Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer is badly infected by a unidentified malware.


  • This topic is locked This topic is locked
30 replies to this topic

#1 Slayer90

Slayer90

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 09 February 2013 - 09:52 PM

I tried fixing the problem wasn't successful and was told to go here. http://www.bleepingcomputer.com/forums/t/484628/i-think-im-infected/

 

 

I'm badly infected with unknown sophisticated malware. My computer's symptoms are very slow performance both on opening files folders, and notepads on my desktop as well as load sites on the both internet explorer and firefox. I also get DDOS. My entire computer would very often freeze for 5 to 10 minutes repeatedly. Itried using F- Secure, Avast!, Eset and Malwarebytes but they weren't able to detect anything.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 10.11.2
Run by User at 18:42:28 on 2013-02-09
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2935.1796 [GMT -8:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\BitTorrent\BitTorrent.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe"  /MINIMIZED
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE -startup
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{905D5036-9DD2-4218-A7F4-49DE389F785D} : DHCPNameServer = 192.168.0.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\ayfi2uva.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_149.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-01-21 15:55; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-1-21 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-1-21 361032]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-6 163328]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-1-21 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-1-21 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-1-21 44808]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-2-7 398184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-2-7 682344]
R2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [2012-12-25 181760]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [2011-5-4 5120]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2011-4-19 69232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-2-7 21104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-1-21 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-12-25 1343400]
.
=============== Created Last 30 ================
.
2013-02-09 00:42:32    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-02-08 18:24:58    --------    d-----w-    c:\program files\ESET
2013-02-08 16:36:22    6991832    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{644e4c78-06e4-4696-804c-6d402159c5d3}\mpengine.dll
2013-02-07 21:49:01    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-02-07 21:49:01    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-02-06 23:52:58    --------    d-----w-    c:\users\user\appdata\roaming\URSoft
2013-02-06 23:52:49    --------    d-----w-    c:\program files\Your Uninstaller 2010
2013-02-06 06:21:23    --------    d-----w-    c:\programdata\regid.1986-12.com.adobe
2013-02-06 06:11:04    --------    d-----w-    c:\users\user\appdata\local\Adobe
2013-01-27 06:03:02    --------    d-----w-    c:\users\user\appdata\roaming\f-secure
2013-01-27 06:02:38    --------    d-----w-    c:\programdata\F-Secure
2013-01-27 05:51:41    859552    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-01-27 05:51:41    780192    ----a-w-    c:\windows\system32\deployJava1.dll
2013-01-27 05:51:26    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-01-22 21:56:27    712048    ----a-w-    c:\windows\system32\drivers\ndis.sys
2013-01-22 21:56:27    33280    ----a-w-    c:\windows\system32\drivers\RNDISMP.sys
2013-01-22 21:56:11    245760    ----a-w-    c:\windows\system32\OxpsConverter.exe
2013-01-22 21:55:25    156672    ----a-w-    c:\windows\system32\ncsi.dll
2013-01-22 21:55:25    1293680    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-01-22 21:55:24    499712    ----a-w-    c:\windows\system32\iphlpsvc.dll
2013-01-22 21:55:24    240496    ----a-w-    c:\windows\system32\drivers\netio.sys
2013-01-22 21:55:24    187760    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
2013-01-22 21:55:23    52224    ----a-w-    c:\windows\system32\nlaapi.dll
2013-01-22 21:55:23    35328    ----a-w-    c:\windows\system32\drivers\tcpipreg.sys
2013-01-22 21:55:23    242176    ----a-w-    c:\windows\system32\nlasvc.dll
2013-01-22 21:55:23    18944    ----a-w-    c:\windows\system32\netevent.dll
2013-01-22 21:55:23    175104    ----a-w-    c:\windows\system32\netcorehc.dll
2013-01-22 21:55:13    49152    ----a-w-    c:\windows\system32\taskhost.exe
2013-01-22 21:54:48    44032    ----a-w-    c:\windows\system32\dhcpcsvc6.dll
2013-01-22 21:54:48    193536    ----a-w-    c:\windows\system32\dhcpcore6.dll
2013-01-22 03:48:33    --------    d-----w-    c:\windows\system32\SPReview
2013-01-22 03:41:12    1130824    ----a-w-    c:\windows\system32\dfshim.dll
2013-01-22 03:41:02    52224    ----a-w-    c:\windows\system32\drivers\TsUsbFlt.sys
2013-01-22 03:41:02    11776    ----a-w-    c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-01-22 03:41:01    3215872    ----a-w-    c:\windows\system32\mstscax.dll
2013-01-22 03:39:59    286720    ----a-w-    c:\windows\system32\winlogon.exe
2013-01-22 03:38:59    905216    ----a-w-    c:\windows\system32\mmsys.cpl
2013-01-22 03:37:59    516096    ----a-w-    c:\program files\windows mail\wab.exe
2013-01-22 03:36:55    189952    ----a-w-    c:\windows\system32\wdscore.dll
2013-01-22 03:36:41    189952    ----a-w-    c:\program files\windows portable devices\sqmapi.dll
2013-01-22 03:36:40    606208    ----a-w-    c:\windows\system32\wbem\fastprox.dll
2013-01-22 03:36:40    363008    ----a-w-    c:\windows\system32\wbemcomn.dll
2013-01-22 03:36:30    189952    ----a-w-    c:\windows\system32\sqmapi.dll
2013-01-21 23:53:40    --------    d-----w-    c:\users\user\appdata\local\Google
2013-01-21 23:53:37    44784    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-01-21 23:53:36    738504    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-01-21 23:53:33    58680    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-01-21 23:52:46    41224    ----a-w-    c:\windows\avastSS.scr
2013-01-21 23:52:26    --------    d-----w-    c:\programdata\AVAST Software
2013-01-21 23:52:26    --------    d-----w-    c:\program files\AVAST Software
2013-01-16 04:23:53    --------    d-----w-    C:\Fraps
2013-01-12 01:28:07    --------    d-----w-    c:\windows\system32\xlive
2013-01-12 01:28:02    --------    d-----w-    c:\program files\Microsoft Games for Windows - LIVE
2013-01-12 01:26:59    62744    ----a-w-    c:\windows\system32\xinput1_2.dll
2013-01-12 01:18:10    --------    d-----w-    c:\program files\Capcom
2013-01-11 05:02:23    --------    d-----w-    c:\windows\lhsp
2013-01-11 05:02:21    --------    d-----w-    c:\program files\CFS-Technologies
.
==================== Find3M  ====================
.
2013-02-07 21:29:12    74096    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-07 21:29:12    697712    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-01-22 03:59:32    152576    ----a-w-    c:\windows\system32\msclmd.dll
2013-01-17 09:28:58    232336    ------w-    c:\windows\system32\MpSigStub.exe
2013-01-11 00:44:55    20480    ----a-w-    c:\windows\system32\cliconfg.728
2012-12-25 18:42:45    0    ----a-w-    c:\windows\ativpsrm.bin
2012-12-16 14:13:28    295424    ----a-w-    c:\windows\system32\atmfd.dll
2012-12-16 14:13:20    34304    ----a-w-    c:\windows\system32\atmlib.dll
2012-12-07 12:26:17    308736    ----a-w-    c:\windows\system32\Wpc.dll
2012-12-07 12:20:43    2576384    ----a-w-    c:\windows\system32\gameux.dll
2012-11-30 04:53:34    169984    ----a-w-    c:\windows\system32\winsrv.dll
2012-11-30 04:47:45    293376    ----a-w-    c:\windows\system32\KernelBase.dll
2012-11-30 02:55:25    271360    ----a-w-    c:\windows\system32\conhost.exe
2012-11-30 02:38:59    6144    ---ha-w-    c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-23 02:56:23    2345984    ----a-w-    c:\windows\system32\win32k.sys
2012-11-22 04:45:03    626688    ----a-w-    c:\windows\system32\usp10.dll
2012-11-20 04:51:09    220160    ----a-w-    c:\windows\system32\ncrypt.dll
.
============= FINISH: 18:50:36.44 ===============
 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/24/2012 10:23:18 AM
System Uptime: 2/9/2013 9:44:19 AM (9 hours ago)
.
Motherboard: PEGATRON CORPORATION |  | 2AD1
Processor: AMD E-450 APU with Radeon™ HD Graphics | CPU 1 | 1650/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 203 GiB total, 132.139 GiB free.
E: is CDROM ()
F: is Removable
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP28: 1/29/2013 11:00:13 AM - Windows Update
RP29: 2/1/2013 11:08:29 AM - Windows Update
RP30: 2/5/2013 10:54:06 AM - Windows Update
RP32: 2/6/2013 3:53:54 PM - Before uninstalling Adobe Photoshop CS5.1
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5.1
avast! Free Antivirus
BitTorrent
ESET Online Scanner v3
Google Chrome
Google Update Helper
IsoBuster 2.8.5
Java 7 Update 11
Java Auto Updater
Java SE Development Kit 7 Update 11
Lernout & Hauspie TruVoice American English TTS Engine
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 4 Client Profile
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 18.0.2 (x86 en-US)
Mozilla Maintenance Service
PDF Settings CS5
PowerISO
Rayman Origins version 1.0
Samsung Network PC Fax
Samsung SCX-472x Series
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Sony Media Manager 2.2
Sony Vegas 7.0a
Speakonia
Street Fighter X Tekken
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VLC media player 2.0.5
Windows Live ID Sign-in Assistant
WinRAR 4.11 (32-bit)
Your Uninstaller! 2010
.
==== Event Viewer Messages From Past Week ========
.
2/8/2013 6:12:33 PM, Error: Service Control Manager [7038]  - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/8/2013 6:12:33 PM, Error: Service Control Manager [7000]  - The UPnP Device Host service failed to start due to the following error:  The service did not start due to a logon failure.
2/8/2013 6:12:33 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
2/4/2013 4:20:20 PM, Error: Service Control Manager [7000]  - The F-Secure BlackLight Sensor service failed to start due to the following error:  Access is denied.
.
==== End Of File ===========================
 

