebytes
2012-11-28 07:29 - 2012-11-29 16:44 - 00000950 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-28 07:29 - 2012-11-29 16:44 - 00000950 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-28 07:29 - 2012-11-29 16:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-28 07:29 - 2012-11-28 07:29 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-11-28 07:29 - 2012-11-28 07:29 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-11-28 07:29 - 2012-09-29 17:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-11-27 11:13 - 2012-11-27 11:13 - 00000000 ____D C:\Users\All Users\Application Data\?O?Orogram Files (x86)
2012-11-27 11:13 - 2012-11-27 11:13 - 00000000 ____D C:\Users\All Users\?O?Orogram Files (x86)
2012-11-26 04:48 - 2012-11-26 04:49 - 00000000 ____D C:\Users\All Users\Application Data\????rogram Files (x86)
2012-11-26 04:48 - 2012-11-26 04:49 - 00000000 ____D C:\Users\All Users\????rogram Files (x86)


==================== One Month Modified Files and Folders =======

2012-12-03 12:28 - 2012-12-03 12:28 - 00000000 ____D C:\FRST
2012-12-03 10:11 - 2012-11-29 09:52 - 00476360 ____A C:\Windows\WindowsUpdate.log
2012-12-03 10:11 - 2006-11-02 07:42 - 00032636 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-12-03 10:11 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-03 10:11 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-03 10:11 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-03 09:56 - 2009-12-27 18:04 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-12-03 09:29 - 2012-03-30 10:53 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-03 07:29 - 2012-11-29 17:25 - 00004418 ____A C:\Users\user\Desktop\aswMBR.txt
2012-12-03 07:29 - 2012-11-29 17:25 - 00000512 ____A C:\Users\user\Desktop\MBR.dat
2012-12-03 07:04 - 2012-12-03 06:58 - 04732416 ____A (AVAST Software) C:\Users\user\Desktop\aswMBR.exe
2012-12-03 07:01 - 2012-11-29 11:23 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-12-03 06:58 - 2012-12-03 06:58 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\user\Desktop\tdsskiller.exe
2012-12-03 06:55 - 2009-12-27 18:04 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-12-03 06:15 - 2012-11-29 07:27 - 00000000 ____D C:\Users\All Users\MFAData
2012-12-03 06:15 - 2012-11-29 07:27 - 00000000 ____D C:\Users\All Users\Application Data\MFAData
2012-12-02 19:46 - 2006-11-02 04:46 - 00703342 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-02 19:38 - 2012-11-29 07:18 - 00020290 ____A C:\Windows\PFRO.log
2012-12-02 19:11 - 2012-12-02 19:05 - 00000000 ___SD C:\ComboFix
2012-12-02 16:30 - 2012-11-29 08:17 - 05009299 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe
2012-12-02 14:23 - 2012-12-02 14:23 - 00001632 ____A C:\Users\user\Desktop\RKreport[4]_D_12022012_02d1623.txt
2012-12-02 14:22 - 2012-12-02 14:22 - 00002094 ____A C:\Users\user\Desktop\RKreport[3]_S_12022012_02d1622.txt
2012-12-02 14:21 - 2012-12-02 14:02 - 00000000 ____D C:\Users\user\Desktop\RK_Quarantine
2012-12-02 14:19 - 2010-11-08 10:53 - 00002982 ____A C:\Users\user\Application Data\wklnhst.dat
2012-12-02 14:19 - 2010-11-08 10:53 - 00002982 ____A C:\Users\user\AppData\Roaming\wklnhst.dat
2012-12-02 14:05 - 2012-12-02 14:05 - 00002446 ____A C:\Users\user\Desktop\RKreport[2]_D_12022012_02d1605.txt
2012-12-02 14:04 - 2012-12-02 14:04 - 00002353 ____A C:\Users\user\Desktop\RKreport[1]_S_12022012_02d1604.txt
2012-12-02 14:02 - 2012-12-02 14:02 - 00752128 ____A C:\Users\user\Desktop\RogueKiller.exe
2012-12-02 14:02 - 2012-12-02 14:02 - 00015956 ____A C:\Users\user\Desktop\AdwCleaner[S1].txt
2012-12-02 13:54 - 2011-06-13 09:15 - 00000680 ____A C:\Users\user\Local Settings\d3d9caps.dat
2012-12-02 13:54 - 2011-06-13 09:15 - 00000680 ____A C:\Users\user\Local Settings\Application Data\d3d9caps.dat
2012-12-02 13:54 - 2011-06-13 09:15 - 00000680 ____A C:\Users\user\AppData\Local\d3d9caps.dat
2012-12-02 12:56 - 2012-12-02 12:56 - 00015956 ____A C:\AdwCleaner[S1].txt
2012-12-02 12:55 - 2012-12-02 12:54 - 00540743 ____A C:\Users\user\Desktop\adwcleaner.exe
