Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijacked and Unable to Turn of Firewall


  • This topic is locked This topic is locked
21 replies to this topic

#1 kellmk

kellmk

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 30 May 2013 - 08:44 PM

My browser was hijacked. I ran spybot and it seemed to correct the hijack. I am unable to run windows update or turn on the firewall. I ran malwarebytes and it did not find anything. Please help. Thank you in advance! DDS log below:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18904
Run by Michele at 20:56:10 on 2013-05-30
Microsoft® Windows Vista™ Home Basic   6.0.6000.0.1252.1.1033.18.2429.1610 [GMT -4:00]
.
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\system32\Adobe\Director\SwDnld.exe
C:\Windows\system32\taskeng.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0071127
uProxyServer = localhost:21320
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dscactivate] c:\dell\dsca.exe 3
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RegWork] c:\program files\regwork\\RegWork.exe
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\picturemover\bin\PictureMover.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
LSP: mswsock.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 167.206.254.2 167.206.254.1 192.168.1.1
TCP: Interfaces\{4A96B55B-A825-4BC2-892C-3DBB8C598BEA} : DHCPNameServer = 167.206.254.2 167.206.254.1 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
Notify: SDWinLogon - SDWinLogon.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\michele\appdata\roaming\mozilla\firefox\profiles\rkk4kql8.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BCPA&o=16145&locale=en_US&apn_uid=00063923-2C41-48C3-A11D-300F6D32B505&apn_ptnrs=QK&apn_sauid=1D29112D-A28F-46DC-B27C-477EFB8814B3&apn_dtid=YYYYYYYYUS&&q=
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff10.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff11.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff12.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff13.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff9.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\program files\mozilla firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-2-8 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-2-8 245048]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-2-8 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-2-8 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-3-29 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-3-1 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-2-8 170808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182072]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2009-11-10 19456]
.
=============== Created Last 30 ================
.
2013-05-29 01:31:12 -------- d-----w- c:\users\michele\appdata\roaming\AVG2013
2013-05-29 01:23:09 -------- d-----w- c:\users\michele\appdata\roaming\TuneUp Software
2013-05-29 01:11:11 -------- d-----w- c:\programdata\AVG2013
2013-05-29 01:03:32 -------- d-----w- c:\users\michele\appdata\local\MFAData
2013-05-29 01:03:32 -------- d-----w- c:\users\michele\appdata\local\Avg2013
2013-05-28 21:18:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-05-28 21:18:00 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-05-28 21:17:52 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
.
==================== Find3M  ====================
.
2013-05-28 15:17:46 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-28 15:17:46 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-04 18:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-29 06:53:48 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-03-21 07:08:24 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys
.
============= FINISH: 21:01:09.57 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:06:25 PM

Posted 01 June 2013 - 08:23 AM

Hy
my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.
  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • I am currently visiting an evening school and working nightshift only which might be evening for you. In this time I am mostly online with my mobile devices and won't be able to reply.
:spacer:
:spacer:
:spacer:
Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt
Please post the contents of that log in your next reply.
:spacer:
:spacer:
:spacer:
Please download Farbar's Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#3 kellmk

kellmk
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 01 June 2013 - 08:09 PM

Hi Daniel, Thank you for you help!

 

 

21:02:55.0166 5896 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

21:02:55.0603 5896 ============================================================

21:02:55.0603 5896 Current date / time: 2013/06/01 21:02:55.0603

21:02:55.0603 5896 SystemInfo:

21:02:55.0603 5896

21:02:55.0603 5896 OS Version: 6.0.6000 ServicePack: 0.0

21:02:55.0603 5896 Product type: Workstation

21:02:55.0603 5896 ComputerName: MICHELE-PC

21:02:55.0603 5896 UserName: Michele

21:02:55.0603 5896 Windows directory: C:\Windows

21:02:55.0603 5896 System windows directory: C:\Windows

21:02:55.0603 5896 Processor architecture: Intel x86

21:02:55.0603 5896 Number of processors: 2

21:02:55.0603 5896 Page size: 0x1000

21:02:55.0603 5896 Boot type: Normal boot

21:02:55.0603 5896 ============================================================

21:02:59.0137 5896 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

21:02:59.0199 5896 ============================================================

21:02:59.0199 5896 \Device\Harddisk0\DR0:

21:02:59.0246 5896 MBR partitions:

21:02:59.0246 5896 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2B800, BlocksNum 0x1400000

21:02:59.0246 5896 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x142B800, BlocksNum 0x115ED800

21:02:59.0246 5896 ============================================================

21:02:59.0637 5896 C: <-> \Device\Harddisk0\DR0\Partition2

21:02:59.0699 5896 D: <-> \Device\Harddisk0\DR0\Partition1

21:02:59.0699 5896 ============================================================

21:02:59.0699 5896 Initialize success

21:02:59.0699 5896 ============================================================

21:03:02.0606 5848 ============================================================

21:03:02.0606 5848 Scan started

21:03:02.0606 5848 Mode: Manual;

21:03:02.0606 5848 ============================================================

21:03:06.0403 5848 ================ Scan system memory ========================

21:03:06.0403 5848 System memory - ok

21:03:06.0403 5848 ================ Scan services =============================

21:03:06.0747 5848 [ 84FC6DF81212D16BE5C4F441682FECCC ] ACPI C:\Windows\system32\drivers\acpi.sys

21:03:06.0762 5848 ACPI - ok

21:03:06.0966 5848 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

21:03:07.0028 5848 AdobeFlashPlayerUpdateSvc - ok

21:03:07.0153 5848 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

21:03:07.0169 5848 adp94xx - ok

21:03:07.0200 5848 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys

21:03:07.0216 5848 adpahci - ok

21:03:07.0231 5848 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys

21:03:07.0231 5848 adpu160m - ok

21:03:07.0294 5848 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys

21:03:07.0309 5848 adpu320 - ok

21:03:07.0356 5848 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

21:03:07.0356 5848 AeLookupSvc - ok

21:03:07.0403 5848 [ 5D24CAF8EFD924A875698FF28384DB8B ] AFD C:\Windows\system32\drivers\afd.sys

21:03:07.0466 5848 AFD - ok

21:03:07.0544 5848 [ 8B10CE1C1F9F1D47E4DEB1A547A00CD4 ] agp440 C:\Windows\system32\drivers\agp440.sys

21:03:07.0544 5848 agp440 - ok

21:03:07.0575 5848 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys

21:03:07.0575 5848 aic78xx - ok

21:03:07.0622 5848 [ E69FB0E3112C40FDC0EF7D21A52DC951 ] ALG C:\Windows\System32\alg.exe

21:03:07.0622 5848 ALG - ok

21:03:07.0669 5848 [ DC67A153FDB8105B25D05334B5E1D8E2 ] aliide C:\Windows\system32\drivers\aliide.sys

21:03:07.0669 5848 aliide - ok

21:03:07.0684 5848 [ 848F27E5B27C1C253F6CEFDC1A5D8F21 ] amdagp C:\Windows\system32\drivers\amdagp.sys

21:03:07.0700 5848 amdagp - ok

21:03:07.0731 5848 [ 835C4C3355088298A5EBD818FA31430F ] amdide C:\Windows\system32\drivers\amdide.sys

21:03:07.0731 5848 amdide - ok

21:03:07.0794 5848 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys

21:03:07.0841 5848 AmdK7 - ok

21:03:07.0872 5848 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

21:03:07.0919 5848 AmdK8 - ok

21:03:07.0950 5848 [ CFA455816879F06F1C4E5BBF9E8AEF7D ] Appinfo C:\Windows\System32\appinfo.dll

21:03:07.0950 5848 Appinfo - ok

21:03:08.0106 5848 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

21:03:08.0153 5848 Apple Mobile Device - ok

21:03:08.0231 5848 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys

21:03:08.0247 5848 arc - ok

21:03:08.0325 5848 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys

21:03:08.0325 5848 arcsas - ok

21:03:08.0403 5848 [ E86CF7CE67D5DE898F27EF884DC357D8 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

21:03:08.0497 5848 AsyncMac - ok

21:03:08.0528 5848 [ E03E8C99D15D0381E02743C36AFC7C6F ] atapi C:\Windows\system32\drivers\atapi.sys

21:03:08.0528 5848 atapi - ok

21:03:08.0731 5848 [ CDAB1FB2AC6160EF35B44D6337A04DD4 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe

21:03:08.0762 5848 Ati External Event Utility - ok

21:03:08.0903 5848 [ A356E45E8432432C06981EA63A1E0FE8 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys

21:03:08.0919 5848 AtiPcie - ok

21:03:08.0981 5848 [ E760FC1BD68F7F6F1B17EB4E8D9480B0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

21:03:08.0981 5848 AudioEndpointBuilder - ok

21:03:08.0997 5848 [ E760FC1BD68F7F6F1B17EB4E8D9480B0 ] Audiosrv C:\Windows\System32\Audiosrv.dll

21:03:08.0997 5848 Audiosrv - ok

21:03:10.0748 5848 [ 50185186719134FA8F307D269106A51C ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe

21:03:11.0608 5848 AVGIDSAgent - ok

21:03:11.0702 5848 [ 4750A2A188D39034F5DDDDAE1BF38BF8 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys

21:03:11.0702 5848 AVGIDSDriver - ok

21:03:11.0764 5848 [ B0DEF92F4E1E6B9242E6C8FAB82703F7 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys

21:03:11.0796 5848 AVGIDSHX - ok

21:03:11.0908 5848 [ A426B2DC795531D99E2EE1952AEC051A ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys

21:03:11.0908 5848 AVGIDSShim - ok

21:03:11.0986 5848 [ 08FA13787D77A75DC413E27FD92B44E8 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys

21:03:11.0986 5848 Avgldx86 - ok

21:03:12.0017 5848 [ 3E587EE55C70E6DB78A98D7121D3052E ] Avglogx C:\Windows\system32\DRIVERS\avglogx.sys

21:03:12.0049 5848 Avglogx - ok

21:03:13.0003 5848 [ 5AC56B2CF8EE751796C5A8FC5C631B66 ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys

21:03:13.0034 5848 Avgmfx86 - ok

21:03:13.0565 5848 [ C29E6070396E437FDE184D739CCBA2C7 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys

21:03:13.0596 5848 Avgrkx86 - ok

21:03:13.0800 5848 [ 14370FB29526F593C04FA48B5D69F7F0 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys

21:03:13.0800 5848 Avgtdix - ok

21:03:13.0941 5848 [ 3A0977CB68AF13E2579E47EB8984056B ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe

21:03:13.0988 5848 avgwd - ok

21:03:14.0066 5848 [ 509F672686AF40F95859FDE67108449B ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys

21:03:14.0191 5848 BCM43XX - ok

21:03:14.0285 5848 [ CD4646067CC7DCBA1907FA0ACF7E3966 ] bcm4sbxp C:\Windows\system32\DRIVERS\bcm4sbxp.sys

21:03:14.0379 5848 bcm4sbxp - ok

21:03:14.0457 5848 [ AC3DD1708B22761EBD7CBE14DCC3B5D7 ] Beep C:\Windows\system32\drivers\Beep.sys

21:03:14.0519 5848 Beep - ok

21:03:14.0535 5848 blbdrive - ok

21:03:14.0597 5848 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

21:03:14.0629 5848 Bonjour Service - ok

21:03:14.0660 5848 [ 913CD06FBE9105CE6077E90FD4418561 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

21:03:14.0691 5848 bowser - ok

21:03:14.0769 5848 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys

21:03:14.0816 5848 BrFiltLo - ok

21:03:14.0832 5848 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys

21:03:14.0847 5848 BrFiltUp - ok

21:03:14.0911 5848 [ BEB6470532B7461D7BB426E3FACB424F ] Browser C:\Windows\System32\browser.dll

21:03:14.0911 5848 Browser - ok

21:03:14.0973 5848 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys

21:03:15.0005 5848 Brserid - ok

21:03:15.0052 5848 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys

21:03:15.0098 5848 BrSerWdm - ok

21:03:15.0145 5848 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys

21:03:15.0177 5848 BrUsbMdm - ok

21:03:15.0223 5848 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys

21:03:15.0255 5848 BrUsbSer - ok

21:03:15.0333 5848 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

21:03:15.0380 5848 BTHMODEM - ok

21:03:15.0411 5848 [ 6C3A437FC873C6F6A4FC620B6888CB86 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

21:03:15.0427 5848 cdfs - ok

21:03:15.0489 5848 [ 8D1866E61AF096AE8B582454F5E4D303 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

21:03:15.0520 5848 cdrom - ok

21:03:15.0583 5848 [ 0600E04315FE543802A379D5D23C8BE0 ] CertPropSvc C:\Windows\System32\certprop.dll

21:03:15.0583 5848 CertPropSvc - ok

21:03:15.0645 5848 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys

21:03:15.0661 5848 circlass - ok

21:03:15.0739 5848 [ 1B84FD0937D3B99AF9BA38DDFF3DAF54 ] CLFS C:\Windows\system32\CLFS.sys

21:03:15.0817 5848 CLFS - ok

21:03:16.0099 5848 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

21:03:16.0146 5848 clr_optimization_v2.0.50727_32 - ok

21:03:16.0224 5848 [ ED97AD3DF1B9005989EAF149BF06C821 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

21:03:16.0256 5848 CmBatt - ok

21:03:16.0303 5848 [ E79CBB2195E965F6E3256E2C1B23FD1C ] cmdide C:\Windows\system32\drivers\cmdide.sys

21:03:16.0303 5848 cmdide - ok

21:03:16.0349 5848 [ 722936AFB75A7F509662B69B5632F48A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

21:03:16.0381 5848 Compbatt - ok

21:03:16.0396 5848 COMSysApp - ok

21:03:16.0412 5848 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

21:03:16.0412 5848 crcdisk - ok

21:03:16.0459 5848 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys

21:03:16.0490 5848 Crusoe - ok

21:03:16.0599 5848 [ 1C26FB097170A2A91066D1E3A24366E3 ] CryptSvc C:\Windows\system32\cryptsvc.dll

21:03:16.0599 5848 CryptSvc - ok

21:03:16.0756 5848 [ 7B981222A257D076885BFFB66F19B7CE ] DcomLaunch C:\Windows\system32\rpcss.dll

21:03:16.0771 5848 DcomLaunch - ok

21:03:16.0818 5848 [ A7179DE59AE269AB70345527894CCD7C ] DfsC C:\Windows\system32\Drivers\dfsc.sys

21:03:16.0865 5848 DfsC - ok

21:03:16.0975 5848 [ E0D584AA76C7D845BA9F3A788260528F ] DFSR C:\Windows\system32\DFSR.exe

21:03:17.0179 5848 DFSR - ok

21:03:17.0257 5848 [ DC45739BC22D528D2B3E50D3F6761750 ] Dhcp C:\Windows\System32\dhcpcsvc.dll

21:03:17.0257 5848 Dhcp - ok

21:03:17.0304 5848 [ 841AF4C4D41D3E3B2F244E976B0F7963 ] disk C:\Windows\system32\drivers\disk.sys

21:03:17.0350 5848 disk - ok

21:03:17.0429 5848 [ EECBA1DD142BF8693C476BE8F32FE253 ] Dnscache C:\Windows\System32\dnsrslvr.dll

21:03:17.0460 5848 Dnscache - ok

21:03:17.0507 5848 [ BE3D1E84378DE1F4C448FD59541581E9 ] dot3svc C:\Windows\System32\dot3svc.dll

21:03:17.0522 5848 dot3svc - ok

21:03:17.0632 5848 [ 032C90AD677BF7B7A8013D6087C7A921 ] DPS C:\Windows\system32\dps.dll

21:03:17.0632 5848 DPS - ok

21:03:17.0741 5848 [ EE472CD2C01F6F8E8AA1FA06FFEF61B6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

21:03:17.0772 5848 drmkaud - ok

21:03:17.0866 5848 [ 245F62A2AA67F4A61F10174BF1017327 ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe

21:03:18.0023 5848 DSBrokerService - ok

21:03:18.0117 5848 [ 413F2D5F9D802688242C23B38F767ECB ] DSproct C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys

21:03:18.0148 5848 DSproct - ok

21:03:18.0179 5848 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] dsunidrv C:\Windows\system32\DRIVERS\dsunidrv.sys

21:03:18.0211 5848 dsunidrv - ok

21:03:18.0461 5848 [ 334988883DE69ADB27E2CF9F9715BBDB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

21:03:18.0523 5848 DXGKrnl - ok

21:03:18.0633 5848 [ 7505290504C8E2D172FA378CC0497BCC ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys

21:03:18.0695 5848 e1express - ok

21:03:18.0773 5848 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys

21:03:18.0867 5848 E1G60 - ok

21:03:18.0929 5848 [ 90A0A875642E18618010645311B4E89E ] EapHost C:\Windows\System32\eapsvc.dll

21:03:18.0929 5848 EapHost - ok

21:03:19.0011 5848 [ 0EFC7531B936EE57FDB4E837664C509F ] Ecache C:\Windows\system32\drivers\ecache.sys

21:03:19.0026 5848 Ecache - ok

21:03:19.0151 5848 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys

21:03:19.0604 5848 elxstor - ok

21:03:19.0980 5848 [ 3226FDA08988526E819E364E8CCE4CEE ] EMDMgmt C:\Windows\system32\emdmgmt.dll

21:03:19.0980 5848 EMDMgmt - ok

21:03:20.0058 5848 [ 7B4971C3D43525175A4EA0D143E0412E ] EventSystem C:\Windows\system32\es.dll

21:03:20.0090 5848 EventSystem - ok

21:03:20.0121 5848 [ 84A317CB0B3954D3768CDCD018DBF670 ] fastfat C:\Windows\system32\drivers\fastfat.sys

21:03:20.0183 5848 fastfat - ok

21:03:20.0262 5848 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys

21:03:20.0308 5848 fdc - ok

21:03:20.0402 5848 [ E43BCE1A77D6FD4ED5F8E0482B9E7DF1 ] fdPHost C:\Windows\system32\fdPHost.dll

21:03:20.0402 5848 fdPHost - ok

21:03:20.0449 5848 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll

21:03:20.0449 5848 FDResPub - ok

21:03:20.0496 5848 [ 65773D6115C037FFD7EF8280AE85EB9D ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

