also @ TechSpot: Intel confirms a smartwatch is in the pipeline

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Crypt.AQLW and Cryptic.DYR infections cannot remove

Discussion in 'Virus and Malware Removal' started by steve1965, Apr 10, 2012.

Post New Reply

Page 1 of 2

steve1965 Newcomer, in training Posts: 37

hi all
I am having much grief with the 2 trojan infections, mentioned above, which AVG cannot eradicate. I have read the 5 point sticky and await further instructions before posting any logs from them.

I am running a full AVG scan at the moment.

many thanks in advance.
steve

steve1965, Apr 10, 2012

#1
Broni Malware Annihilator Posts: 40,051 +187
Welcome aboard

Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
Broni, Apr 10, 2012

#2
steve1965 Newcomer, in training Posts: 37

logs

Hi Broni

my windows security centre is also hobbled and wont restart service.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.10.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Steve :: STEVE-PC [administrator]

10/04/2012 16:43:31
mbam-log-2012-04-10 (16-43-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 273348
Time elapsed: 14 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 5
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKLM\System\CurrentControlSet\Services\ehstartTermService (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 4
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network|UID (Malware.Trace) -> Data: STEVE-PC_00366ECA -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Win32Update (Malware.Trace) -> Data: C:\Windows\system32\adsmsexto.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|Win32Update (Malware.Trace) -> Data: C:\Windows\system32\adsmsexto.exe -> Quarantined and deleted successfully.
HKLM\System\CurrentControlSet\Control\Lsa|Win32Update (LSP.Hijacker) -> Data: C:\Windows\system32\adsmsexto.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.UserInit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and repaired successfully.

Folders Detected: 4
C:\ProgramData\CrucialSoft Ltd (Rogue.AV2009) -> Quarantined and deleted successfully.
C:\ProgramData\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.AV2009) -> Quarantined and deleted successfully.
C:\Windows\System32\lowsec (Stolen.data) -> Quarantined and deleted successfully.
C:\Windows\System32\sysloc (Trojan.BHO) -> Quarantined and deleted successfully.

Files Detected: 8
C:\Users\Steve\AppData\Local\Temp\Low\jar_cache7050.tmp (Trojan.FakeAlert.VGen) -> Quarantined and deleted successfully.
C:\487656.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\st_1243326795.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Windows\st_1243327208.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Windows\st_1243345222.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Windows\st_1243345637.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Windows\System32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\Windows\System32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.

(end)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-04-10 17:19:49
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 HDT722525DLA380 rev.V44OA9BA
Running: zykncpn9.exe; Driver: C:\Users\Steve\AppData\Local\Temp\kwtoypob.sys

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84F3A1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 84F3A1E8
Device \Driver\atapi \Device\Ide\IdePort0 84F3A1E8
Device \Driver\atapi \Device\Ide\IdePort1 84F3A1E8
Device \Driver\atapi \Device\Ide\IdePort2 84F3A1E8
Device \Driver\atapi \Device\Ide\IdePort3 84F3A1E8
Device \Driver\ampd0lrd \Device\Scsi\ampd0lrd1 86A671E8
Device \Driver\ampd0lrd \Device\Scsi\ampd0lrd1Port6Path0Target0Lun0 86A671E8
Device \FileSystem\Ntfs \Ntfs 84F3B1E8

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Processes - GMER 1.0.15 ----

Process PING.EXE (*** hidden *** ) 4892

---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
Run by Steve at 17:28:30 on 2012-04-10
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.2125 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Web\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Web\Apache2\bin\Apache.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Web\mysql\bin\mysqld-nt.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\System32\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\M-AudioTaskBarIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Web\Apache2\bin\ApacheMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Java\jdk1.6.0_03\bin\javaw.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bbc.co.uk/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DriverUpdaterPro] c:\program files\ixi tools\driver updater pro\DriverUpdaterPro.exe -t
uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [kdx] "c:\program files\kontiki\KHost.exe" -all
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Skytel] Skytel.exe
mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [EPSON Stylus DX6000 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibie.exe /fu "c:\windows\temp\E_SFDBE.tmp" /EF "HKCU"
dRunServices: [Win32Update] c:\windows\system32\adsmsexto.exe
StartupFolder: c:\users\steve\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\users\steve\appdata\roaming\micros~1\windows\startm~1\programs\startup\sdktra~1.lnk - c:\program files\java\jdk1.6.0_03\bin\javaw.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF2.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\web\apache2\bin\ApacheMonitor.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: localhost
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
DPF: {047C3241-279D-438A-BC34-9AD1C1910FC0} - hxxp://www.mathtutor.ac.uk/Differentiation/drs/DrsDnldProj1.cab
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswax65.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} - hxxps://download.yahoo.com/dl/installs/bt/yregucfg.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{43A44558-6C56-4CDA-80E8-358ED16E6DF9} : DhcpNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\steve\appdata\roaming\mozilla\firefox\profiles\vfue9ge0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/|http://www.google.co.uk/|http://www...-news/|http://promodeller.websitetoolbox.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bc85cb29a-10cf-4480-9a00-01060b6e0c30%7D&mid=c9326b458a7892fb5e580bd9ef323fd3-9a17500a96d428a5cdb8b2643968b9a928fc107f&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2011-10-12%2018%3A58%3A59&sap=ku&q=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\users\steve\appdata\roaming\mozilla\firefox\profiles\vfue9ge0.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\users\steve\appdata\roaming\mozilla\firefox\profiles\vfue9ge0.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - component: c:\users\steve\appdata\roaming\mozilla\firefox\profiles\vfue9ge0.default\extensions\{cf2812dc-6a7c-4402-b639-4d277dac4c36}\components\schemval.dll
FF - component: c:\users\steve\appdata\roaming\mozilla\firefox\profiles\vfue9ge0.default\extensions\{cf2812dc-6a7c-4402-b639-4d277dac4c36}\components\xforms.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-23 21504]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
S2 AeLookupSvcMDM;Application Experience AeLookupSvcMDM;o% srv --> o% srv [?]
S2 AeLookupSvcMDMCryptSvc;Application Experience AeLookupSvcMDM AeLookupSvcMDMCryptSvc;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
S2 AeLookupSvcMDMehRecvr;Application Experience AeLookupSvcMDM AeLookupSvcMDMehRecvr;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
S2 AeLookupSvcMDMehRecvrhkmsvcQWAVE;Application Experience AeLookupSvcMDM AeLookupSvcMDMehRecvr AeLookupSvcMDMehRecvrhkmsvcQWAVE;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
S2 AeLookupSvcMDMehRecvrhkmsvcQWAVEEPSON_PM_RPCV4_01;Application Experience AeLookupSvcMDM AeLookupSvcMDMehRecvr AeLookupSvcMDMehRecvrhkmsvcQWAVE AeLookupSvcMDMehRecvrhkmsvcQWAVEEPSON_PM_RPCV4_01;€û srv --> €û srv [?]
S2 AeLookupSvcMDMehRecvrhkmsvcQWAVEKeyIso;Application Experience AeLookupSvcMDM AeLookupSvcMDMehRecvr AeLookupSvcMDMehRecvrhkmsvcQWAVE AeLookupSvcMDMehRecvrhkmsvcQWAVEKeyIso;€û srv --> €û srv [?]
S2 AeLookupSvcMDMehRecvrW32Timep2pimsvc;Application Experience AeLookupSvcMDM AeLookupSvcMDMehRecvr AeLookupSvcMDMehRecvrW32Timep2pimsvc;€s/ srv --> €s/ srv [?]
S2 ALGmsvsmon80;Application Layer Gateway Service ALGmsvsmon80;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
S2 ALGmsvsmon80MSSQLServerADHelper;Application Layer Gateway Service ALGmsvsmon80 ALGmsvsmon80MSSQLServerADHelper;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
S2 Apache2slsvc;Apache2 Apache2slsvc;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
S2 AppinfoBFE;Application Information AppinfoBFE;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
S2 AppinfoBFEWPDBusEnum;Application Information AppinfoBFE AppinfoBFEWPDBusEnum;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
S2 AudioEndpointBuilderMSDTCLanmanServer;Windows Audio Endpoint Builder AudioEndpointBuilderMSDTCLanmanServer;àq% srv --> àq% srv [?]
S2 AudioEndpointBuilderTapiSrvDcomLaunchNetTcpPortSharing;Windows Audio Endpoint Builder AudioEndpointBuilderTapiSrvDcomLaunchNetTcpPortSharing;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
S2 AudiosrvMSSQLServerADHelperIKEEXT;Windows Audio AudiosrvMSSQLServerADHelperIKEEXT;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
S2 BFEDPSmsvsmon80;Base Filtering Engine BFEDPSmsvsmon80;@p srv --> @p srv [?]
S2 BFEupnphostmsiserver;Base Filtering Engine BFEupnphostmsiserver;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
S2 BITSApache2;Background Intelligent Transfer Service BITSApache2;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
S2 BITSSENSSysMain;Background Intelligent Transfer Service BITSSENSSysMain;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
S2 BITSslsvc;Background Intelligent Transfer Service BITSslsvc;€û srv --> €û srv [?]
S2 BITSslsvcAppinfoBFEWPDBusEnum;Background Intelligent Transfer Service BITSslsvc BITSslsvcAppinfoBFEWPDBusEnum;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
S2 BITSslsvcAppinfoBFEWPDBusEnumehSched;Background Intelligent Transfer Service BITSslsvc BITSslsvcAppinfoBFEWPDBusEnum BITSslsvcAppinfoBFEWPDBusEnumehSched;€û srv --> €û srv [?]
S2 BITSslsvcp2pimsvc;Background Intelligent Transfer Service BITSslsvc BITSslsvcp2pimsvc;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
S2 BITSslsvcp2pimsvcupnphostmsiserver;Background Intelligent Transfer Service BITSslsvc BITSslsvcp2pimsvc BITSslsvcp2pimsvcupnphostmsiserver;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
S2 BITSslsvcp2pimsvcupnphostmsiserverBrowser;Background Intelligent Transfer Service BITSslsvc BITSslsvcp2pimsvc BITSslsvcp2pimsvcupnphostmsiserver BITSslsvcp2pimsvcupnphostmsiserverBrowser;€û srv --> €û srv [?]
S2 BITSslsvcp2pimsvcupnphostmsiserverTapiSrvDcomLaunch;Background Intelligent Transfer Service BITSslsvc BITSslsvcp2pimsvc BITSslsvcp2pimsvcupnphostmsiserver BITSslsvcp2pimsvcupnphostmsiserverTapiSrvDcomLaunch;€û srv --> €û srv [?]
S2 BITSW32Timep2pimsvc;Background Intelligent Transfer Service BITSW32Timep2pimsvc;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
S2 BrlAPIEventSystemwscsvcmsvsmon80;BrlAPI BrlAPIEventSystemwscsvcmsvsmon80;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
S2 Browserhkmsvc;Computer Browser Browserhkmsvc;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
S2 BrowserhkmsvcNetTcpPortSharingnvsvc;Computer Browser Browserhkmsvc BrowserhkmsvcNetTcpPortSharingnvsvc;0q& srv --> 0q& srv [?]
S2 BrowserhkmsvcNetTcpPortSharingnvsvchidserv;Computer Browser Browserhkmsvc BrowserhkmsvcNetTcpPortSharingnvsvc BrowserhkmsvcNetTcpPortSharingnvsvchidserv;€û srv --> €û srv [?]
S2 BrowserhkmsvcPACSPTISVR;Computer Browser Browserhkmsvc BrowserhkmsvcPACSPTISVR;€û srv --> €û srv [?]
S2 BrowserhkmsvcSLUINotify;Computer Browser Browserhkmsvc BrowserhkmsvcSLUINotify;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
S2 BrowserhkmsvcSLUINotifynvsvcW32Time;Computer Browser Browserhkmsvc BrowserhkmsvcSLUINotify BrowserhkmsvcSLUINotifynvsvcW32Time;€û srv --> €û srv [?]
S2 BrowserhkmsvcSLUINotifynvsvcW32TimeSQLWriterWecsvc;Computer Browser Browserhkmsvc BrowserhkmsvcSLUINotify BrowserhkmsvcSLUINotifynvsvcW32Time BrowserhkmsvcSLUINotifynvsvcW32TimeSQLWriterWecsvc;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
S2 clr_optimization_v2.0.50727_32SstpSvcoseSPTISRV;Microsoft .NET Framework NGEN v2.0.50727_X86 clr_optimization_v2.0.50727_32SstpSvcoseSPTISRV;€û srv --> €û srv [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 COMSysAppMMCSS;COM+ System Application COMSysAppMMCSS;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
S2 DFSRWinHttpAutoProxySvc;DFS Replication DFSRWinHttpAutoProxySvc;o# srv --> o# srv [?]
S2 DnscachewmiApSrv;DNS Client DnscachewmiApSrv;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
S2 dot3svcSpooler;Wired AutoConfig dot3svcSpooler;Øo srv --> Øo srv [?]
S2 DPSmsvsmon80;Diagnostic Policy Service DPSmsvsmon80;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
S2 DPSmsvsmon80IDriverTBrowser;Diagnostic Policy Service DPSmsvsmon80 DPSmsvsmon80IDriverTBrowser;àq srv --> àq srv [?]
S2 DPSmsvsmon80MSDTCSharedAccess;Diagnostic Policy Service DPSmsvsmon80 DPSmsvsmon80MSDTCSharedAccess;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
S2 DPSSENSSysMain;Diagnostic Policy Service DPSSENSSysMain;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
S2 DPSupnphostmsiserver;Diagnostic Policy Service DPSupnphostmsiserver;øo` srv --> øo` srv [?]
S2 DPSupnphostmsiserverThemesNetTcpPortSharing;Diagnostic Policy Service DPSupnphostmsiserver DPSupnphostmsiserverThemesNetTcpPortSharing;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
S2 EapHostLanmanServerfdPHostUI0DetectDFSR;Extensible Authentication Protocol EapHostLanmanServerfdPHostUI0DetectDFSR;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
S2 EapHostTBS;Extensible Authentication Protocol EapHostTBS;øo srv --> øo srv [?]
S2 ehSchedTrustedInstallerWinmgmt;Windows Media Center Scheduler Service ehSchedTrustedInstallerWinmgmt;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
S2 ehstartMySQLWPDBusEnumBITS;Windows Media Center Service Launcher ehstartMySQLWPDBusEnumBITS;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
S2 EMDMgmtplaWMPNetworkSvcehstart;ReadyBoost EMDMgmtplaWMPNetworkSvcehstart;¨p srv --> ¨p srv [?]
S2 EventSystemMSiSCSI;COM+ Event System EventSystemMSiSCSI;@p) srv --> @p) srv [?]
S2 EventSystemwscsvc;COM+ Event System EventSystemwscsvc;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
S2 EventSystemwscsvcmsvsmon80;COM+ Event System EventSystemwscsvc EventSystemwscsvcmsvsmon80;Èp% srv --> Èp% srv [?]
S2 EventSystemwscsvcmsvsmon80OracleXETNSListenerwudfsvc;COM+ Event System EventSystemwscsvc EventSystemwscsvcmsvsmon80 EventSystemwscsvcmsvsmon80OracleXETNSListenerwudfsvc;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
S2 EventSystemwscsvcmsvsmon80OracleXETNSListenerwudfsvcW32TimefdPHost;COM+ Event System EventSystemwscsvc EventSystemwscsvcmsvsmon80 EventSystemwscsvcmsvsmon80OracleXETNSListenerwudfsvc EventSystemwscsvcmsvsmon80OracleXETNSListenerwudfsvcW32TimefdPHost;w) srv --> w) srv [?]
S2 EventSystemwscsvcmsvsmon80SENSSysMainSQLWriterWecsvc;COM+ Event System EventSystemwscsvc EventSystemwscsvcmsvsmon80 EventSystemwscsvcmsvsmon80SENSSysMainSQLWriterWecsvc;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
S2 fdPHostUI0DetectDFSR;Function Discovery Provider Host fdPHostUI0DetectDFSR;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
S2 FontCache3.0.0.0 Back-End Service;Windows Presentation Foundation Font Cache 3.0.0.0 FontCache3.0.0.0 Back-End Service;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
S2 hkmsvcQWAVE;Health Key and Certificate Management hkmsvcQWAVE;€û srv --> €û srv [?]
S2 hkmsvcQWAVEplaWMPNetworkSvcehstart;Health Key and Certificate Management hkmsvcQWAVE hkmsvcQWAVEplaWMPNetworkSvcehstart;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
S2 hkmsvcWSearch;Health Key and Certificate Management hkmsvcWSearch;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
S2 IDriverTBrowser;InstallDriver Table Manager IDriverTBrowser;øo# srv --> øo# srv [?]
S2 IDriverTBrowserSQLBrowser;InstallDriver Table Manager IDriverTBrowser IDriverTBrowserSQLBrowser;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
S2 IDriverTBrowserSQLBrowserProtectedStorageusnjsvc;InstallDriver Table Manager IDriverTBrowser IDriverTBrowserSQLBrowser IDriverTBrowserSQLBrowserProtectedStorageusnjsvc;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
S2 idsvcclr_optimization_v2.0.50727_32;Windows CardSpace idsvcclr_optimization_v2.0.50727_32;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
S2 idsvcwcncsvc;Windows CardSpace idsvcwcncsvc;(o
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 253600]
S3 AppServer9PE;SunJavaSystemAppserver9PE;c:\sun\sdk\lib\appservservice.exe "\"c:\sun\sdk\bin\asadmin.bat\" start-domain --user admin domain1" "\"c:\sun\sdk\bin\asadmin.bat\" stop-domain domain1\" --> c:\sun\sdk\lib\appservservice.exe \c:\sun\sdk\bin\asadmin.bat\ [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-3 1025352]
S3 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe --> c:\cygwin\bin\cygrunsrv.exe [?]
S3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\drivers\MAudioFastTrack.sys [2010-12-7 158344]
.
=============== Created Last 30 ================
.
2012-04-10 15:40:07 -------- d-----w- c:\users\steve\appdata\roaming\Malwarebytes
2012-04-10 15:40:00 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-10 15:40:00 -------- d-----w- c:\programdata\Malwarebytes
2012-04-10 15:40:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-09 17:25:51 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-06 14:29:33 -------- d-----w- c:\program files\iPod
2012-04-06 14:29:29 -------- d-----w- c:\program files\iTunes
2012-04-01 12:02:18 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-17 17:58:07 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-17 17:58:07 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-14 12:57:19 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 12:57:16 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-03-14 12:57:11 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 12:57:11 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 12:57:11 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 12:57:11 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 12:57:10 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 12:54:17 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-14 12:54:16 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 12:20:26 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2012-03-13 12:20:26 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
.
==================== Find3M ====================
.
2012-04-01 12:18:11 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 17:29:09.60 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 13/11/2007 15:17:49
System Uptime: 10/04/2012 17:04:05 (0 hours ago)
.
Motherboard: Foxconn | | 45GM/45CM
Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz | Socket 775 | 539/49mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 226 GiB total, 38.728 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
K: is CDROM ()
L: is FIXED (NTFS) - 466 GiB total, 150.848 GiB free.
S: is FIXED (NTFS) - 1 GiB total, 1.407 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Contribute CS4
Adobe Creative Suite 4 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader 7.0.8
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe Shockwave Player 11
Adobe SING CS4
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AnyDVD
Apache HTTP Server 2.0.63
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
AVG 2012
Avidemux 2.4
BBC iPlayer Desktop
Bonjour
BT Broadband Desktop Help
Compatibility Pack for the 2007 Office system
Connect
COWON Media Center - jetAudio Basic VX
DivX Codec
DivX Converter
DivX Web Player
Duke Xtreme Command Center
DVDx
EPSON Printer Software
EPSON Scan
FinePixViewer Resource
FinePixViewer Ver.5.4
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iTunes
J2SE Development Kit 5.0 Update 9
J2SE Runtime Environment 5.0 Update 9
Java 3D 1.5.2
Java Auto Updater
Java DB 10.6.2.1
Java Media Framework 2.1.1e
Java MP3 PlugIn
Java Platform, Enterprise Edition 5 SDK
Java(TM) 6 Update 27
Java(TM) 6 Update 3
Java(TM) SE Development Kit 6 Update 27
Java(TM) SE Development Kit 6 Update 3
jetVideo Basic VX
kuler
LADSPA_plugins-win-0.4.15
LDraw
M-Audio FastTrack Driver 6.0.6 (x86)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Compact Framework 1.0 SP3 Developer
Microsoft .NET Compact Framework 2.0
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Device Emulator version 1.0 - ENU
Microsoft Document Explorer 2005
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Office Visio Professional 2003
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 (SQLEXPRESS)
Microsoft SQL Server 2005 Books Online (English) (September 2007)
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
Microsoft SQL Server 2005 Tools
Microsoft SQL Server Management Studio Express
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2005 Professional Edition - ENU
Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601)
Mozilla Firefox 11.0 (x86 en-GB)
MySQL Server 5.0
NVIDIA Control Panel 275.33
NVIDIA Graphics Driver 275.33
NVIDIA Install Application
NVIDIA Stereoscopic 3D Driver
NVIDIA Update Components
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
Oracle Data Provider for .NET Help
Oracle Database 10g Express Edition
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
POV-Ray for Windows v3.1
POV-Ray for Windows v3.5
Power2Go 5.0
QuickTime
Quicktime Browser Plug-In
RAW FILE CONVERTER LE
RealPlayer
Realtek High Definition Audio Driver
Safari
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB2251481)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB2538218)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB2548826)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937061)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB947738)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB971023)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB973673)
Sky Anytime
SonicStage 4.3
Suite Shared Configuration CS4
Sun Java (TM) Wireless Toolkit 2.5.2_01 for CLDC
SuperNZB v3.2.1
Tile-based game
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB932232)
VC80CRTRedist - 8.0.50727.762
VLC media player 1.0.0
Vodei Multimedia Processor 2.10
Vuze
Vuze_Remote Toolbar
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Player Firefox Plugin
Windows Resource Kit Tools - SubInAcl.exe
WinRAR archiver
WinZip 15.0
Xvid 1.1.3 final uninstall
XviD MPEG4 Video Codec (remove only)
.
==== Event Viewer Messages From Past Week ========
.
10/04/2012 17:26:57, Error: Service Control Manager [7023] - The EIO service terminated with the following error: Access is denied.
10/04/2012 17:07:57, Error: Service Control Manager [7023] - The Msmpsvc service terminated with the following error: Access is denied.
10/04/2012 17:07:05, Error: Service Control Manager [7023] - The Nipxirmu service terminated with the following error: Access is denied.
10/04/2012 17:07:02, Error: Service Control Manager [7023] - The WaveFDE service terminated with the following error: Access is denied.
10/04/2012 17:07:02, Error: Service Control Manager [7023] - The VHidMinidrv service terminated with the following error: The specified module could not be found.
10/04/2012 17:07:02, Error: Service Control Manager [7023] - The Pinetmgr service terminated with the following error: Access is denied.
10/04/2012 17:07:02, Error: Service Control Manager [7023] - The MxlW2k service terminated with the following error: The specified module could not be found.
10/04/2012 17:07:02, Error: Service Control Manager [7023] - The MtxDma0 service terminated with the following error: The specified module could not be found.
10/04/2012 17:07:02, Error: Service Control Manager [7023] - The LVCap138 service terminated with the following error: Access is denied.
10/04/2012 17:07:02, Error: Service Control Manager [7023] - The JavaQuickStarterService service terminated with the following error: Access is denied.
10/04/2012 17:07:02, Error: Service Control Manager [7023] - The ESDCR service terminated with the following error: The specified module could not be found.
10/04/2012 17:07:02, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
10/04/2012 17:07:02, Error: Service Control Manager [7023] - The Cfosspeed service terminated with the following error: Access is denied.
10/04/2012 17:07:02, Error: Service Control Manager [7023] - The CAMFLT service terminated with the following error: The specified module could not be found.
10/04/2012 17:07:02, Error: Service Control Manager [7023] - The BrSerIf service terminated with the following error: Access is denied.
10/04/2012 17:07:02, Error: Service Control Manager [7023] - The Artdhcp service terminated with the following error: Access is denied.
10/04/2012 17:07:02, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
10/04/2012 17:07:02, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
10/04/2012 17:05:06, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer hp LaserJet 1150 PCL 5e with shared resource name hp LaserJet 1150 PCL 5e. Error 1753. The printer cannot be used by others on the network.
10/04/2012 17:05:06, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer EPSON Stylus DX6000 Series with shared resource name EPSON Stylus DX6000 Series. Error 1753. The printer cannot be used by others on the network.
10/04/2012 17:05:06, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Adobe PDF with shared resource name Adobe PDF. Error 1753. The printer cannot be used by others on the network.
10/04/2012 17:04:36, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
10/04/2012 15:38:28, Error: Service Control Manager [7023] - The VHidMinidrv service terminated with the following error: Access is denied.
10/04/2012 15:23:28, Error: Service Control Manager [7023] - The ESDCR service terminated with the following error: Access is denied.
10/04/2012 15:08:29, Error: Service Control Manager [7023] - The MtxDma0 service terminated with the following error: Access is denied.
10/04/2012 14:53:30, Error: Service Control Manager [7023] - The CAMFLT service terminated with the following error: Access is denied.
10/04/2012 14:52:54, Error: Service Control Manager [7023] - The MxlW2k service terminated with the following error: Access is denied.
10/04/2012 14:51:41, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer hp LaserJet 1150 PCL 5e with shared resource name hp LaserJet 1150 PCL 5e. Error 2114. The printer cannot be used by others on the network.
09/04/2012 11:40:31, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Image Acquisition (WIA) service to connect.
09/04/2012 11:40:31, Error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
08/04/2012 18:03:14, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
08/04/2012 18:03:14, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
08/04/2012 18:03:14, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
06/04/2012 15:22:19, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================

steve1965, Apr 10, 2012

#3
Broni Malware Annihilator Posts: 40,051 +187
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==================================================================

Download Bootkit Remover to your desktop.

Unzip downloaded file to your Desktop.

Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).

It will show a Black screen with some data on it.

Right click on the screen and click Select All.

Press CTRL+C

Open a Notepad and press CTRL+V

Post the output back here.
Broni, Apr 10, 2012

#4
steve1965 Newcomer, in training Posts: 37

MBR & Boot Cleaner Logs

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-10 17:55:31
-----------------------------
17:55:31.414 OS Version: Windows 6.0.6002 Service Pack 2
17:55:31.414 Number of processors: 2 586 0xF0D
17:55:31.415 ComputerName: STEVE-PC UserName: Steve
17:55:32.861 Initialize success
17:56:45.963 AVAST engine defs: 12041002
17:56:56.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
17:56:56.798 Disk 0 Vendor: HDT722525DLA380 V44OA9BA Size: 238475MB BusType: 3
17:56:56.809 Disk 0 MBR read successfully
17:56:56.812 Disk 0 MBR scan
17:56:56.816 Disk 0 Windows VISTA default MBR code
17:56:56.822 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 5500 MB offset 2048
17:56:56.835 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 1500 MB offset 11266048
17:56:56.849 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 231473 MB offset 14338048
17:56:56.856 Disk 0 scanning sectors +488394752
17:56:56.928 Disk 0 scanning C:\Windows\system32\drivers
17:57:10.508 File: C:\Windows\system32\drivers\serial.sys **INFECTED** Win32:Rootkit-gen [Rtk]
17:57:14.770 Disk 0 trace - called modules:
17:57:14.796 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86df3fd0]<<
17:57:14.803 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b77ac8]
17:57:14.808 3 CLASSPNP.SYS[8b3a48b3] -> nt!IofCallDriver -> [0x86b04578]
17:57:14.815 \Driver\00000817[0x86b046b0] -> IRP_MJ_CREATE -> 0x86df3fd0
17:57:16.621 AVAST engine scan C:\Windows
17:57:23.880 AVAST engine scan C:\Windows\system32
17:57:27.238 File: C:\Windows\system32\atiavaiw.dll **INFECTED** Win32:Sirefef-SM [Trj]
17:57:28.419 File: C:\Windows\system32\authsyssvc.dll **INFECTED** Win32:Sirefef-SM [Trj]
17:58:06.318 File: C:\Windows\system32\iolodmv.dll **INFECTED** Win32:Sirefef-SM [Trj]
17:58:15.336 File: C:\Windows\system32\lxbs_device.dll **INFECTED** Win32:Sirefef-SM [Trj]
17:58:19.266 File: C:\Windows\system32\mfebopk.dll **INFECTED** Win32:Sirefef-SM [Trj]
17:58:35.679 File: C:\Windows\system32\ndis.dll **INFECTED** Win32:Sirefef-SM [Trj]
17:59:04.659 File: C:\Windows\system32\osaio.dll **INFECTED** Win32:Sirefef-SM [Trj]
17:59:26.691 File: C:\Windows\system32\Sntnlusb.dll **INFECTED** Win32:Sirefef-SM [Trj]
17:59:40.782 File: C:\Windows\system32\VCAM.dll **INFECTED** Win32:Sirefef-SM [Trj]
17:59:44.369 File: C:\Windows\system32\websenseclientdeployservice.dll **INFECTED** Win32:Sirefef-SM [Trj]
17:59:51.826 File: C:\Windows\system32\wmp54gv4svc.dll **INFECTED** Win32:Sirefef-SM [Trj]
17:59:58.904 File: C:\Windows\system32\wzcsvc.dll **INFECTED** Win32:Sirefef-SM [Trj]
18:03:19.591 AVAST engine scan C:\Windows\system32\drivers
18:03:37.649 File: C:\Windows\system32\drivers\serial.sys **INFECTED** Win32:Rootkit-gen [Rtk]
18:03:54.352 AVAST engine scan C:\Users\Steve
19:18:47.536 File: C:\Users\Steve\AppData\Local\Temp\Low\jar_cache3594.tmp **INFECTED** Win32:Kryptik-HEY [Trj]
21:25:17.751 AVAST engine scan C:\ProgramData
21:37:47.118 Scan finished successfully
21:39:31.233 Disk 0 MBR has been saved successfully to "C:\Users\Steve\Desktop\MBR.dat"
21:39:31.233 The log file has been saved successfully to "C:\Users\Steve\Desktop\aswMBR.txt"

.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 Esage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.1
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6002), 32-bit
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000001`b5900000
.\boot_cleaner.cpp(276) : Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826
.\boot_cleaner.cpp(1061) :
.\boot_cleaner.cpp(1062) : Size Device Name MBR Status
.\boot_cleaner.cpp(1063) : --------------------------------------------
.\boot_cleaner.cpp(1107) : 232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1113) :
.\boot_cleaner.cpp(1152) : Done;

steve1965, Apr 11, 2012

#5

Broni Malware Annihilator Posts: 40,051 +187

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

Broni, Apr 11, 2012

#6

steve1965 Newcomer, in training Posts: 37

TDSSKiller log Part 1 (a-m)

