Inactive [A] Afd.sys has Trojan Horse Agent_r, multiple TH Crypt infections..

[kvcummins]

As noted in the title, my afd.sys has an Agent_r variant, and I periodically get Crypt infections of various files. I have AVG 2012, updated and running. Here are my logs:

MBAM LOG::


Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.11.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Jamie :: CUMMINS-VISTA [administrator]

Protection: Enabled

3/11/2012 9:57:54 AM
mbam-log-2012-03-11 (09-57-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234878
Time elapsed: 15 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[kvcummins]

GMER LOG::


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-12 08:29:44
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0
Running: 4jtuc65q.exe; Driver: C:\Users\Jamie\AppData\Local\Temp\uxtiqpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB38E1F3C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB38E1FE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB38E2080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB38E211C]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 3F1 822EEB74 4 Bytes [3C, 1F, 8E, B3]
.text ntkrnlpa.exe!KeSetEvent + 621 822EEDA4 8 Bytes [E4, 1F, 8E, B3, 80, 20, 8E, ...]
.text ntkrnlpa.exe!KeSetEvent + 681 822EEE04 4 Bytes [1C, 21, 8E, B3]
.text C:\Windows\system32\drivers\afd.sys section is writeable [0x93CA4000, 0x9C71, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtProtectVirtualMemory 76E14BA4 5 Bytes JMP 0120000A
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtWriteVirtualMemory 76E154E4 5 Bytes JMP 0125000A
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!KiUserExceptionDispatcher 76E15C28 5 Bytes JMP 010E000A
.text C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe[3320] ntdll.dll!DbgBreakPoint 76DF878E 1 Byte [90]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73097817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [730EA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7309BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7308F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [730975E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7308E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [730C8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7309DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7308FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7308FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [730871CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7311CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [730BC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7308D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73086853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7308687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73092AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Processes - GMER 1.0.15 ----

Process PING.EXE (*** hidden *** ) 1192
Process C:\Windows\System32\ping.exe (*** hidden *** ) 3804

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{7A0D1738-10EA-47FF-92BE-4E137B5BE1A4}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7A0D1738-10EA-47FF-92BE-4E137B5BE1A4}\InprocServer32@ C:\nDoors\Atlantica\StmOCX.dll?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SOFTWARE\Classes\CLSID\{7A0D1738-10EA-47FF-92BE-4E137B5BE1A4}\InprocServer32@ThreadingModel Apartment??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SOFTWARE\Classes\CLSID\{7A0D1738-10EA-47FF-92BE-4E137B5BE1A4}\Programmable
Reg HKLM\SOFTWARE\Classes\CLSID\{7A0D1738-10EA-47FF-92BE-4E137B5BE1A4}\TypeLib
Reg HKLM\SOFTWARE\Classes\CLSID\{7A0D1738-10EA-47FF-92BE-4E137B5BE1A4}\TypeLib@ {0AB6D809-3081-494F-BD93-D58F480BF0E3}??????????????????????????????????????????????????????????????????????????????????????????

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB36441$\2453711976 0 bytes
File C:\Windows\$NtUninstallKB36441$\2956803684 0 bytes
File C:\Windows\$NtUninstallKB36441$\2956803684\@ 2048 bytes
File C:\Windows\$NtUninstallKB36441$\2956803684\cfg.ini 298 bytes
File C:\Windows\$NtUninstallKB36441$\2956803684\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB36441$\2956803684\L 0 bytes
File C:\Windows\$NtUninstallKB36441$\2956803684\L\qnbwvoto 273408 bytes
File C:\Windows\$NtUninstallKB36441$\2956803684\oemid 15 bytes
File C:\Windows\$NtUninstallKB36441$\2956803684\U 0 bytes
File C:\Windows\$NtUninstallKB36441$\2956803684\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB36441$\2956803684\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB36441$\2956803684\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB36441$\2956803684\U\80000000.@ 66560 bytes
File C:\Windows\$NtUninstallKB36441$\2956803684\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB36441$\2956803684\U\80000032.@ 96256 bytes
File C:\Windows\$NtUninstallKB36441$\2956803684\version 861 bytes

---- EOF - GMER 1.0.15 ----

 

[kvcummins]

DDS LOG::