21:03:20.0527 5848 FileInfo - ok

21:03:20.0558 5848 [ C226DD0DE060745F3E042F58DCF78402 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

21:03:20.0574 5848 Filetrace - ok

21:03:20.0621 5848 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

21:03:20.0668 5848 flpydisk - ok

21:03:20.0683 5848 [ A6A8DA7AE4D53394AB22AC3AB6D3F5D3 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

21:03:20.0715 5848 FltMgr - ok

21:03:20.0808 5848 [ 85E5AD3A9D56FD6F92DB5FC9CA62E2E4 ] FlyUsb C:\Windows\system32\DRIVERS\FlyUsb.sys

21:03:20.0871 5848 FlyUsb - ok

21:03:20.0965 5848 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

21:03:21.0012 5848 FontCache3.0.0.0 - ok

21:03:21.0059 5848 [ 66A078591208BAA210C7634B11EB392C ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

21:03:21.0075 5848 Fs_Rec - ok

21:03:21.0122 5848 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

21:03:21.0122 5848 gagp30kx - ok

21:03:21.0200 5848 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

21:03:21.0200 5848 GEARAspiWDM - ok

21:03:21.0262 5848 [ BCF6589C42D8F6A20F33EF133FFE0524 ] gpsvc C:\Windows\System32\gpsvc.dll

21:03:21.0325 5848 gpsvc - ok

21:03:21.0497 5848 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

21:03:21.0512 5848 gupdate - ok

21:03:21.0544 5848 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

21:03:21.0544 5848 gupdatem - ok

21:03:21.0575 5848 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

21:03:21.0622 5848 gusvc - ok

21:03:21.0700 5848 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

21:03:21.0778 5848 HdAudAddService - ok

21:03:21.0825 5848 [ 0DB613A7E427B5663563677796FD5258 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

21:03:21.0841 5848 HDAudBus - ok

21:03:21.0887 5848 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys

21:03:21.0934 5848 HidBth - ok

21:03:21.0981 5848 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys

21:03:22.0028 5848 HidIr - ok

21:03:22.0075 5848 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\system32\hidserv.dll

21:03:22.0075 5848 hidserv - ok

21:03:22.0122 5848 [ 01E7971E9F4BD6AC6A08DB52D0EA0418 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

21:03:22.0137 5848 HidUsb - ok

21:03:22.0200 5848 [ D40AA05E29BF6ED29B139F044B461E9B ] hkmsvc C:\Windows\system32\kmsvc.dll

21:03:22.0200 5848 hkmsvc - ok

21:03:22.0247 5848 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys

21:03:22.0262 5848 HpCISSs - ok

21:03:22.0544 5848 [ 53229DCF431D76434816CD29251168A0 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys

21:03:22.0637 5848 HSF_DPV - ok

21:03:22.0716 5848 [ 31F949D452201F2F0AF0C88D7DB512CD ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys

21:03:22.0747 5848 HSXHWAZL - ok

21:03:22.0809 5848 [ 3C3CBA3CE1A66439A960D4531A167C39 ] HTTP C:\Windows\system32\drivers\HTTP.sys

21:03:22.0841 5848 HTTP - ok

21:03:22.0919 5848 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys

21:03:22.0934 5848 i2omp - ok

21:03:23.0028 5848 [ C10913EFA515630C0B6D7B6928B9DE6C ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

21:03:23.0091 5848 Suspicious file (Forged): C:\Windows\system32\DRIVERS\i8042prt.sys. Real md5: C10913EFA515630C0B6D7B6928B9DE6C, Fake md5: 1C9EE072BAA3ABB460B91D7EE9152660

21:03:23.0091 5848 i8042prt ( Virus.Win32.ZAccess.aml ) - infected

21:03:23.0091 5848 i8042prt - detected Virus.Win32.ZAccess.aml (0)

21:03:23.0153 5848 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys

21:03:23.0169 5848 iaStorV - ok

21:03:23.0450 5848 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

21:03:23.0606 5848 IDriverT - ok

21:03:23.0809 5848 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

21:03:24.0200 5848 idsvc - ok

21:03:24.0278 5848 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys

21:03:24.0278 5848 iirsp - ok

21:03:24.0341 5848 [ 35662FE4D8622F667AA5A5568F7F1B40 ] IKEEXT C:\Windows\System32\ikeext.dll

21:03:24.0356 5848 IKEEXT - ok

21:03:24.0419 5848 [ 0084046C084D68E494F8CF36BCF08186 ] intelide C:\Windows\system32\drivers\intelide.sys

21:03:24.0419 5848 intelide - ok

21:03:24.0481 5848 [ CE44CC04262F28216DD4341E9E36A16F ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

21:03:24.0512 5848 intelppm - ok

21:03:24.0575 5848 [ 88CF5281ED9880D74DC9011CF8B5262D ] IPBusEnum C:\Windows\system32\ipbusenum.dll

21:03:24.0575 5848 IPBusEnum - ok

21:03:24.0637 5848 [ 880C6F86CC3F551B8FEA2C11141268C0 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

21:03:24.0684 5848 IpFilterDriver - ok

21:03:24.0684 5848 IpInIp - ok

21:03:24.0731 5848 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys

21:03:24.0762 5848 IPMIDRV - ok

21:03:24.0809 5848 [ 10077C35845101548037DF04FD1A420B ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys

21:03:24.0856 5848 IPNAT - ok

21:03:25.0012 5848 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

21:03:25.0091 5848 iPod Service - ok

21:03:25.0137 5848 [ A82F328F4792304184642D6D397BB1E3 ] IRENUM C:\Windows\system32\drivers\irenum.sys

21:03:25.0153 5848 IRENUM - ok

21:03:25.0702 5848 [ 2F8ECE2699E7E2070545E9B0960A8ED2 ] isapnp C:\Windows\system32\drivers\isapnp.sys

21:03:25.0702 5848 isapnp - ok

21:03:25.0764 5848 [ 4DCA456D4D5723F8FA9C6760D240B0DF ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

21:03:25.0780 5848 iScsiPrt - ok

21:03:26.0014 5848 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys

21:03:26.0014 5848 iteatapi - ok

21:03:26.0139 5848 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys

21:03:26.0155 5848 iteraid - ok

21:03:26.0202 5848 [ B076B2AB806B3F696DAB21375389101C ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

21:03:26.0218 5848 kbdclass - ok

21:03:26.0266 5848 [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

21:03:26.0282 5848 kbdhid - ok

21:03:26.0313 5848 [ C731B1FE449D4E9CEA358C9D55B69BE9 ] KeyIso C:\Windows\system32\lsass.exe

21:03:26.0376 5848 KeyIso - ok

21:03:26.0516 5848 [ 0A829977B078DEA11641FC2AF87CEADE ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

21:03:26.0595 5848 KSecDD - ok

21:03:26.0720 5848 [ 45C537FE5DDE9A0146AEFF76E615737D ] KtmRm C:\Windows\system32\msdtckrm.dll

21:03:26.0766 5848 KtmRm - ok

21:03:26.0813 5848 [ 53D1482FC1AA36AC015A85E6CF2146BD ] LanmanServer C:\Windows\system32\srvsvc.dll

21:03:26.0813 5848 LanmanServer - ok

21:03:26.0891 5848 [ 435F0F6DC87A4B5DA78F1FA309884189 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

21:03:26.0907 5848 LanmanWorkstation - ok

21:03:27.0329 5848 [ 24A7D535BD9E58E5BC1AC52EF7E2EC8E ] LeapFrog Connect Device Service C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

21:03:27.0470 5848 LeapFrog Connect Device Service - ok

21:03:27.0501 5848 [ FD015B4F95DAA2B712F0E372A116FBAD ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

21:03:27.0516 5848 lltdio - ok

21:03:27.0641 5848 [ 7450DBCF754391DD6363FFFD5EF0E789 ] lltdsvc C:\Windows\System32\lltdsvc.dll

21:03:27.0704 5848 lltdsvc - ok

21:03:27.0751 5848 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll

21:03:27.0766 5848 lmhosts - ok

21:03:27.0845 5848 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

21:03:27.0876 5848 LSI_FC - ok

21:03:27.0907 5848 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

21:03:27.0907 5848 LSI_SAS - ok

21:03:27.0985 5848 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

21:03:28.0001 5848 LSI_SCSI - ok

21:03:28.0048 5848 [ 42885BB44B6E065B8575A8DD6C430C52 ] luafv C:\Windows\system32\drivers\luafv.sys

21:03:28.0063 5848 luafv - ok

21:03:28.0173 5848 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys

21:03:28.0235 5848 mdmxsdk - ok

21:03:28.0313 5848 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys

21:03:28.0345 5848 megasas - ok

21:03:28.0391 5848 [ 9DFA3A459AF0954AA85B4F7622AD87BB ] MMCSS C:\Windows\system32\mmcss.dll

21:03:28.0391 5848 MMCSS - ok

21:03:28.0501 5848 [ 21755967298A46FB6ADFEC9DB6012211 ] Modem C:\Windows\system32\drivers\modem.sys

21:03:28.0516 5848 Modem - ok

21:03:28.0595 5848 [ 7446E104A5FE5987CA9E4983FBAC4F97 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

21:03:28.0626 5848 monitor - ok

21:03:28.0641 5848 [ 5FBA13C1A1841B0885D316ED3589489D ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

21:03:28.0641 5848 mouclass - ok

21:03:28.0704 5848 [ B569B5C5D3BDE545DF3A6AF512CCCDBA ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

21:03:28.0735 5848 mouhid - ok

21:03:28.0798 5848 [ 01F1E5A3E4877C931CBB31613FEC16A6 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys

21:03:28.0813 5848 MountMgr - ok

21:03:28.0907 5848 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys

21:03:28.0954 5848 mpio - ok

21:03:29.0032 5848 [ 6E7A7F0C1193EE5648443FE2D4B789EC ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

21:03:29.0063 5848 mpsdrv - ok

21:03:29.0126 5848 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys

21:03:29.0157 5848 Mraid35x - ok

21:03:29.0354 5848 [ 1D8828B98EE309D65E006F0829E280E5 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

21:03:29.0386 5848 MRxDAV - ok

21:03:29.0464 5848 [ 8AF705CE1BB907932157FAB821170F27 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

21:03:29.0495 5848 mrxsmb - ok

21:03:29.0542 5848 [ 47E13AB23371BE3279EEF22BBFA2C1BE ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

21:03:29.0573 5848 mrxsmb10 - ok

21:03:29.0651 5848 [ 90B3FC7BD6B3D7EE7635DEBBA2187F66 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

21:03:29.0714 5848 mrxsmb20 - ok

21:03:29.0792 5848 [ D420BC42A637AC3CC4F411220549C0DC ] msahci C:\Windows\system32\drivers\msahci.sys

21:03:29.0870 5848 msahci - ok

21:03:29.0917 5848 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys

21:03:29.0948 5848 msdsm - ok

21:03:29.0995 5848 [ BC64A92D821EFEA8BAB8E8CAF1B668BC ] MSDTC C:\Windows\System32\msdtc.exe

21:03:30.0026 5848 MSDTC - ok

21:03:30.0057 5848 [ 729EAFEFD4E7417165F353A18DBE947D ] Msfs C:\Windows\system32\drivers\Msfs.sys

21:03:30.0104 5848 Msfs - ok

21:03:30.0167 5848 [ 207DF26DBB2537C20276DA0E15892274 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

21:03:30.0182 5848 msisadrv - ok

21:03:30.0261 5848 [ 8ACF956D9154E893E789881430C12632 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

21:03:30.0340 5848 MSiSCSI - ok

21:03:30.0355 5848 msiserver - ok

21:03:30.0402 5848 [ 892CEDEFA7E0FFE7BE8DA651B651D047 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

21:03:30.0418 5848 MSKSSRV - ok

21:03:30.0480 5848 [ AE2CB1DA69B2676B4CEE2A501AF5871C ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

21:03:30.0543 5848 MSPCLOCK - ok

21:03:30.0605 5848 [ F910DA84FA90C44A3ADDB7CD874463FD ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

21:03:30.0683 5848 MSPQM - ok

21:03:30.0777 5848 [ 84571C0AE07647BA38D493F5F0015DF7 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

21:03:30.0808 5848 MsRPC - ok

21:03:30.0871 5848 [ 7DBAA028F625AA46B95DDA4FBE4B602B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

21:03:30.0918 5848 mssmbios - ok

21:03:30.0980 5848 [ C826DD1373F38AFD9CA46EC3C436A14E ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

21:03:31.0090 5848 MSTEE - ok

21:03:31.0121 5848 [ FA7AA70050CF5E2D15DE00941E5665E5 ] Mup C:\Windows\system32\Drivers\mup.sys

21:03:31.0137 5848 Mup - ok

21:03:31.0262 5848 [ 1CDBB5D002FE2BC5300AA20550D8A52E ] napagent C:\Windows\system32\qagentRT.dll

21:03:31.0277 5848 napagent - ok

21:03:31.0860 5848 [ 1D162E52FB691EB555A476B04B4BFF3F ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

21:03:31.0923 5848 NativeWifiP - ok

21:03:32.0032 5848 [ 227C11E1E7CF6EF8AFB2A238D209760C ] NDIS C:\Windows\system32\drivers\ndis.sys

21:03:32.0063 5848 NDIS - ok

21:03:32.0141 5848 [ 81659CDCBD0F9A9E07E6878AD8C78D3F ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

21:03:32.0188 5848 NdisTapi - ok

21:03:32.0204 5848 [ 5DE5EE546BF40838EBE0E01CB629DF64 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

21:03:32.0251 5848 Ndisuio - ok

21:03:32.0376 5848 [ 397402ADCBB8946223A1950101F6CD94 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

21:03:32.0470 5848 NdisWan - ok

21:03:32.0517 5848 [ 1B24FA907AF283199A81B3BB37E5E526 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

21:03:32.0564 5848 NDProxy - ok

21:03:32.0642 5848 [ 356DBB9F98E8DC1028DD3092FCEEB877 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

21:03:32.0674 5848 NetBIOS - ok

21:03:32.0705 5848 [ E3A168912E7EEFC3BD3B814720D68B41 ] netbt C:\Windows\system32\DRIVERS\netbt.sys

21:03:32.0736 5848 netbt - ok

21:03:32.0752 5848 [ C731B1FE449D4E9CEA358C9D55B69BE9 ] Netlogon C:\Windows\system32\lsass.exe

21:03:32.0752 5848 Netlogon - ok

21:03:32.0861 5848 [ 90A4DAE28B94497F83BEA0F2A3B77092 ] Netman C:\Windows\System32\netman.dll

21:03:32.0861 5848 Netman - ok

21:03:32.0939 5848 [ 7C5C3D9CEEE838856B828AB6F98A2857 ] netprofm C:\Windows\System32\netprofm.dll

21:03:32.0970 5848 netprofm - ok

21:03:33.0033 5848 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

21:03:33.0049 5848 NetTcpPortSharing - ok

21:03:33.0080 5848 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

21:03:33.0080 5848 nfrd960 - ok

21:03:33.0142 5848 [ C424117A562F2DE37A42266894C79AEB ] NlaSvc C:\Windows\System32\nlasvc.dll

21:03:33.0158 5848 NlaSvc - ok

21:03:33.0189 5848 [ 4F9832BEB9FAFD8CEB0E541F1323B26E ] Npfs C:\Windows\system32\drivers\Npfs.sys

21:03:33.0252 5848 Npfs - ok

21:03:33.0314 5848 [ 23B8201A363DE0E649FC75EE9874DEE2 ] nsi C:\Windows\system32\nsisvc.dll

21:03:33.0314 5848 nsi - ok

21:03:33.0361 5848 [ B488DFEC274DE1FC9D653870EF2587BE ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

21:03:33.0424 5848 nsiproxy - ok

21:03:33.0720 5848 [ 37430AA7A66D7A63407ADC2C0D05E9F6 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

21:03:33.0767 5848 Ntfs - ok

21:03:33.0830 5848 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys

21:03:33.0845 5848 ntrigdigi - ok

21:03:33.0877 5848 [ EC5EFB3C60F1B624648344A328BCE596 ] Null C:\Windows\system32\drivers\Null.sys

21:03:33.0924 5848 Null - ok

21:03:33.0955 5848 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys

21:03:33.0955 5848 nvraid - ok

21:03:33.0986 5848 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys

21:03:33.0986 5848 nvstor - ok

21:03:34.0017 5848 [ 055081FD5076401C1EE1BCAB08D81911 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

21:03:34.0017 5848 nv_agp - ok

21:03:34.0033 5848 NwlnkFlt - ok

21:03:34.0049 5848 NwlnkFwd - ok

21:03:34.0111 5848 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

21:03:34.0158 5848 ohci1394 - ok

21:03:34.0314 5848 [ 016D01D3B8FB976A193C7434BED8DCCF ] p2pimsvc C:\Windows\system32\p2psvc.dll

21:03:34.0330 5848 p2pimsvc - ok

21:03:34.0392 5848 [ 016D01D3B8FB976A193C7434BED8DCCF ] p2psvc C:\Windows\system32\p2psvc.dll

21:03:34.0408 5848 p2psvc - ok

21:03:34.0486 5848 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys

21:03:34.0542 5848 Parport - ok

21:03:34.0589 5848 [ 84BE786F33FDBD8765E05DF3B7F5B9E6 ] partmgr C:\Windows\system32\drivers\partmgr.sys

21:03:34.0651 5848 partmgr - ok

21:03:34.0667 5848 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys

21:03:34.0698 5848 Parvdm - ok

21:03:34.0761 5848 [ D8C5C215C932233A4F1D7F368F4E4E65 ] PcaSvc C:\Windows\System32\pcasvc.dll

21:03:34.0761 5848 PcaSvc - ok

21:03:34.0795 5848 [ BDD96F9CF34D58958AFF1BE6EF4C8020 ] pci C:\Windows\system32\drivers\pci.sys

21:03:34.0872 5848 pci - ok

21:03:34.0958 5848 [ B2FC76090EF1003463CCB07CABB35CFF ] pciide C:\Windows\system32\drivers\pciide.sys

21:03:35.0012 5848 pciide - ok

21:03:35.0128 5848 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

21:03:35.0134 5848 pcmcia - ok

21:03:35.0273 5848 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys

21:03:35.0300 5848 PEAUTH - ok

21:03:35.0670 5848 [ CD05A38D166BEADE18030BAFC0C0A939 ] pla C:\Windows\system32\pla.dll

