Author Topic: Disc space stolen by ... (Read 30536 times)

marsky · « **Reply #15 on:** August 20, 2012, 06:52:29 AM »

Master, the log of aswMBR was done for several seconds. Hope it shows something clearer.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-20 15:32:55
-----------------------------
15:32:55.472 OS Version: Windows 5.1.2600 Service Pack 3
15:32:55.472 Number of processors: 1 586 0xD06
15:32:55.472 ComputerName: USER-458FAFC743 UserName: user
15:33:39.435 Initialize success
15:34:16.358 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:34:16.358 Disk 0 Vendor: HTS424040M9AT00 MA2OA71A Size: 38154MB BusType: 3
15:34:16.368 Disk 0 MBR read successfully
15:34:16.378 Disk 0 MBR scan
15:34:16.378 Disk 0 Windows XP default MBR code
15:34:16.378 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 18002 MB offset 63
15:34:16.378 Disk 0 Partition - 00 0F Extended LBA 20151 MB offset 36869175
15:34:16.398 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 20151 MB offset 36869238
15:34:16.408 Disk 0 scanning sectors +78140160
15:34:16.658 Disk 0 scanning C:\WINDOWS\system32\drivers
15:34:29.957 Service scanning
15:34:56.095 Modules scanning
15:35:56.051 Disk 0 trace - called modules:
15:35:56.071 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
15:35:56.422 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82715800]
15:35:56.422 3 CLASSPNP.SYS[f88e3fd7] -> nt!IofCallDriver -> \Device\00000083[0x82791030]
15:35:56.432 5 ACPI.sys[f883a620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8278bd98]
15:35:56.442 Scan finished successfully
15:36:30.581 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\My Documents\MBR.dat"
15:36:30.581 The log file has been saved successfully to "C:\Documents and Settings\user\My Documents\aswMBR.txt"

SuperDave · « **Reply #16 on:** August 20, 2012, 05:02:17 PM »

Download RogueKiller on the desktop
Close all the running programs
Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

marsky · « **Reply #17 on:** August 21, 2012, 09:14:01 AM »

Here is the aswMBR log. I did it for several seconds.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-20 15:32:55
-----------------------------
15:32:55.472 OS Version: Windows 5.1.2600 Service Pack 3
15:32:55.472 Number of processors: 1 586 0xD06
15:32:55.472 ComputerName: USER-458FAFC743 UserName: user
15:33:39.435 Initialize success
15:34:16.358 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:34:16.358 Disk 0 Vendor: HTS424040M9AT00 MA2OA71A Size: 38154MB BusType: 3
15:34:16.368 Disk 0 MBR read successfully
15:34:16.378 Disk 0 MBR scan
15:34:16.378 Disk 0 Windows XP default MBR code
15:34:16.378 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 18002 MB offset 63
15:34:16.378 Disk 0 Partition - 00 0F Extended LBA 20151 MB offset 36869175
15:34:16.398 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 20151 MB offset 36869238
15:34:16.408 Disk 0 scanning sectors +78140160
15:34:16.658 Disk 0 scanning C:\WINDOWS\system32\drivers
15:34:29.957 Service scanning
15:34:56.095 Modules scanning
15:35:56.051 Disk 0 trace - called modules:
15:35:56.071 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
15:35:56.422 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82715800]
15:35:56.422 3 CLASSPNP.SYS[f88e3fd7] -> nt!IofCallDriver -> \Device\00000083[0x82791030]
15:35:56.432 5 ACPI.sys[f883a620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8278bd98]
15:35:56.442 Scan finished successfully
15:36:30.581 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\My Documents\MBR.dat"
15:36:30.581 The log file has been saved successfully to "C:\Documents and Settings\user\My Documents\aswMBR.txt"

marsky · « **Reply #18 on:** August 21, 2012, 12:24:20 PM »

One moment please.

marsky · « **Reply #19 on:** August 21, 2012, 12:28:26 PM »

One moment please

marsky · « **Reply #20 on:** August 21, 2012, 12:46:29 PM »

Ok. Thanks for next scan indeed.

Here is a RogueKiller scan log. Seems that malware which was detected and as could be deleted by MBAM are sitting in computer, I found via Windows File Search those bad files and their behavior was crazy: 2 000 same files and so far and far.

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: user [Admin rights]
Mode: Scan -- Date: 08/21/2012 21:32:35

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 7 ¤¤¤
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{141E45F2-3E8B-497A-935A-E046568BBFE7} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{D8E804D1-0979-425F-974D-5297D9FAE23F} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{141E45F2-3E8B-497A-935A-E046568BBFE7} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{D8E804D1-0979-425F-974D-5297D9FAE23F} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[] HKLM\[...]\Windows : () -> ACCESS DENIED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[177] : NtQueryValueKey @ 0x8056A499 -> HOOKED (\??\C:\WINDOWS\system32\drivers\avgtpx86.sys @ 0xF8974258)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
127.0.0.1 mpa.one.microsoft.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HTS424040M9AT00 +++++
--- User ---
[MBR] a70762bce466f0e9ee06df85a9e42891
[BSP] 12e302e69f6a77aceb1e5beec2b04f4e : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 18002 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 36869175 | Size: 20151 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

SuperDave · « **Reply #21 on:** August 21, 2012, 04:43:00 PM »

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory..

marsky · « **Reply #22 on:** August 22, 2012, 07:42:56 AM »

Please next one scan with TDSSKiller. I can't imagine some problem for several second considering with Combofix which haven't gone at all.