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Jamie at 8:31:09 on 2012-03-12
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1408 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.3.21.99\GoogleCrashHandler.exe
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
C:\Program Files\Spare Backup\SpareBackup.exe
C:\Windows\sttray.exe
C:\Windows\System32\ico.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\ProgramData\Verizon\UA_ar\UtilityApplication.exe
C:\Users\Jamie\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Jamie\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe
C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
C:\Program Files\OpenCase\OpenCASE Media Agent\PandoBinaries\NBCPandoREST.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\PDFtypewriter\Printer\PDFtypewriter_Printer_Monitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\17.0.963.79\npchrome_frame.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [HLBackupScheduler] c:\program files\verizon v cast media manager\V CAST Backup Scheduler.exe
uRun: [Google Update] "c:\users\jamie\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [MusicManager] "c:\users\jamie\appdata\local\programs\google\musicmanager\MusicManager.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [2A9C11379E70151611846A09A51B34FFC6EF6D31._service_run] "c:\program files\google\chrome\application\chrome.exe" --type=service
uRun: [NCsoft]
uRun: [NCsoft Launcher] c:\program files\ncsoft\launcher\NCLauncher.exe /Minimized
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for gateway\traybar.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Spare Backup] "c:\program files\spare backup\SpareBackup.exe" /silent
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [PDFtypewriterPrinterMonitor] "c:\program files\pdftypewriter\printer\PDFtypewriterMonitorStart.exe"
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\jamie\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\jamie\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\jamie\appdata\roaming\micros~1\windows\startm~1\programs\startup\launch~1.lnk - c:\users\jamie\appdata\roaming\verizon\ua_ar\UtilityApplication.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\launch~1.lnk - c:\programdata\verizon\ua_ar\UtilityApplication.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
LSP: mswsock.dll
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5C2B85B4-2188-4694-8514-9FB5B35EE722} : NameServer = 192.168.1.1
TCP: Interfaces\{ADF67151-6190-40DF-9538-0890B562DCC8} : DhcpNameServer = 192.168.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: dst - {BF6DC600-9B21-44EE-81CF-62883B4FA20A} - c:\program files\ata\dstctrl\DSTProtocol.dll
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\17.0.963.79\npchrome_frame.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jamie\appdata\roaming\mozilla\firefox\profiles\cqnge4ae.default\
FF - prefs.js: browser.search.selectedEngine - Inbox Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80115&language=en&qkw=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\users\jamie\appdata\roaming\mozilla\firefox\profiles\cqnge4ae.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\jamie\appdata\roaming\mozilla\firefox\profiles\cqnge4ae.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\users\jamie\appdata\roaming\mozilla\firefox\profiles\cqnge4ae.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\total immersion\dfusionhomewebplugin\NPDFusionWebFirefox.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\jamie\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\users\jamie\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\jamie\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\jamie\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-15 21504]
R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2011-4-8 176848]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-11 652360]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\opencase\opencase media agent\MediaAgent.exe [2008-8-29 835208]
R2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\splashtop\splashtop remote\server\SRService.exe [2011-12-21 529768]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2007-8-12 5120]
R2 SSUService;Splashtop Software Updater Service;c:\program files\splashtop\splashtop software updater\SSUService.exe [2011-11-10 370504]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-3-31 218688]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-11 20464]
R3 MRVW147;Marvell TOPDOG (TM) 802.11bgn Driver for Vista Native WIFI (CB8x/EC8x);c:\windows\system32\drivers\MRVW147.sys [2009-1-5 534016]
S2 avgarcln;ATSWPDRV;c:\windows\system32\svchost.exe -k netsvcs [2008-9-15 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c94bdc33e1bc90;Google Update Service (gupdate1c94bdc33e1bc90);c:\program files\google\update\GoogleUpdate.exe [2008-11-21 133104]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-7-30 30312]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-7-10 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-11-20 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2008-11-21 133104]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-7-30 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-7-30 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-7-30 136680]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-7-30 114152]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2012-03-11 14:11:38 -------- d-----w- c:\users\jamie\appdata\roaming\Malwarebytes
2012-03-11 14:11:29 -------- d-----w- c:\programdata\Malwarebytes
2012-03-11 14:11:28 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-11 14:11:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-10 23:33:23 -------- d-----w- c:\users\jamie\appdata\roaming\AVG2012
2012-03-10 23:32:16 -------- d-----w- c:\programdata\AVG2012
2012-03-10 03:45:25 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-09 19:01:41 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-09 18:46:28 -------- d-----w- c:\users\jamie\appdata\roaming\mIRC
2012-03-09 18:46:25 -------- d-----w- c:\program files\mIRC
2012-03-01 23:25:52 -------- d-----w- c:\users\jamie\appdata\local\NCSoft
2012-03-01 22:53:58 -------- d-----w- c:\users\jamie\appdata\local\assembly
2012-03-01 22:53:07 -------- d-----w- c:\program files\NCSoft
2012-03-01 04:17:22 -------- d-----w- c:\program files\iPod
2012-03-01 04:07:37 -------- d-----w- c:\program files\Bonjour
2012-02-24 22:04:17 -------- d-----w- c:\users\jamie\appdata\roaming\Chrome
2012-02-23 20:07:14 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-02-23 20:07:01 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-02-23 20:05:19 -------- d-----w- c:\windows\system32\RsFx
2012-02-23 20:03:21 -------- d-----w- c:\windows\system32\1033
2012-02-23 19:57:07 -------- d-----w- c:\program files\Microsoft SQL Server
2012-02-23 19:56:50 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-02-23 19:56:49 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-02-23 19:56:15 188128 ----a-w- c:\programdata\microsoft\vcsexpress\10.0\1033\ResourceCache.dll
2012-02-23 19:51:37 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-02-23 19:51:36 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2012-02-18 23:21:48 -------- d-----w- c:\program files\LEGO Island
2012-02-18 23:21:16 32768 ----a-w- c:\windows\_ds4BEE.tmp
2012-02-18 22:30:56 -------- d-----w- c:\users\jamie\appdata\roaming\.minecraft
2012-02-18 21:53:03 -------- d-----w- c:\users\jamie\D-Fend Reloaded
2012-02-18 21:53:01 -------- d-----w- c:\program files\D-Fend Reloaded
2012-02-15 07:59:07 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 07:59:06 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 07:59:05 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
.
==================== Find3M ====================
.
2012-03-08 22:37:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-12 01:09:31 2360 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2012-02-01 22:46:55 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-01-29 23:14:22 2272 ----a-w- c:\windows\system32\w95inf16.dll
2012-01-29 23:14:21 4608 ----a-w- c:\windows\system32\w95inf32.dll
2011-12-28 16:35:03 1393736 ----a-w- c:\users\jamie\gotomypc_626.exe
2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 8:31:54.09 ===============

 

[kvcummins]

ATTACH.TXT::