21:03:35.0686 5848 pla - ok

21:03:35.0768 5848 [ 747BB4C31F3B6E8D1B5ED0AD61518CB5 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

21:03:35.0773 5848 PlugPlay - ok

21:03:35.0967 5848 [ 016D01D3B8FB976A193C7434BED8DCCF ] PNRPAutoReg C:\Windows\system32\p2psvc.dll

21:03:35.0976 5848 PNRPAutoReg - ok

21:03:36.0003 5848 [ 016D01D3B8FB976A193C7434BED8DCCF ] PNRPsvc C:\Windows\system32\p2psvc.dll

21:03:36.0011 5848 PNRPsvc - ok

21:03:36.0086 5848 [ 5EBDEC613BD377CE9A85382BE5C6B83B ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

21:03:36.0134 5848 PolicyAgent - ok

21:03:36.0181 5848 [ C04DEC5ACE67C5247B150C4223970BB7 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

21:03:36.0214 5848 PptpMiniport - ok

21:03:36.0276 5848 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys

21:03:36.0295 5848 Processor - ok

21:03:36.0409 5848 [ 213112E152E68F0E4705E36F052A2880 ] ProfSvc C:\Windows\system32\profsvc.dll

21:03:36.0413 5848 ProfSvc - ok

21:03:36.0468 5848 [ C731B1FE449D4E9CEA358C9D55B69BE9 ] ProtectedStorage C:\Windows\system32\lsass.exe

21:03:36.0470 5848 ProtectedStorage - ok

21:03:36.0506 5848 [ 2C8BAE55247C4E09352E870292E4D1AB ] PSched C:\Windows\system32\DRIVERS\pacer.sys

21:03:36.0507 5848 PSched - ok

21:03:36.0580 5848 [ FEFFCFDC528764A04C8ED63D5FA6E711 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys

21:03:36.0614 5848 PxHelp20 - ok

21:03:36.0871 5848 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys

21:03:36.0953 5848 ql2300 - ok

21:03:36.0992 5848 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

21:03:37.0025 5848 ql40xx - ok

21:03:37.0089 5848 [ CA61BDFD3713A7CE75F2812AFC431594 ] QWAVE C:\Windows\system32\qwave.dll

21:03:37.0094 5848 QWAVE - ok

21:03:37.0150 5848 [ D2B3E2B7426DC23E185FBC73C8936C12 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

21:03:37.0151 5848 QWAVEdrv - ok

21:03:37.0329 5848 [ 554685122B4F973E21D66C2BAAF29543 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys

21:03:37.0368 5848 R300 - ok

21:03:37.0409 5848 [ BD7B30F55B3649506DD8B3D38F571D2A ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

21:03:37.0427 5848 RasAcd - ok

21:03:37.0991 5848 [ F14F4AAB9F54D099FE99192BDB100AC9 ] RasAuto C:\Windows\System32\rasauto.dll

21:03:37.0995 5848 RasAuto - ok

21:03:38.0294 5848 [ 68B0019FEE429EC49D29017AF937E482 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

21:03:38.0340 5848 Rasl2tp - ok

21:03:38.0437 5848 [ 11D65E29BC9D1E4114D18FE68194394C ] RasMan C:\Windows\System32\rasmans.dll

21:03:38.0442 5848 RasMan - ok

21:03:38.0490 5848 [ CCF4E9C6CBBAC81437F88CB2AE0B6C96 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

21:03:38.0511 5848 RasPppoe - ok

21:03:38.0548 5848 [ 54129C5D9581BBEC8BD1EBD3BA813F47 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

21:03:38.0654 5848 rdbss - ok

21:03:38.0727 5848 [ 794585276B5D7FCA9F3FC15543F9F0B9 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

21:03:38.0802 5848 RDPCDD - ok

21:03:38.0866 5848 [ 0245418224CFA77BF4B41C2FE0622258 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys

21:03:38.0934 5848 rdpdr - ok

21:03:38.0943 5848 [ 980B56E2E273E19D3A9D72D5C420F008 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

21:03:38.0963 5848 RDPENCDD - ok

21:03:38.0999 5848 [ 8830E790A74A96605FABA74F9665BB3C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

21:03:39.0053 5848 RDPWD - ok

21:03:39.0161 5848 [ 6C1A43C589EE8011A1EBFD51C01B77CE ] RemoteAccess C:\Windows\System32\mprdim.dll

21:03:39.0164 5848 RemoteAccess - ok

21:03:39.0231 5848 [ 9A043808667C8C1893DA7275AF373F0E ] RemoteRegistry C:\Windows\system32\regsvc.dll

21:03:39.0235 5848 RemoteRegistry - ok

21:03:39.0282 5848 [ D85E3FA9F5B1F29BB4ED185C450D1470 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys

21:03:39.0297 5848 rimmptsk - ok

21:03:39.0333 5848 [ DB8EB01C58C9FADA00C70B1775278AE0 ] rimsptsk C:\Windows\system32\drivers\rimsptsk.sys

21:03:39.0375 5848 rimsptsk - ok

21:03:39.0400 5848 [ 6C1F93C0760C9F79A1869D07233DF39D ] rismxdp C:\Windows\system32\drivers\rixdptsk.sys

21:03:39.0439 5848 rismxdp - ok

21:03:39.0680 5848 [ EBCDE8B48FADC6479D96A56D0A432160 ] RoxMediaDB9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

21:03:39.0755 5848 RoxMediaDB9 - ok

21:03:39.0796 5848 [ AB2B1DE1C8F31EFCE2384B14B3DC4260 ] RoxWatch9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

21:03:39.0821 5848 RoxWatch9 - ok

21:03:39.0840 5848 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe

21:03:39.0842 5848 RpcLocator - ok

21:03:39.0876 5848 [ 7B981222A257D076885BFFB66F19B7CE ] RpcSs C:\Windows\system32\rpcss.dll

21:03:39.0884 5848 RpcSs - ok

21:03:39.0940 5848 [ 97E939D2128FEC5D5A3E6E79B290A2F4 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

21:03:39.0960 5848 rspndr - ok

21:03:40.0008 5848 [ C731B1FE449D4E9CEA358C9D55B69BE9 ] SamSs C:\Windows\system32\lsass.exe

21:03:40.0010 5848 SamSs - ok

21:03:40.0063 5848 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

21:03:40.0067 5848 sbp2port - ok

21:03:40.0123 5848 [ 565B4B9E5AD2F2F18A4F8AAFA6C06BBB ] SCardSvr C:\Windows\System32\SCardSvr.dll

21:03:40.0127 5848 SCardSvr - ok

21:03:40.0423 5848 [ 886CEC884B5BE29AB9828B8AB46B11F7 ] Schedule C:\Windows\system32\schedsvc.dll

21:03:40.0431 5848 Schedule - ok

21:03:40.0457 5848 [ 0600E04315FE543802A379D5D23C8BE0 ] SCPolicySvc C:\Windows\System32\certprop.dll

21:03:40.0458 5848 SCPolicySvc - ok

21:03:40.0507 5848 [ 7B3973CC28B8AA3E9E2E5D53E720E2C9 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys

21:03:40.0561 5848 sdbus - ok

21:03:40.0607 5848 [ F7B6BF02240D0A764ADF8C8966735552 ] SDRSVC C:\Windows\System32\SDRSVC.dll

21:03:40.0611 5848 SDRSVC - ok

21:03:41.0340 5848 [ 95AA9E165C7DE1B64A11E8B18E91E499 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe

21:03:41.0413 5848 SDScannerService - ok

21:03:41.0557 5848 [ D31398D4BB4907B517B6E784C2100C4A ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe

21:03:41.0617 5848 SDUpdateService - ok

21:03:41.0703 5848 [ 6AE8E702D1027A9627DDE2B77BB9992B ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe

21:03:41.0754 5848 SDWSCService - ok

21:03:41.0904 5848 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys

21:03:41.0909 5848 secdrv - ok

21:03:41.0972 5848 [ 8388C4133DDBE62AD7BC3EC9F14271ED ] seclogon C:\Windows\system32\seclogon.dll

21:03:41.0975 5848 seclogon - ok

21:03:42.0003 5848 [ 34350AE2C1D33D21C7305F861BD8DAD8 ] SENS C:\Windows\System32\sens.dll

21:03:42.0007 5848 SENS - ok

21:03:42.0032 5848 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys

21:03:42.0049 5848 Serenum - ok

21:03:42.0070 5848 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys

21:03:42.0104 5848 Serial - ok

21:03:42.0156 5848 [ 450ACCD77EC5CEA720C1CDB9E26B953B ] sermouse C:\Windows\system32\drivers\sermouse.sys

21:03:42.0174 5848 sermouse - ok

21:03:42.0222 5848 [ 78878235DA4DF0D116E86837A0A21DF8 ] SessionEnv C:\Windows\system32\sessenv.dll

21:03:42.0227 5848 SessionEnv - ok

21:03:42.0280 5848 [ 51CF56AA8BCC241F134B420B8F850406 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys

21:03:42.0325 5848 sffdisk - ok

21:03:42.0366 5848 [ 96DED8B20C734AC41641CE275250E55D ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

21:03:42.0410 5848 sffp_mmc - ok

21:03:42.0441 5848 [ 8B08CAB1267B2C377883FC9E56981F90 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys

21:03:42.0456 5848 sffp_sd - ok

21:03:42.0489 5848 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

21:03:42.0533 5848 sfloppy - ok

21:03:42.0637 5848 [ B264DFA21677728613267FE63802B332 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

21:03:42.0643 5848 ShellHWDetection - ok

21:03:42.0674 5848 [ 08072B2FB92477FC813271A84B3A8698 ] sisagp C:\Windows\system32\drivers\sisagp.sys

21:03:42.0701 5848 sisagp - ok

21:03:42.0761 5848 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys

21:03:42.0772 5848 SiSRaid2 - ok

21:03:42.0830 5848 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

21:03:42.0870 5848 SiSRaid4 - ok

21:03:43.0355 5848 [ A1DCD30534835CB67733AD00175125A6 ] slsvc C:\Windows\system32\SLsvc.exe

21:03:43.0383 5848 slsvc - ok

21:03:43.0425 5848 [ 56DA296E7B376A727E7BDC5AC7FBEE02 ] SLUINotify C:\Windows\system32\SLUINotify.dll

21:03:43.0429 5848 SLUINotify - ok

21:03:43.0464 5848 [ AC0D90738ADB51A6FD12FF00874A2162 ] Smb C:\Windows\system32\DRIVERS\smb.sys

21:03:43.0782 5848 Smb - ok

21:03:43.0897 5848 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

21:03:43.0900 5848 SNMPTRAP - ok

21:03:44.0030 5848 [ 426F9B029AA9162CECCF65369457D046 ] spldr C:\Windows\system32\drivers\spldr.sys

21:03:44.0057 5848 spldr - ok

21:03:44.0079 5848 [ DA612EF2556776DF2630B68BF2D48935 ] Spooler C:\Windows\System32\spoolsv.exe

21:03:44.0083 5848 Spooler - ok

21:03:44.0197 5848 [ 038579C35F7CAD4A4BBF735DBF83277D ] srv C:\Windows\system32\DRIVERS\srv.sys

21:03:44.0221 5848 srv - ok

21:03:44.0284 5848 [ 6971A757AF8CB5E2CBCBB76CC530DB6C ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

21:03:44.0325 5848 srv2 - ok

21:03:44.0350 5848 [ 9E1A4603B874EEBCE0298113951ABEFB ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

21:03:44.0369 5848 srvnet - ok

21:03:44.0400 5848 [ 8D3E4BAFF8B3997138C38EB1B600519A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

21:03:44.0404 5848 SSDPSRV - ok

21:03:44.0472 5848 [ CF26EB925F557D4D70973C702C8E7A49 ] STacSV C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

21:03:44.0536 5848 STacSV - ok

21:03:44.0592 5848 [ 9CEA131B5EB0EA653F6B3EA80B54956D ] STHDA C:\Windows\system32\drivers\stwrt.sys

21:03:44.0626 5848 STHDA - ok

21:03:44.0790 5848 [ A941E099EF46E3CC12F898CBE1C39910 ] stisvc C:\Windows\System32\wiaservc.dll

21:03:44.0798 5848 stisvc - ok

21:03:44.0900 5848 [ 51778FD315C9882F1CBD932743E62A72 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

21:03:44.0969 5848 stllssvr - ok

21:03:45.0091 5848 [ 3B80B4383C9BCE13279C8482734B32B2 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

21:03:45.0093 5848 swenum - ok

21:03:45.0257 5848 [ 749ADA8D6C18A08ADFEDE69CBF5DB2E0 ] swprv C:\Windows\System32\swprv.dll

21:03:45.0263 5848 swprv - ok

21:03:45.0295 5848 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys

21:03:45.0323 5848 Symc8xx - ok

21:03:45.0422 5848 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys

21:03:45.0425 5848 Sym_hi - ok

21:03:45.0460 5848 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys

21:03:45.0463 5848 Sym_u3 - ok

21:03:45.0563 5848 [ 1F5192248A364D4AB68DB063D18A2139 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

21:03:45.0566 5848 SynTP - ok

21:03:45.0726 5848 [ 6D73375116FAE5360B16F0A2D9B773CE ] SysMain C:\Windows\system32\sysmain.dll

21:03:45.0733 5848 SysMain - ok

21:03:45.0835 5848 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll

21:03:45.0839 5848 TabletInputService - ok

21:03:45.0942 5848 [ EF3DD33C740FC2F82E7E4622F1C49289 ] TapiSrv C:\Windows\System32\tapisrv.dll

21:03:45.0947 5848 TapiSrv - ok

21:03:46.0029 5848 [ 68FA52794AE9ACC61BDE16FE0956B414 ] TBS C:\Windows\System32\tbssvc.dll

21:03:46.0032 5848 TBS - ok

21:03:46.0292 5848 [ 4A82FA8F0DF67AA354580C3FAAF8BDE3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

21:03:46.0366 5848 Tcpip - ok

21:03:46.0392 5848 [ 4A82FA8F0DF67AA354580C3FAAF8BDE3 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys

21:03:46.0403 5848 Tcpip6 - ok

21:03:46.0537 5848 [ 5CE0C4A7B12D0067DAD527D72B68C726 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

21:03:46.0628 5848 tcpipreg - ok

21:03:46.0733 5848 [ 964248AEF49C31FA6A93201A73FFAF50 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

21:03:46.0754 5848 TDPIPE - ok

21:03:46.0792 5848 [ 7D2C1AE1648A60FCE4AA0F7982E419D3 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

21:03:46.0856 5848 TDTCP - ok

21:03:46.0954 5848 [ AB4FDE8AF4A0270A46A001C08CBCE1C2 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

21:03:46.0999 5848 tdx - ok

21:03:47.0056 5848 [ 849ED71967D45F15C3E0ABFC633FDF2A ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

21:03:47.0058 5848 TermDD - ok

21:03:47.0165 5848 [ FAD71C1E8E4047B154E899AE31EB8CAA ] TermService C:\Windows\System32\termsrv.dll

21:03:47.0174 5848 TermService - ok

21:03:47.0225 5848 [ B264DFA21677728613267FE63802B332 ] Themes C:\Windows\system32\shsvcs.dll

21:03:47.0229 5848 Themes - ok

21:03:47.0272 5848 [ 9DFA3A459AF0954AA85B4F7622AD87BB ] THREADORDER C:\Windows\system32\mmcss.dll

21:03:47.0274 5848 THREADORDER - ok

21:03:47.0591 5848 [ 6BBA0582C0025D43729A1112D3B57897 ] TrkWks C:\Windows\System32\trkwks.dll

21:03:47.0596 5848 TrkWks - ok

21:03:47.0673 5848 [ 34E388A395FEDBA1D0511ED39BBF4074 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

21:03:47.0674 5848 TrustedInstaller - ok

21:03:47.0728 5848 [ 29F0ECA726F0D51F7E048BDB0B372F29 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

21:03:47.0788 5848 tssecsrv - ok

21:03:47.0834 5848 [ 65E953BC0084D44498B51F59784D2A82 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys

21:03:47.0858 5848 tunmp - ok

21:03:47.0913 5848 [ 4A39BDA5E0FD30BDF4884F9D33AE6105 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

21:03:47.0950 5848 tunnel - ok

21:03:47.0995 5848 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

21:03:48.0015 5848 uagp35 - ok

21:03:48.0108 5848 [ 6348DA98707CEDA8A0DFB05820E17732 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

21:03:48.0224 5848 udfs - ok

21:03:48.0291 5848 [ 24A333F4F14DCFB6FF6D5A1B9E5D79DD ] UI0Detect C:\Windows\system32\UI0Detect.exe

21:03:48.0295 5848 UI0Detect - ok

21:03:48.0333 5848 [ 6D72EF05921ABDF59FC45C7EBFE7E8DD ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

21:03:48.0336 5848 uliagpkx - ok

21:03:48.0435 5848 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys

21:03:48.0456 5848 uliahci - ok

21:03:48.0516 5848 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys

21:03:48.0568 5848 UlSata - ok

21:03:48.0620 5848 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys

21:03:48.0626 5848 ulsata2 - ok

21:03:48.0700 5848 [ 3FB78F1D1DD86D87BECECD9DFFA24DD9 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

21:03:48.0748 5848 umbus - ok

21:03:48.0831 5848 [ 8EB871A3DEB6B3D5A85EB6DDFC390B59 ] upnphost C:\Windows\System32\upnphost.dll

21:03:48.0836 5848 upnphost - ok

21:03:48.0914 5848 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys

21:03:48.0938 5848 USBAAPL - ok

21:03:49.0112 5848 [ 03B01E8DBD2DA2B49157B7E51912AAF2 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

21:03:49.0198 5848 usbccgp - ok

21:03:49.0281 5848 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys

21:03:50.0622 5848 usbcir - ok

21:03:50.0666 5848 [ 2F83363F98484F8EDAF49F9B41520D14 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

21:03:51.0195 5848 usbehci - ok

21:03:51.0369 5848 [ 14D2A4DCD92C0B3368667AED6893463D ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

21:03:51.0476 5848 usbhub - ok

21:03:51.0499 5848 [ 51DC36722172D45F2F935CE5CC18A812 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