 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,729 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:56 AM

Posted 14 February 2013 - 09:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

:step1: In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/484805 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

:step2: If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 15 February 2013 - 10:44 PM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16464  BrowserJavaVersion: 10.11.2
Run by User at 19:41:00 on 2013-02-15
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2935.1855 [GMT -8:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe
C:\Program Files\BitTorrent\BitTorrent.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe"  /MINIMIZED
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE -startup
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{905D5036-9DD2-4218-A7F4-49DE389F785D} : DHCPNameServer = 192.168.0.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\ayfi2uva.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_149.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-01-21 15:55; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-1-21 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-1-21 361032]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-6 163328]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-1-21 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-1-21 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-1-21 44808]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-2-7 398184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-2-7 682344]
R2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [2012-12-25 181760]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [2011-5-4 5120]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-2-7 21104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2011-4-19 69232]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-1-21 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-12-25 1343400]
.
=============== Created Last 30 ================
.
2013-02-15 19:09:02    6991832    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{8443f903-7710-4153-aa9f-16157701fb6b}\mpengine.dll
2013-02-13 18:08:46    2347008    ----a-w-    c:\windows\system32\win32k.sys
2013-02-13 18:08:32    3967848    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-02-13 18:08:30    3913064    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-02-13 18:08:27    1293672    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-02-13 18:08:26    187752    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 18:08:21    169984    ----a-w-    c:\windows\system32\winsrv.dll
2013-02-12 21:33:39    --------    d-----w-    c:\users\user\appdata\local\Gas Powered Games
2013-02-12 21:28:42    --------    d-----w-    C:\temp
2013-02-12 21:23:58    --------    d-----w-    c:\programdata\Media Center Programs
2013-02-12 21:12:59    --------    d-----w-    c:\program files\THQ
2013-02-12 21:09:19    --------    d--h--w-    c:\windows\msdownld.tmp
2013-02-12 21:09:16    --------    d-----w-    c:\windows\system32\directx
2013-02-09 00:42:32    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-02-08 18:24:58    --------    d-----w-    c:\program files\ESET
2013-02-07 21:49:01    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-02-07 21:49:01    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-02-06 23:52:58    --------    d-----w-    c:\users\user\appdata\roaming\URSoft
2013-02-06 23:52:49    --------    d-----w-    c:\program files\Your Uninstaller 2010
2013-02-06 06:21:23    --------    d-----w-    c:\programdata\regid.1986-12.com.adobe
2013-02-06 06:11:04    --------    d-----w-    c:\users\user\appdata\local\Adobe
2013-01-27 06:03:02    --------    d-----w-    c:\users\user\appdata\roaming\f-secure
2013-01-27 06:02:38    --------    d-----w-    c:\programdata\F-Secure
2013-01-27 05:51:41    859552    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-01-27 05:51:41    780192    ----a-w-    c:\windows\system32\deployJava1.dll
2013-01-27 05:51:26    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-01-22 21:56:27    712048    ----a-w-    c:\windows\system32\drivers\ndis.sys
2013-01-22 21:56:27    33280    ----a-w-    c:\windows\system32\drivers\RNDISMP.sys
2013-01-22 21:56:11    245760    ----a-w-    c:\windows\system32\OxpsConverter.exe
2013-01-22 21:55:25    156672    ----a-w-    c:\windows\system32\ncsi.dll
2013-01-22 21:55:24    499712    ----a-w-    c:\windows\system32\iphlpsvc.dll
2013-01-22 21:55:24    240496    ----a-w-    c:\windows\system32\drivers\netio.sys
2013-01-22 21:55:23    52224    ----a-w-    c:\windows\system32\nlaapi.dll
2013-01-22 21:55:23    35328    ----a-w-    c:\windows\system32\drivers\tcpipreg.sys
2013-01-22 21:55:23    242176    ----a-w-    c:\windows\system32\nlasvc.dll
2013-01-22 21:55:23    18944    ----a-w-    c:\windows\system32\netevent.dll
2013-01-22 21:55:23    175104    ----a-w-    c:\windows\system32\netcorehc.dll
2013-01-22 21:55:13    49152    ----a-w-    c:\windows\system32\taskhost.exe
2013-01-22 21:54:48    44032    ----a-w-    c:\windows\system32\dhcpcsvc6.dll
2013-01-22 21:54:48    193536    ----a-w-    c:\windows\system32\dhcpcore6.dll
2013-01-22 03:48:33    --------    d-----w-    c:\windows\system32\SPReview
2013-01-22 03:41:12    1130824    ----a-w-    c:\windows\system32\dfshim.dll
2013-01-22 03:41:02    52224    ----a-w-    c:\windows\system32\drivers\TsUsbFlt.sys
2013-01-22 03:41:02    11776    ----a-w-    c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-01-22 03:41:01    3215872    ----a-w-    c:\windows\system32\mstscax.dll
2013-01-22 03:39:59    286720    ----a-w-    c:\windows\system32\winlogon.exe
2013-01-22 03:38:59    905216    ----a-w-    c:\windows\system32\mmsys.cpl
2013-01-22 03:37:59    516096    ----a-w-    c:\program files\windows mail\wab.exe
2013-01-22 03:36:55    189952    ----a-w-    c:\windows\system32\wdscore.dll
2013-01-22 03:36:41    189952    ----a-w-    c:\program files\windows portable devices\sqmapi.dll
2013-01-22 03:36:40    606208    ----a-w-    c:\windows\system32\wbem\fastprox.dll
2013-01-22 03:36:40    363008    ----a-w-    c:\windows\system32\wbemcomn.dll
2013-01-22 03:36:30    189952    ----a-w-    c:\windows\system32\sqmapi.dll
2013-01-21 23:53:40    --------    d-----w-    c:\users\user\appdata\local\Google
2013-01-21 23:53:37    44784    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-01-21 23:53:36    738504    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-01-21 23:53:33    58680    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-01-21 23:52:46    41224    ----a-w-    c:\windows\avastSS.scr
2013-01-21 23:52:26    --------    d-----w-    c:\programdata\AVAST Software
2013-01-21 23:52:26    --------    d-----w-    c:\program files\AVAST Software
.
==================== Find3M  ====================
.
2013-02-07 21:29:12    74096    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-07 21:29:12    697712    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-01-22 03:59:32    152576    ----a-w-    c:\windows\system32\msclmd.dll
2013-01-17 09:28:58    232336    ------w-    c:\windows\system32\MpSigStub.exe
2013-01-11 00:44:55    20480    ----a-w-    c:\windows\system32\cliconfg.728
2013-01-08 22:11:21    1800704    ----a-w-    c:\windows\system32\jscript9.dll
2013-01-08 22:03:20    1129472    ----a-w-    c:\windows\system32\wininet.dll
2013-01-08 22:03:12    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-01-08 21:59:02    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-01-08 21:58:29    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-01-08 21:56:23    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2012-12-25 18:42:45    0    ----a-w-    c:\windows\ativpsrm.bin
2012-12-16 14:13:28    295424    ----a-w-    c:\windows\system32\atmfd.dll
2012-12-16 14:13:20    34304    ----a-w-    c:\windows\system32\atmlib.dll
2012-12-07 12:26:17    308736    ----a-w-    c:\windows\system32\Wpc.dll
2012-12-07 12:20:43    2576384    ----a-w-    c:\windows\system32\gameux.dll
2012-11-30 04:47:45    293376    ----a-w-    c:\windows\system32\KernelBase.dll
2012-11-30 02:55:25    271360    ----a-w-    c:\windows\system32\conhost.exe
2012-11-30 02:38:59    6144    ---ha-w-    c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-22 04:45:03    626688    ----a-w-    c:\windows\system32\usp10.dll
2012-11-20 04:51:09    220160    ----a-w-    c:\windows\system32\ncrypt.dll
.
============= FINISH: 19:41:23.45 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/24/2012 10:23:18 AM
System Uptime: 2/15/2013 11:03:59 AM (8 hours ago)
.
Motherboard: PEGATRON CORPORATION |  | 2AD1
Processor: AMD E-450 APU with Radeon™ HD Graphics | CPU 1 | 1650/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 203 GiB total, 128.633 GiB free.
E: is CDROM ()
F: is Removable
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
Device ID: PCI\VEN_1969&DEV_2062&SUBSYS_2AD1103C&REV_C1\4&186C6B44&0&00A9
Manufacturer: Atheros
Name: Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
PNP Device ID: PCI\VEN_1969&DEV_2062&SUBSYS_2AD1103C&REV_C1\4&186C6B44&0&00A9
Service: L1C
.
==== System Restore Points ===================
.
RP34: 2/12/2013 1:11:20 PM - Installed Supreme Commander ™
RP36: 2/12/2013 1:12:13 PM - Installed DirectX
RP37: 2/13/2013 10:04:57 AM - Windows Update
RP38: 2/13/2013 10:59:19 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5.1
avast! Free Antivirus
BitTorrent
ESET Online Scanner v3
Google Chrome
Google Update Helper
GPGNet
IsoBuster 2.8.5
Java 7 Update 11
Java Auto Updater
Java SE Development Kit 7 Update 11
Lernout & Hauspie TruVoice American English TTS Engine
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 4 Client Profile
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 18.0.2 (x86 en-US)
Mozilla Maintenance Service
PDF Settings CS5
PowerISO
Rayman Origins version 1.0
Samsung Network PC Fax
Samsung SCX-472x Series
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Sony Media Manager 2.2
Sony Vegas 7.0a
Speakonia
Street Fighter X Tekken
Supreme Commander
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VLC media player 2.0.5
Windows Live ID Sign-in Assistant
WinRAR 4.11 (32-bit)
Your Uninstaller! 2010
.
==== Event Viewer Messages From Past Week ========
.
2/8/2013 6:12:33 PM, Error: Service Control Manager [7038]  - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/8/2013 6:12:33 PM, Error: Service Control Manager [7000]  - The UPnP Device Host service failed to start due to the following error:  The service did not start due to a logon failure.
2/8/2013 6:12:33 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
2/14/2013 11:48:22 AM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
.
==== End Of File ===========================
 



#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:56 PM

Posted 16 February 2013 - 04:36 AM

Hello, my name is Elise and I'll assist you with this issue. :)

 

It looks like you ran TDSSkiller, do you still have the log (it should be saved as c:\tdsskiller<date/time>.txt)? 