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/19/2007 11:00:34 PM
System Uptime: 3/11/2012 9:18:30 AM (23 hours ago)
.
Motherboard: Gateway | |
Processor: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz | U2E1 | 1667/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 222 GiB total, 65.961 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 3.882 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1910: 3/7/2012 8:41:45 PM - Scheduled Checkpoint
RP1911: 3/8/2012 4:35:34 PM - Installed Java(TM) 6 Update 31
RP1912: 3/10/2012 5:29:25 PM - Installed AVG 2012
RP1913: 3/10/2012 5:30:40 PM - Installed AVG 2012
RP1914: 3/12/2012 5:28:30 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
3D Groove Playback Engine
3DVIA player 5.0
7-Zip 9.13 beta
7 Wonders II (remove only)
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Media Player
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.6
Agere Systems HDA Modem
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2012
AVG PC Tuneup 2011
Ben 10 Alien Force Bounty Hunters
BitPim 1.0.6
BitTorrent
Bonjour
Brother MFL-Pro Suite
Camera Assistant Software for Gateway
CCScore
Children of the Nile Demo
Citrix Presentation Server Client - Web Only
City of Heroes
Click to Call with Skype
Clone Wars
Clue Classic (remove only)
Coby Media Manager
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Creative Memories Memory Manager 3
D-Fend Reloaded 1.2.1 (deinstall)
D3DX10
DAEMON Tools Lite
DAEMON Tools Toolbar
Disney Toontown Online
DNA
Dora's Big Birthday Adventure
Download Manager 2.3.7
Dropbox
DSTCtrl
Dungeon Keeper 2
Dungeon Siege
DUNGEONS - The Dark Lord (Steam Special Edition) Demo
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EA Download Manager
Emperor's New Groove - Groove Center
eMusic Download Manager
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSTOOLS
essvatgt
Europa Universalis III
Farm Frenzy
ffdshow [rev 2527] [2008-12-19]
Free Realms
Futuremark SystemInfo
Game of LIFE (remove only)
Gateway Connect
Gateway Games
Gateway Recovery Center Installer
GIMP 2.6.8
Git 1.7.0.2-preview20100309
Google Chrome
Google Chrome Frame
Google Desktop
Google Earth Plug-in
Google Gears
Google SketchUp 7
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Hero Lab for the Pathfinder Beginner Box 3.9
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotline Client 1.8.5
ieSpell
ImageStream_2009-10
Inbox Toolbar
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
Intel(R) TV Wizard
iTunes
iWin Games (remove only)
IZArc 3.81
Jam11Connect (Beta)
Java Auto Updater
Java DB 10.5.3.0
Java(TM) 6 Update 31
Java(TM) SE Development Kit 6 Update 25
JavaFX(TM) 1.3 SDK
Jewel Quest - Heritage
Jewel Quest Mysteries Curse of the Emerald Tear (remove only)
JPG to PDF Converter 1.0
Kodak EasyShare software
KODAK Share Button App
LabelPrint
LeapFrog Connect
LeapFrog Leapster2 Plugin
Legerdemain - A Tale Fraught With Peril and Wonder
LEGO Digital Designer
LEGO Island
LEGO Island 2
LG USB Modem driver
Logitech Desktop Messenger
Logitech Harmony Remote Software 7
Magicka - Demo
Malwarebytes Anti-Malware version 1.60.1.1000
Marvell(R) Wireless Card Software Package
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Crimson Skies
Microsoft Game Studios Common Redistributables Pack 1
Microsoft Help Viewer 1.0
Microsoft Office 2000 SR-1 Premium
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Visual C# 2010 Express - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Works
Microsoft WSE 2.0 SP3 Runtime
Microsoft XML Parser
Microsoft XNA Framework Redistributable 3.1
mIRC
Monopoly (remove only)
Mouse Suite
Mozilla Firefox 7.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Music Manager
NBC Direct Beta
NCsoft Launcher
Nero 6 Demo
Nero BurnRights
NeroVision Express 2
netbrdg
Nexon Game Manager
node.js
Norton Internet Security
OfotoXMI
OGA Notifier 2.0.0048.0
OLYMPUS Master 2
OpenAL
OpenCASE Media Agent
Operation Mania (remove only)
Origin
Pajama Sam Life is Rough When You Lose Your Stuff
PDFCanvas V1.5
PDFtypewriter Printer Driver
PDFtypewriter with PDF Printer Driver
Peggle Deluxe 1.0
Photo Album
Picaboo X
Picasa 3
Pictureka! Museum Mayhem (remove only)
Plants vs. Zombies
Portal
Power2Go 5.0
PowerTeacher Gradebook
PuTTY version 0.60
QuickTime
RD 2.12
REACTOR
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek USB 2.0 Card Reader
Remote Control USB Driver
RPTools MapTool
Samsung CLP-310 Series
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Visual C# 2010 Express - ENU (KB2251489)
Segoe UI
Service Pack 1 for SQL Server 2008 (KB968369)
SFR
SHASTA
Shutterfly Express Uploader
Sid Meier's Alpha Centauri
SigmaTel Audio
skin0001
SKINXSDK
Skype™ 5.5
Spare Backup
Splashtop Remote Client
Splashtop Streamer
SPORE™ Creature Creator Trial Edition
Sql Server Customer Experience Improvement Program
Star Ruler
Star Wars Math
Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)
Star Wars®: Knights of the Old Republic (TM)
staticcr
Steam
swMSM
Synaptics Pointing Device Driver
System Requirements Lab for Intel
TDM/MinGW
The Fairly OddParents
The Undergarden Demo
TortoiseSVN 1.6.6.17493 (32 bit)
Total Immersion D'Fusion Web Plugin
Transcender Test Engine
Transcender: Exam Cert-70-270
TreasureUP XPS To Image Converter 1.0
Tropix
Typing Instructor for Kids 4
UFO:AI 2.3.1
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
V CAST Music with Rhapsody
Verizon Wireless Software Utility Application for Android - Samsung
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VPRINTOL
VST Bridge 1.1
WildTangent Games App (Gateway Games)
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WIRELESS
Wizard101
XBMC
Yahtzee (remove only)
Yu-Gi-Oh! ONLINE 3
Zip Motion Block Video codec (Remove Only)
.
==== Event Viewer Messages From Past Week ========
.
3/9/2012 4:57:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
3/9/2012 4:21:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 spldr Wanarpv6
3/9/2012 3:23:51 PM, Error: Service Control Manager [7034] - The iWinTrusted service terminated unexpectedly. It has done this 1 time(s).
3/9/2012 3:23:25 PM, Error: Service Control Manager [7034] - The Splashtop Software Updater Service service terminated unexpectedly. It has done this 1 time(s).
3/9/2012 3:19:41 PM, Error: Service Control Manager [7023] - The UsbserFilt service terminated with the following error: Access is denied.
3/9/2012 3:02:41 PM, Error: Service Control Manager [7023] - The Actser service terminated with the following error: Access is denied.
3/9/2012 2:47:43 PM, Error: Service Control Manager [7023] - The Bmuservice service terminated with the following error: Access is denied.
3/9/2012 2:32:43 PM, Error: Service Control Manager [7023] - The FVNETusb service terminated with the following error: Access is denied.
3/9/2012 2:17:43 PM, Error: Service Control Manager [7023] - The Intel_MIPMNMP service terminated with the following error: Access is denied.
3/9/2012 2:02:42 PM, Error: Service Control Manager [7023] - The Mnmdd service terminated with the following error: Access is denied.
3/9/2012 1:47:48 PM, Error: Service Control Manager [7023] - The MA-620 service terminated with the following error: Access is denied.
3/9/2012 1:32:54 PM, Error: Service Control Manager [7023] - The Aiclient service terminated with the following error: Access is denied.
3/9/2012 1:17:50 PM, Error: Service Control Manager [7023] - The Lktimesync service terminated with the following error: Access is denied.
3/9/2012 1:11:46 PM, Error: Service Control Manager [7030] - The USB3 Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/9/2012 1:06:41 PM, Error: Service Control Manager [7023] - The Sisnic service terminated with the following error: Access is denied.
3/9/2012 1:05:42 PM, Error: Service Control Manager [7023] - The Avgtdi service terminated with the following error: Access is denied.
3/9/2012 1:02:43 PM, Error: Service Control Manager [7023] - The RTL8023xp service terminated with the following error: Access is denied.
3/9/2012 1:01:41 PM, Error: Service Control Manager [7023] - The Mi-raysat_3dsmax8 service terminated with the following error: Access is denied.
3/5/2012 2:57:12 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
3/11/2012 9:52:55 AM, Error: Service Control Manager [7023] - The Ptserial service terminated with the following error: Access is denied.
3/11/2012 9:30:57 AM, Error: Service Control Manager [7023] - The ATSWPDRV service terminated with the following error: Access is denied.
3/11/2012 9:24:03 AM, Error: Microsoft-Windows-WMPNSS-Service [14325] - Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.
3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The USR1806V service terminated with the following error: The specified module could not be found.
3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The UsbserFilt service terminated with the following error: The specified module could not be found.
3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The TMMEmu service terminated with the following error: The specified module could not be found.
3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The Sisnic service terminated with the following error: The specified module could not be found.
3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The RTL8023xp service terminated with the following error: The specified module could not be found.
3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The NWSIPX32 service terminated with the following error: The specified module could not be found.
3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The Mnmdd service terminated with the following error: The specified module could not be found.
3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The Mi-raysat_3dsmax8 service terminated with the following error: The specified module could not be found.
3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The Mfetdik service terminated with the following error: The specified module could not be found.
3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The MA-620 service terminated with the following error: The specified module could not be found.
3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The Lxct_device service terminated with the following error: The specified module could not be found.
3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The Lktimesync service terminated with the following error: The specified module could not be found.
3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The Issm service terminated with the following error: The specified module could not be found.
3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The Intel_MIPMNMP service terminated with the following error: The specified module could not be found.
3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The Gdihook5 service terminated with the following error: The specified module could not be found.
3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The FVNETusb service terminated with the following error: The specified module could not be found.
3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The F700iob service terminated with the following error: The specified module could not be found.
3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The Defrag32 service terminated with the following error: The specified module could not be found.
3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The Bmuservice service terminated with the following error: The specified module could not be found.
3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The Avgtdi service terminated with the following error: The specified module could not be found.
3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The Aiclient service terminated with the following error: The specified module could not be found.
3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The Actser service terminated with the following error: The specified module could not be found.
3/11/2012 9:20:51 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LeapFrog Connect Device Service service to connect.
3/11/2012 9:20:51 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
3/11/2012 9:20:51 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
3/11/2012 9:20:51 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/11/2012 9:20:51 AM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
3/11/2012 9:20:51 AM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified.
3/11/2012 9:19:25 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Brother MFC-7820N USB with shared resource name Brother MFC-7820N USB. Error 1753. The printer cannot be used by others on the network.
3/11/2012 9:19:11 AM, Error: EventLog [6008] - The previous system shutdown at 9:17:13 AM on 3/11/2012 was unexpected.
3/10/2012 9:43:26 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6 ws2ifsl
3/10/2012 9:43:26 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/10/2012 9:43:26 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/10/2012 9:43:26 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
3/10/2012 9:43:26 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/10/2012 9:43:26 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/10/2012 9:43:26 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/10/2012 9:43:26 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/10/2012 9:43:26 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
3/10/2012 9:43:26 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/10/2012 9:43:26 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/10/2012 9:43:26 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/10/2012 9:43:26 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/10/2012 9:43:26 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/10/2012 9:43:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/10/2012 9:42:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/10/2012 9:42:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/10/2012 9:42:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/10/2012 9:42:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
3/10/2012 9:42:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/10/2012 9:42:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/10/2012 5:29:04 PM, Error: Service Control Manager [7034] - The TMMEmu service terminated unexpectedly. It has done this 1 time(s).
3/10/2012 5:14:14 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86
3/10/2012 5:11:28 PM, Error: Service Control Manager [7000] - The AVG AVI Loader Driver service failed to start due to the following error: The system cannot find the file specified.
3/10/2012 5:00:09 PM, Error: Service Control Manager [7034] - The Mfetdik service terminated unexpectedly. It has done this 1 time(s).
3/10/2012 4:55:05 PM, Error: EventLog [6008] - The previous system shutdown at 1:32:17 PM on 3/10/2012 was unexpected.
.
==== End Of File ===========================