21:03:51.0551 5848 usbohci - ok

21:03:51.0630 5848 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

21:03:51.0664 5848 usbprint - ok

21:03:51.0745 5848 [ 7887CE56934E7F104E98C975F47353C5 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

21:03:51.0770 5848 USBSTOR - ok

21:03:51.0804 5848 [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

21:03:51.0845 5848 usbuhci - ok

21:03:51.0912 5848 [ F79D0D7C9004474CB42746D9B2C30A2B ] UxSms C:\Windows\System32\uxsms.dll

21:03:51.0933 5848 UxSms - ok

21:03:52.0035 5848 [ C9D0BAFEE0D0A2681F048CA61BC0DA96 ] vds C:\Windows\System32\vds.exe

21:03:52.0042 5848 vds - ok

21:03:52.0096 5848 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

21:03:52.0141 5848 vga - ok

21:03:52.0201 5848 [ 17A8F877314E4067F8C8172CC6D9101C ] VgaSave C:\Windows\System32\drivers\vga.sys

21:03:52.0217 5848 VgaSave - ok

21:03:52.0281 5848 [ D5929A28BDFF4367A12CAF06AF901971 ] viaagp C:\Windows\system32\drivers\viaagp.sys

21:03:52.0297 5848 viaagp - ok

21:03:52.0340 5848 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys

21:03:52.0360 5848 ViaC7 - ok

21:03:52.0389 5848 [ F3B4762EB85A2AFF4999401F14C3262B ] viaide C:\Windows\system32\drivers\viaide.sys

21:03:52.0393 5848 viaide - ok

21:03:52.0498 5848 [ FD16FAC15F9F165AC19A618E7B391F5C ] volmgr C:\Windows\system32\drivers\volmgr.sys

21:03:52.0548 5848 volmgr - ok

21:03:52.0602 5848 [ 420C48E593B9520C2DEE45D671F923E1 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

21:03:52.0628 5848 volmgrx - ok

21:03:52.0671 5848 [ 80DC0C9BCB579ED9815001A4D37CBFD5 ] volsnap C:\Windows\system32\drivers\volsnap.sys

21:03:52.0694 5848 volsnap - ok

21:03:52.0743 5848 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

21:03:52.0764 5848 vsmraid - ok

21:03:52.0844 5848 [ E0E29D9EF2524ABD11749C7C2FD7F607 ] VSS C:\Windows\system32\vssvc.exe

21:03:52.0857 5848 VSS - ok

21:03:52.0900 5848 [ 62B0D0F6F5580D9D0DFA5E0B466FF2ED ] W32Time C:\Windows\system32\w32time.dll

21:03:52.0906 5848 W32Time - ok

21:03:52.0938 5848 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

21:03:52.0973 5848 WacomPen - ok

21:03:53.0029 5848 [ 6798C1209A53B5A0DED8D437C45145FF ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys

21:03:53.0051 5848 Wanarp - ok

21:03:53.0084 5848 [ 6798C1209A53B5A0DED8D437C45145FF ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

21:03:53.0086 5848 Wanarpv6 - ok

21:03:53.0144 5848 [ C1B19162E0509CEAB4CDF664E139D956 ] wcncsvc C:\Windows\System32\wcncsvc.dll

21:03:53.0149 5848 wcncsvc - ok

21:03:53.0193 5848 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

21:03:53.0196 5848 WcsPlugInService - ok

21:03:53.0247 5848 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys

21:03:53.0256 5848 Wd - ok

21:03:53.0310 5848 [ 7B5F66E4A2219C7D9DAF9E738480E534 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

21:03:53.0353 5848 Wdf01000 - ok

21:03:53.0385 5848 [ 2A424B89B14EF17A3D06BCB5A8F79601 ] WdiServiceHost C:\Windows\system32\wdi.dll

21:03:53.0389 5848 WdiServiceHost - ok

21:03:53.0398 5848 [ 2A424B89B14EF17A3D06BCB5A8F79601 ] WdiSystemHost C:\Windows\system32\wdi.dll

21:03:53.0402 5848 WdiSystemHost - ok

21:03:53.0474 5848 [ 01E41C264EEDCB827820A1909162579F ] WebClient C:\Windows\System32\webclnt.dll

21:03:53.0479 5848 WebClient - ok

21:03:53.0587 5848 [ 9CF67FF7F8D34CBF115D0C278B9F74AA ] Wecsvc C:\Windows\system32\wecsvc.dll

21:03:53.0591 5848 Wecsvc - ok

21:03:53.0620 5848 [ B68CAB45DB1DAB59D92ACADFAD6364A8 ] wercplsupport C:\Windows\System32\wercplsupport.dll

21:03:53.0624 5848 wercplsupport - ok

21:03:53.0677 5848 [ 36BA0707680EF4236FD752BEE982CC25 ] WerSvc C:\Windows\System32\WerSvc.dll

21:03:53.0682 5848 WerSvc - ok

21:03:53.0728 5848 [ 6D2350BB6E77E800FC4BE4E5B7A2E89A ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys

21:03:53.0789 5848 winachsf - ok

21:03:53.0807 5848 WinHttpAutoProxySvc - ok

21:03:54.0031 5848 [ 38A7B89DE4E3417C122317949667FDD8 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

21:03:54.0033 5848 Winmgmt - ok

21:03:54.0209 5848 [ 3F6823040030C3E4DA1CF11CD40B7534 ] WinRM C:\Windows\system32\WsmSvc.dll

21:03:54.0217 5848 WinRM - ok

21:03:54.0337 5848 [ B410476A00961BF3FC368A346D8EA6A7 ] Wlansvc C:\Windows\System32\wlansvc.dll

21:03:54.0345 5848 Wlansvc - ok

21:03:54.0358 5848 wltrysvc - ok

21:03:54.0401 5848 [ 17EAC0D023A65FA9B02114CC2BAACAD5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

21:03:54.0417 5848 WmiAcpi - ok

21:03:54.0512 5848 [ A279323BEE5FFFAFDA222910BCE92132 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

21:03:54.0514 5848 wmiApSrv - ok

21:03:54.0654 5848 [ ACB2E63D50157E3EA7140F29D9E76A48 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

21:03:54.0663 5848 WMPNetworkSvc - ok

21:03:54.0728 5848 [ 3D3B3B80C12ABE506F56930C46422C28 ] WPCSvc C:\Windows\System32\wpcsvc.dll

21:03:54.0734 5848 WPCSvc - ok

21:03:54.0807 5848 [ C24844A1D0D9528B19D5BC266B8CD572 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

21:03:54.0811 5848 WPDBusEnum - ok

21:03:54.0900 5848 [ 2D27171B16A577EF14C1273668753485 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys

21:03:54.0959 5848 WpdUsb - ok

21:03:55.0041 5848 [ 84620AECDCFD2A7A14E6263927D8C0ED ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

21:03:55.0076 5848 ws2ifsl - ok

21:03:55.0083 5848 WSearch - ok

21:03:55.0164 5848 [ A2AAFCC8A204736296D937C7C545B53F ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

21:03:55.0295 5848 WUDFRd - ok

21:03:55.0374 5848 [ DB5BF5AAB72B1B99B5331231D09EBB26 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

21:03:55.0379 5848 wudfsvc - ok

21:03:55.0404 5848 [ 5A7FF9A18FF6D7E0527FE3ABF9204EF8 ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys

21:03:55.0421 5848 XAudio - ok

21:03:55.0463 5848 [ 28DC5D626E036A75A572556F0A6EB1F6 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe

21:03:55.0498 5848 XAudioService - ok

21:03:55.0531 5848 ================ Scan global ===============================

21:03:55.0580 5848 [ 8CD98A8EC9CADAF4E051CDCAC15C96C4 ] C:\Windows\system32\basesrv.dll

21:03:55.0688 5848 [ E3F137ADC0A9D7F3A2E4F557272FE6B3 ] C:\Windows\system32\winsrv.dll

21:03:55.0799 5848 [ E3F137ADC0A9D7F3A2E4F557272FE6B3 ] C:\Windows\system32\winsrv.dll

21:03:55.0991 5848 [ 329CF3C97CE4C19375C8ABCABAE258B0 ] C:\Windows\system32\services.exe

21:03:55.0996 5848 [Global] - ok

21:03:55.0996 5848 ================ Scan MBR ==================================

21:03:56.0057 5848 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0

21:03:58.0165 5848 \Device\Harddisk0\DR0 - ok

21:03:58.0166 5848 ================ Scan VBR ==================================

21:03:58.0205 5848 [ 368F69A1B40138246BFCF1375CEEB6BD ] \Device\Harddisk0\DR0\Partition1

21:03:58.0255 5848 \Device\Harddisk0\DR0\Partition1 - ok

21:03:58.0290 5848 [ 6CD72B626B0F2C7B5E8C0038FA2D4FFF ] \Device\Harddisk0\DR0\Partition2

21:03:58.0325 5848 \Device\Harddisk0\DR0\Partition2 - ok

21:03:58.0330 5848 ============================================================

21:03:58.0330 5848 Scan finished

21:03:58.0330 5848 ============================================================

21:03:58.0349 5724 Detected object count: 1

21:03:58.0349 5724 Actual detected object count: 1

21:04:14.0459 5724 i8042prt ( Virus.Win32.ZAccess.aml ) - skipped by user

21:04:14.0459 5724 i8042prt ( Virus.Win32.ZAccess.aml ) - User select action: Skip



#4 kellmk

kellmk
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 01 June 2013 - 08:20 PM

Farbar Service Scanner Version: 31-05-2013 01
Ran by Michele (administrator) on 01-06-2013 at 21:08:31
Running from "C:\Users\Michele\Desktop"
Windows Vista ™ Home Basic  (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
IE proxy is enabled.
ProxyServer: localhost:21320

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: ATTENTION!=====> Unable to open LEGACY_bfe\0000 registry key. The key does not exist.

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.

Security Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{FD6905CE-952F-41F1-9A6F-135D9C6622CC} key. The key does not exist.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of BITS. The value does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking LEGACY_BITS: ATTENTION!=====> Unable to open LEGACY_BITS\0000 registry key. The key does not exist.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll
[2007-11-26 21:12] - [2007-11-26 21:12] - 0265912 ____A (Microsoft Corporation) 0D5AD0E71FF5DDAC5DD2F443B499ABD0

C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll
[2010-04-14 08:38] - [2010-02-18 10:19] - 0179712 ____A (Microsoft Corporation) ECC9AD72CFC4AB41CF6A9BCC11F9FEF6

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****



#5 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:06:25 PM

Posted 02 June 2013 - 12:58 AM

You are welcome.


Execute TDSSKiller.exe and press Start Scan.
  • Ensure Cure is selected ( it should be by default )
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed
  • Click Continue then click Reboot now.
Once complete, a log will be produced at the root drive which is typically C:\
For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt.

Please post the contents of that log in your next reply.
:spacer:
:spacer:
:spacer:
Download ComboFix from this location:

Link 1



* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic %5BB%5D How to disable your security applications[/b]


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

*Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that.
:spacer:
:spacer:
:spacer:
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#6 kellmk

kellmk
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 02 June 2013 - 09:30 PM