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 16 February 2013 - 11:38 AM

08:37:25.0197 1600  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
08:37:25.0927 1600  ============================================================
08:37:25.0927 1600  Current date / time: 2013/02/16 08:37:25.0927
08:37:25.0927 1600  SystemInfo:
08:37:25.0927 1600  
08:37:25.0927 1600  OS Version: 6.1.7601 ServicePack: 1.0
08:37:25.0927 1600  Product type: Workstation
08:37:25.0927 1600  ComputerName: USER-PC
08:37:25.0927 1600  UserName: User
08:37:25.0927 1600  Windows directory: C:\Windows
08:37:25.0927 1600  System windows directory: C:\Windows
08:37:25.0927 1600  Processor architecture: Intel x86
08:37:25.0927 1600  Number of processors: 2
08:37:25.0927 1600  Page size: 0x1000
08:37:25.0927 1600  Boot type: Normal boot
08:37:25.0927 1600  ============================================================
08:37:26.0657 1600  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:37:26.0687 1600  ============================================================
08:37:26.0687 1600  \Device\Harddisk0\DR0:
08:37:26.0707 1600  MBR partitions:
08:37:26.0707 1600  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:37:26.0707 1600  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x196FB000
08:37:26.0707 1600  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x6, StartLBA 0x1972D800, BlocksNum 0x3A97800
08:37:26.0707 1600  ============================================================
08:37:26.0727 1600  C: <-> \Device\Harddisk0\DR0\Partition2
08:37:26.0747 1600  ============================================================
08:37:26.0747 1600  Initialize success
08:37:26.0747 1600  ============================================================
08:37:32.0487 3256  ============================================================
08:37:32.0487 3256  Scan started
08:37:32.0487 3256  Mode: Manual; TDLFS;
08:37:32.0487 3256  ============================================================
08:37:33.0173 3256  ================ Scan system memory ========================
08:37:33.0173 3256  System memory - ok
08:37:33.0173 3256  ================ Scan services =============================
08:37:33.0376 3256  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
08:37:33.0376 3256  1394ohci - ok
08:37:33.0423 3256  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
08:37:33.0439 3256  ACPI - ok
08:37:33.0454 3256  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
08:37:33.0470 3256  AcpiPmi - ok
08:37:33.0517 3256  [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:37:33.0517 3256  AdobeFlashPlayerUpdateSvc - ok
08:37:33.0563 3256  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
08:37:33.0579 3256  adp94xx - ok
08:37:33.0610 3256  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
08:37:33.0610 3256  adpahci - ok
08:37:33.0641 3256  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
08:37:33.0641 3256  adpu320 - ok
08:37:33.0673 3256  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
08:37:33.0673 3256  AeLookupSvc - ok
08:37:33.0719 3256  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
08:37:33.0719 3256  AFD - ok
08:37:33.0766 3256  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
08:37:33.0782 3256  agp440 - ok
08:37:33.0813 3256  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
08:37:33.0813 3256  aic78xx - ok
08:37:33.0860 3256  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
08:37:33.0860 3256  ALG - ok
08:37:33.0875 3256  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
08:37:33.0875 3256  aliide - ok
08:37:33.0922 3256  [ EC98CA8298F67926FA50876348534B1D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
08:37:33.0938 3256  AMD External Events Utility - ok
08:37:33.0953 3256  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
08:37:33.0969 3256  amdagp - ok
08:37:33.0985 3256  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
08:37:33.0985 3256  amdide - ok
08:37:34.0016 3256  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
08:37:34.0031 3256  AmdK8 - ok
08:37:34.0297 3256  [ 65B44179CF184B08E86097BFFBF03F24 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
08:37:34.0499 3256  amdkmdag - ok
08:37:34.0531 3256  [ 5E1C65524FF1713711CE27879D813384 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
08:37:34.0531 3256  amdkmdap - ok
08:37:34.0577 3256  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
08:37:34.0577 3256  AmdPPM - ok
08:37:34.0624 3256  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
08:37:34.0624 3256  amdsata - ok
08:37:34.0640 3256  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
08:37:34.0655 3256  amdsbs - ok
08:37:34.0671 3256  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
08:37:34.0671 3256  amdxata - ok
08:37:34.0718 3256  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
08:37:34.0718 3256  AppID - ok
08:37:34.0749 3256  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
08:37:34.0765 3256  AppIDSvc - ok
08:37:34.0796 3256  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
08:37:34.0796 3256  Appinfo - ok
08:37:34.0827 3256  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
08:37:34.0843 3256  arc - ok
08:37:34.0858 3256  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
08:37:34.0858 3256  arcsas - ok
08:37:34.0905 3256  [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
08:37:34.0905 3256  aswFsBlk - ok
08:37:34.0952 3256  [ 62F9DCEC95F91B8E0203E85D344A7E65 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
08:37:34.0952 3256  aswMonFlt - ok
08:37:34.0967 3256  [ 81F638A2DD94ABBF0B43880AB38D8DBD ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
08:37:34.0983 3256  aswRdr - ok
08:37:35.0014 3256  [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
08:37:35.0014 3256  aswSnx - ok
08:37:35.0045 3256  [ 67B558895695545FB0568B7541F3BCA7 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
08:37:35.0045 3256  aswSP - ok
08:37:35.0092 3256  [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
08:37:35.0092 3256  aswTdi - ok
08:37:35.0123 3256  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
08:37:35.0123 3256  AsyncMac - ok
08:37:35.0170 3256  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
08:37:35.0170 3256  atapi - ok
08:37:35.0217 3256  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:37:35.0233 3256  AudioEndpointBuilder - ok
08:37:35.0264 3256  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
08:37:35.0264 3256  Audiosrv - ok
08:37:35.0389 3256  [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
08:37:35.0389 3256  avast! Antivirus - ok
08:37:35.0451 3256  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
08:37:35.0451 3256  AxInstSV - ok
08:37:35.0498 3256  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
08:37:35.0513 3256  b06bdrv - ok
08:37:35.0545 3256  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
08:37:35.0560 3256  b57nd60x - ok
08:37:35.0623 3256  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
08:37:35.0623 3256  BDESVC - ok
08:37:35.0654 3256  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
08:37:35.0654 3256  Beep - ok
08:37:35.0716 3256  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
08:37:35.0732 3256  BFE - ok
08:37:35.0810 3256  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
08:37:35.0857 3256  BITS - ok
08:37:35.0888 3256  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
08:37:35.0888 3256  blbdrive - ok
08:37:35.0935 3256  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
08:37:35.0935 3256  bowser - ok
08:37:35.0950 3256  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:37:35.0950 3256  BrFiltLo - ok
08:37:35.0981 3256  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:37:35.0981 3256  BrFiltUp - ok
08:37:36.0028 3256  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
08:37:36.0028 3256  Browser - ok
08:37:36.0059 3256  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
08:37:36.0059 3256  Brserid - ok
08:37:36.0091 3256  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
08:37:36.0091 3256  BrSerWdm - ok
08:37:36.0106 3256  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
08:37:36.0106 3256  BrUsbMdm - ok
08:37:36.0122 3256  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
08:37:36.0122 3256  BrUsbSer - ok
08:37:36.0153 3256  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
08:37:36.0153 3256  BTHMODEM - ok
08:37:36.0215 3256  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
08:37:36.0215 3256  bthserv - ok
08:37:36.0231 3256  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
08:37:36.0247 3256  cdfs - ok
08:37:36.0293 3256  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
08:37:36.0293 3256  cdrom - ok
08:37:36.0340 3256  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
08:37:36.0340 3256  CertPropSvc - ok
08:37:36.0403 3256  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
08:37:36.0403 3256  circlass - ok
08:37:36.0434 3256  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
08:37:36.0449 3256  CLFS - ok
08:37:36.0512 3256  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:37:36.0512 3256  clr_optimization_v2.0.50727_32 - ok
08:37:36.0590 3256  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:37:36.0590 3256  clr_optimization_v4.0.30319_32 - ok
08:37:36.0637 3256  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
08:37:36.0637 3256  CmBatt - ok
08:37:36.0668 3256  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
08:37:36.0683 3256  cmdide - ok
08:37:36.0715 3256  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
08:37:36.0730 3256  CNG - ok
08:37:36.0746 3256  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
08:37:36.0746 3256  Compbatt - ok
08:37:36.0777 3256  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
08:37:36.0777 3256  CompositeBus - ok
08:37:36.0793 3256  COMSysApp - ok
08:37:36.0824 3256  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
08:37:36.0824 3256  crcdisk - ok
08:37:36.0886 3256  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
08:37:36.0886 3256  CryptSvc - ok
08:37:36.0933 3256  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
08:37:36.0949 3256  DcomLaunch - ok
08:37:36.0980 3256  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
08:37:36.0995 3256  defragsvc - ok
08:37:37.0027 3256  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
08:37:37.0027 3256  DfsC - ok
08:37:37.0073 3256  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
08:37:37.0073 3256  Dhcp - ok
08:37:37.0105 3256  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
08:37:37.0105 3256  discache - ok
08:37:37.0136 3256  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
08:37:37.0136 3256  Disk - ok
08:37:37.0167 3256  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
08:37:37.0183 3256  Dnscache - ok
08:37:37.0214 3256  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
08:37:37.0214 3256  dot3svc - ok
08:37:37.0245 3256  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
08:37:37.0261 3256  DPS - ok
08:37:37.0292 3256  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
08:37:37.0292 3256  drmkaud - ok
08:37:37.0354 3256  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
08:37:37.0370 3256  DXGKrnl - ok
08:37:37.0401 3256  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
08:37:37.0401 3256  EapHost - ok
08:37:37.0557 3256  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
08:37:37.0651 3256  ebdrv - ok
08:37:37.0682 3256  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
08:37:37.0697 3256  EFS - ok
08:37:37.0791 3256  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