16:35:14.0020 7156 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
16:35:14.0212 7156 ============================================================
16:35:14.0212 7156 Current date / time: 2012/04/11 16:35:14.0212
16:35:14.0212 7156 SystemInfo:
16:35:14.0212 7156
16:35:14.0212 7156 OS Version: 6.0.6002 ServicePack: 2.0
16:35:14.0212 7156 Product type: Workstation
16:35:14.0212 7156 ComputerName: STEVE-PC
16:35:14.0212 7156 UserName: Steve
16:35:14.0212 7156 Windows directory: C:\Windows
16:35:14.0212 7156 System windows directory: C:\Windows
16:35:14.0212 7156 Processor architecture: Intel x86
16:35:14.0212 7156 Number of processors: 2
16:35:14.0212 7156 Page size: 0x1000
16:35:14.0212 7156 Boot type: Normal boot
16:35:14.0212 7156 ============================================================
16:35:15.0456 7156 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
16:35:15.0523 7156 Drive \Device\Harddisk5\DR5 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:35:15.0536 7156 \Device\Harddisk0\DR0:
16:35:15.0537 7156 MBR used
16:35:15.0537 7156 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xABE800, BlocksNum 0x2EE000
16:35:15.0537 7156 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xDAC800, BlocksNum 0x1C418800
16:35:15.0537 7156 \Device\Harddisk5\DR5:
16:35:15.0538 7156 MBR used
16:35:15.0538 7156 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
16:35:15.0763 7156 Initialize success
16:35:15.0763 7156 ============================================================
16:35:39.0081 7084 ============================================================
16:35:39.0081 7084 Scan started
16:35:39.0081 7084 Mode: Manual;
16:35:39.0081 7084 ============================================================
16:35:41.0369 7084 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:35:41.0375 7084 ACPI - ok
16:35:41.0448 7084 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
16:35:41.0468 7084 adfs - ok
16:35:41.0565 7084 Adobe Version Cue CS4 (57a3b9a69f14414ace12afd6ba701773) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
16:35:41.0570 7084 Adobe Version Cue CS4 - ok
16:35:41.0763 7084 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:35:41.0767 7084 AdobeFlashPlayerUpdateSvc - ok
16:35:41.0831 7084 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
16:35:41.0840 7084 adp94xx - ok
16:35:41.0945 7084 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
16:35:41.0956 7084 adpahci - ok
16:35:42.0034 7084 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
16:35:42.0038 7084 adpu160m - ok
16:35:42.0082 7084 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
16:35:42.0087 7084 adpu320 - ok
16:35:42.0171 7084 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
16:35:42.0172 7084 AeLookupSvc - ok
16:35:42.0185 7084 AeLookupSvcMDM - ok
16:35:42.0259 7084 AeLookupSvcMDMCryptSvc - ok
16:35:42.0283 7084 AeLookupSvcMDMehRecvr - ok
16:35:42.0348 7084 AeLookupSvcMDMehRecvrhkmsvcQWAVE - ok
16:35:42.0358 7084 AeLookupSvcMDMehRecvrhkmsvcQWAVEEPSON_PM_RPCV4_01 - ok
16:35:42.0366 7084 AeLookupSvcMDMehRecvrhkmsvcQWAVEKeyIso - ok
16:35:42.0376 7084 AeLookupSvcMDMehRecvrW32Timep2pimsvc - ok
16:35:42.0440 7084 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:35:42.0445 7084 AFD - ok
16:35:42.0607 7084 AgereSoftModem (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys
16:35:42.0622 7084 AgereSoftModem - ok
16:35:42.0665 7084 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
16:35:42.0667 7084 agp440 - ok
16:35:43.0023 7084 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:35:43.0034 7084 aic78xx - ok
16:35:43.0166 7084 alcxsens (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\afd.dll
16:35:43.0178 7084 Suspicious file (NoAccess): C:\Windows\system32\afd.dll. md5: 11028c6a84a967070cb1286550f2058f
16:35:43.0179 7084 alcxsens ( Backdoor.Multi.ZAccess.gen ) - infected
16:35:43.0179 7084 alcxsens - detected Backdoor.Multi.ZAccess.gen (0)
16:35:43.0366 7084 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
16:35:43.0368 7084 ALG - ok
16:35:43.0437 7084 ALGmsvsmon80 - ok
16:35:43.0457 7084 ALGmsvsmon80MSSQLServerADHelper - ok
16:35:43.0515 7084 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
16:35:43.0516 7084 aliide - ok
16:35:43.0632 7084 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
16:35:43.0634 7084 amdagp - ok
16:35:43.0679 7084 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
16:35:43.0689 7084 amdide - ok
16:35:43.0757 7084 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
16:35:43.0774 7084 AmdK7 - ok
16:35:43.0792 7084 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
16:35:43.0793 7084 AmdK8 - ok
16:35:43.0893 7084 ANC (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\wmp54gv4svc.dll
16:35:43.0927 7084 Suspicious file (NoAccess): C:\Windows\system32\wmp54gv4svc.dll. md5: 11028c6a84a967070cb1286550f2058f
16:35:43.0927 7084 ANC ( Backdoor.Multi.ZAccess.gen ) - infected
16:35:43.0927 7084 ANC - detected Backdoor.Multi.ZAccess.gen (0)
16:35:44.0133 7084 AnyDVD (4f0e198fd3d5cd8bee02e0f014601bc5) C:\Windows\system32\Drivers\AnyDVD.sys
16:35:44.0148 7084 AnyDVD - ok
16:35:44.0211 7084 Apache2 (3c8b7e1e3f136c000c96690ac008c799) C:\Web\Apache2\bin\Apache.exe
16:35:44.0212 7084 Apache2 - ok
16:35:44.0264 7084 Apache2slsvc - ok
16:35:44.0336 7084 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
16:35:44.0337 7084 Appinfo - ok
16:35:44.0373 7084 AppinfoBFE - ok
16:35:44.0403 7084 AppinfoBFEWPDBusEnum - ok
16:35:44.0505 7084 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:35:44.0521 7084 Apple Mobile Device - ok
16:35:44.0756 7084 AppServer9PE - ok
16:35:44.0916 7084 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
16:35:44.0918 7084 arc - ok
16:35:44.0964 7084 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
16:35:44.0966 7084 arcsas - ok
16:35:45.0016 7084 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:35:45.0017 7084 AsyncMac - ok
16:35:45.0182 7084 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
16:35:45.0183 7084 atapi - ok
16:35:45.0232 7084 atmarpc (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\authsyssvc.dll
16:35:45.0241 7084 Suspicious file (NoAccess): C:\Windows\system32\authsyssvc.dll. md5: 11028c6a84a967070cb1286550f2058f
16:35:45.0242 7084 atmarpc ( Backdoor.Multi.ZAccess.gen ) - infected
16:35:45.0242 7084 atmarpc - detected Backdoor.Multi.ZAccess.gen (0)
16:35:45.0292 7084 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
16:35:45.0298 7084 AudioEndpointBuilder - ok
16:35:45.0302 7084 AudioEndpointBuilderMSDTCLanmanServer - ok
16:35:45.0359 7084 AudioEndpointBuilderTapiSrvDcomLaunchNetTcpPortSharing - ok
16:35:45.0406 7084 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
16:35:45.0409 7084 Audiosrv - ok
16:35:45.0431 7084 AudiosrvMSSQLServerADHelperIKEEXT - ok
16:35:45.0674 7084 AVG Security Toolbar Service (3a457c2f798cad79cd30224e723e01fb) C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
16:35:45.0690 7084 AVG Security Toolbar Service - ok
16:35:45.0859 7084 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
16:35:45.0971 7084 AVGIDSAgent - ok
16:35:46.0175 7084 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
16:35:46.0180 7084 AVGIDSDriver - ok
16:35:46.0221 7084 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
16:35:46.0225 7084 AVGIDSEH - ok
16:35:46.0245 7084 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
16:35:46.0246 7084 AVGIDSFilter - ok
16:35:46.0296 7084 AVGIDSShim (3fc2714e185c04308215d46730d41a94) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
16:35:46.0297 7084 AVGIDSShim - ok
16:35:46.0408 7084 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
16:35:46.0412 7084 Avgldx86 - ok
16:35:46.0488 7084 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
16:35:46.0489 7084 Avgmfx86 - ok
16:35:46.0588 7084 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
16:35:46.0593 7084 Avgrkx86 - ok
16:35:46.0667 7084 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
16:35:46.0672 7084 Avgtdix - ok
16:35:46.0775 7084 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
16:35:46.0778 7084 avgwd - ok
16:35:46.0874 7084 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:35:46.0886 7084 Beep - ok
16:35:46.0891 7084 BFEDPSmsvsmon80 - ok
16:35:46.0908 7084 BFEupnphostmsiserver - ok
16:35:47.0014 7084 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
16:35:47.0028 7084 BITS - ok
16:35:47.0349 7084 BITSApache2 - ok
16:35:47.0398 7084 BITSSENSSysMain - ok
16:35:47.0412 7084 BITSslsvc - ok
16:35:47.0437 7084 BITSslsvcAppinfoBFEWPDBusEnum - ok
16:35:47.0465 7084 BITSslsvcAppinfoBFEWPDBusEnumehSched - ok
16:35:47.0505 7084 BITSslsvcp2pimsvc - ok
16:35:47.0520 7084 BITSslsvcp2pimsvcupnphostmsiserver - ok
16:35:47.0529 7084 BITSslsvcp2pimsvcupnphostmsiserverBrowser - ok
16:35:47.0540 7084 BITSslsvcp2pimsvcupnphostmsiserverTapiSrvDcomLaunch - ok
16:35:47.0558 7084 BITSW32Timep2pimsvc - ok
16:35:47.0581 7084 blbdrive - ok
16:35:47.0683 7084 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
16:35:47.0692 7084 Bonjour Service - ok
16:35:47.0764 7084 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:35:47.0785 7084 bowser - ok
16:35:47.0855 7084 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:35:47.0857 7084 BrFiltLo - ok
16:35:47.0879 7084 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:35:47.0880 7084 BrFiltUp - ok
16:35:47.0896 7084 BrlAPI - ok
16:35:47.0947 7084 BrlAPIEventSystemwscsvcmsvsmon80 - ok
16:35:48.0118 7084 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
16:35:48.0121 7084 Browser - ok
16:35:48.0148 7084 Browserhkmsvc - ok
16:35:48.0159 7084 BrowserhkmsvcNetTcpPortSharingnvsvc - ok
16:35:48.0167 7084 BrowserhkmsvcNetTcpPortSharingnvsvchidserv - ok
16:35:48.0178 7084 BrowserhkmsvcPACSPTISVR - ok
16:35:48.0193 7084 BrowserhkmsvcSLUINotify - ok
16:35:48.0202 7084 BrowserhkmsvcSLUINotifynvsvcW32Time - ok
16:35:48.0218 7084 BrowserhkmsvcSLUINotifynvsvcW32TimeSQLWriterWecsvc - ok
16:35:48.0294 7084 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:35:48.0297 7084 Brserid - ok
16:35:48.0337 7084 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:35:48.0361 7084 BrSerWdm - ok
16:35:48.0398 7084 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:35:48.0399 7084 BrUsbMdm - ok
16:35:48.0422 7084 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:35:48.0426 7084 BrUsbSer - ok
16:35:48.0508 7084 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:35:48.0510 7084 BTHMODEM - ok
16:35:48.0584 7084 bwsvc (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\lvckap.dll
16:35:48.0621 7084 Suspicious file (NoAccess): C:\Windows\system32\lvckap.dll. md5: 11028c6a84a967070cb1286550f2058f
16:35:48.0622 7084 bwsvc ( Backdoor.Multi.ZAccess.gen ) - infected
16:35:48.0622 7084 bwsvc - detected Backdoor.Multi.ZAccess.gen (0)
16:35:48.0662 7084 cbidf2k (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\pavreport.dll
16:35:48.0668 7084 Suspicious file (NoAccess): C:\Windows\system32\pavreport.dll. md5: 11028c6a84a967070cb1286550f2058f
16:35:48.0669 7084 cbidf2k ( Backdoor.Multi.ZAccess.gen ) - infected
16:35:48.0669 7084 cbidf2k - detected Backdoor.Multi.ZAccess.gen (0)
16:35:48.0747 7084 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:35:48.0749 7084 cdfs - ok
16:35:48.0816 7084 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:35:48.0818 7084 cdrom - ok
16:35:48.0919 7084 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
16:35:48.0935 7084 CertPropSvc - ok
16:35:49.0000 7084 changer (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\avp.dll
16:35:49.0074 7084 Suspicious file (NoAccess): C:\Windows\system32\avp.dll. md5: 11028c6a84a967070cb1286550f2058f
16:35:49.0075 7084 changer ( Backdoor.Multi.ZAccess.gen ) - infected
16:35:49.0075 7084 changer - detected Backdoor.Multi.ZAccess.gen (0)
16:35:49.0388 7084 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
16:35:49.0403 7084 circlass - ok
16:35:49.0464 7084 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:35:49.0468 7084 CLFS - ok
16:35:49.0509 7084 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:35:49.0547 7084 clr_optimization_v2.0.50727_32 - ok
16:35:49.0554 7084 clr_optimization_v2.0.50727_32SstpSvcoseSPTISRV - ok
16:35:49.0648 7084 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:35:49.0652 7084 clr_optimization_v4.0.30319_32 - ok
16:35:49.0732 7084 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
16:35:49.0733 7084 CmBatt - ok
16:35:49.0772 7084 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
16:35:49.0774 7084 cmdide - ok
16:35:49.0832 7084 cmudau (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\SerTVOutCtlr.dll
16:35:49.0927 7084 Suspicious file (NoAccess): C:\Windows\system32\SerTVOutCtlr.dll. md5: 11028c6a84a967070cb1286550f2058f
16:35:49.0927 7084 cmudau ( Backdoor.Multi.ZAccess.gen ) - infected
16:35:49.0927 7084 cmudau - detected Backdoor.Multi.ZAccess.gen (0)
16:35:49.0997 7084 cobbmservice (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\iolodmv.dll
16:35:50.0005 7084 Suspicious file (NoAccess): C:\Windows\system32\iolodmv.dll. md5: 11028c6a84a967070cb1286550f2058f
16:35:50.0006 7084 cobbmservice ( Backdoor.Multi.ZAccess.gen ) - infected
16:35:50.0006 7084 cobbmservice - detected Backdoor.Multi.ZAccess.gen (0)
16:35:50.0208 7084 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:35:50.0224 7084 Compbatt - ok
16:35:50.0266 7084 COMSysApp - ok
16:35:50.0279 7084 COMSysAppMMCSS - ok
16:35:50.0321 7084 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
16:35:50.0322 7084 crcdisk - ok
16:35:50.0371 7084 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
16:35:50.0373 7084 Crusoe - ok
16:35:50.0447 7084 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
16:35:50.0449 7084 CryptSvc - ok
16:35:50.0524 7084 DCamUSBGrandTek (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\Sntnlusb.dll
16:35:50.0571 7084 Suspicious file (NoAccess): C:\Windows\system32\Sntnlusb.dll. md5: 11028c6a84a967070cb1286550f2058f
16:35:50.0571 7084 DCamUSBGrandTek ( Backdoor.Multi.ZAccess.gen ) - infected
16:35:50.0571 7084 DCamUSBGrandTek - detected Backdoor.Multi.ZAccess.gen (0)
16:35:50.0655 7084 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
16:35:50.0668 7084 DcomLaunch - ok
16:35:50.0752 7084 DcPTP (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\VCAM.dll
16:35:50.0763 7084 Suspicious file (NoAccess): C:\Windows\system32\VCAM.dll. md5: 11028c6a84a967070cb1286550f2058f
16:35:50.0764 7084 DcPTP ( Backdoor.Multi.ZAccess.gen ) - infected
16:35:50.0764 7084 DcPTP - detected Backdoor.Multi.ZAccess.gen (0)
16:35:50.0812 7084 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
16:35:50.0813 7084 DfsC - ok
16:35:51.0025 7084 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
16:35:51.0083 7084 DFSR - ok
16:35:51.0088 7084 DFSRWinHttpAutoProxySvc - ok
16:35:51.0411 7084 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
16:35:51.0415 7084 Dhcp - ok
16:35:51.0526 7084 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:35:51.0563 7084 disk - ok
16:35:51.0656 7084 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
16:35:51.0663 7084 Dnscache - ok
16:35:51.0701 7084 DnscachewmiApSrv - ok
16:35:51.0752 7084 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
16:35:51.0756 7084 dot3svc - ok
16:35:51.0765 7084 dot3svcSpooler - ok
16:35:51.0980 7084 dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
16:35:51.0983 7084 dot4 - ok
16:35:52.0178 7084 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:35:52.0210 7084 Dot4Print - ok
16:35:52.0332 7084 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
16:35:52.0334 7084 dot4usb - ok
16:35:52.0410 7084 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
16:35:52.0416 7084 DPS - ok
16:35:52.0471 7084 DPSmsvsmon80 - ok
16:35:52.0484 7084 DPSmsvsmon80IDriverTBrowser - ok
16:35:52.0515 7084 DPSmsvsmon80MSDTCSharedAccess - ok
16:35:52.0529 7084 DPSSENSSysMain - ok
16:35:52.0542 7084 DPSupnphostmsiserver - ok
16:35:52.0592 7084 DPSupnphostmsiserverThemesNetTcpPortSharing - ok
16:35:52.0656 7084 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:35:52.0665 7084 drmkaud - ok
16:35:52.0762 7084 dwmrcs (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\raysat3_4_6_18server.dll
16:35:52.0803 7084 Suspicious file (NoAccess): C:\Windows\system32\raysat3_4_6_18server.dll. md5: 11028c6a84a967070cb1286550f2058f
16:35:52.0804 7084 dwmrcs ( Backdoor.Multi.ZAccess.gen ) - infected
16:35:52.0804 7084 dwmrcs - detected Backdoor.Multi.ZAccess.gen (0)
16:35:52.0996 7084 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:35:53.0035 7084 DXGKrnl - ok
16:35:53.0110 7084 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:35:53.0127 7084 E1G60 - ok
16:35:53.0360 7084 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
16:35:53.0361 7084 EapHost - ok
16:35:53.0404 7084 EapHostLanmanServerfdPHostUI0DetectDFSR - ok
16:35:53.0414 7084 EapHostTBS - ok
16:35:53.0532 7084 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:35:53.0535 7084 Ecache - ok
16:35:53.0597 7084 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
16:35:53.0613 7084 ehRecvr - ok
16:35:53.0644 7084 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
16:35:53.0646 7084 ehSched - ok
16:35:53.0680 7084 ehSchedTrustedInstallerWinmgmt - ok
16:35:53.0697 7084 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
16:35:53.0698 7084 ehstart - ok
16:35:53.0723 7084 ehstartMySQLWPDBusEnumBITS - ok
16:35:53.0758 7084 elagopro - ok
16:35:53.0842 7084 ElbyCDIO (aaa8999a169e39fb8b48ae49cd6ac30a) C:\Windows\system32\Drivers\ElbyCDIO.sys
16:35:53.0845 7084 ElbyCDIO - ok
16:35:53.0962 7084 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
16:35:53.0970 7084 elxstor - ok
16:35:54.0251 7084 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
16:35:54.0261 7084 EMDMgmt - ok
16:35:54.0266 7084 EMDMgmtplaWMPNetworkSvcehstart - ok
16:35:54.0504 7084 EPSON_PM_RPCV4_01 (cdca791afa0483f44bba576dbfafd04d) C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
16:35:54.0527 7084 EPSON_PM_RPCV4_01 - ok
16:35:54.0764 7084 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
16:35:54.0794 7084 EventSystem - ok
16:35:54.0800 7084 EventSystemMSiSCSI - ok
16:35:54.0880 7084 EventSystemwscsvc - ok
16:35:54.0889 7084 EventSystemwscsvcmsvsmon80 - ok
16:35:55.0054 7084 EventSystemwscsvcmsvsmon80OracleXETNSListenerwudfsvc - ok