22:06:19.0148 6008  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:06:19.0461 6008  ============================================================
22:06:19.0461 6008  Current date / time: 2013/06/02 22:06:19.0461
22:06:19.0461 6008  SystemInfo:
22:06:19.0461 6008 
22:06:19.0461 6008  OS Version: 6.0.6000 ServicePack: 0.0
22:06:19.0461 6008  Product type: Workstation
22:06:19.0461 6008  ComputerName: MICHELE-PC
22:06:19.0461 6008  UserName: Michele
22:06:19.0461 6008  Windows directory: C:\Windows
22:06:19.0461 6008  System windows directory: C:\Windows
22:06:19.0461 6008  Processor architecture: Intel x86
22:06:19.0461 6008  Number of processors: 2
22:06:19.0461 6008  Page size: 0x1000
22:06:19.0461 6008  Boot type: Normal boot
22:06:19.0461 6008  ============================================================
22:06:21.0917 6008  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:06:21.0948 6008  ============================================================
22:06:21.0948 6008  \Device\Harddisk0\DR0:
22:06:21.0979 6008  MBR partitions:
22:06:21.0979 6008  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2B800, BlocksNum 0x1400000
22:06:21.0979 6008  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x142B800, BlocksNum 0x115ED800
22:06:21.0979 6008  ============================================================
22:06:22.0042 6008  C: <-> \Device\Harddisk0\DR0\Partition2
22:06:22.0089 6008  D: <-> \Device\Harddisk0\DR0\Partition1
22:06:22.0089 6008  ============================================================
22:06:22.0089 6008  Initialize success
22:06:22.0089 6008  ============================================================
22:06:24.0450 6052  ============================================================
22:06:24.0450 6052  Scan started
22:06:24.0450 6052  Mode: Manual;
22:06:24.0450 6052  ============================================================
22:06:26.0031 6052  ================ Scan system memory ========================
22:06:26.0031 6052  System memory - ok
22:06:26.0031 6052  ================ Scan services =============================
22:06:26.0876 6052  [ 84FC6DF81212D16BE5C4F441682FECCC ] ACPI            C:\Windows\system32\drivers\acpi.sys
22:06:26.0923 6052  ACPI - ok
22:06:27.0079 6052  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:06:27.0095 6052  AdobeFlashPlayerUpdateSvc - ok
22:06:27.0220 6052  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
22:06:27.0345 6052  adp94xx - ok
22:06:27.0454 6052  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys
22:06:27.0485 6052  adpahci - ok
22:06:27.0548 6052  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
22:06:27.0563 6052  adpu160m - ok
22:06:27.0704 6052  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys
22:06:27.0893 6052  adpu320 - ok
22:06:27.0955 6052  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:06:27.0955 6052  AeLookupSvc - ok
22:06:28.0033 6052  [ 5D24CAF8EFD924A875698FF28384DB8B ] AFD             C:\Windows\system32\drivers\afd.sys
22:06:28.0049 6052  AFD - ok
22:06:28.0080 6052  [ 8B10CE1C1F9F1D47E4DEB1A547A00CD4 ] agp440          C:\Windows\system32\drivers\agp440.sys
22:06:28.0080 6052  agp440 - ok
22:06:28.0158 6052  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
22:06:28.0174 6052  aic78xx - ok
22:06:28.0236 6052  [ E69FB0E3112C40FDC0EF7D21A52DC951 ] ALG             C:\Windows\System32\alg.exe
22:06:28.0236 6052  ALG - ok
22:06:28.0283 6052  [ DC67A153FDB8105B25D05334B5E1D8E2 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:06:28.0299 6052  aliide - ok
22:06:28.0346 6052  [ 848F27E5B27C1C253F6CEFDC1A5D8F21 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
22:06:28.0346 6052  amdagp - ok
22:06:28.0361 6052  [ 835C4C3355088298A5EBD818FA31430F ] amdide          C:\Windows\system32\drivers\amdide.sys
22:06:28.0377 6052  amdide - ok
22:06:28.0408 6052  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
22:06:28.0408 6052  AmdK7 - ok
22:06:28.0439 6052  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
22:06:28.0439 6052  AmdK8 - ok
22:06:28.0471 6052  [ CFA455816879F06F1C4E5BBF9E8AEF7D ] Appinfo         C:\Windows\System32\appinfo.dll
22:06:28.0471 6052  Appinfo - ok
22:06:28.0925 6052  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:06:28.0940 6052  Apple Mobile Device - ok
22:06:29.0003 6052  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
22:06:29.0003 6052  arc - ok
22:06:29.0065 6052  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
22:06:29.0065 6052  arcsas - ok
22:06:29.0112 6052  [ E86CF7CE67D5DE898F27EF884DC357D8 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:06:29.0128 6052  AsyncMac - ok
22:06:29.0159 6052  [ E03E8C99D15D0381E02743C36AFC7C6F ] atapi           C:\Windows\system32\drivers\atapi.sys
22:06:29.0159 6052  atapi - ok
22:06:29.0222 6052  [ CDAB1FB2AC6160EF35B44D6337A04DD4 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
22:06:29.0237 6052  Ati External Event Utility - ok
22:06:29.0300 6052  [ A356E45E8432432C06981EA63A1E0FE8 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
22:06:29.0300 6052  AtiPcie - ok
22:06:29.0362 6052  [ E760FC1BD68F7F6F1B17EB4E8D9480B0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:06:29.0362 6052  AudioEndpointBuilder - ok
22:06:29.0378 6052  [ E760FC1BD68F7F6F1B17EB4E8D9480B0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
22:06:29.0378 6052  Audiosrv - ok
22:06:33.0836 6052  [ 50185186719134FA8F307D269106A51C ] AVGIDSAgent     C:\Program Files\AVG\AVG2013\avgidsagent.exe
22:06:36.0089 6052  AVGIDSAgent - ok
22:06:36.0198 6052  [ 4750A2A188D39034F5DDDDAE1BF38BF8 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdriverx.sys
22:06:36.0198 6052  AVGIDSDriver - ok
22:06:36.0308 6052  [ B0DEF92F4E1E6B9242E6C8FAB82703F7 ] AVGIDSHX        C:\Windows\system32\DRIVERS\avgidshx.sys
22:06:36.0308 6052  AVGIDSHX - ok
22:06:36.0354 6052  [ A426B2DC795531D99E2EE1952AEC051A ] AVGIDSShim      C:\Windows\system32\DRIVERS\avgidsshimx.sys
22:06:36.0354 6052  AVGIDSShim - ok
22:06:36.0417 6052  [ 08FA13787D77A75DC413E27FD92B44E8 ] Avgldx86        C:\Windows\system32\DRIVERS\avgldx86.sys
22:06:36.0417 6052  Avgldx86 - ok
22:06:36.0448 6052  [ 3E587EE55C70E6DB78A98D7121D3052E ] Avglogx         C:\Windows\system32\DRIVERS\avglogx.sys
22:06:36.0448 6052  Avglogx - ok
22:06:36.0511 6052  [ 5AC56B2CF8EE751796C5A8FC5C631B66 ] Avgmfx86        C:\Windows\system32\DRIVERS\avgmfx86.sys
22:06:36.0526 6052  Avgmfx86 - ok
22:06:36.0589 6052  [ C29E6070396E437FDE184D739CCBA2C7 ] Avgrkx86        C:\Windows\system32\DRIVERS\avgrkx86.sys
22:06:36.0604 6052  Avgrkx86 - ok
22:06:36.0636 6052  [ 14370FB29526F593C04FA48B5D69F7F0 ] Avgtdix         C:\Windows\system32\DRIVERS\avgtdix.sys
22:06:36.0636 6052  Avgtdix - ok
22:06:36.0729 6052  [ 3A0977CB68AF13E2579E47EB8984056B ] avgwd           C:\Program Files\AVG\AVG2013\avgwdsvc.exe
22:06:36.0745 6052  avgwd - ok
22:06:36.0886 6052  [ 509F672686AF40F95859FDE67108449B ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl6.sys
22:06:36.0933 6052  BCM43XX - ok
22:06:36.0964 6052  [ CD4646067CC7DCBA1907FA0ACF7E3966 ] bcm4sbxp        C:\Windows\system32\DRIVERS\bcm4sbxp.sys
22:06:36.0964 6052  bcm4sbxp - ok
22:06:37.0043 6052  [ AC3DD1708B22761EBD7CBE14DCC3B5D7 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:06:37.0059 6052  Beep - ok
22:06:37.0074 6052  blbdrive - ok
22:06:37.0152 6052  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:06:37.0168 6052  Bonjour Service - ok
22:06:37.0199 6052  [ 913CD06FBE9105CE6077E90FD4418561 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:06:37.0199 6052  bowser - ok
22:06:37.0246 6052  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
22:06:37.0246 6052  BrFiltLo - ok
22:06:37.0262 6052  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
22:06:37.0262 6052  BrFiltUp - ok
22:06:37.0355 6052  [ BEB6470532B7461D7BB426E3FACB424F ] Browser         C:\Windows\System32\browser.dll
22:06:37.0371 6052  Browser - ok
22:06:37.0418 6052  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
22:06:37.0480 6052  Brserid - ok
22:06:37.0527 6052  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
22:06:37.0543 6052  BrSerWdm - ok
22:06:37.0574 6052  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
22:06:37.0574 6052  BrUsbMdm - ok
22:06:37.0621 6052  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
22:06:37.0637 6052  BrUsbSer - ok
22:06:37.0715 6052  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
22:06:37.0715 6052  BTHMODEM - ok
22:06:37.0746 6052  [ 6C3A437FC873C6F6A4FC620B6888CB86 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:06:37.0746 6052  cdfs - ok
22:06:37.0762 6052  [ 8D1866E61AF096AE8B582454F5E4D303 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:06:37.0762 6052  cdrom - ok
22:06:37.0809 6052  [ 0600E04315FE543802A379D5D23C8BE0 ] CertPropSvc     C:\Windows\System32\certprop.dll
22:06:37.0809 6052  CertPropSvc - ok
22:06:37.0840 6052  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
22:06:37.0855 6052  circlass - ok
22:06:37.0887 6052  [ 1B84FD0937D3B99AF9BA38DDFF3DAF54 ] CLFS            C:\Windows\system32\CLFS.sys
22:06:37.0902 6052  CLFS - ok
22:06:38.0012 6052  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:06:38.0027 6052  clr_optimization_v2.0.50727_32 - ok
22:06:38.0091 6052  [ ED97AD3DF1B9005989EAF149BF06C821 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:06:38.0091 6052  CmBatt - ok
22:06:38.0122 6052  [ E79CBB2195E965F6E3256E2C1B23FD1C ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:06:38.0122 6052  cmdide - ok
22:06:38.0169 6052  [ 722936AFB75A7F509662B69B5632F48A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:06:38.0169 6052  Compbatt - ok
22:06:38.0185 6052  COMSysApp - ok
22:06:38.0185 6052  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
22:06:38.0200 6052  crcdisk - ok
22:06:38.0310 6052  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
22:06:38.0341 6052  Crusoe - ok
22:06:38.0403 6052  [ 1C26FB097170A2A91066D1E3A24366E3 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:06:38.0419 6052  CryptSvc - ok
22:06:38.0513 6052  [ 7B981222A257D076885BFFB66F19B7CE ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:06:38.0528 6052  DcomLaunch - ok
22:06:38.0606 6052  [ A7179DE59AE269AB70345527894CCD7C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:06:38.0716 6052  DfsC - ok
22:06:39.0576 6052  [ E0D584AA76C7D845BA9F3A788260528F ] DFSR            C:\Windows\system32\DFSR.exe
22:06:39.0686 6052  DFSR - ok
22:06:39.0764 6052  [ DC45739BC22D528D2B3E50D3F6761750 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
22:06:39.0764 6052  Dhcp - ok
22:06:39.0795 6052  [ 841AF4C4D41D3E3B2F244E976B0F7963 ] disk            C:\Windows\system32\drivers\disk.sys
22:06:39.0795 6052  disk - ok
22:06:39.0842 6052  [ EECBA1DD142BF8693C476BE8F32FE253 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:06:39.0842 6052  Dnscache - ok
22:06:39.0951 6052  [ BE3D1E84378DE1F4C448FD59541581E9 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:06:39.0967 6052  dot3svc - ok
22:06:40.0249 6052  [ 032C90AD677BF7B7A8013D6087C7A921 ] DPS             C:\Windows\system32\dps.dll
22:06:40.0249 6052  DPS - ok
22:06:40.0390 6052  [ EE472CD2C01F6F8E8AA1FA06FFEF61B6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:06:40.0390 6052  drmkaud - ok
22:06:40.0530 6052  [ 245F62A2AA67F4A61F10174BF1017327 ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe
22:06:40.0577 6052  DSBrokerService - ok
22:06:40.0624 6052  [ 413F2D5F9D802688242C23B38F767ECB ] DSproct         C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
22:06:40.0655 6052  DSproct - ok
22:06:40.0702 6052  [ DFEABB7CFFFADEA4A912AB95BDC3177A ] dsunidrv        C:\Windows\system32\DRIVERS\dsunidrv.sys
22:06:40.0702 6052  dsunidrv - ok
22:06:41.0094 6052  [ 334988883DE69ADB27E2CF9F9715BBDB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:06:41.0250 6052  DXGKrnl - ok
22:06:41.0313 6052  [ 7505290504C8E2D172FA378CC0497BCC ] e1express       C:\Windows\system32\DRIVERS\e1e6032.sys
22:06:41.0328 6052  e1express - ok
22:06:41.0391 6052  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
22:06:41.0406 6052  E1G60 - ok
22:06:41.0453 6052  [ 90A0A875642E18618010645311B4E89E ] EapHost         C:\Windows\System32\eapsvc.dll
22:06:41.0453 6052  EapHost - ok
22:06:41.0547 6052  [ 0EFC7531B936EE57FDB4E837664C509F ] Ecache          C:\Windows\system32\drivers\ecache.sys
22:06:41.0547 6052  Ecache - ok
22:06:41.0609 6052  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys
22:06:41.0625 6052  elxstor - ok
22:06:41.0844 6052  [ 3226FDA08988526E819E364E8CCE4CEE ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
22:06:41.0844 6052  EMDMgmt - ok
22:06:42.0360 6052  [ 7B4971C3D43525175A4EA0D143E0412E ] EventSystem     C:\Windows\system32\es.dll
22:06:42.0548 6052  EventSystem - ok
22:06:42.0735 6052  [ 84A317CB0B3954D3768CDCD018DBF670 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:06:42.0751 6052  fastfat - ok
22:06:42.0907 6052  [ 63BDADA84951B9C03E641800E176898A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
22:06:42.0938 6052  fdc - ok
22:06:42.0985 6052  [ E43BCE1A77D6FD4ED5F8E0482B9E7DF1 ] fdPHost         C:\Windows\system32\fdPHost.dll
22:06:42.0985 6052  fdPHost - ok
22:06:43.0001 6052  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:06:43.0001 6052  FDResPub - ok
22:06:43.0063 6052  [ 65773D6115C037FFD7EF8280AE85EB9D ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:06:43.0063 6052  FileInfo - ok
22:06:43.0095 6052  [ C226DD0DE060745F3E042F58DCF78402 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:06:43.0095 6052  Filetrace - ok
22:06:43.0111 6052  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:06:43.0127 6052  flpydisk - ok
22:06:43.0143 6052  [ A6A8DA7AE4D53394AB22AC3AB6D3F5D3 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:06:43.0143 6052  FltMgr - ok
22:06:43.0221 6052  [ 85E5AD3A9D56FD6F92DB5FC9CA62E2E4 ] FlyUsb          C:\Windows\system32\DRIVERS\FlyUsb.sys
22:06:43.0221 6052  FlyUsb - ok
22:06:43.0346 6052  [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:06:43.0377 6052  FontCache3.0.0.0 - ok
22:06:43.0424 6052  [ 66A078591208BAA210C7634B11EB392C ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:06:43.0424 6052  Fs_Rec - ok
22:06:43.0471 6052  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
22:06:43.0502 6052  gagp30kx - ok
22:06:43.0549 6052  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:06:43.0549 6052  GEARAspiWDM - ok
22:06:43.0611 6052  [ BCF6589C42D8F6A20F33EF133FFE0524 ] gpsvc           C:\Windows\System32\gpsvc.dll
22:06:43.0611 6052  gpsvc - ok
22:06:44.0111 6052  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
22:06:44.0159 6052  gupdate - ok
22:06:44.0190 6052  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
22:06:44.0190 6052  gupdatem - ok
22:06:44.0237 6052  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:06:44.0253 6052  gusvc - ok
22:06:44.0347 6052  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:06:44.0362 6052  HdAudAddService - ok
22:06:44.0456 6052  [ 0DB613A7E427B5663563677796FD5258 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
22:06:44.0456 6052  HDAudBus - ok
22:06:44.0487 6052  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
22:06:44.0519 6052  HidBth - ok
22:06:44.0565 6052  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
22:06:44.0565 6052  HidIr - ok
22:06:44.0644 6052  [ 8FA640195279ACE21BEA91396A0054FC ] hidserv         C:\Windows\system32\hidserv.dll
22:06:44.0659 6052  hidserv - ok
22:06:44.0847 6052  [ 01E7971E9F4BD6AC6A08DB52D0EA0418 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:06:44.0909 6052  HidUsb - ok
22:06:44.0972 6052  [ D40AA05E29BF6ED29B139F044B461E9B ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:06:44.0987 6052  hkmsvc - ok
22:06:45.0050 6052  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
22:06:45.0065 6052  HpCISSs - ok
22:06:45.0144 6052  [ 53229DCF431D76434816CD29251168A0 ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
22:06:45.0176 6052  HSF_DPV - ok
22:06:45.0191 6052  [ 31F949D452201F2F0AF0C88D7DB512CD ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
22:06:45.0207 6052  HSXHWAZL - ok
22:06:45.0395 6052  [ 3C3CBA3CE1A66439A960D4531A167C39 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:06:45.0410 6052  HTTP - ok
22:06:45.0457 6052  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
22:06:45.0473 6052  i2omp - ok
22:06:45.0551 6052  [ C10913EFA515630C0B6D7B6928B9DE6C ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
22:06:45.0566 6052  Suspicious file (Forged): C:\Windows\system32\DRIVERS\i8042prt.sys. Real md5: C10913EFA515630C0B6D7B6928B9DE6C, Fake md5: 1C9EE072BAA3ABB460B91D7EE9152660
22:06:45.0566 6052  i8042prt ( Virus.Win32.ZAccess.aml ) - infected
22:06:45.0566 6052  i8042prt - detected Virus.Win32.ZAccess.aml (0)
22:06:45.0707 6052  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
22:06:45.0801 6052  iaStorV - ok
22:06:46.0035 6052  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
22:06:46.0082 6052  IDriverT - ok
22:06:46.0458 6052  [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:06:46.0474 6052  idsvc - ok
22:06:46.0521 6052  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
22:06:46.0521 6052  iirsp - ok
22:06:46.0630 6052  [ 35662FE4D8622F667AA5A5568F7F1B40 ] IKEEXT          C:\Windows\System32\ikeext.dll
22:06:46.0692 6052  IKEEXT - ok
22:06:46.0755 6052  [ 0084046C084D68E494F8CF36BCF08186 ] intelide        C:\Windows\system32\drivers\intelide.sys
22:06:46.0755 6052  intelide - ok
22:06:46.0817 6052  [ CE44CC04262F28216DD4341E9E36A16F ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:06:46.0817 6052  intelppm - ok
22:06:46.0864 6052  [ 88CF5281ED9880D74DC9011CF8B5262D ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:06:46.0864 6052  IPBusEnum - ok
22:06:46.0911 6052  [ 880C6F86CC3F551B8FEA2C11141268C0 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:06:46.0942 6052  IpFilterDriver - ok
22:06:46.0942 6052  IpInIp - ok
22:06:46.0989 6052  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
22:06:46.0989 6052  IPMIDRV - ok
22:06:47.0021 6052  [ 10077C35845101548037DF04FD1A420B ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
22:06:47.0036 6052  IPNAT - ok
22:06:47.0083 6052  [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
22:06:47.0114 6052  iPod Service - ok
22:06:47.0146 6052  [ A82F328F4792304184642D6D397BB1E3 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:06:47.0146 6052  IRENUM - ok
22:06:47.0193 6052  [ 2F8ECE2699E7E2070545E9B0960A8ED2 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:06:47.0209 6052  isapnp - ok
22:06:47.0240 6052  [ 4DCA456D4D5723F8FA9C6760D240B0DF ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
22:06:47.0240 6052  iScsiPrt - ok
22:06:47.0287 6052  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
22:06:47.0318 6052  iteatapi - ok
22:06:47.0334 6052  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
22:06:47.0334 6052  iteraid - ok
22:06:47.0381 6052  [ B076B2AB806B3F696DAB21375389101C ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:06:47.0381 6052  kbdclass - ok
22:06:47.0412 6052  [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:06:47.0412 6052  kbdhid - ok
22:06:47.0459 6052  [ C731B1FE449D4E9CEA358C9D55B69BE9 ] KeyIso          C:\Windows\system32\lsass.exe
22:06:47.0459 6052  KeyIso - ok
22:06:47.0490 6052  [ 0A829977B078DEA11641FC2AF87CEADE ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:06:47.0537 6052  KSecDD - ok
22:06:47.0615 6052  [ 45C537FE5DDE9A0146AEFF76E615737D ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:06:47.0615 6052  KtmRm - ok
22:06:47.0662 6052  [ 53D1482FC1AA36AC015A85E6CF2146BD ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:06:47.0662 6052  LanmanServer - ok
22:06:47.0756 6052  [ 435F0F6DC87A4B5DA78F1FA309884189 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:06:47.0756 6052  LanmanWorkstation - ok
22:06:48.0491 6052  [ 24A7D535BD9E58E5BC1AC52EF7E2EC8E ] LeapFrog Connect Device Service C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
22:06:48.0616 6052  LeapFrog Connect Device Service - ok
22:06:48.0757 6052  [ FD015B4F95DAA2B712F0E372A116FBAD ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:06:48.0757 6052  lltdio - ok
22:06:48.0944 6052  [ 7450DBCF754391DD6363FFFD5EF0E789 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:06:48.0960 6052  lltdsvc - ok
22:06:48.0976 6052  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:06:48.0976 6052  lmhosts - ok
22:06:49.0022 6052  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
22:06:49.0085 6052  LSI_FC - ok
22:06:49.0101 6052  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
22:06:49.0116 6052  LSI_SAS - ok
22:06:49.0163 6052  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
22:06:49.0163 6052  LSI_SCSI - ok
22:06:49.0194 6052  [ 42885BB44B6E065B8575A8DD6C430C52 ] luafv           C:\Windows\system32\drivers\luafv.sys
22:06:49.0210 6052  luafv - ok
22:06:49.0336 6052  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
22:06:49.0352 6052  mdmxsdk - ok
22:06:49.0383 6052  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
22:06:49.0461 6052  megasas - ok
22:06:49.0492 6052  [ 9DFA3A459AF0954AA85B4F7622AD87BB ] MMCSS           C:\Windows\system32\mmcss.dll
22:06:49.0508 6052  MMCSS - ok
22:06:49.0555 6052  [ 21755967298A46FB6ADFEC9DB6012211 ] Modem           C:\Windows\system32\drivers\modem.sys
22:06:49.0555 6052  Modem - ok
22:06:49.0586 6052  [ 7446E104A5FE5987CA9E4983FBAC4F97 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:06:49.0586 6052  monitor - ok
22:06:49.0648 6052  [ 5FBA13C1A1841B0885D316ED3589489D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:06:49.0648 6052  mouclass - ok
22:06:49.0773 6052  [ B569B5C5D3BDE545DF3A6AF512CCCDBA ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:06:49.0773 6052  mouhid - ok
22:06:49.0852 6052  [ 01F1E5A3E4877C931CBB31613FEC16A6 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
22:06:49.0883 6052  MountMgr - ok
22:06:49.0945 6052  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:06:49.0945 6052  mpio - ok
22:06:49.0992 6052  [ 6E7A7F0C1193EE5648443FE2D4B789EC ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:06:50.0008 6052  mpsdrv - ok
22:06:50.0039 6052  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
22:06:50.0039 6052  Mraid35x - ok
22:06:50.0117 6052  [ 1D8828B98EE309D65E006F0829E280E5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:06:50.0117 6052  MRxDAV - ok
22:06:50.0180 6052  [ 8AF705CE1BB907932157FAB821170F27 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:06:50.0195 6052  mrxsmb - ok
22:06:50.0337 6052  [ 47E13AB23371BE3279EEF22BBFA2C1BE ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:06:50.0353 6052  mrxsmb10 - ok
22:06:50.0446 6052  [ 90B3FC7BD6B3D7EE7635DEBBA2187F66 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:06:50.0446 6052  mrxsmb20 - ok
22:06:50.0493 6052  [ D420BC42A637AC3CC4F411220549C0DC ] msahci          C:\Windows\system32\drivers\msahci.sys
22:06:50.0493 6052  msahci - ok
22:06:50.0540 6052  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:06:50.0556 6052  msdsm - ok
22:06:50.0571 6052  [ BC64A92D821EFEA8BAB8E8CAF1B668BC ] MSDTC           C:\Windows\System32\msdtc.exe
22:06:50.0571 6052  MSDTC - ok
22:06:50.0618 6052  [ 729EAFEFD4E7417165F353A18DBE947D ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:06:50.0618 6052  Msfs - ok
22:06:50.0681 6052  [ 207DF26DBB2537C20276DA0E15892274 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:06:50.0681 6052  msisadrv - ok
22:06:50.0743 6052  [ 8ACF956D9154E893E789881430C12632 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:06:50.0774 6052  MSiSCSI - ok
22:06:50.0790 6052  msiserver - ok
22:06:50.0837 6052  [ 892CEDEFA7E0FFE7BE8DA651B651D047 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:06:50.0837 6052  MSKSSRV - ok
22:06:50.0868 6052  [ AE2CB1DA69B2676B4CEE2A501AF5871C ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:06:50.0868 6052  MSPCLOCK - ok
22:06:50.0899 6052  [ F910DA84FA90C44A3ADDB7CD874463FD ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:06:50.0899 6052  MSPQM - ok
22:06:50.0931 6052  [ 84571C0AE07647BA38D493F5F0015DF7 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:06:50.0931 6052  MsRPC - ok
22:06:50.0962 6052  [ 7DBAA028F625AA46B95DDA4FBE4B602B ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
22:06:50.0962 6052  mssmbios - ok
22:06:50.0993 6052  [ C826DD1373F38AFD9CA46EC3C436A14E ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:06:51.0009 6052  MSTEE - ok
22:06:51.0040 6052  [ FA7AA70050CF5E2D15DE00941E5665E5 ] Mup             C:\Windows\system32\Drivers\mup.sys
22:06:51.0040 6052  Mup - ok
22:06:51.0071 6052  [ 1CDBB5D002FE2BC5300AA20550D8A52E ] napagent        C:\Windows\system32\qagentRT.dll
22:06:51.0087 6052  napagent - ok
22:06:51.0134 6052  [ 1D162E52FB691EB555A476B04B4BFF3F ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:06:51.0134 6052  NativeWifiP - ok
22:06:51.0165 6052  [ 227C11E1E7CF6EF8AFB2A238D209760C ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:06:51.0181 6052  NDIS - ok
22:06:51.0196 6052  [ 81659CDCBD0F9A9E07E6878AD8C78D3F ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:06:51.0196 6052  NdisTapi - ok
22:06:51.0212 6052  [ 5DE5EE546BF40838EBE0E01CB629DF64 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:06:51.0212 6052  Ndisuio - ok
22:06:51.0243 6052  [ 397402ADCBB8946223A1950101F6CD94 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:06:51.0243 6052  NdisWan - ok
22:06:51.0277 6052  [ 1B24FA907AF283199A81B3BB37E5E526 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:06:51.0277 6052  NDProxy - ok
22:06:51.0293 6052  [ 356DBB9F98E8DC1028DD3092FCEEB877 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:06:51.0293 6052  NetBIOS - ok
22:06:51.0324 6052  [ E3A168912E7EEFC3BD3B814720D68B41 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
22:06:51.0324 6052  netbt - ok
22:06:51.0340 6052  [ C731B1FE449D4E9CEA358C9D55B69BE9 ] Netlogon        C:\Windows\system32\lsass.exe
22:06:51.0340 6052  Netlogon - ok
22:06:51.0387 6052  [ 90A4DAE28B94497F83BEA0F2A3B77092 ] Netman          C:\Windows\System32\netman.dll
22:06:51.0387 6052  Netman - ok
22:06:51.0434 6052  [ 7C5C3D9CEEE838856B828AB6F98A2857 ] netprofm        C:\Windows\System32\netprofm.dll
22:06:51.0434 6052  netprofm - ok
22:06:51.0480 6052  [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:06:51.0605 6052  NetTcpPortSharing - ok
22:06:51.0637 6052  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
22:06:51.0637 6052  nfrd960 - ok
22:06:51.0668 6052  [ C424117A562F2DE37A42266894C79AEB ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:06:51.0668 6052  NlaSvc - ok
22:06:51.0684 6052  [ 4F9832BEB9FAFD8CEB0E541F1323B26E ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:06:51.0684 6052  Npfs - ok
22:06:51.0715 6052  [ 23B8201A363DE0E649FC75EE9874DEE2 ] nsi             C:\Windows\system32\nsisvc.dll
22:06:51.0715 6052  nsi - ok
22:06:51.0746 6052  [ B488DFEC274DE1FC9D653870EF2587BE ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:06:51.0840 6052  nsiproxy - ok