 

[kvcummins]

I suppose I should clarify the issues I'm having. AVG Resident Shield is alerting every 10-15 minutes about some %SYSTEM_ROOT%/system32/???.dll or ???.sys file that is infected with Crypt.AQLW, and within seconds, the AVG Identity Shield harps about the same file having the Win/Sirefef.ER trojan. In the past, afd.sys has reported several times with being infected with Agent_r.???, but it's whitelisted.

I have tried booting into safe mode and running the AVG CLI scan, and even Clam from a USB stick. Neither seemed to find much it could fix. For a while, my AVG was out of commission because it couldn't verify the virus db. Upgrading to AVG 2012 seems to have fixed that.

Thank you,
Ken

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================================================

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[kvcummins]

Ah-ha! Found and cleaned ZAccess! So far, under light use, there have been no virus alerts.

TDSSKiller log:::


21:27:41.0187 4984 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
21:27:41.0559 4984 ============================================================
21:27:41.0559 4984 Current date / time: 2012/03/12 21:27:41.0559
21:27:41.0559 4984 SystemInfo:
21:27:41.0559 4984
21:27:41.0559 4984 OS Version: 6.0.6002 ServicePack: 2.0
21:27:41.0559 4984 Product type: Workstation
21:27:41.0559 4984 ComputerName: CUMMINS-VISTA
21:27:41.0560 4984 UserName: Jamie
21:27:41.0560 4984 Windows directory: C:\Windows
21:27:41.0560 4984 System windows directory: C:\Windows
21:27:41.0560 4984 Processor architecture: Intel x86
21:27:41.0560 4984 Number of processors: 2
21:27:41.0560 4984 Page size: 0x1000
21:27:41.0560 4984 Boot type: Normal boot
21:27:41.0560 4984 ============================================================
21:27:42.0358 4984 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:27:42.0361 4984 \Device\Harddisk0\DR0:
21:27:42.0361 4984 MBR used
21:27:42.0361 4984 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x162B4A8
21:27:42.0361 4984 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x162B4E7, BlocksNum 0x1BB9909A
21:27:42.0440 4984 Initialize success
21:27:42.0440 4984 ============================================================
21:27:50.0145 6188 ============================================================
21:27:50.0145 6188 Scan started
21:27:50.0145 6188 Mode: Manual;
21:27:50.0145 6188 ============================================================
21:27:52.0200 6188 .avgldx86 - ok
21:27:52.0402 6188 ac97intc (4b56caafed0b0b996341d74ce0e76565) C:\Windows\system32\drivers\ac97intc.sys
21:27:52.0407 6188 ac97intc - ok
21:27:52.0544 6188 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:27:52.0547 6188 ACPI - ok
21:27:52.0706 6188 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
21:27:52.0716 6188 adp94xx - ok
21:27:52.0825 6188 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
21:27:52.0833 6188 adpahci - ok
21:27:52.0921 6188 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
21:27:52.0925 6188 adpu160m - ok
21:27:53.0027 6188 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
21:27:53.0032 6188 adpu320 - ok
21:27:53.0226 6188 AFD (ad449c418d76f6237652ae52b29870e1) C:\Windows\system32\drivers\afd.sys
21:27:53.0230 6188 AFD ( Virus.Win32.ZAccess.k ) - infected
21:27:53.0230 6188 AFD - detected Virus.Win32.ZAccess.k (0)
21:27:53.0395 6188 AgereSoftModem (a19871ae65a769c65034b4dc44c29023) C:\Windows\system32\DRIVERS\AGRSM.sys
21:27:53.0428 6188 AgereSoftModem - ok
21:27:53.0568 6188 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
21:27:53.0571 6188 agp440 - ok
21:27:53.0682 6188 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:27:53.0685 6188 aic78xx - ok
21:27:53.0797 6188 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
21:27:53.0799 6188 aliide - ok
21:27:53.0906 6188 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
21:27:53.0908 6188 amdagp - ok
21:27:53.0998 6188 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
21:27:54.0001 6188 amdide - ok
21:27:54.0099 6188 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
21:27:54.0102 6188 AmdK7 - ok
21:27:54.0268 6188 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
21:27:54.0273 6188 AmdK8 - ok
21:27:54.0411 6188 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\Windows\system32\Drivers\ssadadb.sys
21:27:54.0414 6188 androidusb - ok
21:27:54.0548 6188 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
21:27:54.0551 6188 arc - ok
21:27:54.0666 6188 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
21:27:54.0669 6188 arcsas - ok
21:27:54.0821 6188 aswMonFlt (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys
21:27:54.0823 6188 aswMonFlt - ok
21:27:54.0946 6188 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:27:54.0948 6188 AsyncMac - ok
21:27:55.0054 6188 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:27:55.0056 6188 atapi - ok
21:27:55.0233 6188 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
21:27:55.0237 6188 AVGIDSDriver - ok
21:27:55.0345 6188 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
21:27:55.0346 6188 AVGIDSEH - ok
21:27:55.0447 6188 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
21:27:55.0448 6188 AVGIDSFilter - ok
21:27:55.0563 6188 AVGIDSShim (3fc2714e185c04308215d46730d41a94) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
21:27:55.0564 6188 AVGIDSShim - ok
21:27:55.0684 6188 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
21:27:55.0690 6188 Avgldx86 - ok
21:27:55.0823 6188 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
21:27:55.0826 6188 Avgmfx86 - ok
21:27:55.0952 6188 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
21:27:55.0956 6188 Avgrkx86 - ok
21:27:56.0092 6188 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
21:27:56.0096 6188 Avgtdix - ok
21:27:56.0350 6188 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
21:27:56.0353 6188 bcm4sbxp - ok
21:27:56.0477 6188 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:27:56.0479 6188 Beep - ok
21:27:56.0574 6188 blbdrive - ok
21:27:56.0744 6188 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:27:56.0748 6188 bowser - ok
21:27:56.0864 6188 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:27:56.0866 6188 BrFiltLo - ok
21:27:56.0973 6188 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:27:56.0975 6188 BrFiltUp - ok
21:27:57.0096 6188 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:27:57.0099 6188 Brserid - ok
21:27:57.0299 6188 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:27:57.0303 6188 BrSerWdm - ok
21:27:57.0403 6188 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:27:57.0406 6188 BrUsbMdm - ok
21:27:57.0517 6188 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:27:57.0520 6188 BrUsbSer - ok
21:27:57.0664 6188 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:27:57.0667 6188 BTHMODEM - ok
21:27:57.0851 6188 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:27:57.0860 6188 cdfs - ok
21:27:57.0978 6188 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\Windows\system32\drivers\Cdr4_xp.sys
21:27:57.0980 6188 Cdr4_xp - ok
21:27:58.0089 6188 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\Windows\system32\drivers\Cdralw2k.sys
21:27:58.0091 6188 Cdralw2k - ok
21:27:58.0257 6188 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:27:58.0274 6188 cdrom - ok
21:27:58.0412 6188 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
21:27:58.0414 6188 circlass - ok
21:27:58.0520 6188 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:27:58.0527 6188 CLFS - ok
21:27:58.0686 6188 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:27:58.0688 6188 CmBatt - ok
21:27:58.0807 6188 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
21:27:58.0810 6188 cmdide - ok
21:27:58.0922 6188 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:27:58.0925 6188 Compbatt - ok
21:27:59.0018 6188 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