16:35:55.0061 7084 EventSystemwscsvcmsvsmon80OracleXETNSListenerwudfsvcW32TimefdPHost - ok
16:35:55.0271 7084 EventSystemwscsvcmsvsmon80SENSSysMainSQLWriterWecsvc - ok
16:35:55.0387 7084 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:35:55.0420 7084 exfat - ok
16:35:55.0509 7084 fallback (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\osaio.dll
16:35:55.0530 7084 Suspicious file (NoAccess): C:\Windows\system32\osaio.dll. md5: 11028c6a84a967070cb1286550f2058f
16:35:55.0531 7084 fallback ( Backdoor.Multi.ZAccess.gen ) - infected
16:35:55.0531 7084 fallback - detected Backdoor.Multi.ZAccess.gen (0)
16:35:55.0600 7084 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:35:55.0603 7084 fastfat - ok
16:35:55.0676 7084 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
16:35:55.0694 7084 fdc - ok
16:35:55.0766 7084 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
16:35:55.0768 7084 fdPHost - ok
16:35:55.0779 7084 fdPHostUI0DetectDFSR - ok
16:35:55.0811 7084 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
16:35:55.0828 7084 FDResPub - ok
16:35:55.0912 7084 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:35:55.0914 7084 FileInfo - ok
16:35:56.0053 7084 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:35:56.0070 7084 Filetrace - ok
16:35:56.0137 7084 firesvc - ok
16:35:56.0400 7084 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:35:56.0411 7084 FLEXnet Licensing Service - ok
16:35:56.0760 7084 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
16:35:56.0782 7084 flpydisk - ok
16:35:56.0899 7084 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:35:56.0903 7084 FltMgr - ok
16:35:57.0000 7084 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
16:35:57.0120 7084 FontCache - ok
16:35:57.0291 7084 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:35:57.0305 7084 FontCache3.0.0.0 - ok
16:35:57.0479 7084 FontCache3.0.0.0 Back-End Service - ok
16:35:57.0676 7084 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:35:57.0679 7084 Fs_Rec - ok
16:35:57.0708 7084 FXDrv32 - ok
16:35:57.0797 7084 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
16:35:57.0807 7084 gagp30kx - ok
16:35:57.0871 7084 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:35:57.0872 7084 GEARAspiWDM - ok
16:35:57.0956 7084 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
16:35:57.0975 7084 gpsvc - ok
16:35:58.0084 7084 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
16:35:58.0106 7084 HdAudAddService - ok
16:35:58.0351 7084 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:35:58.0361 7084 HDAudBus - ok
16:35:58.0446 7084 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:35:58.0448 7084 HidBth - ok
16:35:58.0480 7084 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:35:58.0487 7084 HidIr - ok
16:35:58.0520 7084 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
16:35:58.0522 7084 hidserv - ok
16:35:58.0566 7084 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:35:58.0584 7084 HidUsb - ok
16:35:58.0640 7084 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
16:35:58.0643 7084 hkmsvc - ok
16:35:58.0648 7084 hkmsvcQWAVE - ok
16:35:58.0687 7084 hkmsvcQWAVEplaWMPNetworkSvcehstart - ok
16:35:58.0711 7084 hkmsvcWSearch - ok
16:35:58.0771 7084 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
16:35:58.0772 7084 HpCISSs - ok
16:35:58.0864 7084 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
16:35:58.0872 7084 HTTP - ok
16:35:58.0904 7084 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
16:35:58.0905 7084 i2omp - ok
16:35:58.0982 7084 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:35:58.0986 7084 i8042prt - ok
16:35:59.0338 7084 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:35:59.0359 7084 ialm - ok
16:35:59.0511 7084 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
16:35:59.0515 7084 iaStorV - ok
16:35:59.0633 7084 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
16:35:59.0636 7084 IDriverT - ok
16:35:59.0643 7084 IDriverTBrowser - ok
16:35:59.0729 7084 IDriverTBrowserSQLBrowser - ok
16:35:59.0751 7084 IDriverTBrowserSQLBrowserProtectedStorageusnjsvc - ok
16:35:59.0857 7084 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:35:59.0871 7084 idsvc - ok
16:35:59.0929 7084 idsvcclr_optimization_v2.0.50727_32 - ok
16:35:59.0942 7084 idsvcwcncsvc - ok
16:35:59.0993 7084 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:35:59.0995 7084 iirsp - ok
16:36:00.0099 7084 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
16:36:00.0106 7084 IKEEXT - ok
16:36:00.0112 7084 IKEEXTehstart - ok
16:36:00.0287 7084 IKEEXTOracleXEClrAgentMpsSvc - ok
16:36:00.0349 7084 imonitor (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\USRpdA.dll
16:36:00.0459 7084 Suspicious file (NoAccess): C:\Windows\system32\USRpdA.dll. md5: 11028c6a84a967070cb1286550f2058f
16:36:00.0459 7084 imonitor ( Backdoor.Multi.ZAccess.gen ) - infected
16:36:00.0459 7084 imonitor - detected Backdoor.Multi.ZAccess.gen (0)
16:36:00.0680 7084 IntcAzAudAddService (4fa59a84069d9d0991bae34cc4aff99c) C:\Windows\system32\drivers\RTKVHDA.sys
16:36:00.0709 7084 IntcAzAudAddService - ok
16:36:00.0797 7084 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
16:36:00.0798 7084 intelide - ok
16:36:00.0827 7084 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:36:00.0842 7084 intelppm - ok
16:36:00.0898 7084 iomegaaccess (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\vmkbd.dll
16:36:00.0906 7084 Suspicious file (NoAccess): C:\Windows\system32\vmkbd.dll. md5: 11028c6a84a967070cb1286550f2058f
16:36:00.0907 7084 iomegaaccess ( Backdoor.Multi.ZAccess.gen ) - infected
16:36:00.0907 7084 iomegaaccess - detected Backdoor.Multi.ZAccess.gen (0)
16:36:00.0955 7084 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
16:36:00.0958 7084 IPBusEnum - ok
16:36:01.0068 7084 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:36:01.0072 7084 IpFilterDriver - ok
16:36:01.0077 7084 iphlpsvciphlpsvc - ok
16:36:01.0087 7084 iphlpsvcPolicyAgent - ok
16:36:01.0205 7084 iphlpsvcRemoteAccessPNRPAutoReg - ok
16:36:01.0216 7084 iphlpsvcRemoteAccessPNRPAutoRegnvsvcW32Time - ok
16:36:01.0230 7084 iphlpsvcRemoteAccessPNRPAutoRegnvsvcW32TimeKService - ok
16:36:01.0251 7084 iphlpsvcRemoteAccessPNRPAutoRegnvsvcW32TimeMSCSPTISRVTapiSrvMSCSPTISRV - ok
16:36:01.0268 7084 IpInIp - ok
16:36:01.0300 7084 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
16:36:01.0302 7084 IPMIDRV - ok
16:36:01.0337 7084 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:36:01.0339 7084 IPNAT - ok
16:36:01.0491 7084 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
16:36:01.0505 7084 iPod Service - ok
16:36:01.0631 7084 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
16:36:01.0635 7084 irda - ok
16:36:01.0655 7084 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:36:01.0662 7084 IRENUM - ok
16:36:01.0733 7084 Irmon (cbb0d940221a281bcfeaea695bd1cda5) C:\Windows\System32\irmon.dll
16:36:01.0737 7084 Irmon - ok
16:36:01.0743 7084 IrmonShellHWDetection - ok
16:36:01.0844 7084 irsir (5896b5ff6332ab2be1582523e9656a67) C:\Windows\system32\DRIVERS\irsir.sys
16:36:01.0845 7084 irsir - ok
16:36:01.0875 7084 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
16:36:01.0876 7084 isapnp - ok
16:36:01.0917 7084 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
16:36:01.0936 7084 iScsiPrt - ok
16:36:01.0983 7084 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:36:01.0984 7084 iteatapi - ok
16:36:02.0100 7084 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:36:02.0101 7084 iteraid - ok
16:36:02.0135 7084 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:36:02.0138 7084 kbdclass - ok
16:36:02.0372 7084 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
16:36:02.0373 7084 kbdhid - ok
16:36:02.0455 7084 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:36:02.0457 7084 KeyIso - ok
16:36:02.0517 7084 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
16:36:02.0526 7084 KSecDD - ok
16:36:02.0714 7084 KService (70ceefe43cb746dd04a884c84a7ebaa3) C:\Program Files\Kontiki\KService.exe
16:36:02.0761 7084 KService - ok
16:36:02.0869 7084 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
16:36:02.0888 7084 KtmRm - ok
16:36:02.0938 7084 KtmRmp2pimsvc - ok
16:36:02.0948 7084 KtmRmTapiSrvDcomLaunchNetTcpPortSharing - ok
16:36:03.0006 7084 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
16:36:03.0011 7084 LanmanServer - ok
16:36:03.0016 7084 LanmanServerfdPHostUI0DetectDFSR - ok
16:36:03.0071 7084 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
16:36:03.0077 7084 LanmanWorkstation - ok
16:36:03.0439 7084 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:36:03.0441 7084 lltdio - ok
16:36:03.0491 7084 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
16:36:03.0496 7084 lltdsvc - ok
16:36:03.0548 7084 lltdsvcEventSystemwscsvcmsvsmon80SENSSysMainSQLWriterWecsvc - ok
16:36:03.0554 7084 lltdsvcidsvc - ok
16:36:03.0565 7084 lltdsvcSQLWriter - ok
16:36:03.0589 7084 lltdsvcSQLWriterSstpSvcoseSPTISRV - ok
16:36:03.0621 7084 lltdsvcSQLWriterSstpSvcoseSPTISRVpla - ok
16:36:03.0637 7084 lltdsvcSQLWriterSstpSvcoseSPTISRVplaOracleXETNSListenerwudfsvc - ok
16:36:03.0666 7084 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
16:36:03.0668 7084 lmhosts - ok
16:36:03.0682 7084 lmhostsALGmsvsmon80 - ok
16:36:03.0691 7084 lmhostsALGmsvsmon80TapiSrvDcomLaunchNetTcpPortSharing - ok
16:36:03.0708 7084 lmhostsALGmsvsmon80vds - ok
16:36:03.0726 7084 lmhostshkmsvc - ok
16:36:03.0771 7084 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
16:36:03.0775 7084 LSI_FC - ok
16:36:03.0818 7084 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
16:36:03.0835 7084 LSI_SAS - ok
16:36:03.0884 7084 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
16:36:03.0886 7084 LSI_SCSI - ok
16:36:03.0944 7084 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:36:03.0946 7084 luafv - ok
16:36:03.0991 7084 lvselsus (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\atiavaiw.dll
16:36:04.0009 7084 Suspicious file (NoAccess): C:\Windows\system32\atiavaiw.dll. md5: 11028c6a84a967070cb1286550f2058f
16:36:04.0009 7084 lvselsus ( Backdoor.Multi.ZAccess.gen ) - infected
16:36:04.0009 7084 lvselsus - detected Backdoor.Multi.ZAccess.gen (0)
16:36:04.0060 7084 lvuvc (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\Sus2pl.dll
16:36:04.0081 7084 Suspicious file (NoAccess): C:\Windows\system32\Sus2pl.dll. md5: 11028c6a84a967070cb1286550f2058f
16:36:04.0081 7084 lvuvc ( Backdoor.Multi.ZAccess.gen ) - infected
16:36:04.0081 7084 lvuvc - detected Backdoor.Multi.ZAccess.gen (0)
16:36:04.0301 7084 Macromedia Licensing Service (d5ba9b816afef5292fe13c9a6267b6ab) C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
16:36:04.0305 7084 Macromedia Licensing Service - ok
16:36:04.0509 7084 MAUSBFASTTRACK (862d7bd3be3399670a7e3358ce7e6344) C:\Windows\system32\DRIVERS\MAudioFastTrack.sys
16:36:04.0513 7084 MAUSBFASTTRACK - ok
16:36:04.0607 7084 McciCMService (a19444bed5aa69e4dbe7a68cc334591f) C:\Program Files\Common Files\Motive\McciCMService.exe
16:36:04.0613 7084 McciCMService - ok
16:36:04.0726 7084 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
16:36:04.0729 7084 mcdbus - ok
16:36:04.0792 7084 mclserviceatl (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\timounter.dll
16:36:04.0855 7084 Suspicious file (NoAccess): C:\Windows\system32\timounter.dll. md5: 11028c6a84a967070cb1286550f2058f
16:36:04.0855 7084 mclserviceatl ( Backdoor.Multi.ZAccess.gen ) - infected
16:36:04.0856 7084 mclserviceatl - detected Backdoor.Multi.ZAccess.gen (0)
16:36:04.0946 7084 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2svc.dll
16:36:04.0949 7084 Mcx2Svc - ok
16:36:04.0959 7084 Mcx2SvcDhcp - ok
16:36:04.0992 7084 Mcx2SvcSDRSVC - ok
16:36:05.0008 7084 Mcx2SvcShellHWDetectionupnphostpla - ok
16:36:05.0024 7084 Mcx2SvcShellHWDetectionupnphostplaMMCSSWdiSystemHostnvsvc - ok
16:36:05.0040 7084 Mcx2SvcTHREADORDER - ok
16:36:05.0075 7084 Mcx2SvcTHREADORDERusnjsvcRasManFontCache3.0.0.0 - ok
16:36:05.0092 7084 Mcx2SvcWinHttpAutoProxySvcAeLookupSvcMDM - ok
16:36:05.0119 7084 Mcx2SvcWinHttpAutoProxySvcAeLookupSvcMDMNlaSvcSENSswprv - ok
16:36:05.0430 7084 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
16:36:05.0435 7084 MDM - ok
16:36:05.0548 7084 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
16:36:05.0549 7084 megasas - ok
16:36:05.0592 7084 mfcom (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\websenseclientdeployservice.dll
16:36:05.0603 7084 Suspicious file (NoAccess): C:\Windows\system32\websenseclientdeployservice.dll. md5: 11028c6a84a967070cb1286550f2058f
16:36:05.0603 7084 mfcom ( Backdoor.Multi.ZAccess.gen ) - infected
16:36:05.0603 7084 mfcom - detected Backdoor.Multi.ZAccess.gen (0)
16:36:05.0661 7084 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
16:36:05.0664 7084 MMCSS - ok
16:36:05.0736 7084 MMCSSMMCSSWdiSystemHost - ok
16:36:05.0748 7084 MMCSSMMCSSWdiSystemHostKtmRmTapiSrvDcomLaunchNetTcpPortSharing - ok
16:36:05.0757 7084 MMCSSWdiSystemHost - ok
16:36:05.0769 7084 MMCSSWdiSystemHostnvsvc - ok
16:36:05.0822 7084 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:36:05.0824 7084 Modem - ok
16:36:05.0859 7084 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:36:05.0861 7084 monitor - ok
16:36:05.0911 7084 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:36:05.0913 7084 mouclass - ok
16:36:06.0005 7084 moufiltr (baa4ed3c323bee7ebc144c7d232220a8) C:\Windows\system32\DRIVERS\moufiltr.sys
16:36:06.0007 7084 moufiltr - ok
16:36:06.0025 7084 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:36:06.0029 7084 mouhid - ok
16:36:06.0051 7084 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:36:06.0056 7084 MountMgr - ok
16:36:06.0104 7084 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
16:36:06.0121 7084 mpio - ok
16:36:06.0326 7084 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:36:06.0332 7084 mpsdrv - ok
16:36:06.0338 7084 MpsSvcBrlAPI - ok
16:36:06.0357 7084 MpsSvcNlaSvc - ok
16:36:06.0376 7084 MpsSvcNlaSvcCertPropSvc - ok
16:36:06.0399 7084 MpsSvcSCPolicySvc - ok
16:36:06.0418 7084 MpsSvcSCPolicySvclmhostshkmsvc - ok
16:36:06.0431 7084 MpsSvcSCPolicySvclmhostshkmsvcWMPNetworkSvc - ok
16:36:06.0470 7084 MpsSvcSPTISRV - ok
16:36:06.0515 7084 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:36:06.0516 7084 Mraid35x - ok
16:36:06.0629 7084 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
16:36:06.0639 7084 MREMP50 - ok
16:36:06.0687 7084 MREMPR5 - ok
16:36:06.0720 7084 MRENDIS5 - ok
16:36:06.0746 7084 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
16:36:06.0749 7084 MRESP50 - ok
16:36:06.0844 7084 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
16:36:06.0847 7084 MRxDAV - ok
16:36:06.0900 7084 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:36:06.0903 7084 mrxsmb - ok
16:36:06.0924 7084 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:36:06.0928 7084 mrxsmb10 - ok
16:36:06.0967 7084 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:36:06.0970 7084 mrxsmb20 - ok
16:36:07.0073 7084 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
16:36:07.0100 7084 msahci - ok
16:36:07.0306 7084 MSCSPTISRV (8e46a7bac823dd82d4fb2a34c3df4c1d) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
16:36:07.0386 7084 MSCSPTISRV - ok
16:36:07.0392 7084 MSCSPTISRViphlpsvcRemoteAccessPNRPAutoRegnvsvcW32Time - ok
16:36:07.0403 7084 MSCSPTISRVTapiSrvMSCSPTISRV - ok
16:36:07.0494 7084 MSCSPTISRVTapiSrvMSCSPTISRVSENSSysMainSQLWriterWecsvc - ok
16:36:07.0613 7084 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
16:36:07.0630 7084 msdsm - ok
16:36:07.0671 7084 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
16:36:07.0675 7084 MSDTC - ok
16:36:07.0769 7084 MSDTCLanmanServer - ok
16:36:07.0789 7084 MSDTCSharedAccess - ok
16:36:07.0855 7084 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:36:07.0866 7084 Msfs - ok
16:36:07.0962 7084 msftesql$SQLEXPRESS (54819fc5c79e4b2c6e896f9de440494d) c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
16:36:07.0964 7084 msftesql$SQLEXPRESS - ok
16:36:07.0970 7084 msftesql$SQLEXPRESSseclogon - ok
16:36:08.0061 7084 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:36:08.0064 7084 msisadrv - ok
16:36:08.0128 7084 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
16:36:08.0142 7084 MSiSCSI - ok
16:36:08.0176 7084 MSiSCSIPACSPTISVR - ok
16:36:08.0193 7084 MSiSCSISSScsiSVSENS - ok
16:36:08.0224 7084 MSiSCSISSScsiSVSENSMSDTCSharedAccess - ok
16:36:08.0241 7084 msiserver - ok
16:36:08.0286 7084 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:36:08.0288 7084 MSKSSRV - ok
16:36:08.0405 7084 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:36:08.0408 7084 MSPCLOCK - ok
16:36:08.0438 7084 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:36:08.0440 7084 MSPQM - ok
16:36:08.0488 7084 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
16:36:08.0491 7084 MsRPC - ok
16:36:08.0572 7084 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:36:08.0577 7084 mssmbios - ok
16:36:08.0692 7084 MSSQL$SQLEXPRESS - ok
16:36:08.0717 7084 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
16:36:08.0742 7084 MSSQLServerADHelper - ok
16:36:08.0748 7084 MSSQLServerADHelperIKEEXT - ok
16:36:08.0814 7084 MSSQLServerADHelperMDM - ok
16:36:08.0862 7084 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:36:08.0863 7084 MSTEE - ok
16:36:09.0061 7084 msvsmon80 (211fc58c9dbd1f3a824e34023d16babc) C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe
16:36:09.0111 7084 msvsmon80 - ok
16:36:09.0368 7084 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
16:36:09.0369 7084 Mup - ok
16:36:09.0426 7084 MXOPSWD (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\ndis.dll
16:36:09.0437 7084 Suspicious file (NoAccess): C:\Windows\system32\ndis.dll. md5: 11028c6a84a967070cb1286550f2058f
16:36:09.0437 7084 MXOPSWD ( Backdoor.Multi.ZAccess.gen ) - infected
16:36:09.0437 7084 MXOPSWD - detected Backdoor.Multi.ZAccess.gen (0)
16:36:09.0491 7084 MySQL - ok
16:36:09.0635 7084 MySQLmsftesql$SQLEXPRESS - ok
16:36:09.0645 7084 MySQLmsftesql$SQLEXPRESSSpoolerPlugPlay - ok
16:36:09.0666 7084 MySQLWPDBusEnum - ok
16:36:09.0720 7084 MySQLWPDBusEnumBITS - ok
16:36:09.0762 7084 MySQLWPDBusEnumBITSDPSupnphostmsiserver - ok
16:36:09.0771 7084 MySQLWPDBusEnumSCPolicySvcWinDefendBFE - ok