08:37:37.0822 3256  ehRecvr - ok
08:37:37.0853 3256  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
08:37:37.0853 3256  ehSched - ok
08:37:37.0900 3256  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
08:37:37.0900 3256  elxstor - ok
08:37:37.0931 3256  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
08:37:37.0947 3256  ErrDev - ok
08:37:37.0994 3256  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
08:37:38.0009 3256  EventSystem - ok
08:37:38.0025 3256  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
08:37:38.0041 3256  exfat - ok
08:37:38.0056 3256  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
08:37:38.0072 3256  fastfat - ok
08:37:38.0119 3256  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
08:37:38.0150 3256  Fax - ok
08:37:38.0181 3256  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
08:37:38.0181 3256  fdc - ok
08:37:38.0212 3256  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
08:37:38.0212 3256  fdPHost - ok
08:37:38.0243 3256  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
08:37:38.0259 3256  FDResPub - ok
08:37:38.0275 3256  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
08:37:38.0275 3256  FileInfo - ok
08:37:38.0290 3256  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
08:37:38.0290 3256  Filetrace - ok
08:37:38.0306 3256  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
08:37:38.0306 3256  flpydisk - ok
08:37:38.0337 3256  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
08:37:38.0337 3256  FltMgr - ok
08:37:38.0384 3256  [ FA6C66E4364D7DA57AADE5DCC03BB999 ] FontCache       C:\Windows\system32\FntCache.dll
08:37:38.0415 3256  FontCache - ok
08:37:38.0462 3256  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:37:38.0477 3256  FontCache3.0.0.0 - ok
08:37:38.0524 3256  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
08:37:38.0524 3256  FsDepends - ok
08:37:38.0555 3256  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
08:37:38.0555 3256  Fs_Rec - ok
08:37:38.0602 3256  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
08:37:38.0618 3256  fvevol - ok
08:37:38.0665 3256  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
08:37:38.0665 3256  gagp30kx - ok
08:37:38.0711 3256  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
08:37:38.0774 3256  gpsvc - ok
08:37:38.0836 3256  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
08:37:38.0852 3256  gupdate - ok
08:37:38.0867 3256  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
08:37:38.0867 3256  gupdatem - ok
08:37:38.0899 3256  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
08:37:38.0899 3256  hcw85cir - ok
08:37:38.0945 3256  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:37:38.0961 3256  HdAudAddService - ok
08:37:38.0977 3256  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
08:37:38.0992 3256  HDAudBus - ok
08:37:39.0008 3256  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
08:37:39.0023 3256  HidBatt - ok
08:37:39.0055 3256  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
08:37:39.0055 3256  HidBth - ok
08:37:39.0086 3256  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
08:37:39.0086 3256  HidIr - ok
08:37:39.0117 3256  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
08:37:39.0133 3256  hidserv - ok
08:37:39.0195 3256  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
08:37:39.0195 3256  HidUsb - ok
08:37:39.0242 3256  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
08:37:39.0242 3256  hkmsvc - ok
08:37:39.0289 3256  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:37:39.0304 3256  HomeGroupListener - ok
08:37:39.0351 3256  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:37:39.0367 3256  HomeGroupProvider - ok
08:37:39.0382 3256  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
08:37:39.0398 3256  HpSAMD - ok
08:37:39.0429 3256  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
08:37:39.0445 3256  HTTP - ok
08:37:39.0491 3256  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
08:37:39.0491 3256  hwpolicy - ok
08:37:39.0523 3256  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
08:37:39.0523 3256  i8042prt - ok
08:37:39.0585 3256  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
08:37:39.0601 3256  iaStorV - ok
08:37:39.0663 3256  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:37:39.0694 3256  idsvc - ok
08:37:39.0710 3256  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
08:37:39.0725 3256  iirsp - ok
08:37:39.0772 3256  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
08:37:39.0788 3256  IKEEXT - ok
08:37:39.0850 3256  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
08:37:39.0850 3256  intelide - ok
08:37:39.0866 3256  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
08:37:39.0881 3256  intelppm - ok
08:37:39.0897 3256  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
08:37:39.0913 3256  IPBusEnum - ok
08:37:39.0944 3256  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:37:39.0944 3256  IpFilterDriver - ok
08:37:40.0006 3256  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
08:37:40.0037 3256  iphlpsvc - ok
08:37:40.0069 3256  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
08:37:40.0069 3256  IPMIDRV - ok
08:37:40.0115 3256  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
08:37:40.0115 3256  IPNAT - ok
08:37:40.0147 3256  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
08:37:40.0147 3256  IRENUM - ok
08:37:40.0162 3256  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
08:37:40.0162 3256  isapnp - ok
08:37:40.0209 3256  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
08:37:40.0209 3256  iScsiPrt - ok
08:37:40.0240 3256  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
08:37:40.0240 3256  kbdclass - ok
08:37:40.0271 3256  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
08:37:40.0271 3256  kbdhid - ok
08:37:40.0287 3256  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
08:37:40.0287 3256  KeyIso - ok
08:37:40.0318 3256  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
08:37:40.0318 3256  KSecDD - ok
08:37:40.0349 3256  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
08:37:40.0349 3256  KSecPkg - ok
08:37:40.0381 3256  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
08:37:40.0412 3256  KtmRm - ok
08:37:40.0443 3256  [ ED8227578B0A3A3F8545388FB11782C1 ] L1C             C:\Windows\system32\DRIVERS\L1C62x86.sys
08:37:40.0443 3256  L1C - ok
08:37:40.0474 3256  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
08:37:40.0490 3256  LanmanServer - ok
08:37:40.0521 3256  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:37:40.0537 3256  LanmanWorkstation - ok
08:37:40.0583 3256  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
08:37:40.0599 3256  lltdio - ok
08:37:40.0677 3256  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
08:37:40.0771 3256  lltdsvc - ok
08:37:40.0817 3256  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
08:37:40.0833 3256  lmhosts - ok
08:37:40.0864 3256  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
08:37:40.0880 3256  LSI_FC - ok
08:37:40.0895 3256  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
08:37:40.0911 3256  LSI_SAS - ok
08:37:40.0927 3256  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:37:40.0927 3256  LSI_SAS2 - ok
08:37:40.0942 3256  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:37:40.0942 3256  LSI_SCSI - ok
08:37:40.0973 3256  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
08:37:40.0973 3256  luafv - ok
08:37:41.0005 3256  [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
08:37:41.0005 3256  MBAMProtector - ok
08:37:41.0067 3256  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
08:37:41.0083 3256  MBAMScheduler - ok
08:37:41.0145 3256  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
08:37:41.0161 3256  MBAMService - ok
08:37:41.0192 3256  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
08:37:41.0192 3256  Mcx2Svc - ok
08:37:41.0223 3256  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
08:37:41.0239 3256  megasas - ok
08:37:41.0254 3256  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
08:37:41.0270 3256  MegaSR - ok
08:37:41.0285 3256  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
08:37:41.0301 3256  MMCSS - ok
08:37:41.0317 3256  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
08:37:41.0317 3256  Modem - ok
08:37:41.0332 3256  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
08:37:41.0332 3256  monitor - ok
08:37:41.0348 3256  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
08:37:41.0348 3256  mouclass - ok
08:37:41.0395 3256  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
08:37:41.0395 3256  mouhid - ok
08:37:41.0426 3256  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
08:37:41.0426 3256  mountmgr - ok
08:37:41.0488 3256  [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:37:41.0504 3256  MozillaMaintenance - ok
08:37:41.0551 3256  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
08:37:41.0566 3256  mpio - ok
08:37:41.0582 3256  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
08:37:41.0582 3256  mpsdrv - ok
08:37:41.0629 3256  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
08:37:41.0660 3256  MpsSvc - ok
08:37:41.0691 3256  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
08:37:41.0691 3256  MRxDAV - ok
08:37:41.0769 3256  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
08:37:41.0769 3256  mrxsmb - ok
08:37:41.0816 3256  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:37:41.0816 3256  mrxsmb10 - ok
08:37:41.0831 3256  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:37:41.0847 3256  mrxsmb20 - ok
08:37:41.0878 3256  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
08:37:41.0878 3256  msahci - ok
08:37:41.0894 3256  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
08:37:41.0894 3256  msdsm - ok
08:37:41.0941 3256  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
08:37:41.0941 3256  MSDTC - ok
08:37:42.0003 3256  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
08:37:42.0003 3256  Msfs - ok
08:37:42.0050 3256  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
08:37:42.0050 3256  mshidkmdf - ok
08:37:42.0081 3256  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
08:37:42.0081 3256  msisadrv - ok
08:37:42.0112 3256  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
08:37:42.0128 3256  MSiSCSI - ok
08:37:42.0128 3256  msiserver - ok
08:37:42.0159 3256  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
08:37:42.0159 3256  MSKSSRV - ok
08:37:42.0190 3256  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
08:37:42.0190 3256  MSPCLOCK - ok
08:37:42.0206 3256  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
08:37:42.0206 3256  MSPQM - ok
08:37:42.0237 3256  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
08:37:42.0237 3256  MsRPC - ok
08:37:42.0284 3256  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
08:37:42.0284 3256  mssmbios - ok
08:37:42.0362 3256  MSSQL$SONY_MEDIAMGR - ok
08:37:42.0440 3256  [ CB7524C21727404BD3140DCA32DEB7DE ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
08:37:42.0455 3256  MSSQLServerADHelper - ok
08:37:42.0518 3256  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
08:37:42.0518 3256  MSTEE - ok
08:37:42.0549 3256  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
08:37:42.0549 3256  MTConfig - ok
08:37:42.0565 3256  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
08:37:42.0565 3256  Mup - ok
08:37:42.0611 3256  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
08:37:42.0627 3256  napagent - ok