21:27:59.0020 6188 cpudrv - ok
21:27:59.0107 6188 cpuz130 - ok
21:27:59.0228 6188 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
21:27:59.0231 6188 crcdisk - ok
21:27:59.0340 6188 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
21:27:59.0343 6188 Crusoe - ok
21:27:59.0530 6188 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:27:59.0532 6188 DfsC - ok
21:27:59.0634 6188 DgiVecp - ok
21:27:59.0781 6188 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:27:59.0787 6188 disk - ok
21:28:00.0021 6188 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:28:00.0025 6188 drmkaud - ok
21:28:00.0187 6188 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:28:00.0190 6188 dtsoftbus01 - ok
21:28:00.0319 6188 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:28:00.0326 6188 DXGKrnl - ok
21:28:00.0426 6188 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:28:00.0429 6188 E1G60 - ok
21:28:00.0563 6188 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:28:00.0568 6188 Ecache - ok
21:28:00.0729 6188 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
21:28:00.0737 6188 elxstor - ok
21:28:00.0918 6188 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:28:00.0923 6188 exfat - ok
21:28:01.0067 6188 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:28:01.0072 6188 fastfat - ok
21:28:01.0194 6188 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
21:28:01.0197 6188 fdc - ok
21:28:01.0329 6188 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:28:01.0332 6188 FileInfo - ok
21:28:01.0439 6188 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:28:01.0441 6188 Filetrace - ok
21:28:01.0528 6188 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
21:28:01.0531 6188 flpydisk - ok
21:28:01.0643 6188 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:28:01.0645 6188 FltMgr - ok
21:28:01.0805 6188 fssfltr (bfaaa92861526bb0adcd01e964ab6609) C:\Windows\system32\DRIVERS\fssfltr.sys
21:28:01.0808 6188 fssfltr - ok
21:28:01.0949 6188 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:28:01.0952 6188 Fs_Rec - ok
21:28:02.0063 6188 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
21:28:02.0066 6188 gagp30kx - ok
21:28:02.0203 6188 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
21:28:02.0204 6188 GEARAspiWDM - ok
21:28:02.0358 6188 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:28:02.0365 6188 HdAudAddService - ok
21:28:02.0488 6188 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:28:02.0494 6188 HDAudBus - ok
21:28:02.0642 6188 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:28:02.0645 6188 HidBth - ok
21:28:02.0742 6188 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:28:02.0744 6188 HidIr - ok
21:28:02.0861 6188 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:28:02.0863 6188 HidUsb - ok
21:28:02.0960 6188 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
21:28:02.0963 6188 HpCISSs - ok
21:28:03.0082 6188 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:28:03.0087 6188 HTTP - ok
21:28:03.0267 6188 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
21:28:03.0269 6188 i2omp - ok
21:28:03.0391 6188 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:28:03.0394 6188 i8042prt - ok
21:28:03.0556 6188 ialm (8318e04a6455ced1020bcc5039b62cfa) C:\Windows\system32\DRIVERS\ialmnt5.sys
21:28:03.0601 6188 ialm - ok
21:28:03.0772 6188 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\DRIVERS\iaStor.sys
21:28:03.0776 6188 iaStor - ok
21:28:03.0905 6188 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
21:28:03.0912 6188 iaStorV - ok
21:28:04.0221 6188 igfx (a9221d13d8f1f772010ee293ba9baeb7) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:28:04.0268 6188 igfx - ok
21:28:04.0386 6188 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:28:04.0388 6188 iirsp - ok
21:28:04.0560 6188 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
21:28:04.0562 6188 intelide - ok
21:28:04.0680 6188 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:28:04.0682 6188 intelppm - ok
21:28:04.0808 6188 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:28:04.0811 6188 IpFilterDriver - ok
21:28:04.0909 6188 IpInIp - ok
21:28:04.0959 6188 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
21:28:04.0962 6188 IPMIDRV - ok
21:28:05.0070 6188 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:28:05.0074 6188 IPNAT - ok
21:28:05.0223 6188 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:28:05.0225 6188 IRENUM - ok
21:28:05.0331 6188 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
21:28:05.0334 6188 isapnp - ok
21:28:05.0467 6188 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:28:05.0472 6188 iScsiPrt - ok
21:28:05.0573 6188 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:28:05.0576 6188 iteatapi - ok
21:28:05.0683 6188 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:28:05.0686 6188 iteraid - ok
21:28:05.0824 6188 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:28:05.0826 6188 kbdclass - ok
21:28:05.0921 6188 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
21:28:05.0924 6188 kbdhid - ok
21:28:06.0060 6188 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
21:28:06.0071 6188 KSecDD - ok
21:28:06.0260 6188 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:28:06.0262 6188 lltdio - ok
21:28:06.0399 6188 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
21:28:06.0402 6188 LSI_FC - ok
21:28:06.0507 6188 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
21:28:06.0510 6188 LSI_SAS - ok
21:28:06.0616 6188 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
21:28:06.0620 6188 LSI_SCSI - ok
21:28:06.0728 6188 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:28:06.0732 6188 luafv - ok
21:28:06.0877 6188 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
21:28:06.0879 6188 MBAMProtector - ok
21:28:06.0979 6188 MCSTRM - ok
21:28:07.0063 6188 mdxgthkn - ok
21:28:07.0189 6188 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
21:28:07.0191 6188 megasas - ok
21:28:07.0322 6188 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:28:07.0325 6188 Modem - ok
21:28:07.0441 6188 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:28:07.0444 6188 monitor - ok
21:28:07.0551 6188 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:28:07.0553 6188 mouclass - ok
21:28:07.0656 6188 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:28:07.0658 6188 mouhid - ok
21:28:07.0764 6188 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:28:07.0767 6188 MountMgr - ok
21:28:07.0872 6188 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
21:28:07.0876 6188 mpio - ok
21:28:07.0981 6188 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:28:07.0985 6188 mpsdrv - ok
21:28:08.0113 6188 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:28:08.0116 6188 Mraid35x - ok
21:28:08.0398 6188 MRVW147 (ad9a2d2ab294ee7278b1ce48cea966ab) C:\Windows\system32\DRIVERS\MRVW147.sys
21:28:08.0403 6188 MRVW147 - ok
21:28:08.0528 6188 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:28:08.0532 6188 MRxDAV - ok
21:28:08.0645 6188 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:28:08.0649 6188 mrxsmb - ok
21:28:08.0764 6188 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:28:08.0769 6188 mrxsmb10 - ok
21:28:08.0891 6188 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:28:08.0895 6188 mrxsmb20 - ok
21:28:09.0023 6188 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
21:28:09.0026 6188 msahci - ok
21:28:09.0163 6188 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
21:28:09.0166 6188 msdsm - ok
21:28:09.0303 6188 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:28:09.0306 6188 Msfs - ok
21:28:09.0434 6188 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:28:09.0436 6188 msisadrv - ok
21:28:09.0549 6188 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:28:09.0552 6188 MSKSSRV - ok
21:28:09.0658 6188 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:28:09.0660 6188 MSPCLOCK - ok