steve1965, Apr 11, 2012

#7
steve1965 Newcomer, in training Posts: 37

TDSSKIller log part 2 (n-s)

16:36:09.0827 7084 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
16:36:09.0837 7084 napagent - ok
16:36:09.0888 7084 napagentBFE - ok
16:36:09.0948 7084 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
16:36:09.0954 7084 NativeWifiP - ok
16:36:10.0026 7084 naveng (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\wg3n.dll
16:36:10.0091 7084 Suspicious file (NoAccess): C:\Windows\system32\wg3n.dll. md5: 11028c6a84a967070cb1286550f2058f
16:36:10.0092 7084 naveng ( Backdoor.Multi.ZAccess.gen ) - infected
16:36:10.0092 7084 naveng - detected Backdoor.Multi.ZAccess.gen (0)
16:36:10.0246 7084 nbservice (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\rpaservice.dll
16:36:10.0256 7084 Suspicious file (NoAccess): C:\Windows\system32\rpaservice.dll. md5: 11028c6a84a967070cb1286550f2058f
16:36:10.0256 7084 nbservice ( Backdoor.Multi.ZAccess.gen ) - infected
16:36:10.0256 7084 nbservice - detected Backdoor.Multi.ZAccess.gen (0)
16:36:10.0539 7084 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
16:36:10.0550 7084 NDIS - ok
16:36:10.0600 7084 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:36:10.0601 7084 NdisTapi - ok
16:36:10.0644 7084 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:36:10.0645 7084 Ndisuio - ok
16:36:10.0730 7084 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:36:10.0776 7084 NdisWan - ok
16:36:10.0823 7084 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:36:10.0825 7084 NDProxy - ok
16:36:10.0866 7084 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:36:10.0867 7084 NetBIOS - ok
16:36:10.0981 7084 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
16:36:11.0005 7084 netbt - ok
16:36:11.0061 7084 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:36:11.0063 7084 Netlogon - ok
16:36:11.0069 7084 NetlogonNetlogon - ok
16:36:11.0124 7084 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
16:36:11.0145 7084 Netman - ok
16:36:11.0413 7084 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
16:36:11.0419 7084 netprofm - ok
16:36:11.0489 7084 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:36:11.0495 7084 NetTcpPortSharing - ok
16:36:11.0552 7084 NetTcpPortSharingnvsvc - ok
16:36:11.0564 7084 NetTcpPortSharingnvsvcSamSs - ok
16:36:11.0582 7084 NetTcpPortSharingnvsvcWinmgmt - ok
16:36:11.0599 7084 NetTcpPortSharingPcaSvcMMCSS - ok
16:36:11.0728 7084 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
16:36:11.0761 7084 NETw3v32 - ok
16:36:11.0848 7084 netw4x32 (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\lxbs_device.dll
16:36:11.0872 7084 Suspicious file (NoAccess): C:\Windows\system32\lxbs_device.dll. md5: 11028c6a84a967070cb1286550f2058f
16:36:11.0872 7084 netw4x32 ( Backdoor.Multi.ZAccess.gen ) - infected
16:36:11.0872 7084 netw4x32 - detected Backdoor.Multi.ZAccess.gen (0)
16:36:11.0935 7084 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:36:11.0936 7084 nfrd960 - ok
16:36:11.0984 7084 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
16:36:11.0989 7084 NlaSvc - ok
16:36:12.0038 7084 NlaSvcSENSswprv - ok
16:36:12.0047 7084 NlaSvcswprvCOMSysApp - ok
16:36:12.0067 7084 NlaSvcwscsvcSCPolicySvc - ok
16:36:12.0159 7084 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
16:36:12.0193 7084 Npfs - ok
16:36:12.0270 7084 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
16:36:12.0273 7084 nsi - ok
16:36:12.0366 7084 nsinapagentBFE - ok
16:36:12.0372 7084 nsinapagentBFEDnscachewmiApSrv - ok
16:36:12.0382 7084 nsinapagentBFEDnscachewmiApSrvupnphostmsiserver - ok
16:36:12.0391 7084 nsinapagentBFETHREADORDER - ok
16:36:12.0504 7084 nsinapagentBFETHREADORDERBrowserhkmsvcSLUINotify - ok
16:36:12.0512 7084 nsinapagentBFETHREADORDERBrowserhkmsvcSLUINotifyDPSSENSSysMain - ok
16:36:12.0552 7084 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:36:12.0554 7084 nsiproxy - ok
16:36:12.0582 7084 nsiSENSSysMain - ok
16:36:12.0639 7084 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
16:36:12.0659 7084 Ntfs - ok
16:36:12.0726 7084 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:36:12.0740 7084 ntrigdigi - ok
16:36:12.0811 7084 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:36:12.0813 7084 Null - ok
16:36:12.0863 7084 nuvaud2 (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\CBN.dll
16:36:12.0894 7084 Suspicious file (NoAccess): C:\Windows\system32\CBN.dll. md5: 11028c6a84a967070cb1286550f2058f
16:36:12.0894 7084 nuvaud2 ( Backdoor.Multi.ZAccess.gen ) - infected
16:36:12.0894 7084 nuvaud2 - detected Backdoor.Multi.ZAccess.gen (0)
16:36:13.0211 7084 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:36:13.0757 7084 nvlddmkm - ok
16:36:13.0911 7084 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
16:36:13.0914 7084 nvraid - ok
16:36:13.0942 7084 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
16:36:13.0947 7084 nvstor - ok
16:36:14.0004 7084 nvsvc (7c732aff202dcd06c3d262966d71604c) C:\Windows\system32\nvvsvc.exe
16:36:14.0016 7084 nvsvc - ok
16:36:14.0030 7084 nvsvcNetTcpPortSharing - ok
16:36:14.0129 7084 nvsvcNetTcpPortSharingW32Time - ok
16:36:14.0147 7084 nvsvcNetTcpPortSharingW32TimeDPS - ok
16:36:14.0161 7084 nvsvcW32Time - ok
16:36:14.0180 7084 nvsvcW32TimeSstpSvcoseSPTISRVusnjsvc - ok
16:36:14.0518 7084 nvUpdatusService (262d2fbf211a88dcb84249df0f6ef6e7) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
16:36:14.0553 7084 nvUpdatusService - ok
16:36:14.0867 7084 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
16:36:14.0876 7084 nv_agp - ok
16:36:14.0914 7084 NwlnkFlt - ok
16:36:14.0931 7084 NwlnkFwd - ok
16:36:14.0972 7084 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
16:36:14.0974 7084 ohci1394 - ok
16:36:15.0007 7084 OracleJobSchedulerXE - ok
16:36:15.0071 7084 OracleJobSchedulerXEShellHWDetectionupnphost - ok
16:36:15.0090 7084 OracleJobSchedulerXEWinDefendBFEAppinfoBFEnapagent - ok
16:36:15.0107 7084 OracleMTSRecoveryService - ok
16:36:15.0118 7084 OracleMTSRecoveryServiceCryptSvc - ok
16:36:15.0125 7084 OracleServiceXE - ok
16:36:15.0144 7084 OracleServiceXELanmanServer - ok
16:36:15.0169 7084 OracleServiceXEMySQLmsftesql$SQLEXPRESS - ok
16:36:15.0175 7084 OracleServiceXEUxSms - ok
16:36:15.0188 7084 OracleXEClrAgent - ok
16:36:15.0194 7084 OracleXEClrAgentMpsSvc - ok
16:36:15.0261 7084 OracleXEClrAgentswprvCOMSysApp - ok
16:36:15.0279 7084 OracleXEClrAgentswprvCOMSysAppALGmsvsmon80 - ok
16:36:15.0424 7084 OracleXEClrAgentswprvCOMSysAppEventSystemwscsvcmsvsmon80SENSSysMainSQLWriterWecsvc - ok
16:36:15.0468 7084 OracleXETNSListener (8af936ce45788974efff7d0f19143583) C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
16:36:15.0508 7084 OracleXETNSListener - ok
16:36:15.0546 7084 OracleXETNSListenerwudfsvc - ok
16:36:15.0554 7084 OracleXETNSListenerwudfsvcmsftesql$SQLEXPRESS - ok
16:36:15.0660 7084 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:36:15.0665 7084 ose - ok
16:36:15.0674 7084 oseidsvcclr_optimization_v2.0.50727_32 - ok
16:36:15.0710 7084 oseMMCSS - ok
16:36:15.0718 7084 oseSstpSvcose - ok
16:36:15.0732 7084 oseTermService - ok
16:36:15.0752 7084 oseTermServicePlugPlay - ok
16:36:15.0815 7084 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:36:15.0826 7084 p2pimsvc - ok
16:36:15.0868 7084 p2pimsvcSSScsiSVSENS - ok
16:36:15.0907 7084 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:36:15.0913 7084 p2psvc - ok
16:36:15.0928 7084 p2psvcWerSvc - ok
16:36:15.0940 7084 p2psvcWerSvcidsvcwcncsvc - ok
16:36:16.0034 7084 PACSPTISVR (753a8f339f231d2b857e2ccd51a6e6ca) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
16:36:16.0038 7084 PACSPTISVR - ok
16:36:16.0045 7084 PACSPTISVR Back-End Service - ok
16:36:16.0056 7084 PACSPTISVRAeLookupSvc - ok
16:36:16.0158 7084 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
16:36:16.0160 7084 Parport - ok
16:36:16.0259 7084 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
16:36:16.0261 7084 partmgr - ok
16:36:16.0295 7084 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
16:36:16.0298 7084 Parvdm - ok
16:36:16.0528 7084 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
16:36:16.0531 7084 PcaSvc - ok
16:36:16.0540 7084 PcaSvcMMCSS - ok
16:36:16.0609 7084 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
16:36:16.0619 7084 pci - ok
16:36:16.0683 7084 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
16:36:16.0685 7084 pciide - ok
16:36:16.0750 7084 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
16:36:16.0768 7084 pcmcia - ok
16:36:16.0834 7084 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:36:16.0851 7084 PEAUTH - ok
16:36:17.0003 7084 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
16:36:17.0048 7084 pla - ok
16:36:17.0093 7084 plaAeLookupSvc - ok
16:36:17.0166 7084 plaSSScsiSVwscsvc - ok
16:36:17.0178 7084 plausnjsvcRasMan - ok
16:36:17.0183 7084 plaWMPNetworkSvcehstart - ok
16:36:17.0314 7084 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
16:36:17.0369 7084 PlugPlay - ok
16:36:17.0466 7084 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:36:17.0473 7084 PNRPAutoReg - ok
16:36:17.0497 7084 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:36:17.0504 7084 PNRPsvc - ok
16:36:17.0696 7084 PNRPsvcNetlogon - ok
16:36:17.0703 7084 PNRPsvcNetlogonDPSmsvsmon80 - ok
16:36:17.0770 7084 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
16:36:17.0777 7084 PolicyAgent - ok
16:36:17.0805 7084 PolicyAgentApache2 - ok
16:36:17.0826 7084 PolicyAgentApache2SCPolicySvc - ok
16:36:17.0883 7084 pptchpad (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\rapapp.dll
16:36:17.0911 7084 Suspicious file (NoAccess): C:\Windows\system32\rapapp.dll. md5: 11028c6a84a967070cb1286550f2058f
16:36:17.0911 7084 pptchpad ( Backdoor.Multi.ZAccess.gen ) - infected
16:36:17.0911 7084 pptchpad - detected Backdoor.Multi.ZAccess.gen (0)
16:36:18.0008 7084 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:36:18.0010 7084 PptpMiniport - ok
16:36:18.0059 7084 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
16:36:18.0061 7084 Processor - ok
16:36:18.0106 7084 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
16:36:18.0125 7084 ProfSvc - ok
16:36:18.0219 7084 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:36:18.0221 7084 ProtectedStorage - ok
16:36:18.0230 7084 ProtectedStorageMcx2Svc - ok
16:36:18.0242 7084 ProtectedStorageusnjsvc - ok
16:36:18.0532 7084 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
16:36:18.0535 7084 PSched - ok
16:36:18.0669 7084 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\Windows\system32\Drivers\PxHelp20.sys
16:36:18.0689 7084 PxHelp20 - ok
16:36:18.0794 7084 qcdonner - ok
16:36:18.0901 7084 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
16:36:18.0930 7084 ql2300 - ok
16:36:19.0022 7084 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:36:19.0056 7084 ql40xx - ok
16:36:19.0112 7084 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
16:36:19.0119 7084 QWAVE - ok
16:36:19.0192 7084 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:36:19.0193 7084 QWAVEdrv - ok
16:36:19.0236 7084 QWAVEWinDefend - ok
16:36:19.0295 7084 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:36:19.0309 7084 RasAcd - ok
16:36:19.0408 7084 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
16:36:19.0433 7084 RasAuto - ok
16:36:19.0459 7084 RasAutoBITS - ok
16:36:19.0465 7084 RasAutoBITSSCPolicySvc - ok
16:36:19.0679 7084 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:36:19.0681 7084 Rasl2tp - ok
16:36:19.0765 7084 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
16:36:19.0772 7084 RasMan - ok
16:36:19.0804 7084 RasManmsiserver - ok
16:36:19.0836 7084 RasManmsiserverMpsSvcNlaSvc - ok
16:36:19.0875 7084 RasManmsiserverMpsSvcNlaSvcAppinfoBFEWPDBusEnum - ok
16:36:19.0919 7084 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
16:36:19.0927 7084 RasPppoe - ok
16:36:20.0010 7084 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
16:36:20.0012 7084 RasSstp - ok
16:36:20.0119 7084 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
16:36:20.0134 7084 rdbss - ok
16:36:20.0178 7084 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:36:20.0181 7084 RDPCDD - ok
16:36:20.0234 7084 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
16:36:20.0238 7084 rdpdr - ok
16:36:20.0280 7084 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:36:20.0283 7084 RDPENCDD - ok
16:36:20.0474 7084 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
16:36:20.0477 7084 RDPWD - ok
16:36:20.0548 7084 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
16:36:20.0552 7084 RemoteAccess - ok
16:36:20.0575 7084 RemoteAccessPNRPAutoReg - ok
16:36:20.0619 7084 RemoteAccesswuauservSessionEnvWSearchwuauserv - ok
16:36:20.0644 7084 RemoteAccesswuauservSessionEnvWSearchwuauservSQLWriterWecsvcBITSSENSSysMain - ok
16:36:20.0719 7084 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
16:36:20.0724 7084 RemoteRegistry - ok
16:36:20.0739 7084 RemoteRegistryMSCSPTISRV - ok
16:36:20.0748 7084 RemoteRegistryProfSvc - ok
16:36:20.0765 7084 RemoteRegistryProfSvcRpcSsvdswercplsupport - ok
16:36:20.0793 7084 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
16:36:20.0795 7084 RpcLocator - ok
16:36:20.0842 7084 RpcLocatorMySQLmsftesql$SQLEXPRESS - ok
16:36:20.0910 7084 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
16:36:20.0917 7084 RpcSs - ok
16:36:20.0950 7084 RpcSsBrowser - ok
16:36:20.0969 7084 RpcSsDnscachewmiApSrv - ok
16:36:20.0996 7084 RpcSsvdswercplsupport - ok
16:36:21.0019 7084 RpcSsvdswercplsupportMpsSvcSPTISRV - ok
16:36:21.0041 7084 RpcSsvdswercplsupportMpsSvcSPTISRVALG - ok
16:36:21.0102 7084 RR2Mjpeg (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\SE2Dmgmt.dll
16:36:21.0113 7084 Suspicious file (NoAccess): C:\Windows\system32\SE2Dmgmt.dll. md5: 11028c6a84a967070cb1286550f2058f
16:36:21.0113 7084 RR2Mjpeg ( Backdoor.Multi.ZAccess.gen ) - infected
16:36:21.0114 7084 RR2Mjpeg - detected Backdoor.Multi.ZAccess.gen (0)
16:36:21.0192 7084 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:36:21.0194 7084 rspndr - ok
16:36:21.0282 7084 RTL8023xp (166911eada13cd34dd8f8c667707be94) C:\Windows\system32\DRIVERS\Rtnicxp.sys
16:36:21.0285 7084 RTL8023xp - ok
16:36:21.0547 7084 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
16:36:21.0549 7084 RTL8169 - ok
16:36:21.0593 7084 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:36:21.0595 7084 SamSs - ok
16:36:21.0691 7084 sandradatasrv (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\mfebopk.dll
16:36:21.0716 7084 Suspicious file (NoAccess): C:\Windows\system32\mfebopk.dll. md5: 11028c6a84a967070cb1286550f2058f
16:36:21.0717 7084 sandradatasrv ( Backdoor.Multi.ZAccess.gen ) - infected
16:36:21.0717 7084 sandradatasrv - detected Backdoor.Multi.ZAccess.gen (0)
16:36:21.0783 7084 savrt (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\Wdf01000.dll
16:36:21.0854 7084 Suspicious file (NoAccess): C:\Windows\system32\Wdf01000.dll. md5: 11028c6a84a967070cb1286550f2058f
16:36:21.0854 7084 savrt ( Backdoor.Multi.ZAccess.gen ) - infected
16:36:21.0854 7084 savrt - detected Backdoor.Multi.ZAccess.gen (0)
16:36:21.0943 7084 savscan (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\tvtnetwk.dll
16:36:22.0147 7084 Suspicious file (NoAccess): C:\Windows\system32\tvtnetwk.dll. md5: 11028c6a84a967070cb1286550f2058f
16:36:22.0148 7084 savscan ( Backdoor.Multi.ZAccess.gen ) - infected
16:36:22.0148 7084 savscan - detected Backdoor.Multi.ZAccess.gen (0)
16:36:22.0379 7084 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:36:22.0382 7084 sbp2port - ok
16:36:22.0478 7084 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
16:36:22.0482 7084 SCardSvr - ok
16:36:22.0719 7084 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
16:36:22.0731 7084 Schedule - ok
16:36:22.0797 7084 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
16:36:22.0798 7084 SCPolicySvc - ok
16:36:22.0837 7084 SCPolicySvcIrmon - ok
16:36:22.0846 7084 SCPolicySvcWinDefendBFE - ok
16:36:22.0896 7084 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
16:36:22.0916 7084 SDRSVC - ok
16:36:22.0969 7084 se2Cunic (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\SbcpHid.dll
16:36:22.0984 7084 Suspicious file (NoAccess): C:\Windows\system32\SbcpHid.dll. md5: 11028c6a84a967070cb1286550f2058f
16:36:22.0984 7084 se2Cunic ( Backdoor.Multi.ZAccess.gen ) - infected
16:36:22.0984 7084 se2Cunic - detected Backdoor.Multi.ZAccess.gen (0)
16:36:23.0094 7084 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:36:23.0096 7084 secdrv - ok
16:36:23.0204 7084 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
16:36:23.0208 7084 seclogon - ok
16:36:23.0285 7084 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
16:36:23.0288 7084 SENS - ok
16:36:23.0295 7084 SENSswprv - ok
16:36:23.0318 7084 SENSswprvwercplsupport - ok
16:36:23.0330 7084 SENSswprvwercplsupportBITSslsvc - ok
16:36:23.0386 7084 SENSswprvWinHttpAutoProxySvc - ok
16:36:23.0584 7084 SENSSysMain - ok
16:36:23.0645 7084 SENSSysMainSQLWriterWecsvc - ok
16:36:23.0669 7084 SENSSysMainWdiServiceHost - ok
16:36:23.0679 7084 SENSSysMainWdiServiceHostp2pimsvcSSScsiSVSENS - ok
16:36:23.0688 7084 SENSSysMainWdiServiceHostp2pimsvcSSScsiSVSENSSstpSvcoseSPTISRV - ok
16:36:23.0760 7084 ser2pl (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\wzcsvc.dll
16:36:23.0872 7084 Suspicious file (NoAccess): C:\Windows\system32\wzcsvc.dll. md5: 11028c6a84a967070cb1286550f2058f
16:36:23.0873 7084 ser2pl ( Backdoor.Multi.ZAccess.gen ) - infected
16:36:23.0873 7084 ser2pl - detected Backdoor.Multi.ZAccess.gen (0)
16:36:23.0979 7084 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
16:36:23.0982 7084 Serenum - ok
16:36:24.0052 7084 Serial (5235ce37fd0a30381e5040842499eebb) C:\Windows\system32\DRIVERS\serial.sys
16:36:24.0146 7084 Serial ( Virus.Win32.ZAccess.k ) - infected
16:36:24.0146 7084 Serial - detected Virus.Win32.ZAccess.k (0)
16:36:24.0224 7084 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:36:24.0239 7084 sermouse - ok
16:36:24.0308 7084 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
16:36:24.0312 7084 SessionEnv - ok
16:36:24.0376 7084 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
16:36:24.0377 7084 sffdisk - ok
16:36:24.0610 7084 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
16:36:24.0622 7084 sffp_mmc - ok
16:36:24.0662 7084 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
16:36:24.0663 7084 sffp_sd - ok
16:36:24.0688 7084 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:36:24.0690 7084 sfloppy - ok
16:36:24.0725 7084 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
16:36:24.0730 7084 SharedAccess - ok
16:36:24.0770 7084 SharedAccessAppinfo - ok
16:36:24.0817 7084 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
16:36:24.0824 7084 ShellHWDetection - ok
16:36:24.0832 7084 ShellHWDetectionnetprofm - ok
16:36:24.0845 7084 ShellHWDetectionPlugPlay - ok
16:36:24.0860 7084 ShellHWDetectionProfSvc - ok
16:36:24.0900 7084 ShellHWDetectionupnphost - ok
16:36:24.0914 7084 ShellHWDetectionupnphostpla - ok
16:36:24.0934 7084 ShellHWDetectionW32TimefdPHostUI0Detect - ok
16:36:25.0031 7084 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
16:36:25.0062 7084 sisagp - ok
16:36:25.0126 7084 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
16:36:25.0129 7084 SiSRaid2 - ok
16:36:25.0195 7084 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
16:36:25.0214 7084 SiSRaid4 - ok
16:36:25.0445 7084 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
16:36:25.0538 7084 slsvc - ok
16:36:25.0746 7084 slsvcWecsvc - ok
16:36:25.0770 7084 slsvcWLSetupSvcWlansvcWinDefend - ok
16:36:25.0829 7084 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
16:36:25.0833 7084 SLUINotify - ok
16:36:25.0851 7084 SLUINotifyWdiServiceHost - ok
16:36:25.0902 7084 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
16:36:25.0905 7084 Smb - ok
16:36:26.0040 7084 SNC (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\irbus.dll
16:36:26.0050 7084 Suspicious file (NoAccess): C:\Windows\system32\irbus.dll. md5: 11028c6a84a967070cb1286550f2058f
16:36:26.0051 7084 SNC ( Backdoor.Multi.ZAccess.gen ) - infected
16:36:26.0051 7084 SNC - detected Backdoor.Multi.ZAccess.gen (0)
16:36:26.0087 7084 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
16:36:26.0091 7084 SNMPTRAP - ok
16:36:26.0208 7084 SonicStage Back-End Service (977aaa4398d7d6fa65d973f5b3f54e40) C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
16:36:26.0225 7084 SonicStage Back-End Service - ok
16:36:26.0335 7084 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:36:26.0337 7084 spldr - ok
16:36:26.0387 7084 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
16:36:26.0392 7084 Spooler - ok
16:36:26.0409 7084 SpoolerPlugPlay - ok
16:36:26.0706 7084 sptd (e8b705f9abe446aaf7a315ef8b4aea5a) C:\Windows\system32\Drivers\sptd.sys
16:36:26.0706 7084 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: e8b705f9abe446aaf7a315ef8b4aea5a
16:36:26.0708 7084 sptd ( LockedFile.Multi.Generic ) - warning
16:36:26.0708 7084 sptd - detected LockedFile.Multi.Generic (1)
16:36:26.0836 7084 SPTISRV (e3e6c96b0ef4492c3c8fd0deef4e35a1) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
16:36:26.0839 7084 SPTISRV - ok
16:36:26.0912 7084 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
16:36:26.0916 7084 SQLBrowser - ok
16:36:26.0981 7084 SQLBrowserUI0Detect - ok
16:36:27.0040 7084 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
16:36:27.0056 7084 SQLWriter - ok
16:36:27.0071 7084 SQLWriternsinapagentBFETHREADORDERBrowserhkmsvcSLUINotify - ok
16:36:27.0092 7084 SQLWriterWecsvc - ok
16:36:27.0111 7084 SQLWriterWecsvcBITSSENSSysMain - ok
16:36:27.0127 7084 SQLWriterWecsvcBITSSENSSysMainCOMSysApp - ok
16:36:27.0149 7084 SQLWriterWecsvcBITSSENSSysMainiphlpsvcRemoteAccessPNRPAutoReg - ok
16:36:27.0160 7084 SQLWriterWecsvcupnphostmsiserver - ok
16:36:27.0187 7084 SQLWriterWecsvcupnphostmsiserver Back-End Service - ok
16:36:27.0256 7084 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
16:36:27.0262 7084 srv - ok
16:36:27.0318 7084 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
16:36:27.0322 7084 srv2 - ok
16:36:27.0403 7084 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
16:36:27.0422 7084 srvnet - ok
16:36:27.0639 7084 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
16:36:27.0645 7084 SSDPSRV - ok
16:36:27.0659 7084 SSDPSRVMMCSS - ok
16:36:27.0667 7084 SSDPSRVProfSvc - ok
16:36:27.0794 7084 SSScsiSV (756e371b3b86a3d3039926d32eac0e8d) C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
16:36:27.0796 7084 SSScsiSV - ok
16:36:27.0892 7084 SSScsiSVSENS - ok
16:36:27.0926 7084 SSScsiSVSENSTapiSrvDcomLaunchNetTcpPortSharing - ok
16:36:27.0944 7084 SSScsiSVTabletInputService - ok
16:36:27.0952 7084 SSScsiSVwscsvc - ok
16:36:27.0966 7084 SSScsiSVwscsvcMpsSvc - ok
16:36:28.0009 7084 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
16:36:28.0014 7084 SstpSvc - ok
16:36:28.0036 7084 SstpSvcEventSystemwscsvcmsvsmon80SENSSysMainSQLWriterWecsvc - ok
16:36:28.0059 7084 SstpSvcose - ok
16:36:28.0083 7084 SstpSvcoseSPTISRV - ok
16:36:28.0116 7084 SstpSvcoseSPTISRVApache2 - ok
16:36:28.0135 7084 SstpSvcoseSPTISRVApache2EventSystemMSiSCSI - ok
16:36:28.0146 7084 SstpSvcoseSPTISRVApache2NetTcpPortSharingnvsvc - ok
16:36:28.0168 7084 SstpSvcoseSPTISRVApache2NetTcpPortSharingnvsvcMcx2SvcShellHWDetectionupnphostpla - ok
16:36:28.0183 7084 SstpSvcoseSPTISRVDhcp - ok
16:36:28.0193 7084 SstpSvcoseSPTISRVDhcphidserv - ok
16:36:28.0209 7084 SstpSvcoseSPTISRVDhcphidservAppinfoBFEWPDBusEnum - ok
16:36:28.0234 7084 SstpSvcoseSPTISRVusnjsvc - ok
16:36:28.0238 7084 SstpSvcoseSPTISRVusnjsvcusnjsvcRasMan - ok
16:36:28.0282 7084 Stereo Service (a54900b66ba2229dde37a80fdc572328) C:\Windows\System32\nvSCPAPISvr.exe
16:36:28.0288 7084 Stereo Service - ok
16:36:28.0362 7084 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
16:36:28.0379 7084 stisvc - ok
16:36:28.0501 7084 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:36:28.0503 7084 swenum - ok
16:36:28.0571 7084 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
16:36:28.0658 7084 swprv - ok
16:36:28.0682 7084 swprvCOMSysApp - ok
16:36:28.0695 7084 swprvFontCache3.0.0.0 - ok
16:36:28.0729 7084 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:36:28.0731 7084 Symc8xx - ok
16:36:28.0769 7084 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:36:28.0771 7084 Sym_hi - ok
16:36:28.0850 7084 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:36:28.0852 7084 Sym_u3 - ok
16:36:28.0930 7084 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
16:36:28.0941 7084 SysMain - ok