22:06:52.0325 6052  [ 37430AA7A66D7A63407ADC2C0D05E9F6 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:06:52.0372 6052  Ntfs - ok
22:06:52.0419 6052  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
22:06:52.0419 6052  ntrigdigi - ok
22:06:52.0466 6052  [ EC5EFB3C60F1B624648344A328BCE596 ] Null            C:\Windows\system32\drivers\Null.sys
22:06:52.0481 6052  Null - ok
22:06:52.0528 6052  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:06:52.0528 6052  nvraid - ok
22:06:52.0575 6052  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:06:52.0575 6052  nvstor - ok
22:06:52.0653 6052  [ 055081FD5076401C1EE1BCAB08D81911 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:06:52.0653 6052  nv_agp - ok
22:06:52.0669 6052  NwlnkFlt - ok
22:06:52.0669 6052  NwlnkFwd - ok
22:06:52.0731 6052  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:06:52.0747 6052  ohci1394 - ok
22:06:52.0872 6052  [ 016D01D3B8FB976A193C7434BED8DCCF ] p2pimsvc        C:\Windows\system32\p2psvc.dll
22:06:52.0888 6052  p2pimsvc - ok
22:06:52.0950 6052  [ 016D01D3B8FB976A193C7434BED8DCCF ] p2psvc          C:\Windows\system32\p2psvc.dll
22:06:52.0966 6052  p2psvc - ok
22:06:52.0997 6052  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
22:06:53.0028 6052  Parport - ok
22:06:53.0075 6052  [ 84BE786F33FDBD8765E05DF3B7F5B9E6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:06:53.0122 6052  partmgr - ok
22:06:53.0138 6052  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
22:06:53.0138 6052  Parvdm - ok
22:06:53.0185 6052  [ D8C5C215C932233A4F1D7F368F4E4E65 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:06:53.0185 6052  PcaSvc - ok
22:06:53.0200 6052  [ BDD96F9CF34D58958AFF1BE6EF4C8020 ] pci             C:\Windows\system32\drivers\pci.sys
22:06:53.0216 6052  pci - ok
22:06:53.0263 6052  [ B2FC76090EF1003463CCB07CABB35CFF ] pciide          C:\Windows\system32\drivers\pciide.sys
22:06:53.0278 6052  pciide - ok
22:06:53.0375 6052  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
22:06:53.0406 6052  pcmcia - ok
22:06:53.0594 6052  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:06:53.0703 6052  PEAUTH - ok
22:06:54.0031 6052  [ CD05A38D166BEADE18030BAFC0C0A939 ] pla             C:\Windows\system32\pla.dll
22:06:54.0047 6052  pla - ok
22:06:54.0109 6052  [ 747BB4C31F3B6E8D1B5ED0AD61518CB5 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:06:54.0109 6052  PlugPlay - ok
22:06:54.0203 6052  [ 016D01D3B8FB976A193C7434BED8DCCF ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
22:06:54.0219 6052  PNRPAutoReg - ok
22:06:54.0250 6052  [ 016D01D3B8FB976A193C7434BED8DCCF ] PNRPsvc         C:\Windows\system32\p2psvc.dll
22:06:54.0266 6052  PNRPsvc - ok
22:06:54.0333 6052  [ 5EBDEC613BD377CE9A85382BE5C6B83B ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:06:54.0349 6052  PolicyAgent - ok
22:06:54.0427 6052  [ C04DEC5ACE67C5247B150C4223970BB7 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:06:54.0427 6052  PptpMiniport - ok
22:06:54.0474 6052  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\drivers\processr.sys
22:06:54.0505 6052  Processor - ok
22:06:54.0599 6052  [ 213112E152E68F0E4705E36F052A2880 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:06:54.0599 6052  ProfSvc - ok
22:06:54.0677 6052  [ C731B1FE449D4E9CEA358C9D55B69BE9 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:06:54.0677 6052  ProtectedStorage - ok
22:06:54.0739 6052  [ 2C8BAE55247C4E09352E870292E4D1AB ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
22:06:54.0739 6052  PSched - ok
22:06:54.0849 6052  [ FEFFCFDC528764A04C8ED63D5FA6E711 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
22:06:54.0849 6052  PxHelp20 - ok
22:06:55.0099 6052  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
22:06:55.0161 6052  ql2300 - ok
22:06:55.0192 6052  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
22:06:55.0192 6052  ql40xx - ok
22:06:55.0271 6052  [ CA61BDFD3713A7CE75F2812AFC431594 ] QWAVE           C:\Windows\system32\qwave.dll
22:06:55.0271 6052  QWAVE - ok
22:06:55.0317 6052  [ D2B3E2B7426DC23E185FBC73C8936C12 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:06:55.0317 6052  QWAVEdrv - ok
22:06:55.0615 6052  [ 554685122B4F973E21D66C2BAAF29543 ] R300            C:\Windows\system32\DRIVERS\atikmdag.sys
22:06:55.0631 6052  R300 - ok
22:06:55.0678 6052  [ BD7B30F55B3649506DD8B3D38F571D2A ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:06:55.0693 6052  RasAcd - ok
22:06:55.0756 6052  [ F14F4AAB9F54D099FE99192BDB100AC9 ] RasAuto         C:\Windows\System32\rasauto.dll
22:06:55.0756 6052  RasAuto - ok
22:06:55.0865 6052  [ 68B0019FEE429EC49D29017AF937E482 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:06:55.0881 6052  Rasl2tp - ok
22:06:55.0912 6052  [ 11D65E29BC9D1E4114D18FE68194394C ] RasMan          C:\Windows\System32\rasmans.dll
22:06:55.0912 6052  RasMan - ok
22:06:55.0975 6052  [ CCF4E9C6CBBAC81437F88CB2AE0B6C96 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:06:55.0990 6052  RasPppoe - ok
22:06:56.0053 6052  [ 54129C5D9581BBEC8BD1EBD3BA813F47 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:06:56.0068 6052  rdbss - ok
22:06:56.0100 6052  [ 794585276B5D7FCA9F3FC15543F9F0B9 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:06:56.0100 6052  RDPCDD - ok
22:06:56.0491 6052  [ 0245418224CFA77BF4B41C2FE0622258 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
22:06:56.0522 6052  rdpdr - ok
22:06:56.0538 6052  [ 980B56E2E273E19D3A9D72D5C420F008 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:06:56.0538 6052  RDPENCDD - ok
22:06:56.0741 6052  [ 8830E790A74A96605FABA74F9665BB3C ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:06:56.0819 6052  RDPWD - ok
22:06:56.0882 6052  [ 6C1A43C589EE8011A1EBFD51C01B77CE ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:06:56.0882 6052  RemoteAccess - ok
22:06:56.0960 6052  [ 9A043808667C8C1893DA7275AF373F0E ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:06:56.0960 6052  RemoteRegistry - ok
22:06:57.0069 6052  [ D85E3FA9F5B1F29BB4ED185C450D1470 ] rimmptsk        C:\Windows\system32\DRIVERS\rimmptsk.sys
22:06:57.0085 6052  rimmptsk - ok
22:06:57.0116 6052  [ DB8EB01C58C9FADA00C70B1775278AE0 ] rimsptsk        C:\Windows\system32\drivers\rimsptsk.sys
22:06:57.0116 6052  rimsptsk - ok
22:06:57.0163 6052  [ 6C1F93C0760C9F79A1869D07233DF39D ] rismxdp         C:\Windows\system32\drivers\rixdptsk.sys
22:06:57.0179 6052  rismxdp - ok
22:06:57.0695 6052  [ EBCDE8B48FADC6479D96A56D0A432160 ] RoxMediaDB9     C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
22:06:57.0742 6052  RoxMediaDB9 - ok
22:06:57.0789 6052  [ AB2B1DE1C8F31EFCE2384B14B3DC4260 ] RoxWatch9       C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
22:06:57.0805 6052  RoxWatch9 - ok
22:06:57.0820 6052  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
22:06:57.0836 6052  RpcLocator - ok
22:06:57.0898 6052  [ 7B981222A257D076885BFFB66F19B7CE ] RpcSs           C:\Windows\system32\rpcss.dll
22:06:57.0898 6052  RpcSs - ok
22:06:57.0945 6052  [ 97E939D2128FEC5D5A3E6E79B290A2F4 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:06:57.0945 6052  rspndr - ok
22:06:58.0023 6052  [ C731B1FE449D4E9CEA358C9D55B69BE9 ] SamSs           C:\Windows\system32\lsass.exe
22:06:58.0023 6052  SamSs - ok
22:06:58.0086 6052  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:06:58.0148 6052  sbp2port - ok
22:06:58.0195 6052  [ 565B4B9E5AD2F2F18A4F8AAFA6C06BBB ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:06:58.0258 6052  SCardSvr - ok
22:06:58.0431 6052  [ 886CEC884B5BE29AB9828B8AB46B11F7 ] Schedule        C:\Windows\system32\schedsvc.dll
22:06:58.0446 6052  Schedule - ok
22:06:58.0478 6052  [ 0600E04315FE543802A379D5D23C8BE0 ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:06:58.0478 6052  SCPolicySvc - ok
22:06:58.0524 6052  [ 7B3973CC28B8AA3E9E2E5D53E720E2C9 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
22:06:58.0571 6052  sdbus - ok
22:06:58.0603 6052  [ F7B6BF02240D0A764ADF8C8966735552 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:06:58.0603 6052  SDRSVC - ok
22:06:59.0494 6052  [ 95AA9E165C7DE1B64A11E8B18E91E499 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
22:06:59.0510 6052  SDScannerService - ok
22:06:59.0619 6052  [ D31398D4BB4907B517B6E784C2100C4A ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
22:06:59.0635 6052  SDUpdateService - ok
22:06:59.0744 6052  [ 6AE8E702D1027A9627DDE2B77BB9992B ] SDWSCService    C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
22:06:59.0760 6052  SDWSCService - ok
22:06:59.0791 6052  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:06:59.0791 6052  secdrv - ok
22:06:59.0838 6052  [ 8388C4133DDBE62AD7BC3EC9F14271ED ] seclogon        C:\Windows\system32\seclogon.dll
22:06:59.0838 6052  seclogon - ok
22:06:59.0900 6052  [ 34350AE2C1D33D21C7305F861BD8DAD8 ] SENS            C:\Windows\System32\sens.dll
22:06:59.0900 6052  SENS - ok
22:06:59.0932 6052  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
22:06:59.0932 6052  Serenum - ok
22:06:59.0963 6052  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
22:06:59.0963 6052  Serial - ok
22:07:00.0025 6052  [ 450ACCD77EC5CEA720C1CDB9E26B953B ] sermouse        C:\Windows\system32\drivers\sermouse.sys
22:07:00.0057 6052  sermouse - ok
22:07:00.0135 6052  [ 78878235DA4DF0D116E86837A0A21DF8 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:07:00.0135 6052  SessionEnv - ok
22:07:00.0197 6052  [ 51CF56AA8BCC241F134B420B8F850406 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
22:07:00.0229 6052  sffdisk - ok
22:07:00.0275 6052  [ 96DED8B20C734AC41641CE275250E55D ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:07:00.0322 6052  sffp_mmc - ok
22:07:00.0354 6052  [ 8B08CAB1267B2C377883FC9E56981F90 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
22:07:00.0354 6052  sffp_sd - ok
22:07:00.0385 6052  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
22:07:00.0385 6052  sfloppy - ok
22:07:00.0542 6052  [ B264DFA21677728613267FE63802B332 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:07:00.0542 6052  ShellHWDetection - ok
22:07:00.0589 6052  [ 08072B2FB92477FC813271A84B3A8698 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
22:07:00.0636 6052  sisagp - ok
22:07:00.0636 6052  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
22:07:00.0651 6052  SiSRaid2 - ok
22:07:00.0683 6052  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:07:00.0683 6052  SiSRaid4 - ok
22:07:01.0026 6052  [ A1DCD30534835CB67733AD00175125A6 ] slsvc           C:\Windows\system32\SLsvc.exe
22:07:01.0042 6052  slsvc - ok
22:07:01.0136 6052  [ 56DA296E7B376A727E7BDC5AC7FBEE02 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
22:07:01.0136 6052  SLUINotify - ok
22:07:01.0183 6052  [ AC0D90738ADB51A6FD12FF00874A2162 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:07:01.0214 6052  Smb - ok
22:07:01.0261 6052  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:07:01.0276 6052  SNMPTRAP - ok
22:07:01.0386 6052  [ 426F9B029AA9162CECCF65369457D046 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:07:01.0496 6052  spldr - ok
22:07:01.0512 6052  [ DA612EF2556776DF2630B68BF2D48935 ] Spooler         C:\Windows\System32\spoolsv.exe
22:07:01.0512 6052  Spooler - ok
22:07:01.0574 6052  [ 038579C35F7CAD4A4BBF735DBF83277D ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:07:01.0574 6052  srv - ok
22:07:01.0621 6052  [ 6971A757AF8CB5E2CBCBB76CC530DB6C ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:07:01.0621 6052  srv2 - ok
22:07:01.0777 6052  [ 9E1A4603B874EEBCE0298113951ABEFB ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:07:01.0777 6052  srvnet - ok
22:07:01.0871 6052  [ 8D3E4BAFF8B3997138C38EB1B600519A ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:07:01.0949 6052  SSDPSRV - ok
22:07:02.0043 6052  [ CF26EB925F557D4D70973C702C8E7A49 ] STacSV          C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
22:07:02.0074 6052  STacSV - ok
22:07:02.0230 6052  [ 9CEA131B5EB0EA653F6B3EA80B54956D ] STHDA           C:\Windows\system32\drivers\stwrt.sys
22:07:02.0355 6052  STHDA - ok
22:07:02.0418 6052  [ A941E099EF46E3CC12F898CBE1C39910 ] stisvc          C:\Windows\System32\wiaservc.dll
22:07:02.0434 6052  stisvc - ok
22:07:02.0497 6052  [ 51778FD315C9882F1CBD932743E62A72 ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
22:07:02.0528 6052  stllssvr - ok
22:07:02.0575 6052  [ 3B80B4383C9BCE13279C8482734B32B2 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
22:07:02.0575 6052  swenum - ok
22:07:02.0810 6052  [ 749ADA8D6C18A08ADFEDE69CBF5DB2E0 ] swprv           C:\Windows\System32\swprv.dll
22:07:02.0810 6052  swprv - ok
22:07:02.0856 6052  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
22:07:02.0935 6052  Symc8xx - ok
22:07:02.0981 6052  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
22:07:02.0981 6052  Sym_hi - ok
22:07:03.0028 6052  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
22:07:03.0060 6052  Sym_u3 - ok
22:07:03.0122 6052  [ 1F5192248A364D4AB68DB063D18A2139 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
22:07:03.0122 6052  SynTP - ok
22:07:03.0388 6052  [ 6D73375116FAE5360B16F0A2D9B773CE ] SysMain         C:\Windows\system32\sysmain.dll
22:07:03.0388 6052  SysMain - ok
22:07:03.0498 6052  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:07:03.0498 6052  TabletInputService - ok
22:07:03.0607 6052  [ EF3DD33C740FC2F82E7E4622F1C49289 ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:07:04.0248 6052  TapiSrv - ok
22:07:04.0279 6052  [ 68FA52794AE9ACC61BDE16FE0956B414 ] TBS             C:\Windows\System32\tbssvc.dll
22:07:04.0279 6052  TBS - ok
22:07:04.0436 6052  [ 4A82FA8F0DF67AA354580C3FAAF8BDE3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:07:04.0451 6052  Tcpip - ok
22:07:04.0482 6052  [ 4A82FA8F0DF67AA354580C3FAAF8BDE3 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
22:07:04.0482 6052  Tcpip6 - ok
22:07:04.0576 6052  [ 5CE0C4A7B12D0067DAD527D72B68C726 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:07:04.0639 6052  tcpipreg - ok
22:07:04.0686 6052  [ 964248AEF49C31FA6A93201A73FFAF50 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:07:04.0732 6052  TDPIPE - ok
22:07:04.0795 6052  [ 7D2C1AE1648A60FCE4AA0F7982E419D3 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:07:04.0811 6052  TDTCP - ok
22:07:04.0857 6052  [ AB4FDE8AF4A0270A46A001C08CBCE1C2 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:07:04.0873 6052  tdx - ok
22:07:04.0889 6052  [ 849ED71967D45F15C3E0ABFC633FDF2A ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
22:07:04.0889 6052  TermDD - ok
22:07:05.0076 6052  [ FAD71C1E8E4047B154E899AE31EB8CAA ] TermService     C:\Windows\System32\termsrv.dll
22:07:05.0076 6052  TermService - ok
22:07:05.0186 6052  [ B264DFA21677728613267FE63802B332 ] Themes          C:\Windows\system32\shsvcs.dll
22:07:05.0186 6052  Themes - ok
22:07:05.0217 6052  [ 9DFA3A459AF0954AA85B4F7622AD87BB ] THREADORDER     C:\Windows\system32\mmcss.dll
22:07:05.0232 6052  THREADORDER - ok
22:07:05.0279 6052  [ 6BBA0582C0025D43729A1112D3B57897 ] TrkWks          C:\Windows\System32\trkwks.dll
22:07:05.0295 6052  TrkWks - ok
22:07:05.0500 6052  [ 34E388A395FEDBA1D0511ED39BBF4074 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:07:05.0500 6052  TrustedInstaller - ok
22:07:05.0578 6052  [ 29F0ECA726F0D51F7E048BDB0B372F29 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:07:05.0781 6052  tssecsrv - ok
22:07:05.0844 6052  [ 65E953BC0084D44498B51F59784D2A82 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
22:07:05.0844 6052  tunmp - ok
22:07:05.0891 6052  [ 4A39BDA5E0FD30BDF4884F9D33AE6105 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:07:05.0891 6052  tunnel - ok
22:07:05.0953 6052  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
22:07:05.0953 6052  uagp35 - ok
22:07:06.0000 6052  [ 6348DA98707CEDA8A0DFB05820E17732 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:07:06.0016 6052  udfs - ok
22:07:06.0109 6052  [ 24A333F4F14DCFB6FF6D5A1B9E5D79DD ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:07:06.0125 6052  UI0Detect - ok
22:07:06.0188 6052  [ 6D72EF05921ABDF59FC45C7EBFE7E8DD ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:07:06.0203 6052  uliagpkx - ok
22:07:06.0250 6052  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys
22:07:06.0250 6052  uliahci - ok
22:07:06.0281 6052  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
22:07:06.0297 6052  UlSata - ok
22:07:06.0328 6052  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
22:07:06.0359 6052  ulsata2 - ok
22:07:06.0391 6052  [ 3FB78F1D1DD86D87BECECD9DFFA24DD9 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:07:06.0406 6052  umbus - ok
22:07:06.0422 6052  [ 8EB871A3DEB6B3D5A85EB6DDFC390B59 ] upnphost        C:\Windows\System32\upnphost.dll
22:07:06.0438 6052  upnphost - ok
22:07:06.0549 6052  [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
22:07:06.0580 6052  USBAAPL - ok
22:07:06.0658 6052  [ 03B01E8DBD2DA2B49157B7E51912AAF2 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:07:06.0689 6052  usbccgp - ok
22:07:06.0705 6052  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:07:06.0736 6052  usbcir - ok
22:07:06.0877 6052  [ 2F83363F98484F8EDAF49F9B41520D14 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:07:06.0939 6052  usbehci - ok
22:07:07.0018 6052  [ 14D2A4DCD92C0B3368667AED6893463D ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:07:07.0096 6052  usbhub - ok
22:07:07.0158 6052  [ 51DC36722172D45F2F935CE5CC18A812 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
22:07:07.0189 6052  usbohci - ok
22:07:07.0252 6052  [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:07:07.0268 6052  usbprint - ok
22:07:07.0377 6052  [ 7887CE56934E7F104E98C975F47353C5 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:07:07.0455 6052  USBSTOR - ok
22:07:07.0486 6052  [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
22:07:07.0486 6052  usbuhci - ok
22:07:07.0519 6052  [ F79D0D7C9004474CB42746D9B2C30A2B ] UxSms           C:\Windows\System32\uxsms.dll
22:07:07.0519 6052  UxSms - ok
22:07:07.0628 6052  [ C9D0BAFEE0D0A2681F048CA61BC0DA96 ] vds             C:\Windows\System32\vds.exe
22:07:07.0628 6052  vds - ok
22:07:07.0675 6052  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:07:07.0784 6052  vga - ok
22:07:07.0815 6052  [ 17A8F877314E4067F8C8172CC6D9101C ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:07:07.0815 6052  VgaSave - ok
22:07:07.0847 6052  [ D5929A28BDFF4367A12CAF06AF901971 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
22:07:07.0862 6052  viaagp - ok
22:07:07.0878 6052  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
22:07:07.0878 6052  ViaC7 - ok
22:07:07.0956 6052  [ F3B4762EB85A2AFF4999401F14C3262B ] viaide          C:\Windows\system32\drivers\viaide.sys
22:07:07.0972 6052  viaide - ok
22:07:08.0019 6052  [ FD16FAC15F9F165AC19A618E7B391F5C ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:07:08.0034 6052  volmgr - ok
22:07:08.0206 6052  [ 420C48E593B9520C2DEE45D671F923E1 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:07:08.0300 6052  volmgrx - ok
22:07:08.0394 6052  [ 80DC0C9BCB579ED9815001A4D37CBFD5 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:07:08.0425 6052  volsnap - ok
22:07:08.0472 6052  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
22:07:08.0503 6052  vsmraid - ok
22:07:08.0787 6052  [ E0E29D9EF2524ABD11749C7C2FD7F607 ] VSS             C:\Windows\system32\vssvc.exe
22:07:08.0803 6052  VSS - ok
22:07:08.0818 6052  [ 62B0D0F6F5580D9D0DFA5E0B466FF2ED ] W32Time         C:\Windows\system32\w32time.dll
22:07:08.0834 6052  W32Time - ok
22:07:08.0850 6052  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
22:07:08.0865 6052  WacomPen - ok
22:07:08.0928 6052  [ 6798C1209A53B5A0DED8D437C45145FF ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
22:07:08.0928 6052  Wanarp - ok
22:07:08.0943 6052  [ 6798C1209A53B5A0DED8D437C45145FF ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:07:08.0943 6052  Wanarpv6 - ok
22:07:08.0959 6052  [ C1B19162E0509CEAB4CDF664E139D956 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:07:08.0975 6052  wcncsvc - ok
22:07:08.0990 6052  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:07:09.0037 6052  WcsPlugInService - ok
22:07:09.0131 6052  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
22:07:09.0178 6052  Wd - ok
22:07:09.0225 6052  [ 7B5F66E4A2219C7D9DAF9E738480E534 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:07:09.0240 6052  Wdf01000 - ok
22:07:09.0256 6052  [ 2A424B89B14EF17A3D06BCB5A8F79601 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:07:09.0256 6052  WdiServiceHost - ok
22:07:09.0256 6052  [ 2A424B89B14EF17A3D06BCB5A8F79601 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:07:09.0271 6052  WdiSystemHost - ok
22:07:09.0287 6052  [ 01E41C264EEDCB827820A1909162579F ] WebClient       C:\Windows\System32\webclnt.dll
22:07:09.0365 6052  WebClient - ok
22:07:09.0428 6052  [ 9CF67FF7F8D34CBF115D0C278B9F74AA ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:07:09.0428 6052  Wecsvc - ok
22:07:09.0459 6052  [ B68CAB45DB1DAB59D92ACADFAD6364A8 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:07:09.0475 6052  wercplsupport - ok
22:07:09.0506 6052  [ 36BA0707680EF4236FD752BEE982CC25 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:07:09.0506 6052  WerSvc - ok
22:07:09.0788 6052  [ 6D2350BB6E77E800FC4BE4E5B7A2E89A ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
22:07:09.0851 6052  winachsf - ok
22:07:09.0851 6052  WinHttpAutoProxySvc - ok
22:07:10.0132 6052  [ 38A7B89DE4E3417C122317949667FDD8 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:07:10.0210 6052  Winmgmt - ok
22:07:10.0335 6052  [ 3F6823040030C3E4DA1CF11CD40B7534 ] WinRM           C:\Windows\system32\WsmSvc.dll
22:07:10.0351 6052  WinRM - ok
22:07:10.0633 6052  [ B410476A00961BF3FC368A346D8EA6A7 ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:07:10.0633 6052  Wlansvc - ok
22:07:10.0648 6052  wltrysvc - ok
22:07:10.0664 6052  [ 17EAC0D023A65FA9B02114CC2BAACAD5 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
22:07:10.0680 6052  WmiAcpi - ok
22:07:10.0711 6052  [ A279323BEE5FFFAFDA222910BCE92132 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:07:10.0727 6052  wmiApSrv - ok
22:07:11.0352 6052  [ ACB2E63D50157E3EA7140F29D9E76A48 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
22:07:11.0367 6052  WMPNetworkSvc - ok
22:07:11.0492 6052  [ 3D3B3B80C12ABE506F56930C46422C28 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:07:11.0492 6052  WPCSvc - ok
22:07:11.0555 6052  [ C24844A1D0D9528B19D5BC266B8CD572 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:07:11.0557 6052  WPDBusEnum - ok
22:07:11.0715 6052  [ 2D27171B16A577EF14C1273668753485 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
22:07:11.0746 6052  WpdUsb - ok
22:07:11.0824 6052  [ 84620AECDCFD2A7A14E6263927D8C0ED ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:07:11.0855 6052  ws2ifsl - ok
22:07:11.0871 6052  WSearch - ok
22:07:11.0949 6052  [ A2AAFCC8A204736296D937C7C545B53F ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:07:11.0965 6052  WUDFRd - ok
22:07:12.0012 6052  [ DB5BF5AAB72B1B99B5331231D09EBB26 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:07:12.0027 6052  wudfsvc - ok
22:07:12.0027 6052  [ 5A7FF9A18FF6D7E0527FE3ABF9204EF8 ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
22:07:12.0043 6052  XAudio - ok
22:07:12.0074 6052  [ 28DC5D626E036A75A572556F0A6EB1F6 ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
22:07:12.0074 6052  XAudioService - ok
22:07:12.0137 6052  ================ Scan global ===============================
22:07:12.0168 6052  [ 8CD98A8EC9CADAF4E051CDCAC15C96C4 ] C:\Windows\system32\basesrv.dll
22:07:12.0262 6052  [ E3F137ADC0A9D7F3A2E4F557272FE6B3 ] C:\Windows\system32\winsrv.dll
22:07:12.0277 6052  [ E3F137ADC0A9D7F3A2E4F557272FE6B3 ] C:\Windows\system32\winsrv.dll
22:07:12.0355 6052  [ 329CF3C97CE4C19375C8ABCABAE258B0 ] C:\Windows\system32\services.exe
22:07:12.0355 6052  [Global] - ok
22:07:12.0355 6052  ================ Scan MBR ==================================
22:07:12.0387 6052  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
22:07:15.0657 6052  \Device\Harddisk0\DR0 - ok
22:07:15.0657 6052  ================ Scan VBR ==================================
22:07:15.0704 6052  [ 368F69A1B40138246BFCF1375CEEB6BD ] \Device\Harddisk0\DR0\Partition1
22:07:15.0813 6052  \Device\Harddisk0\DR0\Partition1 - ok
22:07:15.0860 6052  [ 6CD72B626B0F2C7B5E8C0038FA2D4FFF ] \Device\Harddisk0\DR0\Partition2
22:07:15.0954 6052  \Device\Harddisk0\DR0\Partition2 - ok
22:07:15.0954 6052  ============================================================
22:07:15.0954 6052  Scan finished
22:07:15.0954 6052  ============================================================
22:07:15.0970 6044  Detected object count: 1
22:07:15.0970 6044  Actual detected object count: 1
22:07:22.0085 6044  C:\Windows\system32\DRIVERS\i8042prt.sys - copied to quarantine
22:07:25.0135 6044  C:\Windows\$NtUninstallKB13944$\799545808\@ - copied to quarantine
22:07:25.0135 6044  C:\Windows\$NtUninstallKB13944$\799545808\Desktop.ini - copied to quarantine
22:07:25.0150 6044  C:\Windows\$NtUninstallKB13944$\799545808\L\00000004.@ - copied to quarantine
22:07:25.0182 6044  C:\Windows\$NtUninstallKB13944$\799545808\L\201d3dde - copied to quarantine
22:07:25.0197 6044  C:\Windows\$NtUninstallKB13944$\799545808\L\6715e287 - copied to quarantine
22:07:25.0244 6044  C:\Windows\$NtUninstallKB13944$\799545808\L\ogejidap - copied to quarantine
22:07:25.0275 6044  C:\Windows\$NtUninstallKB13944$\799545808\U\00000004.@ - copied to quarantine
22:07:25.0291 6044  C:\Windows\$NtUninstallKB13944$\799545808\U\00000008.@ - copied to quarantine
22:07:25.0307 6044  C:\Windows\$NtUninstallKB13944$\799545808\U\000000cb.@ - copied to quarantine
22:07:25.0322 6044  C:\Windows\$NtUninstallKB13944$\799545808\U\80000000.@ - copied to quarantine
22:07:25.0354 6044  C:\Windows\$NtUninstallKB13944$\799545808\U\80000032.@ - copied to quarantine
22:07:25.0854 6044  Backup copy found, using it..
22:07:25.0886 6044  C:\Windows\system32\DRIVERS\i8042prt.sys - will be cured on reboot
22:07:25.0964 6044  C:\Windows\$NtUninstallKB13944$\3517710009 - will be deleted on reboot
22:07:25.0964 6044  C:\Windows\$NtUninstallKB13944$\799545808\@ - will be deleted on reboot
22:07:25.0964 6044  C:\Windows\$NtUninstallKB13944$\799545808\Desktop.ini - will be deleted on reboot
22:07:25.0995 6044  C:\Windows\$NtUninstallKB13944$\799545808\U\00000004.@ - will be deleted on reboot
22:07:25.0995 6044  C:\Windows\$NtUninstallKB13944$\799545808\U\00000008.@ - will be deleted on reboot
22:07:25.0995 6044  C:\Windows\$NtUninstallKB13944$\799545808\U\000000cb.@ - will be deleted on reboot
22:07:25.0995 6044  C:\Windows\$NtUninstallKB13944$\799545808\U\80000000.@ - will be deleted on reboot
22:07:25.0995 6044  C:\Windows\$NtUninstallKB13944$\799545808\U\80000032.@ - will be deleted on reboot
22:07:25.0995 6044  i8042prt ( Virus.Win32.ZAccess.aml ) - User select action: Cure
22:07:33.0598 5996  Deinitialize success
 