08:37:42.0674 3256  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
08:37:42.0689 3256  NativeWifiP - ok
08:37:42.0736 3256  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
08:37:42.0783 3256  NDIS - ok
08:37:42.0814 3256  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
08:37:42.0814 3256  NdisCap - ok
08:37:42.0861 3256  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
08:37:42.0861 3256  NdisTapi - ok
08:37:42.0892 3256  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
08:37:42.0892 3256  Ndisuio - ok
08:37:42.0923 3256  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
08:37:42.0939 3256  NdisWan - ok
08:37:42.0986 3256  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
08:37:42.0986 3256  NDProxy - ok
08:37:43.0017 3256  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
08:37:43.0017 3256  NetBIOS - ok
08:37:43.0064 3256  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
08:37:43.0064 3256  NetBT - ok
08:37:43.0095 3256  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
08:37:43.0095 3256  Netlogon - ok
08:37:43.0142 3256  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
08:37:43.0157 3256  Netman - ok
08:37:43.0173 3256  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
08:37:43.0189 3256  netprofm - ok
08:37:43.0220 3256  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:37:43.0220 3256  NetTcpPortSharing - ok
08:37:43.0251 3256  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
08:37:43.0267 3256  nfrd960 - ok
08:37:43.0298 3256  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
08:37:43.0298 3256  NlaSvc - ok
08:37:43.0329 3256  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
08:37:43.0329 3256  Npfs - ok
08:37:43.0360 3256  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
08:37:43.0360 3256  nsi - ok
08:37:43.0376 3256  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
08:37:43.0376 3256  nsiproxy - ok
08:37:43.0469 3256  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
08:37:43.0547 3256  Ntfs - ok
08:37:43.0563 3256  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
08:37:43.0563 3256  Null - ok
08:37:43.0610 3256  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
08:37:43.0610 3256  nvraid - ok
08:37:43.0641 3256  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
08:37:43.0641 3256  nvstor - ok
08:37:43.0657 3256  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
08:37:43.0672 3256  nv_agp - ok
08:37:43.0688 3256  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
08:37:43.0688 3256  ohci1394 - ok
08:37:43.0719 3256  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
08:37:43.0735 3256  p2pimsvc - ok
08:37:43.0766 3256  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
08:37:43.0781 3256  p2psvc - ok
08:37:43.0813 3256  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
08:37:43.0813 3256  Parport - ok
08:37:43.0844 3256  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
08:37:43.0844 3256  partmgr - ok
08:37:43.0859 3256  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
08:37:43.0859 3256  Parvdm - ok
08:37:43.0891 3256  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
08:37:43.0906 3256  PcaSvc - ok
08:37:43.0969 3256  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
08:37:43.0969 3256  pci - ok
08:37:44.0000 3256  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
08:37:44.0000 3256  pciide - ok
08:37:44.0031 3256  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
08:37:44.0047 3256  pcmcia - ok
08:37:44.0062 3256  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
08:37:44.0062 3256  pcw - ok
08:37:44.0109 3256  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
08:37:44.0125 3256  PEAUTH - ok
08:37:44.0218 3256  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
08:37:44.0281 3256  pla - ok
08:37:44.0327 3256  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
08:37:44.0343 3256  PlugPlay - ok
08:37:44.0359 3256  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
08:37:44.0374 3256  PNRPAutoReg - ok
08:37:44.0390 3256  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
08:37:44.0405 3256  PNRPsvc - ok
08:37:44.0452 3256  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
08:37:44.0452 3256  PolicyAgent - ok
08:37:44.0499 3256  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
08:37:44.0515 3256  Power - ok
08:37:44.0546 3256  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
08:37:44.0546 3256  PptpMiniport - ok
08:37:44.0577 3256  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
08:37:44.0577 3256  Processor - ok
08:37:44.0624 3256  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
08:37:44.0639 3256  ProfSvc - ok
08:37:44.0671 3256  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:37:44.0671 3256  ProtectedStorage - ok
08:37:44.0702 3256  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
08:37:44.0702 3256  Psched - ok
08:37:44.0764 3256  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
08:37:44.0795 3256  ql2300 - ok
08:37:44.0827 3256  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
08:37:44.0827 3256  ql40xx - ok
08:37:44.0858 3256  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
08:37:44.0873 3256  QWAVE - ok
08:37:44.0889 3256  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
08:37:44.0905 3256  QWAVEdrv - ok
08:37:44.0920 3256  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
08:37:44.0920 3256  RasAcd - ok
08:37:44.0967 3256  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
08:37:44.0967 3256  RasAgileVpn - ok
08:37:44.0983 3256  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
08:37:44.0998 3256  RasAuto - ok
08:37:45.0029 3256  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
08:37:45.0029 3256  Rasl2tp - ok
08:37:45.0076 3256  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
08:37:45.0092 3256  RasMan - ok
08:37:45.0123 3256  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
08:37:45.0123 3256  RasPppoe - ok
08:37:45.0139 3256  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
08:37:45.0154 3256  RasSstp - ok
08:37:45.0185 3256  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
08:37:45.0185 3256  rdbss - ok
08:37:45.0217 3256  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
08:37:45.0217 3256  rdpbus - ok
08:37:45.0279 3256  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
08:37:45.0279 3256  RDPCDD - ok
08:37:45.0310 3256  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
08:37:45.0310 3256  RDPENCDD - ok
08:37:45.0326 3256  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
08:37:45.0326 3256  RDPREFMP - ok
08:37:45.0373 3256  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
08:37:45.0373 3256  RDPWD - ok
08:37:45.0435 3256  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
08:37:45.0435 3256  rdyboost - ok
08:37:45.0482 3256  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
08:37:45.0497 3256  RemoteAccess - ok
08:37:45.0529 3256  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
08:37:45.0544 3256  RemoteRegistry - ok
08:37:45.0560 3256  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
08:37:45.0575 3256  RpcEptMapper - ok
08:37:45.0591 3256  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
08:37:45.0591 3256  RpcLocator - ok
08:37:45.0607 3256  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
08:37:45.0622 3256  RpcSs - ok
08:37:45.0669 3256  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
08:37:45.0669 3256  rspndr - ok
08:37:45.0716 3256  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
08:37:45.0731 3256  SamSs - ok
08:37:45.0841 3256  [ 78B0D0DF30E2B17AEF9D036D8BD1B3D4 ] Samsung Network Fax Server C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe
08:37:45.0841 3256  Samsung Network Fax Server - ok
08:37:45.0903 3256  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
08:37:45.0934 3256  sbp2port - ok
08:37:45.0997 3256  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
08:37:46.0012 3256  SCardSvr - ok
08:37:46.0106 3256  [ 52402149E66200C2C2BDA115BCA757D6 ] SCDEmu          C:\Windows\system32\drivers\SCDEmu.sys
08:37:46.0106 3256  SCDEmu - ok
08:37:46.0137 3256  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
08:37:46.0137 3256  scfilter - ok
08:37:46.0199 3256  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
08:37:46.0324 3256  Schedule - ok
08:37:46.0340 3256  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
08:37:46.0340 3256  SCPolicySvc - ok
08:37:46.0402 3256  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
08:37:46.0418 3256  SDRSVC - ok
08:37:46.0465 3256  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
08:37:46.0480 3256  secdrv - ok
08:37:46.0496 3256  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
08:37:46.0511 3256  seclogon - ok
08:37:46.0543 3256  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
08:37:46.0558 3256  SENS - ok
08:37:46.0605 3256  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
08:37:46.0605 3256  SensrSvc - ok
08:37:46.0636 3256  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
08:37:46.0636 3256  Serenum - ok
08:37:46.0667 3256  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
08:37:46.0683 3256  Serial - ok
08:37:46.0745 3256  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
08:37:46.0745 3256  sermouse - ok
08:37:46.0823 3256  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
08:37:46.0839 3256  SessionEnv - ok
08:37:46.0886 3256  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
08:37:46.0886 3256  sffdisk - ok
08:37:46.0917 3256  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
08:37:46.0917 3256  sffp_mmc - ok
08:37:46.0933 3256  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
08:37:46.0948 3256  sffp_sd - ok
08:37:46.0995 3256  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
08:37:46.0995 3256  sfloppy - ok
08:37:47.0026 3256  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
08:37:47.0042 3256  SharedAccess - ok
08:37:47.0089 3256  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:37:47.0120 3256  ShellHWDetection - ok
08:37:47.0151 3256  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
08:37:47.0151 3256  sisagp - ok
08:37:47.0198 3256  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:37:47.0198 3256  SiSRaid2 - ok
08:37:47.0229 3256  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
08:37:47.0229 3256  SiSRaid4 - ok
08:37:47.0245 3256  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
08:37:47.0245 3256  Smb - ok
08:37:47.0307 3256  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
08:37:47.0323 3256  SNMPTRAP - ok
08:37:47.0354 3256  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
08:37:47.0354 3256  spldr - ok
08:37:47.0401 3256  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
08:37:47.0416 3256  Spooler - ok
08:37:47.0541 3256  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
08:37:47.0635 3256  sppsvc - ok
08:37:47.0697 3256  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
08:37:47.0697 3256  sppuinotify - ok
08:37:47.0744 3256  SQLAgent$SONY_MEDIAMGR - ok
08:37:47.0837 3256  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
08:37:47.0869 3256  srv - ok
08:37:47.0900 3256  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
08:37:47.0915 3256  srv2 - ok
08:37:47.0931 3256  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
08:37:47.0931 3256  srvnet - ok
08:37:47.0962 3256  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
08:37:47.0978 3256  SSDPSRV - ok
08:37:48.0025 3256  [ 5F77725EC309DE1242D8EFC8E9259A9F ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
08:37:48.0025 3256  SSPORT - ok