steve1965, Apr 11, 2012

#8
steve1965 Newcomer, in training Posts: 37

TDSSKiller log part 3 (t-z)

16:36:28.0989 7084 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
16:36:28.0994 7084 TabletInputService - ok
16:36:29.0066 7084 TabletInputServiceWinDefendBFEAppinfoBFEnapagent - ok
16:36:29.0152 7084 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
16:36:29.0159 7084 TapiSrv - ok
16:36:29.0190 7084 TapiSrvDcomLaunch - ok
16:36:29.0209 7084 TapiSrvDcomLaunchNetTcpPortSharing - ok
16:36:29.0244 7084 TapiSrvDcomLaunchNetTcpPortSharingWebClientIPBusEnum - ok
16:36:29.0265 7084 TapiSrvDcomLaunchNetTcpPortSharingWebClientIPBusEnumBITSslsvcAppinfoBFEWPDBusEnum - ok
16:36:29.0287 7084 TapiSrvMSCSPTISRV - ok
16:36:29.0295 7084 TapiSrvMSCSPTISRVhkmsvc - ok
16:36:29.0362 7084 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
16:36:29.0387 7084 TBS - ok
16:36:29.0554 7084 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
16:36:29.0570 7084 Tcpip - ok
16:36:29.0636 7084 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
16:36:29.0644 7084 Tcpip6 - ok
16:36:29.0730 7084 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
16:36:29.0734 7084 tcpipreg - ok
16:36:29.0785 7084 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:36:29.0786 7084 TDPIPE - ok
16:36:29.0890 7084 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:36:29.0892 7084 TDTCP - ok
16:36:29.0969 7084 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
16:36:29.0972 7084 tdx - ok
16:36:30.0028 7084 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
16:36:30.0030 7084 TermDD - ok
16:36:30.0100 7084 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
16:36:30.0110 7084 TermService - ok
16:36:30.0208 7084 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
16:36:30.0211 7084 Themes - ok
16:36:30.0224 7084 ThemesNetTcpPortSharing - ok
16:36:30.0232 7084 ThemesNetTcpPortSharingusnjsvcRasManMMCSSPNRPsvc - ok
16:36:30.0247 7084 ThemesTrustedInstallerWinmgmt - ok
16:36:30.0283 7084 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
16:36:30.0288 7084 THREADORDER - ok
16:36:30.0345 7084 THREADORDEREventSystemwscsvcmsvsmon80 - ok
16:36:30.0364 7084 THREADORDEREventSystemwscsvcmsvsmon80MSiSCSISSScsiSVSENS - ok
16:36:30.0376 7084 THREADORDERMpsSvc - ok
16:36:30.0402 7084 THREADORDEROracleXEClrAgent - ok
16:36:30.0500 7084 tng-doba - ok
16:36:30.0587 7084 tosrfnds (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\VrAcFil.dll
16:36:30.0600 7084 Suspicious file (NoAccess): C:\Windows\system32\VrAcFil.dll. md5: 11028c6a84a967070cb1286550f2058f
16:36:30.0600 7084 tosrfnds ( Backdoor.Multi.ZAccess.gen ) - infected
16:36:30.0600 7084 tosrfnds - detected Backdoor.Multi.ZAccess.gen (0)
16:36:30.0667 7084 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
16:36:30.0672 7084 TrkWks - ok
16:36:30.0692 7084 TrkWksmsvsmon80 - ok
16:36:30.0699 7084 TrkWksmsvsmon80RpcLocator - ok
16:36:30.0734 7084 TrkWksmsvsmon80SSDPSRVMMCSS - ok
16:36:30.0785 7084 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
16:36:30.0786 7084 TrustedInstaller - ok
16:36:30.0852 7084 TrustedInstallerWinmgmt - ok
16:36:30.0863 7084 TrustedInstallerWinmgmtiphlpsvcRemoteAccessPNRPAutoRegnvsvcW32Time - ok
16:36:30.0961 7084 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:36:30.0980 7084 tssecsrv - ok
16:36:31.0047 7084 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:36:31.0048 7084 tunmp - ok
16:36:31.0389 7084 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
16:36:31.0422 7084 tunnel - ok
16:36:31.0694 7084 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
16:36:31.0729 7084 uagp35 - ok
16:36:31.0994 7084 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
16:36:32.0070 7084 udfs - ok
16:36:32.0191 7084 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
16:36:32.0194 7084 UI0Detect - ok
16:36:32.0261 7084 UI0DetectDFSR - ok
16:36:32.0317 7084 ulcdrhlp (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\usnsvc.dll
16:36:32.0343 7084 Suspicious file (NoAccess): C:\Windows\system32\usnsvc.dll. md5: 11028c6a84a967070cb1286550f2058f
16:36:32.0344 7084 ulcdrhlp ( Backdoor.Multi.ZAccess.gen ) - infected
16:36:32.0344 7084 ulcdrhlp - detected Backdoor.Multi.ZAccess.gen (0)
16:36:32.0400 7084 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
16:36:32.0403 7084 uliagpkx - ok
16:36:32.0451 7084 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
16:36:32.0472 7084 uliahci - ok
16:36:32.0676 7084 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:36:32.0678 7084 UlSata - ok
16:36:32.0722 7084 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:36:32.0725 7084 ulsata2 - ok
16:36:32.0777 7084 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:36:32.0779 7084 umbus - ok
16:36:32.0849 7084 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
16:36:32.0858 7084 upnphost - ok
16:36:32.0878 7084 upnphostmsiserver - ok
16:36:32.0917 7084 upnphostmsiserverOracleServiceXEMySQLmsftesql$SQLEXPRESS - ok
16:36:32.0995 7084 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
16:36:33.0018 7084 usbaudio - ok
16:36:33.0117 7084 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:36:33.0139 7084 usbccgp - ok
16:36:33.0206 7084 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:36:33.0208 7084 usbcir - ok
16:36:33.0245 7084 UsbDiag - ok
16:36:33.0298 7084 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
16:36:33.0300 7084 usbehci - ok
16:36:33.0359 7084 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
16:36:33.0389 7084 usbhub - ok
16:36:33.0455 7084 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
16:36:33.0474 7084 usbohci - ok
16:36:33.0576 7084 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
16:36:33.0578 7084 usbprint - ok
16:36:33.0765 7084 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
16:36:33.0767 7084 usbscan - ok
16:36:33.0848 7084 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:36:33.0860 7084 USBSTOR - ok
16:36:33.0966 7084 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:36:33.0968 7084 usbuhci - ok
16:36:34.0138 7084 usnjsvc (9d19b042a4fd5c02195071ea2fe0c821) C:\Program Files\Windows Live\Messenger\usnsvc.exe
16:36:34.0149 7084 usnjsvc - ok
16:36:34.0227 7084 usnjsvcRasMan - ok
16:36:34.0244 7084 usnjsvcRasManFontCache3.0.0.0 - ok
16:36:34.0255 7084 usnjsvcRasManFontCache3.0.0.0usnjsvcRasManhkmsvc - ok
16:36:34.0280 7084 usnjsvcRasManhkmsvc - ok
16:36:34.0295 7084 usnjsvcRasManMMCSS - ok
16:36:34.0314 7084 usnjsvcRasManMMCSSPNRPsvc - ok
16:36:34.0322 7084 usnjsvcRasMannsinapagentBFE - ok
16:36:34.0333 7084 usnjsvcSNMPTRAP - ok
16:36:34.0367 7084 usnjsvcTapiSrvDcomLaunchNetTcpPortSharingWebClientIPBusEnum - ok
16:36:34.0417 7084 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
16:36:34.0430 7084 UxSms - ok
16:36:34.0499 7084 vci (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\csctl50.dll
16:36:34.0508 7084 Suspicious file (NoAccess): C:\Windows\system32\csctl50.dll. md5: 11028c6a84a967070cb1286550f2058f
16:36:34.0509 7084 vci ( Backdoor.Multi.ZAccess.gen ) - infected
16:36:34.0509 7084 vci - detected Backdoor.Multi.ZAccess.gen (0)
16:36:34.0575 7084 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
16:36:34.0584 7084 vds - ok
16:36:34.0860 7084 vdsMSCSPTISRV - ok
16:36:34.0910 7084 vdswercplsupport - ok
16:36:34.0984 7084 vdswercplsupportWerSvc - ok
16:36:35.0071 7084 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
16:36:35.0073 7084 vga - ok
16:36:35.0177 7084 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:36:35.0192 7084 VgaSave - ok
16:36:35.0285 7084 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
16:36:35.0310 7084 viaagp - ok
16:36:35.0371 7084 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
16:36:35.0384 7084 ViaC7 - ok
16:36:35.0439 7084 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
16:36:35.0441 7084 viaide - ok
16:36:35.0512 7084 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:36:35.0514 7084 volmgr - ok
16:36:35.0772 7084 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
16:36:35.0778 7084 volmgrx - ok
16:36:35.0905 7084 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
16:36:35.0952 7084 volsnap - ok
16:36:36.0007 7084 vpctcom (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\tphdexlgsvc.dll
16:36:36.0049 7084 Suspicious file (NoAccess): C:\Windows\system32\tphdexlgsvc.dll. md5: 11028c6a84a967070cb1286550f2058f
16:36:36.0049 7084 vpctcom ( Backdoor.Multi.ZAccess.gen ) - infected
16:36:36.0049 7084 vpctcom - detected Backdoor.Multi.ZAccess.gen (0)
16:36:36.0132 7084 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
16:36:36.0147 7084 vsmraid - ok
16:36:36.0293 7084 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
16:36:36.0315 7084 VSS - ok
16:36:36.0330 7084 VSSMcx2Svc - ok
16:36:36.0753 7084 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
16:36:36.0771 7084 vToolbarUpdater10.2.0 - ok
16:36:36.0976 7084 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
16:36:36.0984 7084 W32Time - ok
16:36:37.0007 7084 W32TimefdPHost - ok
16:36:37.0020 7084 W32TimefdPHostUI0Detect - ok
16:36:37.0036 7084 W32Timeoseidsvcclr_optimization_v2.0.50727_32 - ok
16:36:37.0161 7084 W32Timep2pimsvc - ok
16:36:37.0291 7084 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:36:37.0295 7084 WacomPen - ok
16:36:37.0466 7084 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:36:37.0469 7084 Wanarp - ok
16:36:37.0482 7084 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:36:37.0483 7084 Wanarpv6 - ok
16:36:37.0715 7084 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
16:36:37.0800 7084 wcncsvc - ok
16:36:37.0965 7084 wcncsvcnapagentBFE - ok
16:36:38.0210 7084 wcncsvcnapagentBFEMySQLWPDBusEnumSCPolicySvcWinDefendBFE - ok
16:36:38.0397 7084 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
16:36:38.0401 7084 WcsPlugInService - ok
16:36:38.0455 7084 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
16:36:38.0458 7084 Wd - ok
16:36:38.0595 7084 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:36:38.0703 7084 Wdf01000 - ok
16:36:38.0879 7084 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
16:36:38.0884 7084 WdiServiceHost - ok
16:36:38.0935 7084 WdiServiceHostCryptSvc - ok
16:36:38.0965 7084 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
16:36:38.0970 7084 WdiSystemHost - ok
16:36:38.0980 7084 WdiSystemHostRasManmsiserver - ok
16:36:39.0040 7084 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
16:36:39.0046 7084 WebClient - ok
16:36:39.0064 7084 WebClientIPBusEnum - ok
16:36:39.0097 7084 WebClientIPBusEnumEventSystemwscsvc - ok
16:36:39.0140 7084 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
16:36:39.0156 7084 Wecsvc - ok
16:36:39.0223 7084 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
16:36:39.0227 7084 wercplsupport - ok
16:36:39.0289 7084 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
16:36:39.0294 7084 WerSvc - ok
16:36:39.0321 7084 WinDefendBFE - ok
16:36:39.0334 7084 WinDefendBFEAppinfoBFE - ok
16:36:39.0354 7084 WinDefendBFEAppinfoBFEnapagent - ok
16:36:39.0421 7084 WinDefendBFENlaSvc - ok
16:36:39.0432 7084 WinDefendBFENlaSvcSstpSvcoseSPTISRVusnjsvc - ok
16:36:39.0441 7084 WinDefendBFESQLWriterWecsvcBITSSENSSysMainiphlpsvcRemoteAccessPNRPAutoReg - ok
16:36:39.0464 7084 WinDefendBFESQLWriterWecsvcBITSSENSSysMainiphlpsvcRemoteAccessPNRPAutoRegehstart - ok
16:36:39.0488 7084 WinDefendusnjsvcRasManFontCache3.0.0.0usnjsvcRasManhkmsvc - ok
16:36:39.0509 7084 WinHttpAutoProxySvc - ok
16:36:39.0534 7084 WinHttpAutoProxySvcAeLookupSvcMDM - ok
16:36:39.0554 7084 WinHttpAutoProxySvcAeLookupSvcMDMSpooler - ok
16:36:39.0615 7084 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
16:36:39.0646 7084 Winmgmt - ok
16:36:39.0690 7084 WinmgmtusnjsvcRasManFontCache3.0.0.0 - ok
16:36:39.0782 7084 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
16:36:39.0819 7084 WinRM - ok
16:36:39.0934 7084 WinVd32 (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\dcstor32.dll
16:36:39.0984 7084 Suspicious file (NoAccess): C:\Windows\system32\dcstor32.dll. md5: 11028c6a84a967070cb1286550f2058f
16:36:39.0984 7084 WinVd32 ( Backdoor.Multi.ZAccess.gen ) - infected
16:36:39.0984 7084 WinVd32 - detected Backdoor.Multi.ZAccess.gen (0)
16:36:40.0064 7084 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
16:36:40.0077 7084 Wlansvc - ok
16:36:40.0175 7084 WlansvcWinDefend - ok
16:36:40.0185 7084 WlansvcWinDefendBFE - ok
16:36:40.0202 7084 WlansvcWinDefendKService - ok
16:36:40.0213 7084 WlansvcWinDefendKServiceOracleXEClrAgent - ok
16:36:40.0282 7084 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
16:36:40.0287 7084 WLSetupSvc - ok
16:36:40.0323 7084 WLSetupSvcWecsvc - ok
16:36:40.0354 7084 WLSetupSvcWlansvcWinDefend - ok
16:36:40.0400 7084 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
16:36:40.0402 7084 WmiAcpi - ok
16:36:40.0542 7084 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
16:36:40.0547 7084 wmiApSrv - ok
16:36:40.0560 7084 wmiApSrvMcx2SvcShellHWDetectionupnphostpla - ok
16:36:40.0725 7084 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
16:36:40.0740 7084 WMPNetworkSvc - ok
16:36:40.0798 7084 WMPNetworkSvcehstart - ok
16:36:40.0815 7084 WMPNetworkSvcMpsSvc - ok
16:36:40.0867 7084 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
16:36:40.0881 7084 WPCSvc - ok
16:36:40.0890 7084 WPCSvcPNRPAutoReg - ok
16:36:40.0911 7084 WPCSvcWinDefend - ok
16:36:40.0960 7084 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
16:36:40.0965 7084 WPDBusEnum - ok
16:36:40.0979 7084 WPDBusEnumnsi - ok
16:36:41.0130 7084 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:36:41.0148 7084 WPFFontCache_v0400 - ok
16:36:41.0272 7084 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:36:41.0274 7084 ws2ifsl - ok
16:36:41.0309 7084 wscsvcPNRPsvc - ok
16:36:41.0323 7084 wscsvcPNRPsvcALG - ok
16:36:41.0358 7084 wscsvcSCPolicySvc - ok
16:36:41.0382 7084 wscsvcTBS - ok
16:36:41.0404 7084 WSearch - ok
16:36:41.0429 7084 WSearchnapagent - ok
16:36:41.0452 7084 WSearchnapagentDPSupnphostmsiserverThemesNetTcpPortSharing - ok
16:36:41.0477 7084 WSearchnapagentplaAeLookupSvc - ok
16:36:41.0490 7084 WSearchwuauserv - ok
16:36:41.0713 7084 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
16:36:41.0746 7084 wuauserv - ok
16:36:41.0755 7084 wuauservSessionEnv - ok
16:36:41.0806 7084 wuauservSessionEnvWSearchwuauserv - ok
16:36:41.0830 7084 wuauservSessionEnvWSearchwuauservTapiSrvDcomLaunchNetTcpPortSharing - ok
16:36:41.0889 7084 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:36:41.0905 7084 WUDFRd - ok
16:36:41.0944 7084 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
16:36:41.0949 7084 wudfsvc - ok
16:36:41.0970 7084 wudfsvcSLUINotifyWdiServiceHost - ok
16:36:42.0026 7084 wusb54gv2svc (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\clnt_clientman.dll
16:36:42.0034 7084 Suspicious file (NoAccess): C:\Windows\system32\clnt_clientman.dll. md5: 11028c6a84a967070cb1286550f2058f
16:36:42.0034 7084 wusb54gv2svc ( Backdoor.Multi.ZAccess.gen ) - infected
16:36:42.0034 7084 wusb54gv2svc - detected Backdoor.Multi.ZAccess.gen (0)
16:36:42.0164 7084 zenos1 (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\shellhwdetection.dll
16:36:42.0185 7084 Suspicious file (NoAccess): C:\Windows\system32\shellhwdetection.dll. md5: 11028c6a84a967070cb1286550f2058f
16:36:42.0185 7084 zenos1 ( Backdoor.Multi.ZAccess.gen ) - infected
16:36:42.0185 7084 zenos1 - detected Backdoor.Multi.ZAccess.gen (0)
16:36:42.0228 7084 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:36:42.0272 7084 \Device\Harddisk0\DR0 - ok
16:36:42.0281 7084 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR5
16:36:42.0285 7084 \Device\Harddisk5\DR5 - ok
16:36:42.0292 7084 Boot (0x1200) (ff2cee352b268cc0fdac41e32597d60b) \Device\Harddisk0\DR0\Partition0
16:36:42.0293 7084 \Device\Harddisk0\DR0\Partition0 - ok
16:36:42.0302 7084 Boot (0x1200) (93b101edb4ff84b618f3083ccaf20a56) \Device\Harddisk0\DR0\Partition1
16:36:42.0303 7084 \Device\Harddisk0\DR0\Partition1 - ok
16:36:42.0308 7084 Boot (0x1200) (f5ec6de948f37db8ebe4aa6c0a0054ac) \Device\Harddisk5\DR5\Partition0
16:36:42.0311 7084 \Device\Harddisk5\DR5\Partition0 - ok
16:36:42.0312 7084 ============================================================
16:36:42.0312 7084 Scan finished
16:36:42.0312 7084 ============================================================
16:36:42.0329 4812 Detected object count: 40
16:36:42.0329 4812 Actual detected object count: 40
16:37:50.0550 4812 C:\Windows\system32\afd.dll - copied to quarantine
16:37:50.0551 4812 HKLM\SYSTEM\ControlSet001\services\alcxsens - will be deleted on reboot
16:37:50.0596 4812 C:\Windows\system32\afd.dll - will be deleted on reboot
16:37:50.0596 4812 alcxsens ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:37:50.0645 4812 C:\Windows\system32\wmp54gv4svc.dll - copied to quarantine
16:37:50.0646 4812 HKLM\SYSTEM\ControlSet001\services\ANC - will be deleted on reboot
16:37:50.0647 4812 HKLM\SYSTEM\ControlSet003\services\ANC - will be deleted on reboot
16:37:50.0664 4812 C:\Windows\system32\wmp54gv4svc.dll - will be deleted on reboot
16:37:50.0664 4812 ANC ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:37:50.0738 4812 C:\Windows\system32\authsyssvc.dll - copied to quarantine
16:37:50.0738 4812 HKLM\SYSTEM\ControlSet001\services\atmarpc - will be deleted on reboot
16:37:50.0739 4812 HKLM\SYSTEM\ControlSet003\services\atmarpc - will be deleted on reboot
16:37:50.0748 4812 C:\Windows\system32\authsyssvc.dll - will be deleted on reboot
16:37:50.0748 4812 atmarpc ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:37:50.0845 4812 C:\Windows\system32\lvckap.dll - copied to quarantine
16:37:50.0846 4812 HKLM\SYSTEM\ControlSet001\services\bwsvc - will be deleted on reboot
16:37:50.0850 4812 C:\Windows\system32\lvckap.dll - will be deleted on reboot
16:37:50.0850 4812 bwsvc ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:37:50.0910 4812 C:\Windows\system32\pavreport.dll - copied to quarantine
16:37:50.0910 4812 HKLM\SYSTEM\ControlSet001\services\cbidf2k - will be deleted on reboot
16:37:50.0917 4812 C:\Windows\system32\pavreport.dll - will be deleted on reboot
16:37:50.0917 4812 cbidf2k ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:37:50.0973 4812 C:\Windows\system32\avp.dll - copied to quarantine
16:37:50.0974 4812 HKLM\SYSTEM\ControlSet001\services\changer - will be deleted on reboot
16:37:50.0975 4812 HKLM\SYSTEM\ControlSet003\services\changer - will be deleted on reboot
16:37:50.0980 4812 C:\Windows\system32\avp.dll - will be deleted on reboot
16:37:50.0980 4812 changer ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:37:51.0132 4812 C:\Windows\system32\SerTVOutCtlr.dll - copied to quarantine
16:37:51.0133 4812 HKLM\SYSTEM\ControlSet001\services\cmudau - will be deleted on reboot
16:37:51.0133 4812 HKLM\SYSTEM\ControlSet003\services\cmudau - will be deleted on reboot
16:37:51.0137 4812 C:\Windows\system32\SerTVOutCtlr.dll - will be deleted on reboot
16:37:51.0137 4812 cmudau ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:37:51.0259 4812 C:\Windows\system32\iolodmv.dll - copied to quarantine
16:37:51.0260 4812 HKLM\SYSTEM\ControlSet001\services\cobbmservice - will be deleted on reboot
16:37:51.0260 4812 HKLM\SYSTEM\ControlSet003\services\cobbmservice - will be deleted on reboot
16:37:51.0266 4812 C:\Windows\system32\iolodmv.dll - will be deleted on reboot
16:37:51.0266 4812 cobbmservice ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:37:51.0502 4812 C:\Windows\system32\Sntnlusb.dll - copied to quarantine
16:37:51.0503 4812 HKLM\SYSTEM\ControlSet001\services\DCamUSBGrandTek - will be deleted on reboot
16:37:51.0503 4812 HKLM\SYSTEM\ControlSet003\services\DCamUSBGrandTek - will be deleted on reboot
16:37:51.0509 4812 C:\Windows\system32\Sntnlusb.dll - will be deleted on reboot
16:37:51.0510 4812 DCamUSBGrandTek ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:37:51.0679 4812 C:\Windows\system32\VCAM.dll - copied to quarantine
16:37:51.0680 4812 HKLM\SYSTEM\ControlSet001\services\DcPTP - will be deleted on reboot
16:37:51.0709 4812 HKLM\SYSTEM\ControlSet003\services\DcPTP - will be deleted on reboot
16:37:51.0716 4812 C:\Windows\system32\VCAM.dll - will be deleted on reboot
16:37:51.0716 4812 DcPTP ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:37:51.0799 4812 C:\Windows\system32\raysat3_4_6_18server.dll - copied to quarantine
16:37:51.0799 4812 HKLM\SYSTEM\ControlSet001\services\dwmrcs - will be deleted on reboot
16:37:51.0805 4812 C:\Windows\system32\raysat3_4_6_18server.dll - will be deleted on reboot
16:37:51.0805 4812 dwmrcs ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:37:51.0855 4812 C:\Windows\system32\osaio.dll - copied to quarantine
16:37:51.0856 4812 HKLM\SYSTEM\ControlSet001\services\fallback - will be deleted on reboot
16:37:51.0857 4812 HKLM\SYSTEM\ControlSet003\services\fallback - will be deleted on reboot
16:37:51.0863 4812 C:\Windows\system32\osaio.dll - will be deleted on reboot
16:37:51.0863 4812 fallback ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:37:52.0052 4812 C:\Windows\system32\USRpdA.dll - copied to quarantine
16:37:52.0053 4812 HKLM\SYSTEM\ControlSet001\services\imonitor - will be deleted on reboot
16:37:52.0054 4812 HKLM\SYSTEM\ControlSet003\services\imonitor - will be deleted on reboot
16:37:52.0059 4812 C:\Windows\system32\USRpdA.dll - will be deleted on reboot
16:37:52.0059 4812 imonitor ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:37:52.0226 4812 C:\Windows\system32\vmkbd.dll - copied to quarantine
16:37:52.0227 4812 HKLM\SYSTEM\ControlSet001\services\iomegaaccess - will be deleted on reboot
16:37:52.0234 4812 C:\Windows\system32\vmkbd.dll - will be deleted on reboot
16:37:52.0234 4812 iomegaaccess ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:37:52.0277 4812 C:\Windows\system32\atiavaiw.dll - copied to quarantine
16:37:52.0278 4812 HKLM\SYSTEM\ControlSet001\services\lvselsus - will be deleted on reboot
16:37:52.0278 4812 HKLM\SYSTEM\ControlSet003\services\lvselsus - will be deleted on reboot
16:37:52.0285 4812 C:\Windows\system32\atiavaiw.dll - will be deleted on reboot
16:37:52.0285 4812 lvselsus ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:37:52.0389 4812 C:\Windows\system32\Sus2pl.dll - copied to quarantine
16:37:52.0390 4812 HKLM\SYSTEM\ControlSet001\services\lvuvc - will be deleted on reboot
16:37:52.0397 4812 C:\Windows\system32\Sus2pl.dll - will be deleted on reboot
16:37:52.0397 4812 lvuvc ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:37:52.0456 4812 C:\Windows\system32\timounter.dll - copied to quarantine
16:37:52.0457 4812 HKLM\SYSTEM\ControlSet001\services\mclserviceatl - will be deleted on reboot
16:37:52.0458 4812 HKLM\SYSTEM\ControlSet003\services\mclserviceatl - will be deleted on reboot
16:37:52.0464 4812 C:\Windows\system32\timounter.dll - will be deleted on reboot
16:37:52.0464 4812 mclserviceatl ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:37:52.0646 4812 C:\Windows\system32\websenseclientdeployservice.dll - copied to quarantine
16:37:52.0647 4812 HKLM\SYSTEM\ControlSet001\services\mfcom - will be deleted on reboot
16:37:52.0648 4812 HKLM\SYSTEM\ControlSet003\services\mfcom - will be deleted on reboot
16:37:52.0654 4812 C:\Windows\system32\websenseclientdeployservice.dll - will be deleted on reboot
16:37:52.0654 4812 mfcom ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:37:52.0804 4812 C:\Windows\system32\ndis.dll - copied to quarantine
16:37:52.0805 4812 HKLM\SYSTEM\ControlSet001\services\MXOPSWD - will be deleted on reboot
16:37:52.0805 4812 HKLM\SYSTEM\ControlSet003\services\MXOPSWD - will be deleted on reboot
16:37:52.0811 4812 C:\Windows\system32\ndis.dll - will be deleted on reboot
16:37:52.0811 4812 MXOPSWD ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:37:52.0892 4812 C:\Windows\system32\wg3n.dll - copied to quarantine
16:37:52.0893 4812 HKLM\SYSTEM\ControlSet001\services\naveng - will be deleted on reboot
16:37:52.0899 4812 C:\Windows\system32\wg3n.dll - will be deleted on reboot
16:37:52.0899 4812 naveng ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:37:52.0959 4812 C:\Windows\system32\rpaservice.dll - copied to quarantine
16:37:52.0959 4812 HKLM\SYSTEM\ControlSet001\services\nbservice - will be deleted on reboot
16:37:52.0965 4812 C:\Windows\system32\rpaservice.dll - will be deleted on reboot
16:37:52.0965 4812 nbservice ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:37:53.0185 4812 C:\Windows\system32\lxbs_device.dll - copied to quarantine
16:37:53.0186 4812 HKLM\SYSTEM\ControlSet001\services\netw4x32 - will be deleted on reboot
16:37:53.0187 4812 HKLM\SYSTEM\ControlSet003\services\netw4x32 - will be deleted on reboot
16:37:53.0194 4812 C:\Windows\system32\lxbs_device.dll - will be deleted on reboot
16:37:53.0194 4812 netw4x32 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:37:53.0358 4812 C:\Windows\system32\CBN.dll - copied to quarantine
16:37:53.0358 4812 HKLM\SYSTEM\ControlSet001\services\nuvaud2 - will be deleted on reboot
16:37:53.0359 4812 HKLM\SYSTEM\ControlSet003\services\nuvaud2 - will be deleted on reboot
16:37:53.0365 4812 C:\Windows\system32\CBN.dll - will be deleted on reboot
16:37:53.0365 4812 nuvaud2 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:37:53.0420 4812 C:\Windows\system32\rapapp.dll - copied to quarantine
16:37:53.0421 4812 HKLM\SYSTEM\ControlSet001\services\pptchpad - will be deleted on reboot
16:37:53.0424 4812 C:\Windows\system32\rapapp.dll - will be deleted on reboot
16:37:53.0425 4812 pptchpad ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:37:53.0483 4812 C:\Windows\system32\SE2Dmgmt.dll - copied to quarantine
16:37:53.0484 4812 HKLM\SYSTEM\ControlSet001\services\RR2Mjpeg - will be deleted on reboot
16:37:53.0485 4812 HKLM\SYSTEM\ControlSet003\services\RR2Mjpeg - will be deleted on reboot
16:37:53.0488 4812 C:\Windows\system32\SE2Dmgmt.dll - will be deleted on reboot
16:37:53.0488 4812 RR2Mjpeg ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:37:53.0556 4812 C:\Windows\system32\mfebopk.dll - copied to quarantine
16:37:53.0557 4812 HKLM\SYSTEM\ControlSet001\services\sandradatasrv - will be deleted on reboot
16:37:53.0558 4812 HKLM\SYSTEM\ControlSet003\services\sandradatasrv - will be deleted on reboot
16:37:53.0561 4812 C:\Windows\system32\mfebopk.dll - will be deleted on reboot
16:37:53.0561 4812 sandradatasrv ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:37:53.0639 4812 C:\Windows\system32\Wdf01000.dll - copied to quarantine
16:37:53.0640 4812 HKLM\SYSTEM\ControlSet001\services\savrt - will be deleted on reboot
16:37:53.0641 4812 HKLM\SYSTEM\ControlSet003\services\savrt - will be deleted on reboot
16:37:53.0644 4812 C:\Windows\system32\Wdf01000.dll - will be deleted on reboot
16:37:53.0644 4812 savrt ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:37:53.0728 4812 C:\Windows\system32\tvtnetwk.dll - copied to quarantine
16:37:53.0728 4812 HKLM\SYSTEM\ControlSet001\services\savscan - will be deleted on reboot
16:37:53.0729 4812 HKLM\SYSTEM\ControlSet003\services\savscan - will be deleted on reboot
16:37:53.0732 4812 C:\Windows\system32\tvtnetwk.dll - will be deleted on reboot
16:37:53.0732 4812 savscan ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:37:53.0899 4812 C:\Windows\system32\SbcpHid.dll - copied to quarantine
16:37:53.0900 4812 HKLM\SYSTEM\ControlSet001\services\se2Cunic - will be deleted on reboot
16:37:53.0903 4812 C:\Windows\system32\SbcpHid.dll - will be deleted on reboot
16:37:53.0903 4812 se2Cunic ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:37:54.0000 4812 C:\Windows\system32\wzcsvc.dll - copied to quarantine
16:37:54.0001 4812 HKLM\SYSTEM\ControlSet001\services\ser2pl - will be deleted on reboot
16:37:54.0001 4812 HKLM\SYSTEM\ControlSet003\services\ser2pl - will be deleted on reboot
16:37:54.0005 4812 C:\Windows\system32\wzcsvc.dll - will be deleted on reboot
16:37:54.0005 4812 ser2pl ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:37:54.0132 4812 C:\Windows\system32\DRIVERS\serial.sys - copied to quarantine
16:37:54.0177 4812 C:\Windows\$NtUninstallKB59839$\2289590727\@ - copied to quarantine
16:37:54.0178 4812 C:\Windows\$NtUninstallKB59839$\2289590727\cfg.ini - copied to quarantine
16:37:54.0216 4812 C:\Windows\$NtUninstallKB59839$\2289590727\Desktop.ini - copied to quarantine
16:37:54.0238 4812 C:\Windows\$NtUninstallKB59839$\2289590727\L\xtqaoywe - copied to quarantine
16:37:54.0240 4812 C:\Windows\$NtUninstallKB59839$\2289590727\oemid - copied to quarantine
16:37:54.0265 4812 C:\Windows\$NtUninstallKB59839$\2289590727\U\00000001.@ - copied to quarantine
16:37:54.0402 4812 C:\Windows\$NtUninstallKB59839$\2289590727\U\00000002.@ - copied to quarantine
16:37:54.0435 4812 C:\Windows\$NtUninstallKB59839$\2289590727\U\00000004.@ - copied to quarantine
16:37:54.0503 4812 C:\Windows\$NtUninstallKB59839$\2289590727\U\80000000.@ - copied to quarantine
16:37:54.0518 4812 C:\Windows\$NtUninstallKB59839$\2289590727\U\80000004.@ - copied to quarantine
16:37:54.0536 4812 C:\Windows\$NtUninstallKB59839$\2289590727\U\80000032.@ - copied to quarantine
16:37:54.0543 4812 C:\Windows\$NtUninstallKB59839$\2289590727\version - copied to quarantine
16:37:57.0877 4812 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\serial.sys) error 1813
16:37:59.0283 4812 Backup copy found, using it..
16:37:59.0342 4812 C:\Windows\system32\DRIVERS\serial.sys - will be cured on reboot
16:38:05.0832 4812 C:\Windows\$NtUninstallKB59839$\136304761 - will be deleted on reboot
16:38:05.0833 4812 C:\Windows\$NtUninstallKB59839$\2289590727\@ - will be deleted on reboot
16:38:05.0833 4812 C:\Windows\$NtUninstallKB59839$\2289590727\cfg.ini - will be deleted on reboot
16:38:05.0834 4812 C:\Windows\$NtUninstallKB59839$\2289590727\Desktop.ini - will be deleted on reboot
16:38:05.0852 4812 C:\Windows\$NtUninstallKB59839$\2289590727\oemid - will be deleted on reboot
16:38:05.0866 4812 C:\Windows\$NtUninstallKB59839$\2289590727\U\00000001.@ - will be deleted on reboot
16:38:05.0866 4812 C:\Windows\$NtUninstallKB59839$\2289590727\U\00000002.@ - will be deleted on reboot
16:38:05.0867 4812 C:\Windows\$NtUninstallKB59839$\2289590727\U\00000004.@ - will be deleted on reboot
16:38:05.0867 4812 C:\Windows\$NtUninstallKB59839$\2289590727\U\80000000.@ - will be deleted on reboot
16:38:05.0867 4812 C:\Windows\$NtUninstallKB59839$\2289590727\U\80000004.@ - will be deleted on reboot
16:38:05.0867 4812 C:\Windows\$NtUninstallKB59839$\2289590727\U\80000032.@ - will be deleted on reboot
16:38:05.0868 4812 C:\Windows\$NtUninstallKB59839$\2289590727\version - will be deleted on reboot
16:38:05.0873 4812 Serial ( Virus.Win32.ZAccess.k ) - User select action: Cure
16:38:05.0970 4812 C:\Windows\system32\irbus.dll - copied to quarantine
16:38:05.0993 4812 HKLM\SYSTEM\ControlSet001\services\SNC - will be deleted on reboot
16:38:05.0994 4812 HKLM\SYSTEM\ControlSet003\services\SNC - will be deleted on reboot
16:38:06.0001 4812 C:\Windows\system32\irbus.dll - will be deleted on reboot
16:38:06.0001 4812 SNC ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:38:06.0004 4812 sptd ( LockedFile.Multi.Generic ) - skipped by user
16:38:06.0004 4812 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
16:38:06.0205 4812 C:\Windows\system32\VrAcFil.dll - copied to quarantine
16:38:06.0206 4812 HKLM\SYSTEM\ControlSet001\services\tosrfnds - will be deleted on reboot
16:38:06.0210 4812 C:\Windows\system32\VrAcFil.dll - will be deleted on reboot
16:38:06.0210 4812 tosrfnds ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:38:06.0278 4812 C:\Windows\system32\usnsvc.dll - copied to quarantine
16:38:06.0279 4812 HKLM\SYSTEM\ControlSet001\services\ulcdrhlp - will be deleted on reboot
16:38:06.0280 4812 HKLM\SYSTEM\ControlSet003\services\ulcdrhlp - will be deleted on reboot
16:38:06.0283 4812 C:\Windows\system32\usnsvc.dll - will be deleted on reboot
16:38:06.0283 4812 ulcdrhlp ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:38:06.0363 4812 C:\Windows\system32\csctl50.dll - copied to quarantine
16:38:06.0364 4812 HKLM\SYSTEM\ControlSet001\services\vci - will be deleted on reboot
16:38:06.0368 4812 C:\Windows\system32\csctl50.dll - will be deleted on reboot
16:38:06.0368 4812 vci ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:38:06.0430 4812 C:\Windows\system32\tphdexlgsvc.dll - copied to quarantine
16:38:06.0431 4812 HKLM\SYSTEM\ControlSet001\services\vpctcom - will be deleted on reboot
16:38:06.0432 4812 HKLM\SYSTEM\ControlSet003\services\vpctcom - will be deleted on reboot
16:38:06.0439 4812 C:\Windows\system32\tphdexlgsvc.dll - will be deleted on reboot
16:38:06.0439 4812 vpctcom ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:38:06.0498 4812 C:\Windows\system32\dcstor32.dll - copied to quarantine
16:38:06.0499 4812 HKLM\SYSTEM\ControlSet001\services\WinVd32 - will be deleted on reboot
16:38:06.0500 4812 HKLM\SYSTEM\ControlSet003\services\WinVd32 - will be deleted on reboot
16:38:06.0504 4812 C:\Windows\system32\dcstor32.dll - will be deleted on reboot
16:38:06.0504 4812 WinVd32 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:38:06.0554 4812 C:\Windows\system32\clnt_clientman.dll - copied to quarantine
16:38:06.0555 4812 HKLM\SYSTEM\ControlSet001\services\wusb54gv2svc - will be deleted on reboot
16:38:06.0555 4812 HKLM\SYSTEM\ControlSet003\services\wusb54gv2svc - will be deleted on reboot
16:38:06.0561 4812 C:\Windows\system32\clnt_clientman.dll - will be deleted on reboot
16:38:06.0561 4812 wusb54gv2svc ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:38:06.0666 4812 C:\Windows\system32\shellhwdetection.dll - copied to quarantine
16:38:06.0667 4812 HKLM\SYSTEM\ControlSet001\services\zenos1 - will be deleted on reboot
16:38:06.0674 4812 C:\Windows\system32\shellhwdetection.dll - will be deleted on reboot
16:38:06.0675 4812 zenos1 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:38:18.0917 3872 Deinitialize success