#7 kellmk

kellmk
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 02 June 2013 - 11:04 PM

I had to uninstall AVG anti virus. Temporarily disabling the anti virus was not working for me.

 

ComboFix 13-06-02.02 - Michele 06/02/2013  23:19:31.1.2 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6000.0.1252.1.1033.18.2429.1257 [GMT -4:00]
Running from: C:\Users\Michele\Desktop\ComboFix.exe

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Users\Michele\~WRL0002.tmp
C:\Windows\$NtUninstallKB13944$
C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
C:\Windows\system32\URTTemp
C:\Windows\system32\URTTemp\regtlib.exe

(((((((((((((((((((((((((   Files Created from 2013-05-03 to 2013-06-03  )))))))))))))))))))))))))))))))

2013-06-03 03:35:16 . 2013-06-03 03:38:31 -------- d-----w- C:\Users\Michele\AppData\Local\temp
2013-06-03 02:07:22 . 2013-06-03 02:07:22 -------- d-----w- C:\TDSSKiller_Quarantine
2013-05-29 01:31:12 . 2013-05-29 01:31:12 -------- d-----w- C:\Users\Michele\AppData\Roaming\AVG2013
2013-05-29 01:23:09 . 2013-05-29 01:23:09 -------- d-----w- C:\Users\Michele\AppData\Roaming\TuneUp Software
2013-05-29 01:11:11 . 2013-05-29 01:25:42 -------- d-----w- C:\ProgramData\AVG2013
2013-05-29 01:03:32 . 2013-05-29 01:30:59 -------- d-----w- C:\Users\Michele\AppData\Local\Avg2013
2013-05-29 01:03:32 . 2013-05-29 01:03:32 -------- d-----w- C:\Users\Michele\AppData\Local\MFAData
2013-05-28 21:18:16 . 2013-05-28 23:57:57 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-05-28 21:18:00 . 2009-01-25 17:14:20 15224 ----a-w- C:\Windows\system32\sdnclean.exe
2013-05-28 21:17:52 . 2013-05-28 21:18:06 -------- d-----w- C:\Program Files\Spybot - Search & Destroy 2
.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-06-03 02:08:56 . 2008-02-21 11:57:37 54784 ----a-w- C:\Windows\system32\drivers\i8042prt.sys
2013-05-28 15:17:46 . 2013-03-19 21:36:05 71048 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-05-28 15:17:46 . 2013-03-19 21:36:05 692104 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2013-04-04 18:50:32 . 2010-04-06 00:10:22 22856 ----a-w- C:\Windows\system32\drivers\mbam.sys
2013-03-29 06:53:48 . 2013-03-29 06:53:48 208184 ----a-w- C:\Windows\system32\drivers\avgidsdriverx.sys
2013-03-21 07:08:24 . 2013-03-21 07:08:24 182072 ----a-w- C:\Windows\system32\drivers\avgtdix.sys


Edited by kellmk, 02 June 2013 - 11:15 PM.