21:28:09.0770 6188 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:28:09.0771 6188 MSPQM - ok
21:28:09.0887 6188 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:28:09.0892 6188 MsRPC - ok
21:28:10.0009 6188 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:28:10.0011 6188 mssmbios - ok
21:28:10.0283 6188 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:28:10.0285 6188 MSTEE - ok
21:28:10.0403 6188 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:28:10.0406 6188 Mup - ok
21:28:10.0536 6188 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:28:10.0541 6188 NativeWifiP - ok
21:28:10.0677 6188 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:28:10.0683 6188 NDIS - ok
21:28:10.0822 6188 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:28:10.0824 6188 NdisTapi - ok
21:28:10.0942 6188 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:28:10.0945 6188 Ndisuio - ok
21:28:11.0062 6188 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:28:11.0066 6188 NdisWan - ok
21:28:11.0305 6188 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:28:11.0308 6188 NDProxy - ok
21:28:11.0436 6188 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:28:11.0439 6188 NetBIOS - ok
21:28:11.0556 6188 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:28:11.0560 6188 netbt - ok
21:28:11.0777 6188 NETw2v32 (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys
21:28:11.0876 6188 NETw2v32 - ok
21:28:12.0009 6188 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:28:12.0011 6188 nfrd960 - ok
21:28:12.0120 6188 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:28:12.0122 6188 Npfs - ok
21:28:12.0262 6188 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:28:12.0264 6188 nsiproxy - ok
21:28:12.0417 6188 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:28:12.0432 6188 Ntfs - ok
21:28:12.0552 6188 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:28:12.0555 6188 ntrigdigi - ok
21:28:12.0682 6188 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
21:28:12.0686 6188 NuidFltr - ok
21:28:12.0801 6188 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:28:12.0803 6188 Null - ok
21:28:12.0915 6188 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
21:28:12.0919 6188 nvraid - ok
21:28:13.0008 6188 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
21:28:13.0010 6188 nvstor - ok
21:28:13.0114 6188 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
21:28:13.0117 6188 nv_agp - ok
21:28:13.0277 6188 NwlnkFlt - ok
21:28:13.0400 6188 NwlnkFwd - ok
21:28:13.0575 6188 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
21:28:13.0577 6188 ohci1394 - ok
21:28:13.0723 6188 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:28:13.0726 6188 Parport - ok
21:28:13.0842 6188 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:28:13.0845 6188 partmgr - ok
21:28:13.0981 6188 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:28:13.0983 6188 Parvdm - ok
21:28:14.0112 6188 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:28:14.0116 6188 pci - ok
21:28:14.0210 6188 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
21:28:14.0213 6188 pciide - ok
21:28:14.0313 6188 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
21:28:14.0318 6188 pcmcia - ok
21:28:14.0458 6188 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:28:14.0468 6188 PEAUTH - ok
21:28:14.0593 6188 pelmouse (e541a80cdffd6077c761b4578efc0450) C:\Windows\system32\DRIVERS\pelmouse.sys
21:28:14.0595 6188 pelmouse - ok
21:28:14.0728 6188 pelusblf (6432858a4493e906a7d61b9b17a0672a) C:\Windows\system32\DRIVERS\pelusblf.sys
21:28:14.0730 6188 pelusblf - ok
21:28:14.0951 6188 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:28:14.0954 6188 PptpMiniport - ok
21:28:15.0075 6188 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
21:28:15.0077 6188 Processor - ok
21:28:15.0283 6188 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:28:15.0286 6188 PSched - ok
21:28:15.0410 6188 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
21:28:15.0412 6188 PxHelp20 - ok
21:28:15.0554 6188 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
21:28:15.0588 6188 ql2300 - ok
21:28:15.0706 6188 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:28:15.0711 6188 ql40xx - ok
21:28:15.0828 6188 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:28:15.0831 6188 QWAVEdrv - ok
21:28:15.0935 6188 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:28:15.0956 6188 RasAcd - ok
21:28:16.0080 6188 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:28:16.0086 6188 Rasl2tp - ok
21:28:16.0360 6188 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:28:16.0362 6188 RasPppoe - ok
21:28:16.0480 6188 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:28:16.0483 6188 RasSstp - ok
21:28:16.0595 6188 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:28:16.0600 6188 rdbss - ok
21:28:16.0718 6188 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:28:16.0721 6188 RDPCDD - ok
21:28:16.0836 6188 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
21:28:16.0842 6188 rdpdr - ok
21:28:16.0963 6188 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:28:16.0965 6188 RDPENCDD - ok
21:28:17.0089 6188 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:28:17.0096 6188 RDPWD - ok
21:28:17.0386 6188 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\Windows\system32\DRIVERS\RsFx0103.sys
21:28:17.0393 6188 RsFx0103 - ok
21:28:17.0513 6188 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:28:17.0516 6188 rspndr - ok
21:28:17.0658 6188 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
21:28:17.0661 6188 RTL8169 - ok
21:28:17.0779 6188 RTSTOR (d1fb9a678bd6c2b1129fcb09d5feb6dd) C:\Windows\system32\drivers\RTSTOR.SYS
21:28:17.0782 6188 RTSTOR - ok
21:28:17.0921 6188 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:28:17.0924 6188 sbp2port - ok
21:28:18.0060 6188 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
21:28:18.0064 6188 sdbus - ok
21:28:18.0329 6188 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:28:18.0332 6188 secdrv - ok
21:28:18.0466 6188 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:28:18.0469 6188 Serenum - ok
21:28:18.0562 6188 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:28:18.0566 6188 Serial - ok
21:28:18.0678 6188 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:28:18.0680 6188 sermouse - ok
21:28:18.0822 6188 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
21:28:18.0824 6188 sffdisk - ok
21:28:18.0918 6188 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
21:28:18.0920 6188 sffp_mmc - ok
21:28:19.0023 6188 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
21:28:19.0026 6188 sffp_sd - ok
21:28:19.0160 6188 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:28:19.0238 6188 sfloppy - ok
21:28:19.0353 6188 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
21:28:19.0356 6188 sisagp - ok
21:28:19.0454 6188 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
21:28:19.0457 6188 SiSRaid2 - ok
21:28:19.0557 6188 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
21:28:19.0562 6188 SiSRaid4 - ok
21:28:19.0708 6188 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:28:19.0712 6188 Smb - ok
21:28:19.0870 6188 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:28:19.0873 6188 spldr - ok
21:28:20.0046 6188 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:28:20.0050 6188 srv - ok
21:28:20.0288 6188 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:28:20.0294 6188 srv2 - ok
21:28:20.0422 6188 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:28:20.0427 6188 srvnet - ok
21:28:20.0543 6188 ssadbus (48f44a1be434830b7c90fb730745f65a) C:\Windows\system32\DRIVERS\ssadbus.sys
21:28:20.0549 6188 ssadbus - ok
21:28:20.0692 6188 ssadmdfl (9630b486b62cc0adb0a89152ed0218d7) C:\Windows\system32\DRIVERS\ssadmdfl.sys
21:28:20.0695 6188 ssadmdfl - ok
21:28:20.0814 6188 ssadmdm (9afaa23421622c392b55508fa9613949) C:\Windows\system32\DRIVERS\ssadmdm.sys