steve1965, Apr 11, 2012

#9
Broni Malware Annihilator Posts: 40,051 +187

Please re-run it one more time.

Broni, Apr 11, 2012

#10
steve1965 Newcomer, in training Posts: 37

TDSSKIller (rerun) log part 1 (a-n)

16:55:11.0780 7040 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
16:55:12.0713 7040 ============================================================
16:55:12.0713 7040 Current date / time: 2012/04/11 16:55:12.0713
16:55:12.0713 7040 SystemInfo:
16:55:12.0713 7040
16:55:12.0713 7040 OS Version: 6.0.6002 ServicePack: 2.0
16:55:12.0713 7040 Product type: Workstation
16:55:12.0713 7040 ComputerName: STEVE-PC
16:55:12.0714 7040 UserName: Steve
16:55:12.0714 7040 Windows directory: C:\Windows
16:55:12.0714 7040 System windows directory: C:\Windows
16:55:12.0714 7040 Processor architecture: Intel x86
16:55:12.0714 7040 Number of processors: 2
16:55:12.0714 7040 Page size: 0x1000
16:55:12.0714 7040 Boot type: Normal boot
16:55:12.0714 7040 ============================================================
16:55:14.0332 7040 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
16:55:14.0369 7040 Drive \Device\Harddisk5\DR5 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:55:14.0370 7040 \Device\Harddisk0\DR0:
16:55:14.0409 7040 MBR used
16:55:14.0409 7040 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xABE800, BlocksNum 0x2EE000
16:55:14.0409 7040 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xDAC800, BlocksNum 0x1C418800
16:55:14.0409 7040 \Device\Harddisk5\DR5:
16:55:14.0410 7040 MBR used
16:55:14.0411 7040 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
16:55:14.0651 7040 Initialize success
16:55:14.0652 7040 ============================================================
16:55:19.0337 7464 ============================================================
16:55:19.0337 7464 Scan started
16:55:19.0337 7464 Mode: Manual;
16:55:19.0337 7464 ============================================================
16:55:20.0789 7464 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:55:20.0802 7464 ACPI - ok
16:55:20.0877 7464 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
16:55:20.0878 7464 adfs - ok
16:55:20.0994 7464 Adobe Version Cue CS4 (57a3b9a69f14414ace12afd6ba701773) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
16:55:20.0997 7464 Adobe Version Cue CS4 - ok
16:55:21.0191 7464 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:55:21.0194 7464 AdobeFlashPlayerUpdateSvc - ok
16:55:21.0393 7464 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
16:55:21.0401 7464 adp94xx - ok
16:55:21.0540 7464 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
16:55:21.0544 7464 adpahci - ok
16:55:21.0604 7464 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
16:55:21.0607 7464 adpu160m - ok
16:55:21.0644 7464 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
16:55:21.0648 7464 adpu320 - ok
16:55:21.0766 7464 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
16:55:21.0767 7464 AeLookupSvc - ok
16:55:21.0788 7464 AeLookupSvcMDM - ok
16:55:21.0830 7464 AeLookupSvcMDMCryptSvc - ok
16:55:21.0897 7464 AeLookupSvcMDMehRecvr - ok
16:55:21.0927 7464 AeLookupSvcMDMehRecvrhkmsvcQWAVE - ok
16:55:21.0938 7464 AeLookupSvcMDMehRecvrhkmsvcQWAVEEPSON_PM_RPCV4_01 - ok
16:55:21.0948 7464 AeLookupSvcMDMehRecvrhkmsvcQWAVEKeyIso - ok
16:55:21.0972 7464 AeLookupSvcMDMehRecvrW32Timep2pimsvc - ok
16:55:22.0051 7464 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:55:22.0057 7464 AFD - ok
16:55:22.0431 7464 AgereSoftModem (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys
16:55:22.0450 7464 AgereSoftModem - ok
16:55:22.0677 7464 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
16:55:22.0687 7464 agp440 - ok
16:55:22.0735 7464 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:55:22.0738 7464 aic78xx - ok
16:55:22.0779 7464 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
16:55:22.0780 7464 ALG - ok
16:55:22.0938 7464 ALGmsvsmon80 - ok
16:55:22.0965 7464 ALGmsvsmon80MSSQLServerADHelper - ok
16:55:23.0010 7464 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
16:55:23.0012 7464 aliide - ok
16:55:23.0061 7464 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
16:55:23.0063 7464 amdagp - ok
16:55:23.0200 7464 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
16:55:23.0208 7464 amdide - ok
16:55:23.0245 7464 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
16:55:23.0247 7464 AmdK7 - ok
16:55:23.0637 7464 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
16:55:23.0641 7464 AmdK8 - ok
16:55:23.0710 7464 AnyDVD (4f0e198fd3d5cd8bee02e0f014601bc5) C:\Windows\system32\Drivers\AnyDVD.sys
16:55:23.0712 7464 AnyDVD - ok
16:55:23.0806 7464 Apache2 (3c8b7e1e3f136c000c96690ac008c799) C:\Web\Apache2\bin\Apache.exe
16:55:23.0807 7464 Apache2 - ok
16:55:23.0909 7464 Apache2slsvc - ok
16:55:23.0966 7464 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
16:55:23.0967 7464 Appinfo - ok
16:55:23.0993 7464 AppinfoBFE - ok
16:55:24.0014 7464 AppinfoBFEWPDBusEnum - ok
16:55:24.0142 7464 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:55:24.0144 7464 Apple Mobile Device - ok
16:55:24.0240 7464 AppServer9PE - ok
16:55:24.0511 7464 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
16:55:24.0513 7464 arc - ok
16:55:24.0576 7464 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
16:55:24.0578 7464 arcsas - ok
16:55:24.0661 7464 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:55:24.0663 7464 AsyncMac - ok
16:55:24.0719 7464 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
16:55:24.0720 7464 atapi - ok
16:55:24.0812 7464 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
16:55:24.0814 7464 AudioEndpointBuilder - ok
16:55:24.0822 7464 AudioEndpointBuilderMSDTCLanmanServer - ok
16:55:24.0888 7464 AudioEndpointBuilderTapiSrvDcomLaunchNetTcpPortSharing - ok
16:55:24.0909 7464 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
16:55:24.0912 7464 Audiosrv - ok
16:55:24.0946 7464 AudiosrvMSSQLServerADHelperIKEEXT - ok
16:55:25.0172 7464 AVG Security Toolbar Service (3a457c2f798cad79cd30224e723e01fb) C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
16:55:25.0193 7464 AVG Security Toolbar Service - ok
16:55:25.0805 7464 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
16:55:25.0838 7464 AVGIDSAgent - ok
16:55:25.0995 7464 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
16:55:25.0997 7464 AVGIDSDriver - ok
16:55:26.0059 7464 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
16:55:26.0061 7464 AVGIDSEH - ok
16:55:26.0149 7464 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
16:55:26.0150 7464 AVGIDSFilter - ok
16:55:26.0216 7464 AVGIDSShim (3fc2714e185c04308215d46730d41a94) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
16:55:26.0217 7464 AVGIDSShim - ok
16:55:26.0279 7464 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
16:55:26.0282 7464 Avgldx86 - ok
16:55:26.0600 7464 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
16:55:26.0601 7464 Avgmfx86 - ok
16:55:26.0669 7464 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
16:55:26.0671 7464 Avgrkx86 - ok
16:55:26.0754 7464 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
16:55:26.0756 7464 Avgtdix - ok
16:55:26.0895 7464 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
16:55:26.0897 7464 avgwd - ok
16:55:27.0019 7464 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:55:27.0020 7464 Beep - ok
16:55:27.0025 7464 BFEDPSmsvsmon80 - ok
16:55:27.0040 7464 BFEupnphostmsiserver - ok
16:55:27.0118 7464 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
16:55:27.0124 7464 BITS - ok
16:55:27.0180 7464 BITSApache2 - ok
16:55:27.0202 7464 BITSSENSSysMain - ok
16:55:27.0208 7464 BITSslsvc - ok
16:55:27.0230 7464 BITSslsvcAppinfoBFEWPDBusEnum - ok
16:55:27.0236 7464 BITSslsvcAppinfoBFEWPDBusEnumehSched - ok
16:55:27.0254 7464 BITSslsvcp2pimsvc - ok
16:55:27.0272 7464 BITSslsvcp2pimsvcupnphostmsiserver - ok
16:55:27.0277 7464 BITSslsvcp2pimsvcupnphostmsiserverBrowser - ok
16:55:27.0289 7464 BITSslsvcp2pimsvcupnphostmsiserverTapiSrvDcomLaunch - ok
16:55:27.0312 7464 BITSW32Timep2pimsvc - ok
16:55:27.0345 7464 blbdrive - ok
16:55:27.0662 7464 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
16:55:27.0665 7464 Bonjour Service - ok
16:55:27.0784 7464 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:55:27.0786 7464 bowser - ok
16:55:27.0834 7464 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:55:27.0835 7464 BrFiltLo - ok
16:55:27.0958 7464 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:55:27.0959 7464 BrFiltUp - ok
16:55:27.0974 7464 BrlAPI - ok
16:55:27.0997 7464 BrlAPIEventSystemwscsvcmsvsmon80 - ok
16:55:28.0030 7464 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
16:55:28.0032 7464 Browser - ok
16:55:28.0087 7464 Browserhkmsvc - ok
16:55:28.0094 7464 BrowserhkmsvcNetTcpPortSharingnvsvc - ok
16:55:28.0102 7464 BrowserhkmsvcNetTcpPortSharingnvsvchidserv - ok
16:55:28.0110 7464 BrowserhkmsvcPACSPTISVR - ok
16:55:28.0161 7464 BrowserhkmsvcSLUINotify - ok
16:55:28.0169 7464 BrowserhkmsvcSLUINotifynvsvcW32Time - ok
16:55:28.0181 7464 BrowserhkmsvcSLUINotifynvsvcW32TimeSQLWriterWecsvc - ok
16:55:28.0241 7464 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:55:28.0243 7464 Brserid - ok
16:55:28.0266 7464 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:55:28.0268 7464 BrSerWdm - ok
16:55:28.0294 7464 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:55:28.0295 7464 BrUsbMdm - ok
16:55:28.0359 7464 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:55:28.0368 7464 BrUsbSer - ok
16:55:28.0554 7464 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:55:28.0555 7464 BTHMODEM - ok
16:55:28.0634 7464 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:55:28.0636 7464 cdfs - ok
16:55:28.0737 7464 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:55:28.0750 7464 cdrom - ok
16:55:28.0814 7464 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
16:55:28.0815 7464 CertPropSvc - ok
16:55:28.0867 7464 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
16:55:28.0869 7464 circlass - ok
16:55:28.0932 7464 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:55:28.0937 7464 CLFS - ok
16:55:29.0021 7464 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:55:29.0024 7464 clr_optimization_v2.0.50727_32 - ok
16:55:29.0030 7464 clr_optimization_v2.0.50727_32SstpSvcoseSPTISRV - ok
16:55:29.0118 7464 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:55:29.0120 7464 clr_optimization_v4.0.30319_32 - ok
16:55:29.0211 7464 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
16:55:29.0214 7464 CmBatt - ok
16:55:29.0276 7464 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
16:55:29.0277 7464 cmdide - ok
16:55:29.0312 7464 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:55:29.0323 7464 Compbatt - ok
16:55:29.0668 7464 COMSysApp - ok
16:55:29.0709 7464 COMSysAppMMCSS - ok
16:55:29.0766 7464 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
16:55:29.0768 7464 crcdisk - ok
16:55:29.0808 7464 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
16:55:29.0810 7464 Crusoe - ok
16:55:29.0851 7464 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
16:55:29.0852 7464 CryptSvc - ok
16:55:29.0942 7464 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
16:55:29.0948 7464 DcomLaunch - ok
16:55:30.0015 7464 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
16:55:30.0018 7464 DfsC - ok
16:55:30.0147 7464 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
16:55:30.0201 7464 DFSR - ok
16:55:30.0207 7464 DFSRWinHttpAutoProxySvc - ok
16:55:30.0316 7464 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
16:55:30.0323 7464 Dhcp - ok
16:55:30.0522 7464 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:55:30.0539 7464 disk - ok
16:55:30.0580 7464 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
16:55:30.0582 7464 Dnscache - ok
16:55:30.0597 7464 DnscachewmiApSrv - ok
16:55:30.0631 7464 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
16:55:30.0634 7464 dot3svc - ok
16:55:30.0639 7464 dot3svcSpooler - ok
16:55:30.0742 7464 dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
16:55:30.0758 7464 dot4 - ok
16:55:30.0790 7464 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:55:30.0791 7464 Dot4Print - ok
16:55:30.0816 7464 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
16:55:30.0831 7464 dot4usb - ok
16:55:30.0974 7464 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
16:55:31.0027 7464 DPS - ok
16:55:31.0219 7464 DPSmsvsmon80 - ok
16:55:31.0225 7464 DPSmsvsmon80IDriverTBrowser - ok
16:55:31.0250 7464 DPSmsvsmon80MSDTCSharedAccess - ok
16:55:31.0267 7464 DPSSENSSysMain - ok
16:55:31.0276 7464 DPSupnphostmsiserver - ok
16:55:31.0413 7464 DPSupnphostmsiserverThemesNetTcpPortSharing - ok
16:55:31.0485 7464 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:55:31.0486 7464 drmkaud - ok
16:55:31.0541 7464 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:55:31.0546 7464 DXGKrnl - ok
16:55:31.0664 7464 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:55:31.0667 7464 E1G60 - ok
16:55:31.0705 7464 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
16:55:31.0707 7464 EapHost - ok
16:55:31.0724 7464 EapHostLanmanServerfdPHostUI0DetectDFSR - ok
16:55:31.0731 7464 EapHostTBS - ok
16:55:31.0789 7464 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:55:31.0793 7464 Ecache - ok
16:55:31.0859 7464 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
16:55:31.0864 7464 ehRecvr - ok
16:55:31.0906 7464 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
16:55:31.0909 7464 ehSched - ok
16:55:31.0954 7464 ehSchedTrustedInstallerWinmgmt - ok
16:55:31.0967 7464 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
16:55:31.0968 7464 ehstart - ok
16:55:31.0993 7464 ehstartMySQLWPDBusEnumBITS - ok
16:55:32.0024 7464 elagopro - ok
16:55:32.0073 7464 ElbyCDIO (aaa8999a169e39fb8b48ae49cd6ac30a) C:\Windows\system32\Drivers\ElbyCDIO.sys
16:55:32.0074 7464 ElbyCDIO - ok
16:55:32.0201 7464 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
16:55:32.0207 7464 elxstor - ok
16:55:32.0288 7464 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
16:55:32.0300 7464 EMDMgmt - ok
16:55:32.0312 7464 EMDMgmtplaWMPNetworkSvcehstart - ok
16:55:32.0584 7464 EPSON_PM_RPCV4_01 (cdca791afa0483f44bba576dbfafd04d) C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
16:55:32.0586 7464 EPSON_PM_RPCV4_01 - ok
16:55:32.0702 7464 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
16:55:32.0711 7464 EventSystem - ok
16:55:32.0722 7464 EventSystemMSiSCSI - ok
16:55:32.0782 7464 EventSystemwscsvc - ok
16:55:32.0795 7464 EventSystemwscsvcmsvsmon80 - ok
16:55:32.0814 7464 EventSystemwscsvcmsvsmon80OracleXETNSListenerwudfsvc - ok
16:55:32.0827 7464 EventSystemwscsvcmsvsmon80OracleXETNSListenerwudfsvcW32TimefdPHost - ok
16:55:32.0858 7464 EventSystemwscsvcmsvsmon80SENSSysMainSQLWriterWecsvc - ok
16:55:32.0908 7464 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:55:32.0911 7464 exfat - ok
16:55:32.0956 7464 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:55:32.0960 7464 fastfat - ok
16:55:33.0072 7464 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
16:55:33.0073 7464 fdc - ok
16:55:33.0129 7464 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
16:55:33.0130 7464 fdPHost - ok
16:55:33.0150 7464 fdPHostUI0DetectDFSR - ok
16:55:33.0182 7464 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
16:55:33.0183 7464 FDResPub - ok
16:55:33.0292 7464 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:55:33.0294 7464 FileInfo - ok
16:55:33.0542 7464 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:55:33.0555 7464 Filetrace - ok
16:55:33.0590 7464 firesvc - ok
16:55:33.0687 7464 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:55:33.0699 7464 FLEXnet Licensing Service - ok
16:55:33.0806 7464 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
16:55:33.0807 7464 flpydisk - ok
16:55:33.0887 7464 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:55:33.0891 7464 FltMgr - ok
16:55:33.0997 7464 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
16:55:34.0010 7464 FontCache - ok
16:55:34.0120 7464 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:55:34.0121 7464 FontCache3.0.0.0 - ok
16:55:34.0187 7464 FontCache3.0.0.0 Back-End Service - ok
16:55:34.0223 7464 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:55:34.0224 7464 Fs_Rec - ok
16:55:34.0256 7464 FXDrv32 - ok
16:55:34.0374 7464 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
16:55:34.0375 7464 gagp30kx - ok
16:55:34.0484 7464 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:55:34.0486 7464 GEARAspiWDM - ok
16:55:34.0719 7464 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
16:55:34.0724 7464 gpsvc - ok
16:55:34.0830 7464 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
16:55:34.0835 7464 HdAudAddService - ok
16:55:34.0947 7464 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:55:34.0959 7464 HDAudBus - ok
16:55:35.0034 7464 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:55:35.0036 7464 HidBth - ok
16:55:35.0067 7464 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:55:35.0069 7464 HidIr - ok
16:55:35.0133 7464 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
16:55:35.0134 7464 hidserv - ok
16:55:35.0236 7464 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:55:35.0237 7464 HidUsb - ok
16:55:35.0269 7464 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
16:55:35.0271 7464 hkmsvc - ok
16:55:35.0276 7464 hkmsvcQWAVE - ok
16:55:35.0305 7464 hkmsvcQWAVEplaWMPNetworkSvcehstart - ok
16:55:35.0331 7464 hkmsvcWSearch - ok
16:55:35.0408 7464 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
16:55:35.0500 7464 HpCISSs - ok
16:55:35.0610 7464 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
16:55:35.0617 7464 HTTP - ok
16:55:35.0651 7464 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
16:55:35.0653 7464 i2omp - ok
16:55:35.0778 7464 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:55:35.0794 7464 i8042prt - ok
16:55:35.0876 7464 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:55:35.0898 7464 ialm - ok
16:55:35.0983 7464 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
16:55:35.0990 7464 iaStorV - ok
16:55:36.0138 7464 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
16:55:36.0141 7464 IDriverT - ok
16:55:36.0145 7464 IDriverTBrowser - ok
16:55:36.0199 7464 IDriverTBrowserSQLBrowser - ok
16:55:36.0231 7464 IDriverTBrowserSQLBrowserProtectedStorageusnjsvc - ok
16:55:36.0469 7464 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:55:36.0484 7464 idsvc - ok
16:55:36.0498 7464 idsvcclr_optimization_v2.0.50727_32 - ok
16:55:36.0512 7464 idsvcwcncsvc - ok
16:55:36.0564 7464 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:55:36.0566 7464 iirsp - ok
16:55:36.0661 7464 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
16:55:36.0678 7464 IKEEXT - ok
16:55:36.0684 7464 IKEEXTehstart - ok
16:55:36.0709 7464 IKEEXTOracleXEClrAgentMpsSvc - ok
16:55:36.0793 7464 IntcAzAudAddService (4fa59a84069d9d0991bae34cc4aff99c) C:\Windows\system32\drivers\RTKVHDA.sys
16:55:36.0805 7464 IntcAzAudAddService - ok
16:55:36.0942 7464 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
16:55:36.0955 7464 intelide - ok
16:55:36.0981 7464 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:55:36.0982 7464 intelppm - ok
16:55:37.0018 7464 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
16:55:37.0020 7464 IPBusEnum - ok
16:55:37.0055 7464 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:55:37.0057 7464 IpFilterDriver - ok
16:55:37.0063 7464 iphlpsvciphlpsvc - ok
16:55:37.0070 7464 iphlpsvcPolicyAgent - ok
16:55:37.0128 7464 iphlpsvcRemoteAccessPNRPAutoReg - ok
16:55:37.0133 7464 iphlpsvcRemoteAccessPNRPAutoRegnvsvcW32Time - ok
16:55:37.0157 7464 iphlpsvcRemoteAccessPNRPAutoRegnvsvcW32TimeKService - ok
16:55:37.0180 7464 iphlpsvcRemoteAccessPNRPAutoRegnvsvcW32TimeMSCSPTISRVTapiSrvMSCSPTISRV - ok
16:55:37.0208 7464 IpInIp - ok
16:55:37.0245 7464 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
16:55:37.0247 7464 IPMIDRV - ok
16:55:37.0283 7464 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:55:37.0285 7464 IPNAT - ok
16:55:37.0512 7464 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
16:55:37.0518 7464 iPod Service - ok
16:55:37.0635 7464 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
16:55:37.0638 7464 irda - ok
16:55:37.0667 7464 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:55:37.0668 7464 IRENUM - ok
16:55:37.0704 7464 Irmon (cbb0d940221a281bcfeaea695bd1cda5) C:\Windows\System32\irmon.dll
16:55:37.0706 7464 Irmon - ok
16:55:37.0714 7464 IrmonShellHWDetection - ok
16:55:37.0765 7464 irsir (5896b5ff6332ab2be1582523e9656a67) C:\Windows\system32\DRIVERS\irsir.sys
16:55:37.0766 7464 irsir - ok
16:55:37.0879 7464 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
16:55:37.0883 7464 isapnp - ok
16:55:37.0921 7464 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
16:55:37.0923 7464 iScsiPrt - ok
16:55:37.0954 7464 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:55:37.0955 7464 iteatapi - ok
16:55:38.0037 7464 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:55:38.0039 7464 iteraid - ok
16:55:38.0139 7464 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:55:38.0140 7464 kbdclass - ok
16:55:38.0201 7464 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
16:55:38.0203 7464 kbdhid - ok
16:55:38.0296 7464 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:55:38.0297 7464 KeyIso - ok
16:55:38.0422 7464 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
16:55:38.0439 7464 KSecDD - ok
16:55:38.0702 7464 KService (70ceefe43cb746dd04a884c84a7ebaa3) C:\Program Files\Kontiki\KService.exe
16:55:38.0754 7464 KService - ok
16:55:38.0865 7464 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
16:55:38.0884 7464 KtmRm - ok
16:55:38.0895 7464 KtmRmp2pimsvc - ok
16:55:38.0901 7464 KtmRmTapiSrvDcomLaunchNetTcpPortSharing - ok
16:55:38.0952 7464 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
16:55:38.0957 7464 LanmanServer - ok
16:55:38.0962 7464 LanmanServerfdPHostUI0DetectDFSR - ok
16:55:39.0006 7464 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
16:55:39.0011 7464 LanmanWorkstation - ok
16:55:39.0160 7464 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:55:39.0162 7464 lltdio - ok
16:55:39.0212 7464 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
16:55:39.0217 7464 lltdsvc - ok
16:55:39.0243 7464 lltdsvcEventSystemwscsvcmsvsmon80SENSSysMainSQLWriterWecsvc - ok
16:55:39.0253 7464 lltdsvcidsvc - ok
16:55:39.0264 7464 lltdsvcSQLWriter - ok
16:55:39.0283 7464 lltdsvcSQLWriterSstpSvcoseSPTISRV - ok
16:55:39.0303 7464 lltdsvcSQLWriterSstpSvcoseSPTISRVpla - ok
16:55:39.0330 7464 lltdsvcSQLWriterSstpSvcoseSPTISRVplaOracleXETNSListenerwudfsvc - ok
16:55:39.0465 7464 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
16:55:39.0467 7464 lmhosts - ok
16:55:39.0529 7464 lmhostsALGmsvsmon80 - ok
16:55:39.0542 7464 lmhostsALGmsvsmon80TapiSrvDcomLaunchNetTcpPortSharing - ok
16:55:39.0569 7464 lmhostsALGmsvsmon80vds - ok
16:55:39.0592 7464 lmhostshkmsvc - ok
16:55:39.0659 7464 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
16:55:39.0680 7464 LSI_FC - ok
16:55:39.0722 7464 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
16:55:39.0726 7464 LSI_SAS - ok
16:55:39.0772 7464 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
16:55:39.0776 7464 LSI_SCSI - ok
16:55:39.0856 7464 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:55:39.0860 7464 luafv - ok
16:55:40.0005 7464 Macromedia Licensing Service (d5ba9b816afef5292fe13c9a6267b6ab) C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
16:55:40.0008 7464 Macromedia Licensing Service - ok
16:55:40.0130 7464 MAUSBFASTTRACK (862d7bd3be3399670a7e3358ce7e6344) C:\Windows\system32\DRIVERS\MAudioFastTrack.sys
16:55:40.0134 7464 MAUSBFASTTRACK - ok
16:55:40.0261 7464 McciCMService (a19444bed5aa69e4dbe7a68cc334591f) C:\Program Files\Common Files\Motive\McciCMService.exe
16:55:40.0266 7464 McciCMService - ok
16:55:40.0372 7464 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
16:55:40.0406 7464 mcdbus - ok
16:55:40.0609 7464 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2svc.dll
16:55:40.0610 7464 Mcx2Svc - ok
16:55:40.0614 7464 Mcx2SvcDhcp - ok
16:55:40.0650 7464 Mcx2SvcSDRSVC - ok
16:55:40.0665 7464 Mcx2SvcShellHWDetectionupnphostpla - ok
16:55:40.0679 7464 Mcx2SvcShellHWDetectionupnphostplaMMCSSWdiSystemHostnvsvc - ok
16:55:40.0700 7464 Mcx2SvcTHREADORDER - ok
16:55:40.0757 7464 Mcx2SvcTHREADORDERusnjsvcRasManFontCache3.0.0.0 - ok
16:55:40.0782 7464 Mcx2SvcWinHttpAutoProxySvcAeLookupSvcMDM - ok
16:55:40.0796 7464 Mcx2SvcWinHttpAutoProxySvcAeLookupSvcMDMNlaSvcSENSswprv - ok
16:55:40.0918 7464 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
16:55:40.0923 7464 MDM - ok
16:55:41.0027 7464 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
16:55:41.0029 7464 megasas - ok
16:55:41.0057 7464 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
16:55:41.0060 7464 MMCSS - ok
16:55:41.0074 7464 MMCSSMMCSSWdiSystemHost - ok
16:55:41.0084 7464 MMCSSMMCSSWdiSystemHostKtmRmTapiSrvDcomLaunchNetTcpPortSharing - ok
16:55:41.0089 7464 MMCSSWdiSystemHost - ok
16:55:41.0096 7464 MMCSSWdiSystemHostnvsvc - ok
16:55:41.0160 7464 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:55:41.0162 7464 Modem - ok
16:55:41.0280 7464 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:55:41.0281 7464 monitor - ok
16:55:41.0324 7464 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:55:41.0325 7464 mouclass - ok
16:55:41.0502 7464 moufiltr (baa4ed3c323bee7ebc144c7d232220a8) C:\Windows\system32\DRIVERS\moufiltr.sys
16:55:41.0503 7464 moufiltr - ok
16:55:41.0529 7464 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:55:41.0530 7464 mouhid - ok
16:55:41.0626 7464 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:55:41.0629 7464 MountMgr - ok
16:55:41.0675 7464 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
16:55:41.0677 7464 mpio - ok
16:55:41.0747 7464 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:55:41.0763 7464 mpsdrv - ok
16:55:41.0767 7464 MpsSvcBrlAPI - ok
16:55:41.0796 7464 MpsSvcNlaSvc - ok
16:55:41.0811 7464 MpsSvcNlaSvcCertPropSvc - ok
16:55:41.0825 7464 MpsSvcSCPolicySvc - ok
16:55:41.0842 7464 MpsSvcSCPolicySvclmhostshkmsvc - ok
16:55:41.0848 7464 MpsSvcSCPolicySvclmhostshkmsvcWMPNetworkSvc - ok
16:55:41.0866 7464 MpsSvcSPTISRV - ok
16:55:41.0893 7464 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:55:41.0895 7464 Mraid35x - ok
16:55:42.0050 7464 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
16:55:42.0062 7464 MREMP50 - ok
16:55:42.0072 7464 MREMPR5 - ok
16:55:42.0079 7464 MRENDIS5 - ok
16:55:42.0117 7464 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
16:55:42.0118 7464 MRESP50 - ok
16:55:42.0207 7464 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
16:55:42.0210 7464 MRxDAV - ok
16:55:42.0269 7464 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:55:42.0289 7464 mrxsmb - ok
16:55:42.0335 7464 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:55:42.0339 7464 mrxsmb10 - ok
16:55:42.0378 7464 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:55:42.0387 7464 mrxsmb20 - ok
16:55:42.0478 7464 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
16:55:42.0479 7464 msahci - ok
16:55:42.0694 7464 MSCSPTISRV (8e46a7bac823dd82d4fb2a34c3df4c1d) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
16:55:42.0696 7464 MSCSPTISRV - ok
16:55:42.0701 7464 MSCSPTISRViphlpsvcRemoteAccessPNRPAutoRegnvsvcW32Time - ok
16:55:42.0710 7464 MSCSPTISRVTapiSrvMSCSPTISRV - ok
16:55:42.0785 7464 MSCSPTISRVTapiSrvMSCSPTISRVSENSSysMainSQLWriterWecsvc - ok
16:55:42.0851 7464 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
16:55:42.0872 7464 msdsm - ok
16:55:42.0917 7464 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
16:55:42.0921 7464 MSDTC - ok
16:55:43.0008 7464 MSDTCLanmanServer - ok
16:55:43.0034 7464 MSDTCSharedAccess - ok
16:55:43.0083 7464 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:55:43.0096 7464 Msfs - ok
16:55:43.0191 7464 msftesql$SQLEXPRESS (54819fc5c79e4b2c6e896f9de440494d) c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
16:55:43.0194 7464 msftesql$SQLEXPRESS - ok
16:55:43.0198 7464 msftesql$SQLEXPRESSseclogon - ok
16:55:43.0299 7464 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:55:43.0300 7464 msisadrv - ok
16:55:43.0457 7464 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
16:55:43.0472 7464 MSiSCSI - ok
16:55:43.0492 7464 MSiSCSIPACSPTISVR - ok
16:55:43.0508 7464 MSiSCSISSScsiSVSENS - ok
16:55:43.0544 7464 MSiSCSISSScsiSVSENSMSDTCSharedAccess - ok
16:55:43.0560 7464 msiserver - ok
16:55:43.0599 7464 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:55:43.0601 7464 MSKSSRV - ok
16:55:43.0668 7464 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:55:43.0669 7464 MSPCLOCK - ok
16:55:43.0726 7464 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:55:43.0727 7464 MSPQM - ok
16:55:43.0775 7464 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
16:55:43.0779 7464 MsRPC - ok
16:55:43.0893 7464 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:55:43.0894 7464 mssmbios - ok
16:55:44.0009 7464 MSSQL$SQLEXPRESS - ok
16:55:44.0030 7464 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
16:55:44.0031 7464 MSSQLServerADHelper - ok
16:55:44.0038 7464 MSSQLServerADHelperIKEEXT - ok
16:55:44.0109 7464 MSSQLServerADHelperMDM - ok
16:55:44.0173 7464 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:55:44.0174 7464 MSTEE - ok
16:55:44.0359 7464 msvsmon80 (211fc58c9dbd1f3a824e34023d16babc) C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe
16:55:44.0505 7464 msvsmon80 - ok
16:55:44.0605 7464 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
16:55:44.0607 7464 Mup - ok
16:55:44.0649 7464 MySQL - ok
16:55:44.0701 7464 MySQLmsftesql$SQLEXPRESS - ok
16:55:44.0710 7464 MySQLmsftesql$SQLEXPRESSSpoolerPlugPlay - ok
16:55:44.0722 7464 MySQLWPDBusEnum - ok
16:55:44.0758 7464 MySQLWPDBusEnumBITS - ok
16:55:44.0772 7464 MySQLWPDBusEnumBITSDPSupnphostmsiserver - ok
16:55:44.0781 7464 MySQLWPDBusEnumSCPolicySvcWinDefendBFE - ok
16:55:44.0831 7464 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
16:55:44.0838 7464 napagent - ok
16:55:44.0856 7464 napagentBFE - ok
16:55:44.0894 7464 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
16:55:44.0897 7464 NativeWifiP - ok
16:55:45.0069 7464 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
16:55:45.0178 7464 NDIS - ok
16:55:45.0229 7464 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:55:45.0231 7464 NdisTapi - ok
16:55:45.0274 7464 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:55:45.0285 7464 Ndisuio - ok
16:55:45.0501 7464 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:55:45.0506 7464 NdisWan - ok
16:55:45.0685 7464 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:55:45.0687 7464 NDProxy - ok
16:55:45.0754 7464 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:55:45.0763 7464 NetBIOS - ok
16:55:45.0862 7464 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
16:55:45.0866 7464 netbt - ok
16:55:45.0983 7464 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:55:45.0985 7464 Netlogon - ok
16:55:45.0991 7464 NetlogonNetlogon - ok
16:55:46.0121 7464 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
16:55:46.0124 7464 Netman - ok
16:55:46.0259 7464 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
16:55:46.0262 7464 netprofm - ok
16:55:46.0527 7464 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:55:46.0532 7464 NetTcpPortSharing - ok
16:55:46.0629 7464 NetTcpPortSharingnvsvc - ok
16:55:46.0638 7464 NetTcpPortSharingnvsvcSamSs - ok
16:55:46.0651 7464 NetTcpPortSharingnvsvcWinmgmt - ok
16:55:46.0666 7464 NetTcpPortSharingPcaSvcMMCSS - ok
16:55:46.0851 7464 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
16:55:46.0885 7464 NETw3v32 - ok
16:55:47.0007 7464 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:55:47.0010 7464 nfrd960 - ok
16:55:47.0130 7464 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
16:55:47.0133 7464 NlaSvc - ok
16:55:47.0153 7464 NlaSvcSENSswprv - ok
16:55:47.0172 7464 NlaSvcswprvCOMSysApp - ok
16:55:47.0244 7464 NlaSvcwscsvcSCPolicySvc - ok
16:55:47.0563 7464 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
16:55:47.0564 7464 Npfs - ok
16:55:47.0667 7464 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
16:55:47.0669 7464 nsi - ok
16:55:47.0743 7464 nsinapagentBFE - ok
16:55:47.0767 7464 nsinapagentBFEDnscachewmiApSrv - ok
16:55:47.0795 7464 nsinapagentBFEDnscachewmiApSrvupnphostmsiserver - ok
16:55:47.0817 7464 nsinapagentBFETHREADORDER - ok
16:55:47.0968 7464 nsinapagentBFETHREADORDERBrowserhkmsvcSLUINotify - ok
16:55:47.0988 7464 nsinapagentBFETHREADORDERBrowserhkmsvcSLUINotifyDPSSENSSysMain - ok
16:55:48.0158 7464 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:55:48.0180 7464 nsiproxy - ok
16:55:48.0209 7464 nsiSENSSysMain - ok
16:55:48.0346 7464 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
16:55:48.0363 7464 Ntfs - ok
16:55:48.0563 7464 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:55:48.0564 7464 ntrigdigi - ok
16:55:48.0607 7464 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:55:48.0619 7464 Null - ok
16:55:49.0046 7464 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:55:49.0124 7464 nvlddmkm - ok
16:55:49.0261 7464 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
16:55:49.0263 7464 nvraid - ok
16:55:49.0295 7464 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
16:55:49.0297 7464 nvstor - ok
16:55:49.0600 7464 nvsvc (7c732aff202dcd06c3d262966d71604c) C:\Windows\system32\nvvsvc.exe
16:55:49.0605 7464 nvsvc - ok
16:55:49.0612 7464 nvsvcNetTcpPortSharing - ok
16:55:49.0631 7464 nvsvcNetTcpPortSharingW32Time - ok
16:55:49.0657 7464 nvsvcNetTcpPortSharingW32TimeDPS - ok
16:55:49.0677 7464 nvsvcW32Time - ok
16:55:49.0703 7464 nvsvcW32TimeSstpSvcoseSPTISRVusnjsvc - ok
16:55:49.0898 7464 nvUpdatusService (262d2fbf211a88dcb84249df0f6ef6e7) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
16:55:49.0932 7464 nvUpdatusService - ok
16:55:50.0038 7464 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
16:55:50.0042 7464 nv_agp - ok
16:55:50.0062 7464 NwlnkFlt - ok
16:55:50.0097 7464 NwlnkFwd - ok

steve1965, Apr 11, 2012

#11
steve1965 Newcomer, in training Posts: 37

TDSSKIller (rerun) log part 2 (o-z)