08:37:48.0071 3256  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
08:37:48.0071 3256  SstpSvc - ok
08:37:48.0103 3256  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
08:37:48.0103 3256  stexstor - ok
08:37:48.0149 3256  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
08:37:48.0181 3256  StiSvc - ok
08:37:48.0227 3256  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
08:37:48.0227 3256  swenum - ok
08:37:48.0321 3256  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
08:37:48.0337 3256  SwitchBoard - ok
08:37:48.0383 3256  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
08:37:48.0399 3256  swprv - ok
08:37:48.0461 3256  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
08:37:48.0508 3256  SysMain - ok
08:37:48.0555 3256  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:37:48.0571 3256  TabletInputService - ok
08:37:48.0617 3256  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
08:37:48.0633 3256  TapiSrv - ok
08:37:48.0664 3256  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
08:37:48.0680 3256  TBS - ok
08:37:48.0742 3256  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
08:37:48.0789 3256  Tcpip - ok
08:37:48.0867 3256  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
08:37:48.0883 3256  TCPIP6 - ok
08:37:48.0929 3256  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
08:37:48.0929 3256  tcpipreg - ok
08:37:48.0976 3256  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
08:37:48.0976 3256  TDPIPE - ok
08:37:48.0992 3256  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
08:37:49.0007 3256  TDTCP - ok
08:37:49.0039 3256  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
08:37:49.0039 3256  tdx - ok
08:37:49.0054 3256  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
08:37:49.0054 3256  TermDD - ok
08:37:49.0101 3256  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
08:37:49.0132 3256  TermService - ok
08:37:49.0148 3256  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
08:37:49.0163 3256  Themes - ok
08:37:49.0179 3256  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
08:37:49.0195 3256  THREADORDER - ok
08:37:49.0226 3256  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
08:37:49.0226 3256  TrkWks - ok
08:37:49.0288 3256  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:37:49.0304 3256  TrustedInstaller - ok
08:37:49.0335 3256  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
08:37:49.0335 3256  tssecsrv - ok
08:37:49.0382 3256  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
08:37:49.0382 3256  TsUsbFlt - ok
08:37:49.0444 3256  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
08:37:49.0444 3256  tunnel - ok
08:37:49.0491 3256  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
08:37:49.0491 3256  uagp35 - ok
08:37:49.0522 3256  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
08:37:49.0538 3256  udfs - ok
08:37:49.0585 3256  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
08:37:49.0585 3256  UI0Detect - ok
08:37:49.0631 3256  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
08:37:49.0631 3256  uliagpkx - ok
08:37:49.0663 3256  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
08:37:49.0663 3256  umbus - ok
08:37:49.0709 3256  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
08:37:49.0709 3256  UmPass - ok
08:37:49.0741 3256  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
08:37:49.0772 3256  upnphost - ok
08:37:49.0803 3256  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
08:37:49.0819 3256  usbccgp - ok
08:37:49.0834 3256  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
08:37:49.0834 3256  usbcir - ok
08:37:49.0865 3256  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
08:37:49.0865 3256  usbehci - ok
08:37:49.0912 3256  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
08:37:49.0928 3256  usbhub - ok
08:37:49.0943 3256  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
08:37:49.0959 3256  usbohci - ok
08:37:49.0990 3256  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
08:37:49.0990 3256  usbprint - ok
08:37:50.0053 3256  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
08:37:50.0053 3256  usbscan - ok
08:37:50.0068 3256  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\drivers\USBSTOR.SYS
08:37:50.0084 3256  USBSTOR - ok
08:37:50.0099 3256  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
08:37:50.0099 3256  usbuhci - ok
08:37:50.0131 3256  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
08:37:50.0146 3256  UxSms - ok
08:37:50.0162 3256  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
08:37:50.0162 3256  VaultSvc - ok
08:37:50.0193 3256  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
08:37:50.0193 3256  vdrvroot - ok
08:37:50.0240 3256  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
08:37:50.0271 3256  vds - ok
08:37:50.0302 3256  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
08:37:50.0302 3256  vga - ok
08:37:50.0333 3256  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
08:37:50.0333 3256  VgaSave - ok
08:37:50.0365 3256  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
08:37:50.0365 3256  vhdmp - ok
08:37:50.0411 3256  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
08:37:50.0411 3256  viaagp - ok
08:37:50.0427 3256  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
08:37:50.0427 3256  ViaC7 - ok
08:37:50.0458 3256  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
08:37:50.0458 3256  viaide - ok
08:37:50.0489 3256  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
08:37:50.0489 3256  volmgr - ok
08:37:50.0521 3256  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
08:37:50.0521 3256  volmgrx - ok
08:37:50.0567 3256  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
08:37:50.0567 3256  volsnap - ok
08:37:50.0599 3256  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
08:37:50.0614 3256  vsmraid - ok
08:37:50.0677 3256  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
08:37:50.0708 3256  VSS - ok
08:37:50.0739 3256  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
08:37:50.0739 3256  vwifibus - ok
08:37:50.0770 3256  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
08:37:50.0786 3256  W32Time - ok
08:37:50.0817 3256  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
08:37:50.0817 3256  WacomPen - ok
08:37:50.0848 3256  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
08:37:50.0848 3256  WANARP - ok
08:37:50.0848 3256  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
08:37:50.0864 3256  Wanarpv6 - ok
08:37:50.0942 3256  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
08:37:50.0973 3256  WatAdminSvc - ok
08:37:51.0035 3256  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
08:37:51.0098 3256  wbengine - ok
08:37:51.0113 3256  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
08:37:51.0145 3256  WbioSrvc - ok
08:37:51.0176 3256  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
08:37:51.0191 3256  wcncsvc - ok
08:37:51.0207 3256  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:37:51.0223 3256  WcsPlugInService - ok
08:37:51.0238 3256  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
08:37:51.0254 3256  Wd - ok
08:37:51.0301 3256  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
08:37:51.0301 3256  Wdf01000 - ok
08:37:51.0332 3256  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
08:37:51.0347 3256  WdiServiceHost - ok
08:37:51.0363 3256  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
08:37:51.0379 3256  WdiSystemHost - ok
08:37:51.0410 3256  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
08:37:51.0425 3256  WebClient - ok
08:37:51.0457 3256  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
08:37:51.0472 3256  Wecsvc - ok
08:37:51.0488 3256  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
08:37:51.0503 3256  wercplsupport - ok
08:37:51.0535 3256  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
08:37:51.0550 3256  WerSvc - ok
08:37:51.0581 3256  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
08:37:51.0597 3256  WfpLwf - ok
08:37:51.0613 3256  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
08:37:51.0613 3256  WIMMount - ok
08:37:51.0675 3256  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
08:37:51.0691 3256  WinDefend - ok
08:37:51.0706 3256  WinHttpAutoProxySvc - ok
08:37:51.0769 3256  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
08:37:51.0784 3256  Winmgmt - ok
08:37:51.0847 3256  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
08:37:51.0940 3256  WinRM - ok
08:37:52.0003 3256  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
08:37:52.0063 3256  Wlansvc - ok
08:37:52.0183 3256  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc         c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:37:52.0263 3256  wlidsvc - ok
08:37:52.0303 3256  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
08:37:52.0303 3256  WmiAcpi - ok
08:37:52.0343 3256  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
08:37:52.0343 3256  wmiApSrv - ok
08:37:52.0423 3256  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
08:37:52.0443 3256  WMPNetworkSvc - ok
08:37:52.0473 3256  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
08:37:52.0493 3256  WPCSvc - ok
08:37:52.0533 3256  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
08:37:52.0543 3256  WPDBusEnum - ok
08:37:52.0583 3256  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
08:37:52.0593 3256  ws2ifsl - ok
08:37:52.0623 3256  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
08:37:52.0633 3256  wscsvc - ok
08:37:52.0643 3256  WSearch - ok
08:37:52.0733 3256  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
08:37:52.0813 3256  wuauserv - ok
08:37:52.0843 3256  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
08:37:52.0843 3256  WudfPf - ok
08:37:52.0873 3256  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
08:37:52.0883 3256  WUDFRd - ok
08:37:52.0903 3256  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
08:37:52.0913 3256  wudfsvc - ok
08:37:52.0943 3256  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
08:37:52.0963 3256  WwanSvc - ok
08:37:52.0973 3256  ================ Scan global ===============================
08:37:53.0013 3256  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
08:37:53.0053 3256  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
08:37:53.0073 3256  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
08:37:53.0113 3256  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
08:37:53.0153 3256  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
08:37:53.0163 3256  [Global] - ok
08:37:53.0163 3256  ================ Scan MBR ==================================
08:37:53.0183 3256  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:37:53.0513 3256  \Device\Harddisk0\DR0 - ok
08:37:53.0513 3256  ================ Scan VBR ==================================
08:37:53.0523 3256  [ 7B92A41882C2A93F927A4203C166D5B9 ] \Device\Harddisk0\DR0\Partition1
08:37:53.0523 3256  \Device\Harddisk0\DR0\Partition1 - ok
08:37:53.0553 3256  [ 1E1C534372ADACB1496E66D49E1124F7 ] \Device\Harddisk0\DR0\Partition2
08:37:53.0553 3256  \Device\Harddisk0\DR0\Partition2 - ok
08:37:53.0583 3256  [ A6314D0ABBFF2081F2E3BB372115E8D4 ] \Device\Harddisk0\DR0\Partition3
08:37:53.0583 3256  \Device\Harddisk0\DR0\Partition3 - ok
08:37:53.0583 3256  ============================================================
08:37:53.0583 3256  Scan finished
08:37:53.0583 3256  ============================================================
08:37:53.0613 1088  Detected object count: 0
08:37:53.0613 1088  Actual detected object count: 0
 