21:28:20.0820 6188 ssadmdm - ok
21:28:20.0968 6188 ssadserd (1cac71d756ce00ae0681f9028dde874b) C:\Windows\system32\DRIVERS\ssadserd.sys
21:28:20.0979 6188 ssadserd - ok
21:28:21.0183 6188 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
21:28:21.0216 6188 SSPORT - ok
21:28:21.0371 6188 STHDA (513f70b6a184fe3765f679c5c64ea9e5) C:\Windows\system32\drivers\stwrt.sys
21:28:21.0379 6188 STHDA - ok
21:28:21.0506 6188 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
21:28:21.0508 6188 StillCam - ok
21:28:21.0665 6188 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:28:21.0668 6188 swenum - ok
21:28:21.0792 6188 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:28:21.0796 6188 Symc8xx - ok
21:28:21.0868 6188 SymIM - ok
21:28:21.0957 6188 SymIMMP - ok
21:28:22.0065 6188 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:28:22.0068 6188 Sym_hi - ok
21:28:22.0208 6188 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:28:22.0211 6188 Sym_u3 - ok
21:28:22.0328 6188 SynTP (21470bf105b96ded47e99e1ee7495e8f) C:\Windows\system32\DRIVERS\SynTP.sys
21:28:22.0395 6188 SynTP - ok
21:28:22.0585 6188 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
21:28:22.0596 6188 Tcpip - ok
21:28:22.0764 6188 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
21:28:22.0773 6188 Tcpip6 - ok
21:28:22.0915 6188 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:28:22.0918 6188 tcpipreg - ok
21:28:23.0022 6188 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:28:23.0025 6188 TDPIPE - ok
21:28:23.0135 6188 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:28:23.0138 6188 TDTCP - ok
21:28:23.0245 6188 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:28:23.0249 6188 tdx - ok
21:28:23.0362 6188 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:28:23.0365 6188 TermDD - ok
21:28:23.0547 6188 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:28:23.0549 6188 tssecsrv - ok
21:28:23.0674 6188 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:28:23.0677 6188 tunmp - ok
21:28:23.0793 6188 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:28:23.0796 6188 tunnel - ok
21:28:23.0924 6188 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
21:28:23.0927 6188 uagp35 - ok
21:28:24.0051 6188 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:28:24.0061 6188 udfs - ok
21:28:24.0260 6188 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
21:28:24.0264 6188 uliagpkx - ok
21:28:24.0369 6188 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
21:28:24.0376 6188 uliahci - ok
21:28:24.0483 6188 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:28:24.0504 6188 UlSata - ok
21:28:24.0625 6188 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:28:24.0630 6188 ulsata2 - ok
21:28:24.0745 6188 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:28:24.0747 6188 umbus - ok
21:28:24.0931 6188 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
21:28:24.0934 6188 USBAAPL - ok
21:28:25.0067 6188 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
21:28:25.0071 6188 usbaudio - ok
21:28:25.0243 6188 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\Windows\system32\DRIVERS\lgusbbus.sys
21:28:25.0245 6188 usbbus - ok
21:28:25.0378 6188 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:28:25.0381 6188 usbccgp - ok
21:28:25.0485 6188 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:28:25.0489 6188 usbcir - ok
21:28:25.0612 6188 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\Windows\system32\DRIVERS\lgusbdiag.sys
21:28:25.0615 6188 UsbDiag - ok
21:28:25.0727 6188 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:28:25.0730 6188 usbehci - ok
21:28:25.0831 6188 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:28:25.0837 6188 usbhub - ok
21:28:25.0952 6188 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\Windows\system32\DRIVERS\lgusbmodem.sys
21:28:25.0955 6188 USBModem - ok
21:28:26.0069 6188 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:28:26.0072 6188 usbohci - ok
21:28:26.0279 6188 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
21:28:26.0282 6188 usbprint - ok
21:28:26.0415 6188 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:28:26.0420 6188 USBSTOR - ok
21:28:26.0523 6188 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:28:26.0526 6188 usbuhci - ok
21:28:26.0644 6188 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
21:28:26.0650 6188 usbvideo - ok
21:28:26.0765 6188 UVCFTR (7b8424bbaafbc127c8f55ad6007d6d6b) C:\Windows\system32\Drivers\UVCFTR_S.SYS
21:28:26.0768 6188 UVCFTR - ok
21:28:26.0918 6188 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
21:28:26.0921 6188 vga - ok
21:28:27.0054 6188 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:28:27.0057 6188 VgaSave - ok
21:28:27.0300 6188 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
21:28:27.0304 6188 viaagp - ok
21:28:27.0420 6188 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
21:28:27.0423 6188 ViaC7 - ok
21:28:27.0525 6188 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
21:28:27.0527 6188 viaide - ok
21:28:27.0648 6188 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:28:27.0652 6188 volmgr - ok
21:28:27.0773 6188 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:28:27.0780 6188 volmgrx - ok
21:28:27.0898 6188 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:28:27.0904 6188 volsnap - ok
21:28:28.0009 6188 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
21:28:28.0013 6188 vsmraid - ok
21:28:28.0264 6188 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:28:28.0266 6188 WacomPen - ok
21:28:28.0372 6188 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:28:28.0375 6188 Wanarp - ok
21:28:28.0439 6188 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:28:28.0441 6188 Wanarpv6 - ok
21:28:28.0564 6188 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
21:28:28.0566 6188 Wd - ok
21:28:28.0697 6188 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:28:28.0706 6188 Wdf01000 - ok
21:28:28.0887 6188 WinDriver6 (097a8291df541f9b9af2c500797cdcaa) C:\Windows\system32\drivers\windrvr6.sys
21:28:28.0893 6188 WinDriver6 - ok
21:28:29.0037 6188 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:28:29.0039 6188 WmiAcpi - ok
21:28:29.0144 6188 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:28:29.0147 6188 WpdUsb - ok
21:28:29.0217 6188 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:28:29.0219 6188 ws2ifsl - ok
21:28:29.0369 6188 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:28:29.0373 6188 WUDFRd - ok
21:28:29.0398 6188 XDva309 - ok
21:28:29.0452 6188 XilinxPC4Driver (6104f397127feeccce16bd16cd3843a6) C:\Windows\System32\drivers\xpc4drvr.sys
21:28:29.0455 6188 XilinxPC4Driver - ok
21:28:29.0539 6188 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:28:29.0607 6188 \Device\Harddisk0\DR0 - ok
21:28:29.0611 6188 Boot (0x1200) (034dc566075f964dc73202f23aeb1eb2) \Device\Harddisk0\DR0\Partition0
21:28:29.0613 6188 \Device\Harddisk0\DR0\Partition0 - ok
21:28:29.0620 6188 Boot (0x1200) (6cd54b645026f2b5b54e6bf5a07c6e3c) \Device\Harddisk0\DR0\Partition1
21:28:29.0622 6188 \Device\Harddisk0\DR0\Partition1 - ok
21:28:29.0624 6188 ============================================================
21:28:29.0624 6188 Scan finished
21:28:29.0624 6188 ============================================================
21:28:29.0639 5812 Detected object count: 1
21:28:29.0640 5812 Actual detected object count: 1
21:28:37.0165 5812 C:\Windows\system32\drivers\afd.sys - copied to quarantine
21:28:37.0184 5812 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\afd.sys) error 1813
21:28:47.0592 5812 Backup copy not found, trying to cure infected file..
21:28:47.0631 5812 Cure success, using it..
21:28:47.0649 5812 C:\Windows\system32\drivers\afd.sys - will be cured on reboot
21:29:00.0410 5812 AFD ( Virus.Win32.ZAccess.k ) - User select action: Cure
21:29:05.0514 7948 Deinitialize success