2012-12-02 12:53 - 2012-12-02 12:53 - 00001133 ____A C:\Users\user\Desktop\checkup.txt
2012-12-02 11:54 - 2012-12-02 11:54 - 00856731 ____A C:\Users\user\Desktop\SecurityCheck.exe
2012-12-01 01:30 - 2009-06-06 13:51 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-11-30 11:02 - 2010-09-15 14:07 - 00002027 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-11-30 11:02 - 2010-09-15 14:07 - 00002027 ____A C:\Users\All Users\Desktop\Google Chrome.lnk
2012-11-30 10:22 - 2012-11-30 10:22 - 00006500 ____A C:\Users\user\Desktop\attach.txt
2012-11-30 09:42 - 2012-11-30 10:22 - 00017913 ____A C:\Users\user\Desktop\dds.txt
2012-11-30 07:01 - 2012-11-30 07:05 - 00688992 ____R (Swearware) C:\Users\user\Desktop\dds.com
2012-11-30 06:56 - 2012-11-29 18:12 - 00002525 ____A C:\scu.dat
2012-11-29 19:17 - 2010-07-25 19:19 - 00000000 ____D C:\Users\user\Application Data\9F7369E2A19CCECF68CA763D8D9691B4
2012-11-29 19:17 - 2010-07-25 19:19 - 00000000 ____D C:\Users\user\AppData\Roaming\9F7369E2A19CCECF68CA763D8D9691B4
2012-11-29 17:29 - 2012-11-29 17:29 - 00000000 ____D C:\Program Files (x86)\ESET
2012-11-29 16:44 - 2012-11-28 07:29 - 00000950 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-29 16:44 - 2012-11-28 07:29 - 00000950 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-29 16:44 - 2012-11-28 07:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-29 14:02 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\rescache
2012-11-29 14:00 - 2012-11-29 14:00 - 00000000 ____A C:\Windows\setuperr.log
2012-11-29 14:00 - 2012-11-29 14:00 - 00000000 ____A C:\Windows\setupact.log
2012-11-29 14:00 - 2009-06-02 16:57 - 00000456 ____A C:\Windows\Tasks\PCDRScheduledMaintenance.job
2012-11-29 13:59 - 2012-11-29 13:59 - 00012875 ____A C:\Users\user\Desktop\hijackthis.log
2012-11-29 13:57 - 2012-11-29 13:57 - 00388608 ____A (Trend Micro Inc.) C:\Users\user\Desktop\HijackThis.exe
2012-11-29 13:55 - 2012-11-29 13:55 - 00000000 ____D C:\Users\user\Desktop\avenger
2012-11-29 13:54 - 2012-11-29 13:54 - 00724952 ____A C:\Users\user\Desktop\avenger.zip
2012-11-29 13:44 - 2012-11-29 07:18 - 02237064 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-29 13:12 - 2009-06-02 14:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2012-11-29 11:32 - 2012-11-29 11:32 - 00000765 ____A C:\Users\user\Desktop\NTREGOPT.lnk
2012-11-29 11:32 - 2012-11-29 11:32 - 00000765 ____A C:\Users\Doug\Desktop\NTREGOPT.lnk
2012-11-29 11:32 - 2012-11-29 11:32 - 00000746 ____A C:\Users\user\Desktop\ERUNT.lnk
2012-11-29 11:32 - 2012-11-29 11:32 - 00000746 ____A C:\Users\Doug\Desktop\ERUNT.lnk
2012-11-29 11:32 - 2012-11-29 11:32 - 00000000 ____D C:\Program Files (x86)\ERUNT
2012-11-29 11:32 - 2012-11-29 08:20 - 00000000 ____D C:\Windows\erdnt
2012-11-29 11:24 - 2012-11-29 07:27 - 00000000 ____D C:\Users\user\Local Settings\Avg2013
2012-11-29 11:24 - 2012-11-29 07:27 - 00000000 ____D C:\Users\user\Local Settings\Application Data\Avg2013
2012-11-29 11:24 - 2012-11-29 07:27 - 00000000 ____D C:\Users\user\AppData\Local\Avg2013
2012-11-29 11:20 - 2012-11-29 11:17 - 96932124 ____A C:\Users\user\Downloads\avg_arl_ffi_all_120_120823a5411.rar
2012-11-29 11:18 - 2011-12-31 16:01 - 00001945 ____A C:\Windows\epplauncher.mif
2012-11-29 11:07 - 2012-11-29 11:07 - 00075592 ____A C:\Users\user\Local Settings\GDIPFONTCACHEV1.DAT
2012-11-29 11:07 - 2012-11-29 11:07 - 00075592 ____A C:\Users\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-11-29 11:07 - 2012-11-29 11:07 - 00075592 ____A C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-29 09:47 - 2009-06-02 14:42 - 00000000 ____D C:\Users\All Users\Norton
2012-11-29 09:47 - 2009-06-02 14:42 - 00000000 ____D C:\Users\All Users\Application Data\Norton
2012-11-29 09:46 - 2012-11-29 09:46 - 00001023 ____A C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2012-11-29 09:46 - 2012-11-29 09:46 - 00001023 ____A C:\Users\All Users\Desktop\Revo Uninstaller Pro.lnk
2012-11-29 09:46 - 2012-11-29 09:46 - 00000000 ____D C:\Users\user\Local Settings\VS Revo Group
2012-11-29 09:46 - 2012-11-29 09:46 - 00000000 ____D C:\Users\user\Local Settings\Application Data\VS Revo Group