#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:56 PM

Posted 16 February 2013 - 11:58 AM

I don't see any malware here. Can you please reboot in safe mode with Networking and let me know if you have the same issues there?

 

Restart the computer and tap F8 until the Advanced Boot Menu options come up. Select Safe Mode with Networking and press enter.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 16 February 2013 - 02:29 PM

I still have the same symptoms even in safe mode with network. As I a said this malware sophisticated and seems to evade detection. The being of January this year I didn't have this problem. It was not until mid January.



#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:56 PM

Posted 16 February 2013 - 02:32 PM

Just to be sure lets do an extra check.

P2P WARNING
-------------------
Going over your logs I noticed that you have BitTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
  • It is pretty much certain that if you continue to use P2P programs, you will get infected again.
    I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.


We need to run a scan with Combofix:
  • Please go to the download page for ComboFix by sUBs.
  • Click the Download Now button pictured below and save the file to your desktop:

    download.png
  • Disable any anti-virus and/or firewall software you have installed.
    instructions can be found here if needed
  • Close all open windows including your web browser
    as mentioned in the first post, you may want to print out all instructions before starting
  • Double-click on the ComboFix icon on your desktop. cf-icon.jpg
  • Read the Disclaimer and click I Agree if you want to run the software, then you should see a window like the one below:

    cf-preparing.jpg
  • DO NOT use your computer while ComboFix is running. There are a lot of things going on behind the scenes and a single mouse click can cause the program to stall.

    However, if you see the prompt below, please click Yes to download the Microsoft Windows Recovery Console.

    recovery-console-prompt.jpg

    If an Internet connection is not available or you choose not to install the recovery console, ComboFix will run in Reduced Functionality mode
  • Allow ComboFix to reboot the computer if necessary, it will run again after you log back in.
  • When complete, a log file will be displayed, please copy and paste the contents of this file into your next post.

    cf-log.jpg
  • More information about downloading and using ComboFix can be found here if needed.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 16 February 2013 - 03:43 PM

I just have a question before  i start combofix, will this affect or damage my install programs such as PC games, Application software like photoshop and stuff? Will affect my MP3s?



#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:56 PM

Posted 16 February 2013 - 04:02 PM

Unless they are infected, no. In case a component inadvertently is removed we can always restore it from quarantine.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 16 February 2013 - 04:03 PM