 

[Broni]

Good

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=============================================================

Download Bootkit Remover to your desktop.

• Unzip downloaded file to your Desktop.
• Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

 

[kvcummins]

aswMBR log::

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-14 16:23:15
-----------------------------
16:23:15.173 OS Version: Windows 6.0.6002 Service Pack 2
16:23:15.173 Number of processors: 2 586 0xF0D
16:23:15.173 ComputerName: CUMMINS-VISTA UserName: Jamie
16:23:16.249 Initialize success
16:23:17.248 AVAST engine defs: 12031401
16:23:25.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
16:23:25.984 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
16:23:26.000 Disk 0 MBR read successfully
16:23:26.015 Disk 0 MBR scan
16:23:26.608 Disk 0 Windows VISTA default MBR code
16:23:26.639 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 11350 MB offset 63
16:23:27.170 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 227122 MB offset 23246055
16:23:27.201 Disk 0 scanning sectors +488392065
16:23:27.638 Disk 0 scanning C:\Windows\system32\drivers
16:23:47.403 Service scanning
16:23:49.493 Service .avgldx86 \? **LOCKED** 123
16:24:19.149 Modules scanning
16:24:23.080 Disk 0 trace - called modules:
16:24:23.111 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
16:24:23.111 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x858a3a50]
16:24:23.127 3 CLASSPNP.SYS[8aba58b3] -> nt!IofCallDriver -> [0x84f74760]
16:24:23.143 5 acpi.sys[8309d6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84f76030]
16:24:24.110 AVAST engine scan C:\Windows
16:24:29.024 AVAST engine scan C:\Windows\system32
16:28:08.143 AVAST engine scan C:\Windows\system32\drivers
16:28:21.840 AVAST engine scan C:\Users\Jamie
17:46:58.858 AVAST engine scan C:\ProgramData
17:58:44.294 Scan finished successfully
19:13:33.582 Disk 0 MBR has been saved successfully to "C:\Users\Jamie\Desktop\MBR.dat"
19:13:33.629 The log file has been saved successfully to "C:\Users\Jamie\Desktop\aswMBR.txt"


boot_cleaner output::


Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`c569ce00
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

 

[Broni]

Looks good.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

• Double-click on the Rkill icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!