#8 kellmk

kellmk
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 02 June 2013 - 11:13 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-06-2013 03
Ran by Michele (administrator) on 03-06-2013 00:09:33
Running from C:\Users\Michele\Desktop
Windows Vista ™ Home Basic (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\bcmwltry.exe
(Software 2000 Limited) C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SigmaTel, Inc.) C:\Windows\sttray.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
(SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe
(Microsoft Corporation) C:\Windows\system32\lpremove.exe
(Microsoft Corporation) C:\Windows\system32\lpksetup.exe
(NirSoft) C:\ComboFix\NIRKMD.3XE
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe [17920 2007-05-25] ( )
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-11-20] (Synaptics, Inc.)
HKLM\...\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [90112 2006-07-11] ()
HKLM\...\Run: [SigmatelSysTrayApp] sttray.exe [x]
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe [1540096 2006-11-21] (Dell Inc.)
HKLM\...\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [81920 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [124200 2007-09-17] (CyberLink Corp.)
HKLM\...\Run: [dscactivate] c:\dell\dsca.exe 3 [16384 2007-07-30] ( )
HKLM\...\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [221184 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1 [954368 2007-04-25] ()
HKLM\...\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe" [193880 2010-11-19] (LeapFrog Enterprises, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-06-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [976832 2010-06-09] (Adobe Systems Incorporated)
HKLM\...\Run: [RegWork] C:\Program Files\RegWork\\RegWork.exe [11949456 2010-08-25] (Honlyn (Macao Commercial Offshore) Limited)
HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [887976 2011-08-23] (Ask)
HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.)
HKLM\...\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" [3830224 2013-05-16] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKCU\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2007-11-26] (Google Inc.)
HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [201728 2006-11-02] (Microsoft Corporation)
HKCU\...\Run: [Spybot-S&D Cleaning] "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean [3642312 2013-05-16] (Safer-Networking Ltd.)
HKU\Default\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [ 2007-03-15] (Gteko Ltd.)
HKU\Default User\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [ 2007-03-15] (Gteko Ltd.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\PictureMover.lnk
ShortcutTarget: PictureMover.lnk -> C:\Program Files\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\ProgramData\Start Menu\Programs\Startup\QuickSet.lnk
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll No File
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
PDF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [227328] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 167.206.254.2 167.206.254.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\rkk4kql8.default
FF SearchEngine: Ask.com
FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BCPA&o=16145&locale=en_US&apn_uid=00063923-2C41-48C3-A11D-300F6D32B505&apn_ptnrs=QK&apn_sauid=1D29112D-A28F-46DC-B27C-477EFB8814B3&apn_dtid=YYYYYYYYUS&&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Extension: No Name - C:\Users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\rkk4kql8.default\Extensions\toolbar@ask.com
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\rkk4kql8.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}

========================== Services (Whitelisted) =================

S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2007-03-19] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 STacSV; C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe [90112 2007-02-08] (SigmaTel, Inc.)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [1716224 2006-11-21] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [19456 2009-11-10] (LeapFrog)
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [647680 2007-02-08] (SigmaTel, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 catchme; \??\C:\Users\Michele\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-03 00:09 - 2013-06-03 00:09 - 00000000 ____D C:\FRST
2013-06-03 00:08 - 2013-06-03 00:09 - 00000000 ___SD C:\ComboFix
2013-06-03 00:08 - 2011-06-26 02:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-03 00:08 - 2010-11-07 13:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-03 00:08 - 2009-04-20 00:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-03 00:08 - 2000-08-30 20:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-03 00:08 - 2000-08-30 20:00 - 00212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe
2013-06-03 00:08 - 2000-08-30 20:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-03 00:08 - 2000-08-30 20:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-03 00:08 - 2000-08-30 20:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-03 00:07 - 2013-06-03 00:07 - 01356197 ____A (Farbar) C:\Users\Michele\Desktop\FRST.exe
2013-06-03 00:04 - 2013-06-03 00:04 - 00000320 ____A C:\Windows\Tasks\HP WEP.job
2013-06-02 23:57 - 2013-06-03 00:08 - 00000000 ___SD C:\32788R22FWJFW
2013-06-02 22:54 - 2000-08-30 20:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-02 22:46 - 2013-06-02 23:52 - 00066843 ____A C:\Windows\WindowsUpdate.log
2013-06-02 22:36 - 2013-06-03 00:09 - 00000000 ____D C:\Qoobox
2013-06-02 22:35 - 2013-06-02 23:40 - 00000000 ____D C:\Windows\erdnt
2013-06-02 22:31 - 2013-06-02 22:31 - 05076415 ____R (Swearware) C:\Users\Michele\Desktop\ComboFix.exe
2013-06-02 22:07 - 2013-06-02 22:07 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-01 21:07 - 2013-06-01 21:07 - 00355651 ____A (Farbar) C:\Users\Michele\Desktop\FSS.exe
2013-06-01 21:02 - 2013-06-01 21:02 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Michele\Desktop\tdsskiller.exe
2013-05-30 20:54 - 2013-05-30 20:55 - 00688992 ____R (Swearware) C:\Users\Michele\Desktop\dds.com
2013-05-30 20:27 - 2013-06-02 23:53 - 00015938 ____A C:\Windows\PFRO.log
2013-05-28 21:31 - 2013-05-28 21:31 - 00000000 ____D C:\Users\Michele\AppData\Roaming\AVG2013
2013-05-28 21:23 - 2013-05-28 21:23 - 00000000 ____D C:\Users\Michele\AppData\Roaming\TuneUp Software
2013-05-28 21:11 - 2013-06-02 23:49 - 00000000 ____D C:\ProgramData\AVG2013
2013-05-28 21:03 - 2013-05-28 21:30 - 00000000 ____D C:\Users\Michele\AppData\Local\Avg2013
2013-05-28 21:03 - 2013-05-28 21:03 - 00000000 ____D C:\Users\Michele\AppData\Local\MFAData
2013-05-28 17:18 - 2013-06-02 23:55 - 00000644 ____A C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-05-28 17:18 - 2013-05-28 20:55 - 00000616 ____A C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-05-28 17:18 - 2013-05-28 20:55 - 00000446 ____A C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-05-28 17:18 - 2013-05-28 19:57 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-05-28 17:18 - 2013-05-28 17:18 - 00001960 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-05-28 17:18 - 2009-01-25 13:14 - 00015224 ____A (Safer Networking Limited) C:\Windows\System32\sdnclean.exe
2013-05-28 17:17 - 2013-05-28 17:18 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-05-28 10:42 - 2013-05-28 10:42 - 00000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-28 10:41 - 2013-05-28 10:41 - 00000719 ____A C:\Windows\setupact.log
2013-05-28 10:41 - 2013-05-28 10:41 - 00000000 ____A C:\Windows\setuperr.log

==================== One Month Modified Files and Folders ========

2013-06-03 00:09 - 2013-06-03 00:09 - 00000000 ____D C:\FRST
2013-06-03 00:09 - 2013-06-03 00:08 - 00000000 ___SD C:\ComboFix
2013-06-03 00:09 - 2013-06-02 22:46 - 00066843 ____A C:\Windows\WindowsUpdate.log
2013-06-03 00:09 - 2013-06-02 22:36 - 00000000 ____D C:\Qoobox
2013-06-03 00:08 - 2013-06-02 23:57 - 00000000 ___SD C:\32788R22FWJFW
2013-06-03 00:07 - 2013-06-03 00:07 - 01356197 ____A (Farbar) C:\Users\Michele\Desktop\FRST.exe
2013-06-03 00:04 - 2013-06-03 00:04 - 00000320 ____A C:\Windows\Tasks\HP WEP.job
2013-06-02 23:55 - 2013-05-28 17:18 - 00000644 ____A C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-06-02 23:55 - 2010-01-28 20:30 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-02 23:54 - 2008-01-04 20:15 - 00000000 ____D C:\MDT
2013-06-02 23:53 - 2013-05-30 20:27 - 00015938 ____A C:\Windows\PFRO.log
2013-06-02 23:53 - 2006-11-02 08:58 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-02 23:53 - 2006-11-02 08:45 - 00003456 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-02 23:53 - 2006-11-02 08:45 - 00003456 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-02 23:52 - 2006-11-02 08:58 - 00032598 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-02 23:51 - 2013-05-28 21:03 - 00000000 ____D C:\Users\Michele\AppData\Local\Avg2013
2013-06-02 23:51 - 2011-10-24 21:15 - 00000000 ____D C:\ProgramData\MFAData
2013-06-02 23:51 - 2010-01-28 20:30 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-02 23:49 - 2013-05-28 21:11 - 00000000 ____D C:\ProgramData\AVG2013
2013-06-02 23:40 - 2013-06-02 22:35 - 00000000 ____D C:\Windows\erdnt
2013-06-02 23:38 - 2006-11-02 06:23 - 00000215 ____A C:\Windows\system.ini
2013-06-02 23:34 - 2008-01-04 19:47 - 00000000 ____D C:\users\Michele
2013-06-02 23:13 - 2013-03-19 17:36 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-02 22:31 - 2013-06-02 22:31 - 05076415 ____R (Swearware) C:\Users\Michele\Desktop\ComboFix.exe
2013-06-02 22:08 - 2008-02-21 07:57 - 00054784 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\i8042prt.sys
2013-06-02 22:07 - 2013-06-02 22:07 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-01 21:07 - 2013-06-01 21:07 - 00355651 ____A (Farbar) C:\Users\Michele\Desktop\FSS.exe
2013-06-01 21:02 - 2013-06-01 21:02 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Michele\Desktop\tdsskiller.exe
2013-05-30 20:55 - 2013-05-30 20:54 - 00688992 ____R (Swearware) C:\Users\Michele\Desktop\dds.com
2013-05-28 21:31 - 2013-05-28 21:31 - 00000000 ____D C:\Users\Michele\AppData\Roaming\AVG2013
2013-05-28 21:23 - 2013-05-28 21:23 - 00000000 ____D C:\Users\Michele\AppData\Roaming\TuneUp Software
2013-05-28 21:07 - 2009-10-23 13:40 - 00000000 ____D C:\Program Files\AVG
2013-05-28 21:04 - 2006-11-02 06:33 - 00729262 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-28 21:03 - 2013-05-28 21:03 - 00000000 ____D C:\Users\Michele\AppData\Local\MFAData
2013-05-28 20:55 - 2013-05-28 17:18 - 00000616 ____A C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-05-28 20:55 - 2013-05-28 17:18 - 00000446 ____A C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-05-28 19:57 - 2013-05-28 17:18 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-05-28 17:18 - 2013-05-28 17:18 - 00001960 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-05-28 17:18 - 2013-05-28 17:17 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-05-28 17:03 - 2010-02-18 09:36 - 00002595 ____A C:\Users\Michele\Desktop\Microsoft Word.lnk
2013-05-28 16:30 - 2008-01-09 14:29 - 00017408 ____A C:\Users\Michele\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-28 11:17 - 2013-03-19 17:36 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-05-28 11:17 - 2013-03-19 17:36 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-05-28 10:43 - 2010-04-05 20:10 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-05-28 10:42 - 2013-05-28 10:42 - 00000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-28 10:41 - 2013-05-28 10:41 - 00000719 ____A C:\Windows\setupact.log
2013-05-28 10:41 - 2013-05-28 10:41 - 00000000 ____A C:\Windows\setuperr.log

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

Last Boot: 2013-06-03 00:00

==================== End Of Log ============================

Attached File  Addition.txt   13.54KB   0 downloads



#9 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:06:25 PM

Posted 03 June 2013 - 10:17 AM

hy there


Please download ESET's ServiceRepair.exe to your desktop.

Doubleclick on the file and click Yes on the first Messagebox.
When done, the tool will ask for a reboot to complete the fix. Please allow it.
If it doesn't ask you to reboot your PC, please perform a manuall reboot.



Please re-run FSS.exe as instructed above and post the FSS.txt
regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#10 kellmk

kellmk
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 03 June 2013 - 12:15 PM

Log Opened: 2013-06-03 @ 13:10:44
13:10:44 - -----------------
13:10:44 - | Begin Logging |
13:10:44 - -----------------
13:10:44 - Fix started on a WIN_VISTA X86 computer
13:10:44 - Prep in progress.  Please Wait.
13:10:47 - Prep complete
13:10:47 - Repairing Services Now.  Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

SetACL finished successfully.
13:10:49 - Services Repair Complete.
13:10:53 - Reboot Initiated



#11 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:06:25 PM

Posted 04 June 2013 - 12:43 PM

Hy there.


Please re-run FSS.exe as instructed above and post the FSS.txt


regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#12 kellmk

kellmk
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 04 June 2013 - 02:20 PM

Farbar Service Scanner Version: 31-05-2013 01
Ran by Michele (administrator) on 04-06-2013 at 15:20:08
Running from "C:\Users\Michele\Desktop"
Windows Vista ™ Home Basic  (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Security Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{FD6905CE-952F-41F1-9A6F-135D9C6622CC} key. The key does not exist.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll
[2007-11-26 21:12] - [2007-11-26 21:12] - 0265912 ____A (Microsoft Corporation) 0D5AD0E71FF5DDAC5DD2F443B499ABD0

C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll
[2010-04-14 08:38] - [2010-02-18 10:19] - 0179712 ____A (Microsoft Corporation) ECC9AD72CFC4AB41CF6A9BCC11F9FEF6

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****



#13 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:06:25 PM

Posted 05 June 2013 - 09:56 AM

Hy there.

Please press the windows.jpg + R Key and type notepad into the Run box.
Copy/paste the entire contents of the codebox below, into notepad:
 
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]
"AutoStart"=""
  • Now on the top of the window choose File --> Save as
  • Into the Save as line type in regfix.reg
  • Change the Save as type to All Files (*.*)
  • Save it on your Desktop.
It should look like this: regfix_kl.jpg

Double-click on the regfix.reg file located on the desktop. A warning regarding changes applied to the registry will pop up, click on Yes as we know what we are doing here and OK.
Reboot your system.



Please delete your current Combofix.exe from your desktop.



Download ComboFix from this location:

Link 1



* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic %5BB%5D How to disable your security applications[/b]


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

*Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that.

Edited by Larusso, 05 June 2013 - 10:00 AM.

regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#14 kellmk

kellmk
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 05 June 2013 - 11:39 PM

OK computer seems to be running a lot better.

 

ComboFix 13-06-05.05 - Michele 06/06/2013   0:20.2.2 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6000.0.1252.1.1033.18.1405.836 [GMT -4:00]
Running from: c:\users\Michele\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\Michele\~WRL0002.tmp
c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-06 to 2013-06-06  )))))))))))))))))))))))))))))))
.
.
2013-06-03 02:07 . 2013-06-03 02:07 -------- d-----w- C:\TDSSKiller_Quarantine
2013-05-29 01:31 . 2013-05-29 01:31 -------- d-----w- c:\users\Michele\AppData\Roaming\AVG2013
2013-05-29 01:23 . 2013-05-29 01:23 -------- d-----w- c:\users\Michele\AppData\Roaming\TuneUp Software
2013-05-29 01:11 . 2013-06-03 03:49 -------- d-----w- c:\programdata\AVG2013
2013-05-29 01:03 . 2013-06-03 03:51 -------- d-----w- c:\users\Michele\AppData\Local\Avg2013
2013-05-29 01:03 . 2013-05-29 01:03 -------- d-----w- c:\users\Michele\AppData\Local\MFAData
2013-05-28 21:18 . 2013-05-28 23:57 -------- d-----w- c:\programdata\Spybot - Search & Destroy
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-03 02:08 . 2008-02-21 11:57 54784 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2013-05-28 15:17 . 2013-03-19 21:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-28 15:17 . 2013-03-19 21:36 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-04 18:50 . 2010-04-06 00:10 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-21 07:08 . 2013-03-21 07:08 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-26 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-20 815104]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-12 90112]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-22 1540096]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"RegWork"="c:\program files\RegWork\\RegWork.exe" [2010-08-25 11949456]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-24 887976]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-11-26 50688]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
PictureMover.lnk - c:\program files\PictureMover\Bin\PictureMover.exe [2009-11-9 1036856]
QuickSet.lnk -  [N/A]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ    PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-19 15:17]
.
2013-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 00:30]
.
2013-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 00:30]
.
2013-06-06 c:\windows\Tasks\HP WEP.job
- c:\program files\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25 18:28]
.
2013-02-16 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-21 21:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 167.206.254.2 167.206.254.1 192.168.1.1
FF - ProfilePath - c:\users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\rkk4kql8.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BCPA&o=16145&locale=en_US&apn_uid=00063923-2C41-48C3-A11D-300F6D32B505&apn_ptnrs=QK&apn_sauid=1D29112D-A28F-46DC-B27C-477EFB8814B3&apn_dtid=YYYYYYYYUS&&q=
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\program files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-08691024.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-06 00:29
Windows 6.0.6000  NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-06-06  00:32:38
ComboFix-quarantined-files.txt  2013-06-06 04:32
.
Pre-Run: 91,990,196,224 bytes free
Post-Run: 91,615,055,872 bytes free
.
- - End Of File - - 13DF5C1D234EFBB8AAACCC0F7B73F3D7
 



#15 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:06:25 PM

Posted 06 June 2013 - 11:45 AM

Hy there. All things are looking okay now.

Please try to enable your automatic updates: Start --> Control Panel --> System and Security --> Windows Updates
regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users