ComboFix 13-02-15.01 - User 02/16/2013  12:49:14.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2935.2194 [GMT -8:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-01-16 to 2013-02-16  )))))))))))))))))))))))))))))))
.
.
2013-02-16 20:59 . 2013-02-16 20:59    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-02-16 20:51 . 2013-02-16 20:51    60872    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{8443F903-7710-4153-AA9F-16157701FB6B}\offreg.dll
2013-02-16 20:39 . 2013-02-16 20:39    63115    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2013-02-16 20:39 . 2013-02-16 20:39    9310    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2013-02-16 20:39 . 2013-02-16 20:39    8646    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2013-02-16 20:39 . 2013-02-16 20:39    6429    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2013-02-16 20:39 . 2013-02-16 20:39    5927    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2013-02-16 20:39 . 2013-02-16 20:39    4599    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2013-02-16 20:39 . 2013-02-16 20:39    8613    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2013-02-16 20:39 . 2013-02-16 20:39    6910    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2013-02-16 20:39 . 2013-02-16 20:39    1651    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2013-02-16 20:39 . 2013-02-16 20:39    8288    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2013-02-16 20:39 . 2013-02-16 20:39    6208    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2013-02-16 20:39 . 2013-02-16 20:39    18541    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2013-02-16 20:38 . 2013-02-16 20:38    51852    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2013-02-16 20:38 . 2013-02-16 20:38    20719    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2013-02-16 20:38 . 2013-02-16 20:38    23327    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2013-02-16 20:38 . 2013-02-16 20:38    8782    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2013-02-16 20:38 . 2013-02-16 20:38    7271    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2013-02-15 19:09 . 2013-01-08 04:57    6991832    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{8443F903-7710-4153-AA9F-16157701FB6B}\mpengine.dll
2013-02-13 18:08 . 2013-01-04 03:00    2347008    ----a-w-    c:\windows\system32\win32k.sys
2013-02-13 18:08 . 2013-01-05 05:00    3967848    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-02-13 18:08 . 2013-01-05 05:00    3913064    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-02-13 18:08 . 2013-01-03 05:05    1293672    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-02-13 18:08 . 2013-01-03 05:04    187752    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 18:08 . 2013-01-04 04:50    169984    ----a-w-    c:\windows\system32\winsrv.dll
2013-02-12 21:33 . 2013-02-12 21:33    --------    d-----w-    c:\users\User\AppData\Local\Gas Powered Games
2013-02-12 21:28 . 2013-02-12 21:32    --------    d-----w-    C:\temp
2013-02-12 21:23 . 2013-02-12 21:23    --------    d-----w-    c:\programdata\Media Center Programs
2013-02-12 21:12 . 2013-02-12 21:12    --------    d-----w-    c:\program files\THQ
2013-02-12 21:09 . 2013-02-12 21:09    --------    d-----w-    c:\users\User\AppData\Roaming\InstallShield
2013-02-12 21:09 . 2013-02-12 21:09    --------    d--h--w-    c:\windows\msdownld.tmp
2013-02-09 00:42 . 2013-02-09 00:42    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-02-08 18:24 . 2013-02-08 18:24    --------    d-----w-    c:\program files\ESET
2013-02-07 21:49 . 2013-02-07 21:49    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-02-07 21:49 . 2012-12-15 00:49    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-02-06 23:52 . 2013-02-06 23:52    --------    d-----w-    c:\users\User\AppData\Roaming\URSoft
2013-02-06 23:52 . 2013-02-06 23:52    --------    d-----w-    c:\program files\Your Uninstaller 2010
2013-02-06 06:21 . 2013-02-06 06:41    --------    d-----w-    c:\programdata\regid.1986-12.com.adobe
2013-02-06 06:16 . 2013-02-06 06:16    --------    d-----w-    c:\program files\Common Files\Adobe AIR
2013-02-06 06:12 . 2013-02-07 01:50    --------    d-----w-    c:\program files\Common Files\Adobe
2013-02-06 06:11 . 2013-02-07 01:53    --------    d-----w-    c:\users\User\AppData\Local\Adobe
2013-01-27 06:03 . 2013-01-27 06:03    --------    d-----w-    c:\users\User\AppData\Roaming\f-secure
2013-01-27 06:02 . 2013-01-27 06:02    --------    d-----w-    c:\programdata\F-Secure
2013-01-27 05:52 . 2013-01-27 05:52    --------    d-----w-    c:\program files\Common Files\Java
2013-01-27 05:51 . 2013-01-27 05:51    859552    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-01-27 05:51 . 2013-01-27 05:51    780192    ----a-w-    c:\windows\system32\deployJava1.dll
2013-01-27 05:51 . 2013-01-27 05:51    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-01-27 05:49 . 2013-01-27 05:51    --------    d-----w-    c:\program files\Java
2013-01-22 21:56 . 2012-08-22 17:16    712048    ----a-w-    c:\windows\system32\drivers\ndis.sys
2013-01-22 21:56 . 2012-07-04 19:45    33280    ----a-w-    c:\windows\system32\drivers\RNDISMP.sys
2013-01-22 21:56 . 2012-08-21 20:12    245760    ----a-w-    c:\windows\system32\OxpsConverter.exe
2013-01-22 21:55 . 2012-10-03 16:42    156672    ----a-w-    c:\windows\system32\ncsi.dll
2013-01-22 21:55 . 2012-10-03 16:40    499712    ----a-w-    c:\windows\system32\iphlpsvc.dll
2013-01-22 21:55 . 2012-08-22 17:16    240496    ----a-w-    c:\windows\system32\drivers\netio.sys
2013-01-22 21:55 . 2012-10-03 16:42    52224    ----a-w-    c:\windows\system32\nlaapi.dll
2013-01-22 21:55 . 2012-10-03 16:42    242176    ----a-w-    c:\windows\system32\nlasvc.dll
2013-01-22 21:55 . 2012-10-03 16:42    18944    ----a-w-    c:\windows\system32\netevent.dll
2013-01-22 21:55 . 2012-10-03 16:42    175104    ----a-w-    c:\windows\system32\netcorehc.dll
2013-01-22 21:55 . 2012-10-03 15:21    35328    ----a-w-    c:\windows\system32\drivers\tcpipreg.sys
2013-01-22 21:55 . 2012-11-23 02:48    49152    ----a-w-    c:\windows\system32\taskhost.exe
2013-01-22 21:54 . 2012-10-09 17:40    44032    ----a-w-    c:\windows\system32\dhcpcsvc6.dll
2013-01-22 21:54 . 2012-10-09 17:40    193536    ----a-w-    c:\windows\system32\dhcpcore6.dll
2013-01-22 03:48 . 2013-01-22 03:48    --------    d-----w-    c:\windows\system32\SPReview
2013-01-22 03:41 . 2010-11-05 01:58    1130824    ----a-w-    c:\windows\system32\dfshim.dll
2013-01-22 03:41 . 2010-11-20 12:21    11776    ----a-w-    c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-01-22 03:41 . 2010-11-20 10:24    52224    ----a-w-    c:\windows\system32\drivers\TsUsbFlt.sys
2013-01-22 03:41 . 2010-11-20 12:19    3215872    ----a-w-    c:\windows\system32\mstscax.dll
2013-01-22 03:39 . 2010-11-20 12:21    1619456    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-01-22 03:38 . 2010-11-20 12:18    665600    ----a-w-    c:\windows\system32\AuxiliaryDisplayCpl.dll
2013-01-22 03:37 . 2010-11-20 12:21    507392    ----a-w-    c:\windows\system32\wmdrmdev.dll
2013-01-22 03:36 . 2010-11-20 12:21    189952    ----a-w-    c:\windows\system32\wdscore.dll
2013-01-22 03:36 . 2010-11-20 12:21    189952    ----a-w-    c:\program files\Windows Portable Devices\sqmapi.dll
2013-01-22 03:36 . 2010-11-20 12:21    363008    ----a-w-    c:\windows\system32\wbemcomn.dll
2013-01-22 03:36 . 2010-11-20 12:19    606208    ----a-w-    c:\windows\system32\wbem\fastprox.dll
2013-01-22 03:36 . 2010-11-20 12:21    189952    ----a-w-    c:\windows\system32\sqmapi.dll
2013-01-21 23:53 . 2013-01-21 23:57    --------    d-----w-    c:\users\User\AppData\Local\Google
2013-01-21 23:53 . 2013-01-21 23:55    --------    d-----w-    c:\program files\Google
2013-01-21 23:53 . 2012-10-30 23:51    361032    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-01-21 23:53 . 2012-10-30 23:51    21256    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-01-21 23:53 . 2012-10-15 16:59    44784    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-01-21 23:53 . 2012-10-30 23:51    738504    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-01-21 23:53 . 2012-10-30 23:51    54232    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-01-21 23:53 . 2012-10-30 23:51    58680    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-01-21 23:52 . 2012-10-30 23:51    41224    ----a-w-    c:\windows\avastSS.scr
2013-01-21 23:52 . 2012-10-30 23:50    227648    ----a-w-    c:\windows\system32\aswBoot.exe
2013-01-21 23:52 . 2013-01-21 23:52    --------    d-----w-    c:\programdata\AVAST Software
2013-01-21 23:52 . 2013-01-21 23:52    --------    d-----w-    c:\program files\AVAST Software
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-07 21:29 . 2012-12-24 19:58    74096    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-07 21:29 . 2012-12-24 19:58    697712    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-01-22 03:59 . 2009-07-14 02:05    152576    ----a-w-    c:\windows\system32\msclmd.dll
2013-01-17 09:28 . 2012-12-24 20:05    232336    ------w-    c:\windows\system32\MpSigStub.exe
2013-01-11 00:44 . 2013-01-11 00:44    20480    ----a-w-    c:\windows\system32\cliconfg.728
2012-12-25 17:41 . 2012-12-25 17:41    86528    ----a-w-    c:\windows\system32\iesysprep.dll
2012-12-25 17:41 . 2012-12-25 17:41    76800    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2012-12-25 17:41 . 2012-12-25 17:41    74752    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2012-12-25 17:41 . 2012-12-25 17:41    74752    ----a-w-    c:\windows\system32\iesetup.dll
2012-12-25 17:41 . 2012-12-25 17:41    63488    ----a-w-    c:\windows\system32\tdc.ocx
2012-12-25 17:41 . 2012-12-25 17:41    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2012-12-25 17:41 . 2012-12-25 17:41    367104    ----a-w-    c:\windows\system32\html.iec
2012-12-25 17:41 . 2012-12-25 17:41    35840    ----a-w-    c:\windows\system32\imgutil.dll
2012-12-25 17:41 . 2012-12-25 17:41    23552    ----a-w-    c:\windows\system32\licmgr10.dll
2012-12-25 17:41 . 2012-12-25 17:41    161792    ----a-w-    c:\windows\system32\msls31.dll
2012-12-25 17:41 . 2012-12-25 17:41    152064    ----a-w-    c:\windows\system32\wextract.exe
2012-12-25 17:41 . 2012-12-25 17:41    150528    ----a-w-    c:\windows\system32\iexpress.exe
2012-12-25 17:41 . 2012-12-25 17:41    11776    ----a-w-    c:\windows\system32\mshta.exe
2012-12-25 17:41 . 2012-12-25 17:41    110592    ----a-w-    c:\windows\system32\IEAdvpack.dll
2012-12-25 17:41 . 2012-12-25 17:41    101888    ----a-w-    c:\windows\system32\admparse.dll
2012-12-16 14:13 . 2012-12-25 18:36    295424    ----a-w-    c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-25 18:36    34304    ----a-w-    c:\windows\system32\atmlib.dll
2012-12-07 12:26 . 2013-01-09 20:31    308736    ----a-w-    c:\windows\system32\Wpc.dll
2012-12-07 12:20 . 2013-01-09 20:31    2576384    ----a-w-    c:\windows\system32\gameux.dll
2012-12-07 10:46 . 2013-01-09 20:31    43520    ----a-w-    c:\windows\system32\csrr.rs
2012-12-07 10:46 . 2013-01-09 20:31    30720    ----a-w-    c:\windows\system32\usk.rs
2012-12-07 10:46 . 2013-01-09 20:31    45568    ----a-w-    c:\windows\system32\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 20:31    44544    ----a-w-    c:\windows\system32\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 20:31    20480    ----a-w-    c:\windows\system32\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 20:31    23552    ----a-w-    c:\windows\system32\oflc.rs
2012-12-07 10:46 . 2013-01-09 20:31    20480    ----a-w-    c:\windows\system32\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 20:31    46592    ----a-w-    c:\windows\system32\fpb.rs
2012-12-07 10:46 . 2013-01-09 20:31    20480    ----a-w-    c:\windows\system32\pegi.rs
2012-12-07 10:46 . 2013-01-09 20:31    21504    ----a-w-    c:\windows\system32\grb.rs
2012-12-07 10:46 . 2013-01-09 20:31    40960    ----a-w-    c:\windows\system32\cob-au.rs
2012-12-07 10:46 . 2013-01-09 20:31    15360    ----a-w-    c:\windows\system32\djctq.rs
2012-12-07 10:46 . 2013-01-09 20:31    55296    ----a-w-    c:\windows\system32\cero.rs
2012-12-07 10:46 . 2013-01-09 20:31    51712    ----a-w-    c:\windows\system32\esrb.rs
2012-11-30 04:47 . 2013-01-09 20:31    293376    ----a-w-    c:\windows\system32\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 20:31    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:31    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:31    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:31    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:31    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:31    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:31    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:31    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:31    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:31    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:31    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:31    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:31    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:31    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:31    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:31    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:31    5120    ---ha-w-    c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:31    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:31    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:31    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:31    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:31    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:31    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:31    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 02:55 . 2013-01-09 20:31    271360    ----a-w-    c:\windows\system32\conhost.exe
2012-11-30 02:38 . 2013-01-09 20:31    6144    ---ha-w-    c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 20:31    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 20:31    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 20:31    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-22 04:45 . 2013-01-09 20:31    626688    ----a-w-    c:\windows\system32\usp10.dll
2012-11-20 04:51 . 2013-01-09 20:31    220160    ----a-w-    c:\windows\system32\ncrypt.dll
2013-02-07 04:26 . 2013-02-07 04:25    262552    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50    121528    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2013-01-10 980376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2012-02-09 312376]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-01 19:04    1607120    ----a-w-    c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-24 21:29]
.
2013-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-21 23:53]
.
2013-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-21 23:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ayfi2uva.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - ExtSQL: 2013-01-21 15:55; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-79663344.sys
AddRemove-{E0705B5C-104F-4515-B1BD-375B06F67DFC}_is1 - c:\program files\Rayman Origins\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-02-16  13:01:29
ComboFix-quarantined-files.txt  2013-02-16 21:01
.
Pre-Run: 136,318,722,048 bytes free
Post-Run: 136,955,805,696 bytes free
.
- - End Of File - - AB4A7C83027942242595C35A81318741
 



#12 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 16 February 2013 - 04:05 PM

Sorry for the double post, before scanning I disable avast permanently yet Combofix gave me the message that avast! is still running does that mean my computer is damaged?



#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:56 PM

Posted 16 February 2013 - 04:16 PM

No, no need to worry about that. smile.png
 
At this point how is everything running? Do you still get crashes/freezes?

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 16 February 2013 - 04:20 PM

# AdwCleaner v2.112 - Logfile created 02/16/2013 at 13:18:23
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : User - USER-PC
# Boot Mode : Normal
# Running from : C:\Users\User\Desktop\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.2 (en-US)

-\\ Google Chrome v24.0.1312.57

*************************

AdwCleaner[R1].txt - [586 octets] - [16/02/2013 13:18:23]

########## EOF - C:\AdwCleaner[R1].txt - [645 octets] ##########
 



#15 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 16 February 2013 - 04:23 PM

The symptom is gone. Will it be ok we keep this topic open for one more day just in case if symptoms have recur again? If  I don't report by tomorrow, please close this topic.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users