2012-11-29 09:46 - 2012-11-29 09:46 - 00000000 ____D C:\Users\user\AppData\Local\VS Revo Group
2012-11-29 09:46 - 2012-11-29 09:46 - 00000000 ____D C:\Program Files\VS Revo Group
2012-11-29 08:20 - 2012-11-29 08:20 - 00000000 ____D C:\Qoobox
2012-11-29 07:55 - 2012-11-29 07:55 - 00000000 ____D C:\Users\user\Application Data\AVG2013
2012-11-29 07:55 - 2012-11-29 07:55 - 00000000 ____D C:\Users\user\AppData\Roaming\AVG2013
2012-11-29 07:47 - 2012-11-29 07:47 - 00000874 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2012-11-29 07:47 - 2012-11-29 07:47 - 00000874 ____A C:\Users\All Users\Desktop\AVG 2013.lnk
2012-11-29 07:47 - 2012-11-29 07:47 - 00000000 ____D C:\Users\user\Local Settings\AVG Secure Search
2012-11-29 07:47 - 2012-11-29 07:47 - 00000000 ____D C:\Users\user\Local Settings\Application Data\AVG Secure Search
2012-11-29 07:47 - 2012-11-29 07:47 - 00000000 ____D C:\Users\user\Application Data\TuneUp Software
2012-11-29 07:47 - 2012-11-29 07:47 - 00000000 ____D C:\Users\user\AppData\Roaming\TuneUp Software
2012-11-29 07:47 - 2012-11-29 07:47 - 00000000 ____D C:\Users\user\AppData\Local\AVG Secure Search
2012-11-29 07:47 - 2012-11-29 07:46 - 00000000 ____D C:\Users\All Users\AVG2013
2012-11-29 07:47 - 2012-11-29 07:46 - 00000000 ____D C:\Users\All Users\Application Data\AVG2013
2012-11-29 07:46 - 2012-11-29 07:46 - 00030568 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-11-29 07:46 - 2012-11-29 07:46 - 00000000 ___HD C:\$AVG
2012-11-29 07:45 - 2012-11-29 07:45 - 00000000 ____D C:\Program Files (x86)\AVG
2012-11-29 07:40 - 2012-11-29 07:26 - 04424392 ____A (AVG Technologies) C:\Users\user\Downloads\avg_free_stb_all_2013_2793_cnet.exe
2012-11-29 07:27 - 2012-11-29 07:27 - 00000000 ____D C:\Users\user\Local Settings\MFAData
2012-11-29 07:27 - 2012-11-29 07:27 - 00000000 ____D C:\Users\user\Local Settings\Application Data\MFAData
2012-11-29 07:27 - 2012-11-29 07:27 - 00000000 ____D C:\Users\user\AppData\Local\MFAData
2012-11-29 06:42 - 2012-08-29 14:02 - 00000000 ____D C:\Users\user\Local Settings\Application Data\{F0A33709-CB73-5E74-2886-D9050837DC5D}
2012-11-29 06:42 - 2012-08-29 14:02 - 00000000 ____D C:\Users\user\Local Settings\{F0A33709-CB73-5E74-2886-D9050837DC5D}
2012-11-29 06:42 - 2012-08-29 14:02 - 00000000 ____D C:\Users\user\AppData\Local\{F0A33709-CB73-5E74-2886-D9050837DC5D}
2012-11-29 06:38 - 2009-06-03 06:03 - 00000000 ____D C:\Users\user\Application Data\Zubu
2012-11-29 06:38 - 2009-06-03 06:03 - 00000000 ____D C:\Users\user\AppData\Roaming\Zubu
2012-11-29 06:38 - 2009-06-03 03:01 - 00000000 ____D C:\Users\user\Application Data\Ihytin
2012-11-29 06:38 - 2009-06-03 03:01 - 00000000 ____D C:\Users\user\AppData\Roaming\Ihytin
2012-11-29 06:33 - 2011-05-08 12:39 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2012-11-28 07:30 - 2012-11-28 07:30 - 00000000 ____D C:\Users\user\Application Data\Malwarebytes
2012-11-28 07:30 - 2012-11-28 07:30 - 00000000 ____D C:\Users\user\AppData\Roaming\Malwarebytes
2012-11-28 07:29 - 2012-11-28 07:29 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-11-28 07:29 - 2012-11-28 07:29 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-11-27 11:13 - 2012-11-27 11:13 - 00000000 ____D C:\Users\All Users\Application Data\?O?Orogram Files (x86)
2012-11-27 11:13 - 2012-11-27 11:13 - 00000000 ____D C:\Users\All Users\?O?Orogram Files (x86)
2012-11-26 15:18 - 2009-06-02 14:26 - 00000330 ____A C:\Windows\Tasks\HPCeeScheduleForuser.job
2012-11-26 04:49 - 2012-11-26 04:48 - 00000000 ____D C:\Users\All Users\Application Data\????rogram Files (x86)
2012-11-26 04:49 - 2012-11-26 04:48 - 00000000 ____D C:\Users\All Users\????rogram Files (x86)
2012-11-06 17:47 - 2009-06-03 19:23 - 00000000 ____D C:\Users\All Users\Application Data\Adobe
2012-11-06 17:47 - 2009-06-03 19:23 - 00000000 ____D C:\Users\All Users\Adobe
2012-11-06 08:49 - 2012-11-29 08:17 - 07921688 ____A (VS Revo Group ) C:\Users\user\Desktop\RevoUninProSetup.exe
2012-11-06 08:48 - 2012-11-29 08:17 - 00791393 ____A (Lars Hederer ) C:\Users\user\Desktop\erunt-setup.exe