16:55:50.0143 7464 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
16:55:50.0145 7464 ohci1394 - ok
16:55:50.0196 7464 OracleJobSchedulerXE - ok
16:55:50.0290 7464 OracleJobSchedulerXEShellHWDetectionupnphost - ok
16:55:50.0325 7464 OracleJobSchedulerXEWinDefendBFEAppinfoBFEnapagent - ok
16:55:50.0344 7464 OracleMTSRecoveryService - ok
16:55:50.0356 7464 OracleMTSRecoveryServiceCryptSvc - ok
16:55:50.0375 7464 OracleServiceXE - ok
16:55:50.0393 7464 OracleServiceXELanmanServer - ok
16:55:50.0413 7464 OracleServiceXEMySQLmsftesql$SQLEXPRESS - ok
16:55:50.0427 7464 OracleServiceXEUxSms - ok
16:55:50.0441 7464 OracleXEClrAgent - ok
16:55:50.0451 7464 OracleXEClrAgentMpsSvc - ok
16:55:50.0494 7464 OracleXEClrAgentswprvCOMSysApp - ok
16:55:50.0516 7464 OracleXEClrAgentswprvCOMSysAppALGmsvsmon80 - ok
16:55:50.0548 7464 OracleXEClrAgentswprvCOMSysAppEventSystemwscsvcmsvsmon80SENSSysMainSQLWriterWecsvc - ok
16:55:50.0589 7464 OracleXETNSListener (8af936ce45788974efff7d0f19143583) C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
16:55:50.0595 7464 OracleXETNSListener - ok
16:55:50.0668 7464 OracleXETNSListenerwudfsvc - ok
16:55:50.0680 7464 OracleXETNSListenerwudfsvcmsftesql$SQLEXPRESS - ok
16:55:50.0796 7464 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:55:50.0798 7464 ose - ok
16:55:50.0810 7464 oseidsvcclr_optimization_v2.0.50727_32 - ok
16:55:50.0842 7464 oseMMCSS - ok
16:55:50.0853 7464 oseSstpSvcose - ok
16:55:50.0875 7464 oseTermService - ok
16:55:50.0895 7464 oseTermServicePlugPlay - ok
16:55:51.0037 7464 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:55:51.0052 7464 p2pimsvc - ok
16:55:51.0075 7464 p2pimsvcSSScsiSVSENS - ok
16:55:51.0115 7464 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:55:51.0121 7464 p2psvc - ok
16:55:51.0144 7464 p2psvcWerSvc - ok
16:55:51.0153 7464 p2psvcWerSvcidsvcwcncsvc - ok
16:55:51.0297 7464 PACSPTISVR (753a8f339f231d2b857e2ccd51a6e6ca) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
16:55:51.0300 7464 PACSPTISVR - ok
16:55:51.0312 7464 PACSPTISVR Back-End Service - ok
16:55:51.0322 7464 PACSPTISVRAeLookupSvc - ok
16:55:51.0653 7464 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
16:55:51.0656 7464 Parport - ok
16:55:51.0730 7464 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
16:55:51.0732 7464 partmgr - ok
16:55:51.0827 7464 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
16:55:51.0836 7464 Parvdm - ok
16:55:51.0882 7464 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
16:55:51.0885 7464 PcaSvc - ok
16:55:51.0894 7464 PcaSvcMMCSS - ok
16:55:51.0957 7464 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
16:55:51.0960 7464 pci - ok
16:55:52.0063 7464 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
16:55:52.0078 7464 pciide - ok
16:55:52.0121 7464 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
16:55:52.0124 7464 pcmcia - ok
16:55:52.0171 7464 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:55:52.0185 7464 PEAUTH - ok
16:55:52.0440 7464 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
16:55:52.0465 7464 pla - ok
16:55:52.0477 7464 plaAeLookupSvc - ok
16:55:52.0619 7464 plaSSScsiSVwscsvc - ok
16:55:52.0630 7464 plausnjsvcRasMan - ok
16:55:52.0641 7464 plaWMPNetworkSvcehstart - ok
16:55:52.0693 7464 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
16:55:52.0698 7464 PlugPlay - ok
16:55:52.0797 7464 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:55:52.0805 7464 PNRPAutoReg - ok
16:55:52.0836 7464 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:55:52.0841 7464 PNRPsvc - ok
16:55:52.0853 7464 PNRPsvcNetlogon - ok
16:55:52.0864 7464 PNRPsvcNetlogonDPSmsvsmon80 - ok
16:55:52.0932 7464 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
16:55:52.0940 7464 PolicyAgent - ok
16:55:53.0005 7464 PolicyAgentApache2 - ok
16:55:53.0022 7464 PolicyAgentApache2SCPolicySvc - ok
16:55:53.0112 7464 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:55:53.0114 7464 PptpMiniport - ok
16:55:53.0164 7464 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
16:55:53.0165 7464 Processor - ok
16:55:53.0252 7464 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
16:55:53.0256 7464 ProfSvc - ok
16:55:53.0315 7464 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:55:53.0316 7464 ProtectedStorage - ok
16:55:53.0323 7464 ProtectedStorageMcx2Svc - ok
16:55:53.0331 7464 ProtectedStorageusnjsvc - ok
16:55:53.0419 7464 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
16:55:53.0469 7464 PSched - ok
16:55:53.0590 7464 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\Windows\system32\Drivers\PxHelp20.sys
16:55:53.0593 7464 PxHelp20 - ok
16:55:53.0615 7464 qcdonner - ok
16:55:53.0711 7464 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
16:55:53.0727 7464 ql2300 - ok
16:55:53.0832 7464 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:55:53.0835 7464 ql40xx - ok
16:55:53.0917 7464 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
16:55:53.0922 7464 QWAVE - ok
16:55:54.0013 7464 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:55:54.0015 7464 QWAVEdrv - ok
16:55:54.0073 7464 QWAVEWinDefend - ok
16:55:54.0116 7464 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:55:54.0118 7464 RasAcd - ok
16:55:54.0162 7464 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
16:55:54.0166 7464 RasAuto - ok
16:55:54.0222 7464 RasAutoBITS - ok
16:55:54.0233 7464 RasAutoBITSSCPolicySvc - ok
16:55:54.0333 7464 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:55:54.0336 7464 Rasl2tp - ok
16:55:54.0419 7464 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
16:55:54.0425 7464 RasMan - ok
16:55:54.0649 7464 RasManmsiserver - ok
16:55:54.0675 7464 RasManmsiserverMpsSvcNlaSvc - ok
16:55:54.0690 7464 RasManmsiserverMpsSvcNlaSvcAppinfoBFEWPDBusEnum - ok
16:55:54.0715 7464 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
16:55:54.0716 7464 RasPppoe - ok
16:55:54.0797 7464 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
16:55:54.0799 7464 RasSstp - ok
16:55:54.0841 7464 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
16:55:54.0845 7464 rdbss - ok
16:55:54.0965 7464 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:55:54.0967 7464 RDPCDD - ok
16:55:55.0038 7464 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
16:55:55.0044 7464 rdpdr - ok
16:55:55.0075 7464 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:55:55.0076 7464 RDPENCDD - ok
16:55:55.0136 7464 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
16:55:55.0141 7464 RDPWD - ok
16:55:55.0211 7464 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
16:55:55.0214 7464 RemoteAccess - ok
16:55:55.0259 7464 RemoteAccessPNRPAutoReg - ok
16:55:55.0310 7464 RemoteAccesswuauservSessionEnvWSearchwuauserv - ok
16:55:55.0320 7464 RemoteAccesswuauservSessionEnvWSearchwuauservSQLWriterWecsvcBITSSENSSysMain - ok
16:55:55.0366 7464 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
16:55:55.0383 7464 RemoteRegistry - ok
16:55:55.0390 7464 RemoteRegistryMSCSPTISRV - ok
16:55:55.0399 7464 RemoteRegistryProfSvc - ok
16:55:55.0519 7464 RemoteRegistryProfSvcRpcSsvdswercplsupport - ok
16:55:55.0547 7464 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
16:55:55.0549 7464 RpcLocator - ok
16:55:55.0616 7464 RpcLocatorMySQLmsftesql$SQLEXPRESS - ok
16:55:55.0673 7464 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
16:55:55.0678 7464 RpcSs - ok
16:55:55.0715 7464 RpcSsBrowser - ok
16:55:55.0752 7464 RpcSsDnscachewmiApSrv - ok
16:55:55.0767 7464 RpcSsvdswercplsupport - ok
16:55:55.0787 7464 RpcSsvdswercplsupportMpsSvcSPTISRV - ok
16:55:55.0805 7464 RpcSsvdswercplsupportMpsSvcSPTISRVALG - ok
16:55:55.0863 7464 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:55:55.0865 7464 rspndr - ok
16:55:55.0928 7464 RTL8023xp (166911eada13cd34dd8f8c667707be94) C:\Windows\system32\DRIVERS\Rtnicxp.sys
16:55:55.0929 7464 RTL8023xp - ok
16:55:55.0993 7464 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
16:55:55.0995 7464 RTL8169 - ok
16:55:56.0056 7464 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:55:56.0058 7464 SamSs - ok
16:55:56.0126 7464 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:55:56.0128 7464 sbp2port - ok
16:55:56.0208 7464 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
16:55:56.0228 7464 SCardSvr - ok
16:55:56.0283 7464 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
16:55:56.0296 7464 Schedule - ok
16:55:56.0362 7464 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
16:55:56.0363 7464 SCPolicySvc - ok
16:55:56.0383 7464 SCPolicySvcIrmon - ok
16:55:56.0397 7464 SCPolicySvcWinDefendBFE - ok
16:55:56.0592 7464 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
16:55:56.0595 7464 SDRSVC - ok
16:55:56.0649 7464 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:55:56.0650 7464 secdrv - ok
16:55:56.0759 7464 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
16:55:56.0762 7464 seclogon - ok
16:55:56.0789 7464 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
16:55:56.0794 7464 SENS - ok
16:55:56.0801 7464 SENSswprv - ok
16:55:56.0832 7464 SENSswprvwercplsupport - ok
16:55:56.0843 7464 SENSswprvwercplsupportBITSslsvc - ok
16:55:56.0863 7464 SENSswprvWinHttpAutoProxySvc - ok
16:55:56.0878 7464 SENSSysMain - ok
16:55:56.0897 7464 SENSSysMainSQLWriterWecsvc - ok
16:55:56.0921 7464 SENSSysMainWdiServiceHost - ok
16:55:56.0931 7464 SENSSysMainWdiServiceHostp2pimsvcSSScsiSVSENS - ok
16:55:56.0940 7464 SENSSysMainWdiServiceHostp2pimsvcSSScsiSVSENSSstpSvcoseSPTISRV - ok
16:55:56.0993 7464 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
16:55:56.0995 7464 Serenum - ok
16:55:57.0107 7464 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
16:55:57.0124 7464 Serial - ok
16:55:57.0154 7464 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:55:57.0156 7464 sermouse - ok
16:55:57.0229 7464 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
16:55:57.0233 7464 SessionEnv - ok
16:55:57.0314 7464 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
16:55:57.0327 7464 sffdisk - ok
16:55:57.0356 7464 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
16:55:57.0369 7464 sffp_mmc - ok
16:55:57.0467 7464 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
16:55:57.0468 7464 sffp_sd - ok
16:55:57.0634 7464 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:55:57.0636 7464 sfloppy - ok
16:55:57.0730 7464 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
16:55:57.0735 7464 SharedAccess - ok
16:55:57.0753 7464 SharedAccessAppinfo - ok
16:55:57.0797 7464 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
16:55:57.0802 7464 ShellHWDetection - ok
16:55:57.0809 7464 ShellHWDetectionnetprofm - ok
16:55:57.0820 7464 ShellHWDetectionPlugPlay - ok
16:55:57.0828 7464 ShellHWDetectionProfSvc - ok
16:55:57.0864 7464 ShellHWDetectionupnphost - ok
16:55:57.0876 7464 ShellHWDetectionupnphostpla - ok
16:55:57.0903 7464 ShellHWDetectionW32TimefdPHostUI0Detect - ok
16:55:57.0952 7464 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
16:55:57.0954 7464 sisagp - ok
16:55:58.0026 7464 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
16:55:58.0027 7464 SiSRaid2 - ok
16:55:58.0066 7464 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
16:55:58.0081 7464 SiSRaid4 - ok
16:55:58.0209 7464 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
16:55:58.0265 7464 slsvc - ok
16:55:58.0381 7464 slsvcWecsvc - ok
16:55:58.0441 7464 slsvcWLSetupSvcWlansvcWinDefend - ok
16:55:58.0540 7464 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
16:55:58.0543 7464 SLUINotify - ok
16:55:58.0575 7464 SLUINotifyWdiServiceHost - ok
16:55:58.0624 7464 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
16:55:58.0626 7464 Smb - ok
16:55:58.0742 7464 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
16:55:58.0745 7464 SNMPTRAP - ok
16:55:58.0879 7464 SonicStage Back-End Service (977aaa4398d7d6fa65d973f5b3f54e40) C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
16:55:58.0882 7464 SonicStage Back-End Service - ok
16:55:58.0990 7464 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:55:58.0992 7464 spldr - ok
16:55:59.0042 7464 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
16:55:59.0046 7464 Spooler - ok
16:55:59.0067 7464 SpoolerPlugPlay - ok
16:55:59.0168 7464 sptd (e8b705f9abe446aaf7a315ef8b4aea5a) C:\Windows\system32\Drivers\sptd.sys
16:55:59.0168 7464 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: e8b705f9abe446aaf7a315ef8b4aea5a
16:55:59.0170 7464 sptd ( LockedFile.Multi.Generic ) - warning
16:55:59.0170 7464 sptd - detected LockedFile.Multi.Generic (1)
16:55:59.0266 7464 SPTISRV (e3e6c96b0ef4492c3c8fd0deef4e35a1) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
16:55:59.0268 7464 SPTISRV - ok
16:55:59.0369 7464 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
16:55:59.0378 7464 SQLBrowser - ok
16:55:59.0483 7464 SQLBrowserUI0Detect - ok
16:55:59.0695 7464 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
16:55:59.0696 7464 SQLWriter - ok
16:55:59.0710 7464 SQLWriternsinapagentBFETHREADORDERBrowserhkmsvcSLUINotify - ok
16:55:59.0731 7464 SQLWriterWecsvc - ok
16:55:59.0752 7464 SQLWriterWecsvcBITSSENSSysMain - ok
16:55:59.0766 7464 SQLWriterWecsvcBITSSENSSysMainCOMSysApp - ok
16:55:59.0790 7464 SQLWriterWecsvcBITSSENSSysMainiphlpsvcRemoteAccessPNRPAutoReg - ok
16:55:59.0800 7464 SQLWriterWecsvcupnphostmsiserver - ok
16:55:59.0863 7464 SQLWriterWecsvcupnphostmsiserver Back-End Service - ok
16:55:59.0968 7464 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
16:55:59.0973 7464 srv - ok
16:56:00.0023 7464 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
16:56:00.0026 7464 srv2 - ok
16:56:00.0056 7464 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
16:56:00.0058 7464 srvnet - ok
16:56:00.0146 7464 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
16:56:00.0151 7464 SSDPSRV - ok
16:56:00.0163 7464 SSDPSRVMMCSS - ok
16:56:00.0174 7464 SSDPSRVProfSvc - ok
16:56:00.0315 7464 SSScsiSV (756e371b3b86a3d3039926d32eac0e8d) C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
16:56:00.0318 7464 SSScsiSV - ok
16:56:00.0588 7464 SSScsiSVSENS - ok
16:56:00.0616 7464 SSScsiSVSENSTapiSrvDcomLaunchNetTcpPortSharing - ok
16:56:00.0624 7464 SSScsiSVTabletInputService - ok
16:56:00.0634 7464 SSScsiSVwscsvc - ok
16:56:00.0643 7464 SSScsiSVwscsvcMpsSvc - ok
16:56:00.0702 7464 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
16:56:00.0706 7464 SstpSvc - ok
16:56:00.0721 7464 SstpSvcEventSystemwscsvcmsvsmon80SENSSysMainSQLWriterWecsvc - ok
16:56:00.0741 7464 SstpSvcose - ok
16:56:00.0760 7464 SstpSvcoseSPTISRV - ok
16:56:00.0777 7464 SstpSvcoseSPTISRVApache2 - ok
16:56:00.0798 7464 SstpSvcoseSPTISRVApache2EventSystemMSiSCSI - ok
16:56:00.0805 7464 SstpSvcoseSPTISRVApache2NetTcpPortSharingnvsvc - ok
16:56:00.0836 7464 SstpSvcoseSPTISRVApache2NetTcpPortSharingnvsvcMcx2SvcShellHWDetectionupnphostpla - ok
16:56:00.0883 7464 SstpSvcoseSPTISRVDhcp - ok
16:56:00.0892 7464 SstpSvcoseSPTISRVDhcphidserv - ok
16:56:00.0910 7464 SstpSvcoseSPTISRVDhcphidservAppinfoBFEWPDBusEnum - ok
16:56:00.0930 7464 SstpSvcoseSPTISRVusnjsvc - ok
16:56:00.0939 7464 SstpSvcoseSPTISRVusnjsvcusnjsvcRasMan - ok
16:56:00.0978 7464 Stereo Service (a54900b66ba2229dde37a80fdc572328) C:\Windows\System32\nvSCPAPISvr.exe
16:56:00.0983 7464 Stereo Service - ok
16:56:01.0051 7464 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
16:56:01.0056 7464 stisvc - ok
16:56:01.0190 7464 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:56:01.0191 7464 swenum - ok
16:56:01.0301 7464 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
16:56:01.0308 7464 swprv - ok
16:56:01.0549 7464 swprvCOMSysApp - ok
16:56:01.0561 7464 swprvFontCache3.0.0.0 - ok
16:56:01.0708 7464 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:56:01.0710 7464 Symc8xx - ok
16:56:01.0765 7464 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:56:01.0767 7464 Sym_hi - ok
16:56:01.0822 7464 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:56:01.0824 7464 Sym_u3 - ok
16:56:01.0901 7464 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
16:56:01.0908 7464 SysMain - ok
16:56:01.0961 7464 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
16:56:01.0964 7464 TabletInputService - ok
16:56:02.0029 7464 TabletInputServiceWinDefendBFEAppinfoBFEnapagent - ok
16:56:02.0082 7464 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
16:56:02.0088 7464 TapiSrv - ok
16:56:02.0112 7464 TapiSrvDcomLaunch - ok
16:56:02.0163 7464 TapiSrvDcomLaunchNetTcpPortSharing - ok
16:56:02.0193 7464 TapiSrvDcomLaunchNetTcpPortSharingWebClientIPBusEnum - ok
16:56:02.0217 7464 TapiSrvDcomLaunchNetTcpPortSharingWebClientIPBusEnumBITSslsvcAppinfoBFEWPDBusEnum - ok
16:56:02.0241 7464 TapiSrvMSCSPTISRV - ok
16:56:02.0253 7464 TapiSrvMSCSPTISRVhkmsvc - ok
16:56:02.0308 7464 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
16:56:02.0311 7464 TBS - ok
16:56:02.0550 7464 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
16:56:02.0567 7464 Tcpip - ok
16:56:02.0625 7464 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
16:56:02.0632 7464 Tcpip6 - ok
16:56:02.0685 7464 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
16:56:02.0687 7464 tcpipreg - ok
16:56:02.0773 7464 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:56:02.0793 7464 TDPIPE - ok
16:56:02.0828 7464 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:56:02.0830 7464 TDTCP - ok
16:56:02.0899 7464 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
16:56:02.0901 7464 tdx - ok
16:56:02.0975 7464 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
16:56:02.0976 7464 TermDD - ok
16:56:03.0022 7464 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
16:56:03.0027 7464 TermService - ok
16:56:03.0080 7464 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
16:56:03.0083 7464 Themes - ok
16:56:03.0090 7464 ThemesNetTcpPortSharing - ok
16:56:03.0102 7464 ThemesNetTcpPortSharingusnjsvcRasManMMCSSPNRPsvc - ok
16:56:03.0113 7464 ThemesTrustedInstallerWinmgmt - ok
16:56:03.0163 7464 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
16:56:03.0164 7464 THREADORDER - ok
16:56:03.0220 7464 THREADORDEREventSystemwscsvcmsvsmon80 - ok
16:56:03.0239 7464 THREADORDEREventSystemwscsvcmsvsmon80MSiSCSISSScsiSVSENS - ok
16:56:03.0251 7464 THREADORDERMpsSvc - ok
16:56:03.0276 7464 THREADORDEROracleXEClrAgent - ok
16:56:03.0302 7464 tng-doba - ok
16:56:03.0356 7464 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
16:56:03.0360 7464 TrkWks - ok
16:56:03.0634 7464 TrkWksmsvsmon80 - ok
16:56:03.0646 7464 TrkWksmsvsmon80RpcLocator - ok
16:56:03.0681 7464 TrkWksmsvsmon80SSDPSRVMMCSS - ok
16:56:03.0756 7464 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
16:56:03.0758 7464 TrustedInstaller - ok
16:56:03.0786 7464 TrustedInstallerWinmgmt - ok
16:56:03.0797 7464 TrustedInstallerWinmgmtiphlpsvcRemoteAccessPNRPAutoRegnvsvcW32Time - ok
16:56:03.0882 7464 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:56:03.0902 7464 tssecsrv - ok
16:56:03.0951 7464 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:56:03.0953 7464 tunmp - ok
16:56:04.0010 7464 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
16:56:04.0011 7464 tunnel - ok
16:56:04.0074 7464 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
16:56:04.0076 7464 uagp35 - ok
16:56:04.0172 7464 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
16:56:04.0177 7464 udfs - ok
16:56:04.0237 7464 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
16:56:04.0240 7464 UI0Detect - ok
16:56:04.0265 7464 UI0DetectDFSR - ok
16:56:04.0337 7464 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
16:56:04.0360 7464 uliagpkx - ok
16:56:04.0455 7464 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
16:56:04.0459 7464 uliahci - ok
16:56:04.0571 7464 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:56:04.0574 7464 UlSata - ok
16:56:04.0719 7464 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:56:04.0722 7464 ulsata2 - ok
16:56:04.0791 7464 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:56:04.0792 7464 umbus - ok
16:56:04.0845 7464 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
16:56:04.0852 7464 upnphost - ok
16:56:04.0904 7464 upnphostmsiserver - ok
16:56:04.0925 7464 upnphostmsiserverOracleServiceXEMySQLmsftesql$SQLEXPRESS - ok
16:56:05.0025 7464 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
16:56:05.0028 7464 usbaudio - ok
16:56:05.0080 7464 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:56:05.0082 7464 usbccgp - ok
16:56:05.0185 7464 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:56:05.0188 7464 usbcir - ok
16:56:05.0239 7464 UsbDiag - ok
16:56:05.0344 7464 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
16:56:05.0346 7464 usbehci - ok
16:56:05.0522 7464 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
16:56:05.0526 7464 usbhub - ok
16:56:05.0569 7464 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
16:56:05.0570 7464 usbohci - ok
16:56:05.0656 7464 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
16:56:05.0657 7464 usbprint - ok
16:56:05.0703 7464 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
16:56:05.0705 7464 usbscan - ok
16:56:05.0820 7464 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:56:05.0822 7464 USBSTOR - ok
16:56:05.0879 7464 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:56:05.0881 7464 usbuhci - ok
16:56:05.0968 7464 usnjsvc (9d19b042a4fd5c02195071ea2fe0c821) C:\Program Files\Windows Live\Messenger\usnsvc.exe
16:56:05.0972 7464 usnjsvc - ok
16:56:06.0031 7464 usnjsvcRasMan - ok
16:56:06.0057 7464 usnjsvcRasManFontCache3.0.0.0 - ok
16:56:06.0067 7464 usnjsvcRasManFontCache3.0.0.0usnjsvcRasManhkmsvc - ok
16:56:06.0086 7464 usnjsvcRasManhkmsvc - ok
16:56:06.0133 7464 usnjsvcRasManMMCSS - ok
16:56:06.0147 7464 usnjsvcRasManMMCSSPNRPsvc - ok
16:56:06.0155 7464 usnjsvcRasMannsinapagentBFE - ok
16:56:06.0167 7464 usnjsvcSNMPTRAP - ok
16:56:06.0186 7464 usnjsvcTapiSrvDcomLaunchNetTcpPortSharingWebClientIPBusEnum - ok
16:56:06.0231 7464 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
16:56:06.0234 7464 UxSms - ok
16:56:06.0271 7464 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
16:56:06.0280 7464 vds - ok
16:56:06.0304 7464 vdsMSCSPTISRV - ok
16:56:06.0327 7464 vdswercplsupport - ok
16:56:06.0346 7464 vdswercplsupportWerSvc - ok
16:56:06.0450 7464 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
16:56:06.0452 7464 vga - ok
16:56:06.0657 7464 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:56:06.0659 7464 VgaSave - ok
16:56:06.0698 7464 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
16:56:06.0703 7464 viaagp - ok
16:56:06.0759 7464 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
16:56:06.0761 7464 ViaC7 - ok
16:56:06.0886 7464 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
16:56:06.0887 7464 viaide - ok
16:56:06.0942 7464 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:56:06.0944 7464 volmgr - ok
16:56:06.0993 7464 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
16:56:06.0999 7464 volmgrx - ok
16:56:07.0093 7464 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
16:56:07.0112 7464 volsnap - ok
16:56:07.0195 7464 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
16:56:07.0199 7464 vsmraid - ok
16:56:07.0283 7464 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
16:56:07.0303 7464 VSS - ok
16:56:07.0310 7464 VSSMcx2Svc - ok
16:56:07.0573 7464 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
16:56:07.0586 7464 vToolbarUpdater10.2.0 - ok
16:56:07.0679 7464 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
16:56:07.0687 7464 W32Time - ok
16:56:07.0707 7464 W32TimefdPHost - ok
16:56:07.0716 7464 W32TimefdPHostUI0Detect - ok
16:56:07.0727 7464 W32Timeoseidsvcclr_optimization_v2.0.50727_32 - ok
16:56:07.0757 7464 W32Timep2pimsvc - ok
16:56:07.0821 7464 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:56:07.0823 7464 WacomPen - ok
16:56:07.0871 7464 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:56:07.0875 7464 Wanarp - ok
16:56:07.0883 7464 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:56:07.0884 7464 Wanarpv6 - ok
16:56:07.0995 7464 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
16:56:07.0999 7464 wcncsvc - ok
16:56:08.0019 7464 wcncsvcnapagentBFE - ok
16:56:08.0036 7464 wcncsvcnapagentBFEMySQLWPDBusEnumSCPolicySvcWinDefendBFE - ok
16:56:08.0069 7464 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
16:56:08.0072 7464 WcsPlugInService - ok
16:56:08.0219 7464 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
16:56:08.0220 7464 Wd - ok
16:56:08.0384 7464 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:56:08.0395 7464 Wdf01000 - ok
16:56:08.0468 7464 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
16:56:08.0473 7464 WdiServiceHost - ok
16:56:08.0588 7464 WdiServiceHostCryptSvc - ok
16:56:08.0631 7464 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
16:56:08.0633 7464 WdiSystemHost - ok
16:56:08.0640 7464 WdiSystemHostRasManmsiserver - ok
16:56:08.0755 7464 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
16:56:08.0764 7464 WebClient - ok
16:56:08.0776 7464 WebClientIPBusEnum - ok
16:56:08.0882 7464 WebClientIPBusEnumEventSystemwscsvc - ok
16:56:09.0003 7464 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
16:56:09.0009 7464 Wecsvc - ok
16:56:09.0129 7464 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
16:56:09.0132 7464 wercplsupport - ok
16:56:09.0186 7464 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
16:56:09.0190 7464 WerSvc - ok
16:56:09.0214 7464 WinDefendBFE - ok
16:56:09.0221 7464 WinDefendBFEAppinfoBFE - ok
16:56:09.0238 7464 WinDefendBFEAppinfoBFEnapagent - ok
16:56:09.0258 7464 WinDefendBFENlaSvc - ok
16:56:09.0269 7464 WinDefendBFENlaSvcSstpSvcoseSPTISRVusnjsvc - ok
16:56:09.0278 7464 WinDefendBFESQLWriterWecsvcBITSSENSSysMainiphlpsvcRemoteAccessPNRPAutoReg - ok
16:56:09.0304 7464 WinDefendBFESQLWriterWecsvcBITSSENSSysMainiphlpsvcRemoteAccessPNRPAutoRegehstart - ok
16:56:09.0319 7464 WinDefendusnjsvcRasManFontCache3.0.0.0usnjsvcRasManhkmsvc - ok
16:56:09.0337 7464 WinHttpAutoProxySvc - ok
16:56:09.0356 7464 WinHttpAutoProxySvcAeLookupSvcMDM - ok
16:56:09.0378 7464 WinHttpAutoProxySvcAeLookupSvcMDMSpooler - ok
16:56:09.0478 7464 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
16:56:09.0481 7464 Winmgmt - ok
16:56:09.0697 7464 WinmgmtusnjsvcRasManFontCache3.0.0.0 - ok
16:56:09.0769 7464 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
16:56:09.0792 7464 WinRM - ok
16:56:09.0943 7464 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
16:56:09.0964 7464 Wlansvc - ok
16:56:09.0993 7464 WlansvcWinDefend - ok
16:56:10.0008 7464 WlansvcWinDefendBFE - ok
16:56:10.0029 7464 WlansvcWinDefendKService - ok
16:56:10.0044 7464 WlansvcWinDefendKServiceOracleXEClrAgent - ok
16:56:10.0156 7464 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
16:56:10.0185 7464 WLSetupSvc - ok
16:56:10.0264 7464 WLSetupSvcWecsvc - ok
16:56:10.0288 7464 WLSetupSvcWlansvcWinDefend - ok
16:56:10.0347 7464 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
16:56:10.0349 7464 WmiAcpi - ok
16:56:10.0631 7464 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
16:56:10.0634 7464 wmiApSrv - ok
16:56:10.0647 7464 wmiApSrvMcx2SvcShellHWDetectionupnphostpla - ok
16:56:10.0754 7464 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
16:56:10.0771 7464 WMPNetworkSvc - ok
16:56:10.0832 7464 WMPNetworkSvcehstart - ok
16:56:10.0878 7464 WMPNetworkSvcMpsSvc - ok
16:56:10.0931 7464 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
16:56:10.0934 7464 WPCSvc - ok
16:56:10.0950 7464 WPCSvcPNRPAutoReg - ok
16:56:10.0972 7464 WPCSvcWinDefend - ok
16:56:11.0015 7464 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
16:56:11.0019 7464 WPDBusEnum - ok
16:56:11.0032 7464 WPDBusEnumnsi - ok
16:56:11.0211 7464 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:56:11.0218 7464 WPFFontCache_v0400 - ok
16:56:11.0319 7464 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:56:11.0320 7464 ws2ifsl - ok
16:56:11.0348 7464 wscsvcPNRPsvc - ok
16:56:11.0356 7464 wscsvcPNRPsvcALG - ok
16:56:11.0366 7464 wscsvcSCPolicySvc - ok
16:56:11.0376 7464 wscsvcTBS - ok
16:56:11.0435 7464 WSearch - ok
16:56:11.0470 7464 WSearchnapagent - ok
16:56:11.0493 7464 WSearchnapagentDPSupnphostmsiserverThemesNetTcpPortSharing - ok
16:56:11.0518 7464 WSearchnapagentplaAeLookupSvc - ok
16:56:11.0531 7464 WSearchwuauserv - ok
16:56:11.0635 7464 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
16:56:11.0694 7464 wuauserv - ok
16:56:11.0708 7464 wuauservSessionEnv - ok
16:56:11.0765 7464 wuauservSessionEnvWSearchwuauserv - ok
16:56:11.0799 7464 wuauservSessionEnvWSearchwuauservTapiSrvDcomLaunchNetTcpPortSharing - ok
16:56:11.0852 7464 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:56:11.0855 7464 WUDFRd - ok
16:56:11.0924 7464 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
16:56:11.0928 7464 wudfsvc - ok
16:56:11.0989 7464 wudfsvcSLUINotifyWdiServiceHost - ok
16:56:12.0033 7464 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:56:12.0077 7464 \Device\Harddisk0\DR0 - ok
16:56:12.0082 7464 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR5
16:56:12.0087 7464 \Device\Harddisk5\DR5 - ok
16:56:12.0091 7464 Boot (0x1200) (ff2cee352b268cc0fdac41e32597d60b) \Device\Harddisk0\DR0\Partition0
16:56:12.0092 7464 \Device\Harddisk0\DR0\Partition0 - ok
16:56:12.0108 7464 Boot (0x1200) (93b101edb4ff84b618f3083ccaf20a56) \Device\Harddisk0\DR0\Partition1
16:56:12.0125 7464 \Device\Harddisk0\DR0\Partition1 - ok
16:56:12.0129 7464 Boot (0x1200) (f5ec6de948f37db8ebe4aa6c0a0054ac) \Device\Harddisk5\DR5\Partition0
16:56:12.0133 7464 \Device\Harddisk5\DR5\Partition0 - ok
16:56:12.0134 7464 ============================================================
16:56:12.0134 7464 Scan finished
16:56:12.0134 7464 ============================================================
16:56:12.0154 7444 Detected object count: 1
16:56:12.0154 7444 Actual detected object count: 1
16:56:18.0065 7444 sptd ( LockedFile.Multi.Generic ) - skipped by user
16:56:18.0065 7444 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

steve1965, Apr 11, 2012

#12
Broni Malware Annihilator Posts: 40,051 +187

Good

Post new aswMBR log.

Broni, Apr 11, 2012

#13
steve1965 Newcomer, in training Posts: 37

MBR log

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-11 17:12:30
-----------------------------
17:12:30.524 OS Version: Windows 6.0.6002 Service Pack 2
17:12:30.524 Number of processors: 2 586 0xF0D
17:12:30.525 ComputerName: STEVE-PC UserName: Steve
17:13:01.098 Initialize success
17:13:08.804 AVAST engine defs: 12041002
17:13:56.291 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
17:13:56.293 Disk 0 Vendor: HDT722525DLA380 V44OA9BA Size: 238475MB BusType: 3
17:13:56.308 Disk 0 MBR read successfully
17:13:56.311 Disk 0 MBR scan
17:13:56.315 Disk 0 Windows VISTA default MBR code
17:13:56.322 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 5500 MB offset 2048
17:13:56.335 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 1500 MB offset 11266048
17:13:56.365 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 231473 MB offset 14338048
17:13:56.391 Disk 0 scanning sectors +488394752
17:13:56.452 Disk 0 scanning C:\Windows\system32\drivers
17:14:15.476 Service scanning
17:14:36.335 Service FXDrv32 E:\FXDrv32.sys **LOCKED** 21
17:15:30.332 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
17:15:49.550 Modules scanning
17:16:18.014 Disk 0 trace - called modules:
17:16:18.045 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84d391e8]<<
17:16:18.050 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85972ac8]
17:16:18.056 3 CLASSPNP.SYS[8b1a28b3] -> nt!IofCallDriver -> [0x857205d8]
17:16:18.061 5 acpi.sys[8079f6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x85715390]
17:16:18.067 \Driver\atapi[0x8570f030] -> IRP_MJ_CREATE -> 0x84d391e8
17:16:19.644 AVAST engine scan C:\Windows
17:16:34.319 AVAST engine scan C:\Windows\system32
17:23:57.830 AVAST engine scan C:\Windows\system32\drivers
17:24:34.905 AVAST engine scan C:\Users\Steve
18:13:51.506 File: C:\Users\Steve\AppData\Local\Temp\Low\jar_cache3594.tmp **INFECTED** Win32:Kryptik-HEY [Trj]
20:31:42.755 AVAST engine scan C:\ProgramData
20:44:47.936 Scan finished successfully
20:45:53.450 Disk 0 MBR has been saved successfully to "C:\Users\Steve\Desktop\MBR.dat"
20:45:53.459 The log file has been saved successfully to "C:\Users\Steve\Desktop\aswMBR.txt"

steve1965, Apr 11, 2012

#14
Broni Malware Annihilator Posts: 40,051 +187
Very good

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

Double-click on the Rkill icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Broni, Apr 11, 2012

#15
steve1965 Newcomer, in training Posts: 37

ComboFix log

ComboFix 12-04-11.03 - Steve 12/04/2012 9:19.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.2212 [GMT 1:00]
Running from: c:\users\Steve\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\NOTEPAD.EXE-x.txt
c:\programdata\RUNDLL32.EXE-x.txt
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc106A.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc10F7.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1132.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1289.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc128B.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1410.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc14BB.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1607.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc17F6.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1885.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1900.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1B8E.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1BFC.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1C87.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1D9.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1EE8.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2006.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc21F5.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2223.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2232.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc22EF.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc233B.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2458.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2695.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc26B5.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc280D.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc28E6.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2944.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2963.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2AF9.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2BB4.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2C35.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2F8C.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3066.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc341F.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3623.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3A44.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3CC.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3E69.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3F89.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc400E.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc409C.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc40A.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4443.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc453D.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc453E.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc47DB.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc482A.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc482B.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4869.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4914.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc49C1.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc49EF.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4B48.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4CA0.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4F5D.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc517D.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc523A.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc52B5.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5328.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5370.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5544.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5595.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc55E1.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5729.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5766.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5775.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc591D.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc59B8.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5A44.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5D8E.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc602F.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6451.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc677F.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6CA.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6E90.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6EEB.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7023.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7448.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7718.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc77E1.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc780F.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc78CB.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc79B4.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7ACD.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7D6C.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7EF.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7F0.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8345.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc83D3.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc85A6.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8670.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc869F.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc878E.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8AC5.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8B04.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8BDD.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8C1D.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8DD0.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8E1F.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9090.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc91C6.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc93A.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc94E2.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9502.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc953F.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc958F.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc984.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9906.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc99A5.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9A26.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9AFA.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9B67.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9D5A.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9E34.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9E92.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9EF0.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA028.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA0A5.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA3A6.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA527.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA749.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA825.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA9E8.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAA28.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAAC5.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAB3F.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccABFA.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAD32.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAD61.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAEC8.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAFE0.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB0AD.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB1F3.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB4A1.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB658.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB694.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB751.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB77F.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB85A.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB934.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBCCC.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBE33.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBEFD.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBFA9.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC008.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC0D2.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC209.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC3CE.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC479.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC6AB.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC71.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCB0E.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCB6E.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCD52.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCF15.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCF59.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCF81.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCFE.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD0E8.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD0F7.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD10.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD126.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD30B.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD367.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD425.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD4F1.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD7AE.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD9D1.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDB95.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDBF1.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDF1B.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDF49.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE14F.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE1CB.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE227.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE265.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE33F.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE410.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE497.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE4A8.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE727.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE745.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE800.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE810.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE8DF.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE93.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEB9A.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEC35.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccECF0.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEF50.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF174.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF24D.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF28B.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF3D4.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF3E2.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF46F.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF54A.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF663.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF6F0.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF72E.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF73C.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF74C.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF856.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF9EB.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFA67.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFAF7.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFBD.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFBFF.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFD64.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFD83.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFDE1.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFEAB.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFEF.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFFB.tmp
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFFC4.tmp
c:\windows\$NtUninstallKB59839$
c:\windows\$NtUninstallKB59839$\2289590727\L\xtqaoywe
c:\windows\iun6002.exe
c:\windows\system32\269630729.dat
c:\windows\system32\3870957726.dat
c:\windows\system32\dds_trash_log.cmd
L:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AeLookupSvcMDMehRecvrhkmsvcQWAVE
-------\Service_Apache2slsvc
-------\Service_BITSslsvcAppinfoBFEWPDBusEnum
-------\Service_BITSslsvcp2pimsvcupnphostmsiserver
-------\Service_BrlAPIEventSystemwscsvcmsvsmon80
-------\Service_DPSupnphostmsiserverThemesNetTcpPortSharing
-------\Service_IDriverTBrowserSQLBrowserProtectedStorageusnjsvc
-------\Service_lltdsvcSQLWriterSstpSvcoseSPTISRV
-------\Service_lltdsvcSQLWriterSstpSvcoseSPTISRVplaOracleXETNSListenerwudfsvc
-------\Service_Mcx2SvcShellHWDetectionupnphostplaMMCSSWdiSystemHostnvsvc
-------\Service_Mcx2SvcTHREADORDERusnjsvcRasManFontCache3.0.0.0
-------\Service_Mcx2SvcWinHttpAutoProxySvcAeLookupSvcMDMNlaSvcSENSswprv
-------\Service_MpsSvcNlaSvcCertPropSvc
-------\Service_MpsSvcSCPolicySvclmhostshkmsvc
-------\Service_MSCSPTISRVTapiSrvMSCSPTISRVSENSSysMainSQLWriterWecsvc
-------\Service_MSiSCSISSScsiSVSENSMSDTCSharedAccess
-------\Service_MySQLmsftesql$SQLEXPRESS
-------\Service_MySQLWPDBusEnumBITS
-------\Service_nsinapagentBFETHREADORDERBrowserhkmsvcSLUINotify
-------\Service_nvsvcNetTcpPortSharingW32TimeDPS
-------\Service_nvsvcW32TimeSstpSvcoseSPTISRVusnjsvc
-------\Service_OracleJobSchedulerXEShellHWDetectionupnphost
-------\Service_OracleServiceXELanmanServer
-------\Service_OracleXEClrAgentswprvCOMSysAppALGmsvsmon80
-------\Service_OracleXETNSListenerwudfsvc
-------\Service_oseTermServicePlugPlay
-------\Service_RasManmsiserverMpsSvcNlaSvcAppinfoBFEWPDBusEnum
-------\Service_RemoteRegistryProfSvcRpcSsvdswercplsupport
-------\Service_RpcSsvdswercplsupportMpsSvcSPTISRV
-------\Service_SENSSysMainSQLWriterWecsvc
-------\Service_SQLBrowserUI0Detect
-------\Service_SQLWriterWecsvcBITSSENSSysMain
-------\Service_SQLWriterWecsvcupnphostmsiserver Back-End Service
-------\Service_SSScsiSVSENS
-------\Service_SstpSvcoseSPTISRV
-------\Service_SstpSvcoseSPTISRVApache2EventSystemMSiSCSI
-------\Service_SstpSvcoseSPTISRVApache2NetTcpPortSharingnvsvcMcx2SvcShellHWDetectionupnphostpla
-------\Service_TapiSrvDcomLaunchNetTcpPortSharingWebClientIPBusEnum
-------\Service_usnjsvc
-------\Service_usnjsvcRasMan
-------\Service_usnjsvcRasManMMCSSPNRPsvc
-------\Service_vdswercplsupportWerSvc
-------\Service_WinDefendBFE
-------\Service_WinDefendBFEAppinfoBFEnapagent
-------\Service_WinDefendBFESQLWriterWecsvcBITSSENSSysMainiphlpsvcRemoteAccessPNRPAutoRegehstart
-------\Service_WLSetupSvcWecsvc
-------\Service_WSearchnapagentDPSupnphostmsiserverThemesNetTcpPortSharing
-------\Service_wuauservSessionEnvWSearchwuauservTapiSrvDcomLaunchNetTcpPortSharing
.
.
((((((((((((((((((((((((( Files Created from 2012-03-12 to 2012-04-12 )))))))))))))))))))))))))))))))
.
.
2012-04-12 08:38 . 2012-04-12 08:41 -------- d-----w- c:\users\Steve\AppData\Local\temp
2012-04-12 08:38 . 2012-04-12 08:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-12 08:38 . 2012-04-12 08:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-12 08:38 . 2012-04-12 08:38 -------- d-----w- c:\users\Linda\AppData\Local\temp
2012-04-12 01:00 . 2012-03-06 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 01:00 . 2012-03-06 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 00:44 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-04-11 15:37 . 2012-04-11 15:37 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-10 15:40 . 2012-04-10 15:40 -------- d-----w- c:\users\Steve\AppData\Roaming\Malwarebytes
2012-04-10 15:40 . 2012-04-10 15:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-10 15:40 . 2012-04-10 15:40 -------- d-----w- c:\programdata\Malwarebytes
2012-04-10 15:40 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-06 14:29 . 2012-04-06 14:29 -------- d-----w- c:\program files\iPod
2012-04-06 14:29 . 2012-04-06 14:31 -------- d-----w- c:\program files\iTunes
2012-04-01 12:02 . 2012-04-01 12:18 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-17 17:58 . 2012-03-17 17:58 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-17 17:58 . 2012-03-17 17:58 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-14 12:57 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 12:57 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 12:57 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 12:57 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 12:57 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 12:57 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 12:54 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-14 12:54 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 12:20 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-03-13 12:20 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 15:40 . 2008-07-23 11:17 83456 ----a-w- c:\windows\system32\drivers\serial.sys
2012-04-01 12:18 . 2011-05-14 06:30 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-17 17:58 . 2011-04-30 17:06 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Vuze_Remote\prxtbVuz0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-11-27 1032376]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 4431872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-11-27 1032376]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"Skytel"="Skytel.exe" [2007-04-04 1822720]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-12-07 1584640]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 644104]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-7-11 576000]
SDK Tray Menu.lnk - c:\program files\Java\jdk1.6.0_03\bin\javaw.exe [2007-12-21 135168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2008-12-15 303104]
Monitor Apache Servers.lnk - c:\web\Apache2\bin\ApacheMonitor.exe [2008-1-17 41042]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2011-2-14 608584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^Steve^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^nnnv0.13162810356833832.exe.lnk]
path=c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nnnv0.13162810356833832.exe.lnk
backup=c:\windows\pss\nnnv0.13162810356833832.exe.lnk.Startup
backupExtension=.Startup
.
R2 AeLookupSvcMDM;Application Experience AeLookupSvcMDM;o% srv [x]
R2 AeLookupSvcMDMCryptSvc;Application Experience AeLookupSvcMDM AeLookupSvcMDMCryptSvc;c:\windows\system32\adsmsexto.exe [x]
R2 AeLookupSvcMDMehRecvr;Application Experience AeLookupSvcMDM AeLookupSvcMDMehRecvr;c:\windows\system32\adsmsexto.exe [x]
R2 AeLookupSvcMDMehRecvrhkmsvcQWAVEEPSON_PM_RPCV4_01;Application Experience AeLookupSvcMDM AeLookupSvcMDMehRecvr AeLookupSvcMDMehRecvrhkmsvcQWAVE AeLookupSvcMDMehRecvrhkmsvcQWAVEEPSON_PM_RPCV4_01;€û srv [x]
R2 AeLookupSvcMDMehRecvrhkmsvcQWAVEKeyIso;Application Experience AeLookupSvcMDM AeLookupSvcMDMehRecvr AeLookupSvcMDMehRecvrhkmsvcQWAVE AeLookupSvcMDMehRecvrhkmsvcQWAVEKeyIso;€û srv [x]
R2 AeLookupSvcMDMehRecvrW32Timep2pimsvc;Application Experience AeLookupSvcMDM AeLookupSvcMDMehRecvr AeLookupSvcMDMehRecvrW32Timep2pimsvc;€s/ srv [x]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 253600]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
elagopro
qcdonner
MXOPSWD
fallback
ANC
ser2pl
DCamUSBGrandTek
cobbmservice
sandradatasrv
mclserviceatl
cmudau
imonitor
changer
WinVd32
SNC
naveng
dwmrcs
bwsvc
vci
tosrfnds
iomegaaccess
nbservice
zenos1
lvuvc
alcxsens
cbidf2k
pptchpad
se2Cunic
savrt
wusb54gv2svc
RR2Mjpeg
nuvaud2
vpctcom
ulcdrhlp
savscan
netw4x32
mfcom
lvselsus
DcPTP
atmarpc
tng-doba
firesvc
UsbDiag
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 12:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: localhost
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
TCP: DhcpNameServer = 192.168.1.254
DPF: {047C3241-279D-438A-BC34-9AD1C1910FC0} - hxxp://www.mathtutor.ac.uk/Differentiation/drs/DrsDnldProj1.cab
FF - ProfilePath - c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\vfue9ge0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/|http://www.google.co.uk/|http://www...showthread.php?p=1166386&posted=1#post1166386
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bc85cb29a-10cf-4480-9a00-01060b6e0c30%7D&mid=c9326b458a7892fb5e580bd9ef323fd3-9a17500a96d428a5cdb8b2643968b9a928fc107f&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2011-10-12%2018%3A58%3A59&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-DriverUpdaterPro - c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
HKU-Default-RunServices-Win32Update - c:\windows\system32\adsmsexto.exe
SafeBoot-07378305.sys
AddRemove-LDraw2006 3rd Quarter - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-12 09:45
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msftesql$SQLEXPRESS]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:SQLEXPRESS"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AeLookupSvcMDM]
"ImagePath"="o% srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AeLookupSvcMDMehRecvrhkmsvcQWAVEEPSON_PM_RPCV4_01]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AeLookupSvcMDMehRecvrhkmsvcQWAVEKeyIso]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AeLookupSvcMDMehRecvrW32Timep2pimsvc]
"ImagePath"="€s/ srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AudioEndpointBuilderMSDTCLanmanServer]
"ImagePath"="àq% srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BFEDPSmsvsmon80]
"ImagePath"="@p\1e srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITSslsvc]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITSslsvcAppinfoBFEWPDBusEnumehSched]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITSslsvcp2pimsvcupnphostmsiserverBrowser]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITSslsvcp2pimsvcupnphostmsiserverTapiSrvDcomLaunch]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrowserhkmsvcNetTcpPortSharingnvsvc]
"ImagePath"="0q& srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrowserhkmsvcNetTcpPortSharingnvsvchidserv]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrowserhkmsvcPACSPTISVR]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrowserhkmsvcSLUINotifynvsvcW32Time]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\clr_optimization_v2.0.50727_32SstpSvcoseSPTISRV]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DFSRWinHttpAutoProxySvc]
"ImagePath"="o# srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dot3svcSpooler]
"ImagePath"="Øo\1b srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DPSmsvsmon80IDriverTBrowser]
"ImagePath"="àq\15 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DPSupnphostmsiserver]
"ImagePath"="øo` srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EapHostTBS]
"ImagePath"="øo\1b srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EMDMgmtplaWMPNetworkSvcehstart]
"ImagePath"="¨p srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystemMSiSCSI]
"ImagePath"="@p) srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystemwscsvcmsvsmon80]
"ImagePath"="Èp% srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystemwscsvcmsvsmon80OracleXETNSListenerwudfsvcW32TimefdPHost]
"ImagePath"="w) srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hkmsvcQWAVE]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IDriverTBrowser]
"ImagePath"="øo# srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\idsvcwcncsvc]
"ImagePath"="(o\1a srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IKEEXTehstart]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvciphlpsvc]
"ImagePath"="(o\14 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvcPolicyAgent]
"ImagePath"="Øo* srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvcRemoteAccessPNRPAutoRegnvsvcW32Time]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IrmonShellHWDetection]
"ImagePath"="¨p\1e srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KtmRmp2pimsvc]
"ImagePath"="xq* srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KtmRmTapiSrvDcomLaunchNetTcpPortSharing]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanServerfdPHostUI0DetectDFSR]
"ImagePath"="@p+ srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lltdsvcidsvc]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lltdsvcSQLWriter]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lmhostsALGmsvsmon80TapiSrvDcomLaunchNetTcpPortSharing]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mcx2SvcDhcp]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MMCSSMMCSSWdiSystemHostKtmRmTapiSrvDcomLaunchNetTcpPortSharing]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MMCSSWdiSystemHost]
"ImagePath"="øo* srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MMCSSWdiSystemHostnvsvc]
"ImagePath"="àq* srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpsSvcBrlAPI]
"ImagePath"="(oa srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpsSvcSCPolicySvclmhostshkmsvcWMPNetworkSvc]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSCSPTISRViphlpsvcRemoteAccessPNRPAutoRegnvsvcW32Time]
"ImagePath"="àq! srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSCSPTISRVTapiSrvMSCSPTISRV]
"ImagePath"="@p srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msftesql$SQLEXPRESSseclogon]
"ImagePath"="àq\1e srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSSQLServerADHelperIKEEXT]
"ImagePath"="Èp0 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\web\mysql\bin\mysqld-nt\" --defaults-file=\"c:\web\mysql\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQLmsftesql$SQLEXPRESSSpoolerPlugPlay]
"ImagePath"="àq* srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQLWPDBusEnum]
"ImagePath"="Àn\1a srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQLWPDBusEnumSCPolicySvcWinDefendBFE]
"ImagePath"="xq\14 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetlogonNetlogon]
"ImagePath"="Øo\1c srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetTcpPortSharingnvsvcSamSs]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetTcpPortSharingnvsvcWinmgmt]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NlaSvcswprvCOMSysApp]
"ImagePath"="¨p% srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsinapagentBFEDnscachewmiApSrv]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsinapagentBFEDnscachewmiApSrvupnphostmsiserver]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsinapagentBFETHREADORDER]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsinapagentBFETHREADORDERBrowserhkmsvcSLUINotifyDPSSENSSysMain]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvsvcNetTcpPortSharing]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\OracleMTSRecoveryServiceCryptSvc]
"ImagePath"="xq) srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\OracleServiceXEUxSms]
"ImagePath"="@p` srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\OracleXEClrAgentMpsSvc]
"ImagePath"="o' srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\OracleXETNSListenerwudfsvcmsftesql$SQLEXPRESS]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\oseidsvcclr_optimization_v2.0.50727_32]
"ImagePath"="Èp( srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\oseSstpSvcose]
"ImagePath"="o- srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p2psvcWerSvcidsvcwcncsvc]
"ImagePath"="xq\1c srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PACSPTISVR Back-End Service]
"ImagePath"="@p+ srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PACSPTISVRAeLookupSvc]
"ImagePath"="o\" srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PcaSvcMMCSS]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\plaAeLookupSvc]
"ImagePath"="¨p\" srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\plausnjsvcRasMan]
"ImagePath"="¨p% srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\plaWMPNetworkSvcehstart]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PNRPsvcNetlogonDPSmsvsmon80]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProtectedStorageMcx2Svc]
"ImagePath"="øo\19 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProtectedStorageusnjsvc]
"ImagePath"="øo\" srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAutoBITSSCPolicySvc]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccesswuauservSessionEnvWSearchwuauservSQLWriterWecsvcBITSSENSSysMain]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistryMSCSPTISRV]
"ImagePath"="øo/ srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistryProfSvc]
"ImagePath"="@p\1d srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCPolicySvcWinDefendBFE]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENSswprv]
"ImagePath"="øo, srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENSswprvwercplsupportBITSslsvc]
"ImagePath"="€s\" srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENSSysMainWdiServiceHostp2pimsvcSSScsiSVSENS]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENSSysMainWdiServiceHostp2pimsvcSSScsiSVSENSSstpSvcoseSPTISRV]
"ImagePath"="w& srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShellHWDetectionnetprofm]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShellHWDetectionPlugPlay]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShellHWDetectionProfSvc]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShellHWDetectionupnphostpla]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SQLWriternsinapagentBFETHREADORDERBrowserhkmsvcSLUINotify]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SQLWriterWecsvcBITSSENSSysMainCOMSysApp]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SQLWriterWecsvcupnphostmsiserver]
"ImagePath"="àq\1d srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSDPSRVMMCSS]
"ImagePath"="(o) srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSDPSRVProfSvc]
"ImagePath"="(o\17 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSScsiSVTabletInputService]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSScsiSVwscsvc]
"ImagePath"="o_ srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSScsiSVwscsvcMpsSvc]
"ImagePath"="xqa srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SstpSvcoseSPTISRVApache2NetTcpPortSharingnvsvc]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SstpSvcoseSPTISRVDhcphidserv]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SstpSvcoseSPTISRVusnjsvcusnjsvcRasMan]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swprvFontCache3.0.0.0]
"ImagePath"="xq$ srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TapiSrvMSCSPTISRVhkmsvc]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ThemesNetTcpPortSharing]
"ImagePath"="(o! srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ThemesNetTcpPortSharingusnjsvcRasManMMCSSPNRPsvc]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ThemesTrustedInstallerWinmgmt]
"ImagePath"="@p. srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\THREADORDERMpsSvc]
"ImagePath"="¨p\1c srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrkWksmsvsmon80RpcLocator]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrustedInstallerWinmgmtiphlpsvcRemoteAccessPNRPAutoRegnvsvcW32Time]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usnjsvcRasManFontCache3.0.0.0usnjsvcRasManhkmsvc]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usnjsvcRasMannsinapagentBFE]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usnjsvcSNMPTRAP]
"ImagePath"="àq\15 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSSMcx2Svc]
"ImagePath"="Øo\17 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32TimefdPHostUI0Detect]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Timeoseidsvcclr_optimization_v2.0.50727_32]
"ImagePath"="xq& srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdiSystemHostRasManmsiserver]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WebClientIPBusEnum]
"ImagePath"="(o. srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinDefendBFEAppinfoBFE]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinDefendBFENlaSvcSstpSvcoseSPTISRVusnjsvc]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinDefendBFESQLWriterWecsvcBITSSENSSysMainiphlpsvcRemoteAccessPNRPAutoReg]
"ImagePath"="€s0 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WlansvcWinDefendBFE]
"ImagePath"="@p\17 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WlansvcWinDefendKServiceOracleXEClrAgent]
"ImagePath"="€s\1c srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wmiApSrvMcx2SvcShellHWDetectionupnphostpla]
"ImagePath"="àq+ srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPCSvcPNRPAutoReg]
"ImagePath"="@p\17 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPDBusEnumnsi]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvcPNRPsvcALG]
"ImagePath"="¨p\14 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvcSCPolicySvc]
"ImagePath"="o, srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvcTBS]
"ImagePath"="(o- srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WSearchwuauserv]
"ImagePath"="(o! srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauservSessionEnv]
"ImagePath"="o. srv"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(736)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\web\Apache2\bin\Apache.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S30RP1.EXE
c:\program files\Kontiki\KService.exe
c:\web\Apache2\bin\Apache.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\web\mysql\bin\mysqld-nt.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\nvSCPAPISvr.exe
c:\windows\system32\WUDFHost.exe
c:\windows\RtHDVCpl.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2012-04-12 09:49:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-12 08:49
.
Pre-Run: 50,468,646,912 bytes free
Post-Run: 55,963,762,688 bytes free
.
- - End Of File - - C0C27EDFEFBAA7F12287E9DC89507FC9

steve1965, Apr 12, 2012

#16
steve1965 Newcomer, in training Posts: 37

Computer behavior

hi broni

not getting the avg trojan threats.
my security centre is back working.
i am able to connect to internet.

NOT able to see my other computer on my home network.

i haven't done anything else.

all the best
steve

steve1965, Apr 12, 2012

#17
Broni Malware Annihilator Posts: 40,051 +187
Good

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

Driver:: AeLookupSvcMDMehRecvrW32Timep2pimsvc AeLookupSvcMDMehRecvrhkmsvcQWAVEKeyIso AeLookupSvcMDMehRecvrhkmsvcQWAVEEPSON_PM_RPCV4_01 AeLookupSvcMDMehRecvr AeLookupSvcMDMCryptSvc AeLookupSvcMDM ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt
Broni, Apr 12, 2012

#18
steve1965 Newcomer, in training Posts: 37

ComboFix log run 2

ComboFix 12-04-11.03 - Steve 13/04/2012 9:30.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.2288 [GMT 1:00]
Running from: c:\users\Steve\Desktop\ComboFix.exe
Command switches used :: c:\users\Steve\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5891.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AeLookupSvcMDM
-------\Service_AeLookupSvcMDMCryptSvc
-------\Service_AeLookupSvcMDMehRecvr
-------\Service_AeLookupSvcMDMehRecvrhkmsvcQWAVEEPSON_PM_RPCV4_01
-------\Service_AeLookupSvcMDMehRecvrhkmsvcQWAVEKeyIso
-------\Service_AeLookupSvcMDMehRecvrW32Timep2pimsvc
-------\Service_OracleJobSchedulerXEWinDefendBFEAppinfoBFEnapagent
-------\Service_OracleServiceXEMySQLmsftesql$SQLEXPRESS
-------\Service_OracleXEClrAgentswprvCOMSysAppEventSystemwscsvcmsvsmon80SENSSysMainSQLWriterWecsvc
-------\Service_SENSSysMainWdiServiceHost
-------\Service_WLSetupSvcWlansvcWinDefend
-------\Service_WSearchnapagentplaAeLookupSvc
.
.
((((((((((((((((((((((((( Files Created from 2012-03-13 to 2012-04-13 )))))))))))))))))))))))))))))))
.
.
2012-04-13 08:38 . 2012-04-13 08:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-13 08:38 . 2012-04-13 08:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-13 08:38 . 2012-04-13 08:38 -------- d-----w- c:\users\Linda\AppData\Local\temp
2012-04-13 08:38 . 2012-04-13 08:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-13 07:42 . 2012-03-20 02:53 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{03A8FCE4-3D04-424C-BE1F-318DDACA2EEB}\mpengine.dll
2012-04-13 07:35 . 2012-02-23 09:18 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-04-12 09:22 . 2012-04-12 09:22 -------- d-----w- c:\programdata\AVG Secure Search
2012-04-12 09:22 . 2012-04-12 09:22 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-04-12 09:22 . 2012-04-12 09:22 -------- d-----w- c:\program files\AVG Secure Search
2012-04-12 08:38 . 2012-04-13 08:42 -------- d-----w- c:\users\Steve\AppData\Local\temp
2012-04-12 01:00 . 2012-03-06 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 01:00 . 2012-03-06 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 00:44 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-04-11 15:37 . 2012-04-11 15:37 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-10 15:40 . 2012-04-10 15:40 -------- d-----w- c:\users\Steve\AppData\Roaming\Malwarebytes
2012-04-10 15:40 . 2012-04-10 15:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-10 15:40 . 2012-04-10 15:40 -------- d-----w- c:\programdata\Malwarebytes
2012-04-10 15:40 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-06 14:29 . 2012-04-06 14:29 -------- d-----w- c:\program files\iPod
2012-04-06 14:29 . 2012-04-06 14:31 -------- d-----w- c:\program files\iTunes
2012-04-01 12:02 . 2012-04-01 12:18 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-17 17:58 . 2012-03-17 17:58 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-17 17:58 . 2012-03-17 17:58 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-14 12:57 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 12:57 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 12:57 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 12:57 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 12:57 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 12:54 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-14 12:54 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 15:40 . 2008-07-23 11:17 83456 ----a-w- c:\windows\system32\drivers\serial.sys
2012-04-01 12:18 . 2011-05-14 06:30 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-29 15:11 . 2012-04-12 01:01 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11 . 2012-04-12 01:01 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-28 01:11 . 2012-04-12 01:01 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-02 15:16 . 2012-03-14 12:57 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-17 17:58 . 2011-04-30 17:06 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-04-12 09:22 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Vuze_Remote\prxtbVuz0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-04-12 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-11-27 1032376]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 4431872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-11-27 1032376]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"Skytel"="Skytel.exe" [2007-04-04 1822720]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-12-07 1584640]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 644104]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-04-12 982880]
.
c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-7-11 576000]
SDK Tray Menu.lnk - c:\program files\Java\jdk1.6.0_03\bin\javaw.exe [2007-12-21 135168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2008-12-15 303104]
Monitor Apache Servers.lnk - c:\web\Apache2\bin\ApacheMonitor.exe [2008-1-17 41042]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2011-2-14 608584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Users^Steve^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^nnnv0.13162810356833832.exe.lnk]
path=c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nnnv0.13162810356833832.exe.lnk
backup=c:\windows\pss\nnnv0.13162810356833832.exe.lnk.Startup
backupExtension=.Startup
.
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 253600]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
elagopro
qcdonner
MXOPSWD
fallback
ANC
ser2pl
DCamUSBGrandTek
cobbmservice
sandradatasrv
mclserviceatl
cmudau
imonitor
changer
WinVd32
SNC
naveng
dwmrcs
bwsvc
vci
tosrfnds
iomegaaccess
nbservice
zenos1
lvuvc
alcxsens
cbidf2k
pptchpad
se2Cunic
savrt
wusb54gv2svc
RR2Mjpeg
nuvaud2
vpctcom
ulcdrhlp
savscan
netw4x32
mfcom
lvselsus
DcPTP
atmarpc
tng-doba
firesvc
UsbDiag
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 12:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: localhost
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
DPF: {047C3241-279D-438A-BC34-9AD1C1910FC0} - hxxp://www.mathtutor.ac.uk/Differentiation/drs/DrsDnldProj1.cab
FF - ProfilePath - c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\vfue9ge0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/|http://www.google.co.uk/|http://www...showthread.php?p=1166386&posted=1#post1166386
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B0085c2e1-8f27-4756-a274-bb9b81adef19%7D&mid=c9326b458a7892fb5e580bd9ef323fd3-9a17500a96d428a5cdb8b2643968b9a928fc107f&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2012-04-12%2010%3A22%3A47&sap=ku&q=
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msftesql$SQLEXPRESS]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:SQLEXPRESS"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AudioEndpointBuilderMSDTCLanmanServer]
"ImagePath"="àq% srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BFEDPSmsvsmon80]
"ImagePath"="@p\1e srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITSslsvc]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITSslsvcAppinfoBFEWPDBusEnumehSched]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITSslsvcp2pimsvcupnphostmsiserverBrowser]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITSslsvcp2pimsvcupnphostmsiserverTapiSrvDcomLaunch]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrowserhkmsvcNetTcpPortSharingnvsvc]
"ImagePath"="0q& srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrowserhkmsvcNetTcpPortSharingnvsvchidserv]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrowserhkmsvcPACSPTISVR]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrowserhkmsvcSLUINotifynvsvcW32Time]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\clr_optimization_v2.0.50727_32SstpSvcoseSPTISRV]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DFSRWinHttpAutoProxySvc]
"ImagePath"="o# srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dot3svcSpooler]
"ImagePath"="Øo\1b srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DPSmsvsmon80IDriverTBrowser]
"ImagePath"="àq\15 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DPSupnphostmsiserver]
"ImagePath"="øo` srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EapHostTBS]
"ImagePath"="øo\1b srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EMDMgmtplaWMPNetworkSvcehstart]
"ImagePath"="¨p srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystemMSiSCSI]
"ImagePath"="@p) srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystemwscsvcmsvsmon80]
"ImagePath"="Èp% srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystemwscsvcmsvsmon80OracleXETNSListenerwudfsvcW32TimefdPHost]
"ImagePath"="w) srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hkmsvcQWAVE]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IDriverTBrowser]
"ImagePath"="øo# srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\idsvcwcncsvc]
"ImagePath"="(o\1a srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IKEEXTehstart]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvciphlpsvc]
"ImagePath"="(o\14 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvcPolicyAgent]
"ImagePath"="Øo* srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvcRemoteAccessPNRPAutoRegnvsvcW32Time]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IrmonShellHWDetection]
"ImagePath"="¨p\1e srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KtmRmp2pimsvc]
"ImagePath"="xq* srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KtmRmTapiSrvDcomLaunchNetTcpPortSharing]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanServerfdPHostUI0DetectDFSR]
"ImagePath"="@p+ srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lltdsvcidsvc]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lltdsvcSQLWriter]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lmhostsALGmsvsmon80TapiSrvDcomLaunchNetTcpPortSharing]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mcx2SvcDhcp]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MMCSSMMCSSWdiSystemHostKtmRmTapiSrvDcomLaunchNetTcpPortSharing]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MMCSSWdiSystemHost]
"ImagePath"="øo* srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MMCSSWdiSystemHostnvsvc]
"ImagePath"="àq* srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpsSvcBrlAPI]
"ImagePath"="(oa srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpsSvcSCPolicySvclmhostshkmsvcWMPNetworkSvc]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSCSPTISRViphlpsvcRemoteAccessPNRPAutoRegnvsvcW32Time]
"ImagePath"="àq! srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSCSPTISRVTapiSrvMSCSPTISRV]
"ImagePath"="@p srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msftesql$SQLEXPRESSseclogon]
"ImagePath"="àq\1e srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSSQLServerADHelperIKEEXT]
"ImagePath"="Èp0 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\web\mysql\bin\mysqld-nt\" --defaults-file=\"c:\web\mysql\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQLmsftesql$SQLEXPRESSSpoolerPlugPlay]
"ImagePath"="àq* srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQLWPDBusEnum]
"ImagePath"="Àn\1a srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQLWPDBusEnumSCPolicySvcWinDefendBFE]
"ImagePath"="xq\14 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetlogonNetlogon]
"ImagePath"="Øo\1c srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetTcpPortSharingnvsvcSamSs]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetTcpPortSharingnvsvcWinmgmt]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NlaSvcswprvCOMSysApp]
"ImagePath"="¨p% srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsinapagentBFEDnscachewmiApSrv]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsinapagentBFEDnscachewmiApSrvupnphostmsiserver]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsinapagentBFETHREADORDER]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsinapagentBFETHREADORDERBrowserhkmsvcSLUINotifyDPSSENSSysMain]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvsvcNetTcpPortSharing]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\OracleMTSRecoveryServiceCryptSvc]
"ImagePath"="xq) srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\OracleServiceXEUxSms]
"ImagePath"="@p` srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\OracleXEClrAgentMpsSvc]
"ImagePath"="o' srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\OracleXETNSListenerwudfsvcmsftesql$SQLEXPRESS]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\oseidsvcclr_optimization_v2.0.50727_32]
"ImagePath"="Èp( srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\oseSstpSvcose]
"ImagePath"="o- srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p2psvcWerSvcidsvcwcncsvc]
"ImagePath"="xq\1c srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PACSPTISVR Back-End Service]
"ImagePath"="@p+ srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PACSPTISVRAeLookupSvc]
"ImagePath"="o\" srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PcaSvcMMCSS]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\plaAeLookupSvc]
"ImagePath"="¨p\" srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\plausnjsvcRasMan]
"ImagePath"="¨p% srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\plaWMPNetworkSvcehstart]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PNRPsvcNetlogonDPSmsvsmon80]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProtectedStorageMcx2Svc]
"ImagePath"="øo\19 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProtectedStorageusnjsvc]
"ImagePath"="øo\" srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAutoBITSSCPolicySvc]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccesswuauservSessionEnvWSearchwuauservSQLWriterWecsvcBITSSENSSysMain]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistryMSCSPTISRV]
"ImagePath"="øo/ srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistryProfSvc]
"ImagePath"="@p\1d srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCPolicySvcWinDefendBFE]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENSswprv]
"ImagePath"="øo, srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENSswprvwercplsupportBITSslsvc]
"ImagePath"="€s\" srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENSSysMainWdiServiceHostp2pimsvcSSScsiSVSENS]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENSSysMainWdiServiceHostp2pimsvcSSScsiSVSENSSstpSvcoseSPTISRV]
"ImagePath"="w& srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShellHWDetectionnetprofm]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShellHWDetectionPlugPlay]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShellHWDetectionProfSvc]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShellHWDetectionupnphostpla]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SQLWriternsinapagentBFETHREADORDERBrowserhkmsvcSLUINotify]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SQLWriterWecsvcBITSSENSSysMainCOMSysApp]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SQLWriterWecsvcupnphostmsiserver]
"ImagePath"="àq\1d srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSDPSRVMMCSS]
"ImagePath"="(o) srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSDPSRVProfSvc]
"ImagePath"="(o\17 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSScsiSVTabletInputService]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSScsiSVwscsvc]
"ImagePath"="o_ srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSScsiSVwscsvcMpsSvc]
"ImagePath"="xqa srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SstpSvcoseSPTISRVApache2NetTcpPortSharingnvsvc]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SstpSvcoseSPTISRVDhcphidserv]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SstpSvcoseSPTISRVusnjsvcusnjsvcRasMan]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swprvFontCache3.0.0.0]
"ImagePath"="xq$ srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TapiSrvMSCSPTISRVhkmsvc]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ThemesNetTcpPortSharing]
"ImagePath"="(o! srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ThemesNetTcpPortSharingusnjsvcRasManMMCSSPNRPsvc]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ThemesTrustedInstallerWinmgmt]
"ImagePath"="@p. srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\THREADORDERMpsSvc]
"ImagePath"="¨p\1c srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrkWksmsvsmon80RpcLocator]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrustedInstallerWinmgmtiphlpsvcRemoteAccessPNRPAutoRegnvsvcW32Time]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usnjsvcRasManFontCache3.0.0.0usnjsvcRasManhkmsvc]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usnjsvcRasMannsinapagentBFE]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usnjsvcSNMPTRAP]
"ImagePath"="àq\15 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSSMcx2Svc]
"ImagePath"="Øo\17 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32TimefdPHostUI0Detect]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Timeoseidsvcclr_optimization_v2.0.50727_32]
"ImagePath"="xq& srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdiSystemHostRasManmsiserver]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WebClientIPBusEnum]
"ImagePath"="(o. srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinDefendBFEAppinfoBFE]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinDefendBFENlaSvcSstpSvcoseSPTISRVusnjsvc]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinDefendBFESQLWriterWecsvcBITSSENSSysMainiphlpsvcRemoteAccessPNRPAutoReg]
"ImagePath"="€s0 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WlansvcWinDefendBFE]
"ImagePath"="@p\17 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WlansvcWinDefendKServiceOracleXEClrAgent]
"ImagePath"="€s\1c srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wmiApSrvMcx2SvcShellHWDetectionupnphostpla]
"ImagePath"="àq+ srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPCSvcPNRPAutoReg]
"ImagePath"="@p\17 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPDBusEnumnsi]
"ImagePath"="€û\12 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvcPNRPsvcALG]
"ImagePath"="¨p\14 srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvcSCPolicySvc]
"ImagePath"="o, srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvcTBS]
"ImagePath"="(o- srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WSearchwuauserv]
"ImagePath"="(o! srv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauservSessionEnv]
"ImagePath"="o. srv"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(744)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\web\Apache2\bin\Apache.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S30RP1.EXE
c:\web\Apache2\bin\Apache.exe
c:\program files\Kontiki\KService.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\web\mysql\bin\mysqld-nt.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\nvSCPAPISvr.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
c:\windows\system32\WUDFHost.exe
c:\windows\RtHDVCpl.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Completion time: 2012-04-13 09:49:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-13 08:49
.
Pre-Run: 51,324,465,152 bytes free
Post-Run: 51,223,736,320 bytes free
.
- - End Of File - - 4BDAA64D650D47B7AC05A48B32ACFEFD

steve1965, Apr 13, 2012

#19
Broni Malware Annihilator Posts: 40,051 +187
Looks good.

How is computer doing?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Broni, Apr 13, 2012

#20

Page 1 of 2

Add New Comment

	TechSpot Members Login or sign up for free, it takes about 30 seconds.			You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.