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

ZeroAccess:
C:\Users\user\AppData\Local\{59661dd9-d784-c997-6fcb-04efdd7204ce}
C:\Users\user\AppData\Local\{59661dd9-d784-c997-6fcb-04efdd7204ce}\@
C:\Users\user\AppData\Local\{59661dd9-d784-c997-6fcb-04efdd7204ce}\L
C:\Users\user\AppData\Local\{59661dd9-d784-c997-6fcb-04efdd7204ce}\U

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe B8844F93D2C5F1DCDB179AAA9AF134B7 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-27 18:10:53
Restore point made on: 2012-10-29 01:15:17
Restore point made on: 2012-11-01 20:39:15
Restore point made on: 2012-11-05 17:49:53
Restore point made on: 2012-11-11 20:33:04
Restore point made on: 2012-11-13 12:36:33
Restore point made on: 2012-11-19 06:07:29
Restore point made on: 2012-11-19 23:13:36
Restore point made on: 2012-11-21 07:22:17
Restore point made on: 2012-11-26 17:51:43
Restore point made on: 2012-11-29 06:17:36
Restore point made on: 2012-11-29 06:28:15
Restore point made on: 2012-11-29 06:35:09
Restore point made on: 2012-11-29 06:55:45
Restore point made on: 2012-11-29 07:05:06
Restore point made on: 2012-11-29 11:19:03
Restore point made on: 2012-11-29 13:03:03
Restore point made on: 2012-12-02 13:57:47
Restore point made on: 2012-12-02 21:48:41

==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 3964.26 MB
Available physical RAM: 3205.58 MB
Total Pagefile: 3692.5 MB
Available Pagefile: 3292.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Partitions =============================

1 Drive c: (HP) (Fixed) (Total:452.67 GB) (Free:230.93 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.09 GB) (Free:1.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Removable) (Total:0.93 GB) (Free:0.71 GB) FAT
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 0 B
Disk 1 Online 971 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 453 GB 32 KB
Partition 2 Primary 13 GB 453 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C HP NTFS Partition 453 GB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D FACTORY_IMA NTFS Partition 13 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 956 MB 65 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 956 MB Healthy

=========================================================

Last Boot: 2012-12-03 07:55

==================== End Of Log =============================

Farbar Recovery Scan Tool (x64) Version: 02-12-2012
Ran by SYSTEM at 2012-12-03 15:24:31
Running from F:\

================== Search: "services.exe" ===================

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:15 AM

Posted 04 December 2012 - 12:11 AM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Link 1
Link 2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
services.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users