16:32:46.0170 2352 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
16:32:47.0692 2352 ============================================================
16:32:47.0692 2352 Current date / time: 2012/08/22 16:32:47.0692
16:32:47.0692 2352 SystemInfo:
16:32:47.0692 2352
16:32:47.0692 2352 OS Version: 5.1.2600 ServicePack: 3.0
16:32:47.0692 2352 Product type: Workstation
16:32:47.0692 2352 ComputerName: USER-458FAFC743
16:32:47.0692 2352 UserName: user
16:32:47.0692 2352 Windows directory: C:\WINDOWS
16:32:47.0692 2352 System windows directory: C:\WINDOWS
16:32:47.0692 2352 Processor architecture: Intel x86
16:32:47.0692 2352 Number of processors: 1
16:32:47.0692 2352 Page size: 0x1000
16:32:47.0692 2352 Boot type: Normal boot
16:32:47.0692 2352 ============================================================
16:32:50.0937 2352 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:32:50.0957 2352 ============================================================
16:32:50.0957 2352 \Device\Harddisk0\DR0:
16:32:50.0957 2352 MBR partitions:
16:32:50.0957 2352 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x23293F8
16:32:50.0977 2352 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2329476, BlocksNum 0x275BE8A
16:32:50.0977 2352 ============================================================
16:32:51.0027 2352 C: <-> \Device\Harddisk0\DR0\Partition1
16:32:51.0097 2352 D: <-> \Device\Harddisk0\DR0\Partition2
16:32:51.0097 2352 ============================================================
16:32:51.0097 2352 Initialize success
16:32:51.0097 2352 ============================================================
16:33:34.0699 1060 ============================================================
16:33:34.0699 1060 Scan started
16:33:34.0699 1060 Mode: Manual;
16:33:34.0699 1060 ============================================================
16:33:36.0752 1060 ================ Scan system memory ========================
16:33:36.0752 1060 System memory - ok
16:33:36.0762 1060 ================ Scan services =============================
16:33:36.0913 1060 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
16:33:36.0913 1060 !SASCORE - ok
16:33:37.0083 1060 Abiosdsk - ok
16:33:37.0093 1060 abp480n5 - ok
16:33:37.0153 1060 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:33:37.0153 1060 ACPI - ok
16:33:37.0183 1060 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:33:37.0183 1060 ACPIEC - ok
16:33:37.0273 1060 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:33:37.0283 1060 AdobeFlashPlayerUpdateSvc - ok
16:33:37.0293 1060 adpu160m - ok
16:33:37.0353 1060 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:33:37.0353 1060 aec - ok
16:33:37.0413 1060 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:33:37.0413 1060 AFD - ok
16:33:37.0433 1060 Aha154x - ok
16:33:37.0443 1060 aic78u2 - ok
16:33:37.0453 1060 aic78xx - ok
16:33:37.0724 1060 [ DD8520280304B6145A6BE31008748C7C ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
16:33:37.0994 1060 ALCXWDM - ok
16:33:38.0034 1060 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:33:38.0124 1060 Alerter - ok
16:33:38.0164 1060 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
16:33:38.0174 1060 ALG - ok
16:33:38.0184 1060 AliIde - ok
16:33:38.0194 1060 amsint - ok
16:33:38.0255 1060 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
16:33:38.0335 1060 AppMgmt - ok
16:33:38.0365 1060 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:33:38.0385 1060 Arp1394 - ok
16:33:38.0405 1060 asc - ok
16:33:38.0415 1060 asc3350p - ok
16:33:38.0425 1060 asc3550 - ok
16:33:38.0535 1060 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:33:38.0635 1060 aspnet_state - ok
16:33:38.0675 1060 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:33:38.0675 1060 AsyncMac - ok
16:33:38.0725 1060 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:33:38.0725 1060 atapi - ok
16:33:38.0735 1060 Atdisk - ok
16:33:38.0775 1060 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:33:38.0795 1060 Atmarpc - ok
16:33:38.0845 1060 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:33:38.0845 1060 AudioSrv - ok
16:33:38.0916 1060 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:33:38.0936 1060 audstub - ok
16:33:39.0326 1060 [ D67719BCFDE5798F5C30D14EFED3BCAF ] AVGIDSAgent C:\Program Files\AVG\AVG2012\avgidsagent.exe
16:33:39.0586 1060 AVGIDSAgent - ok
16:33:39.0657 1060 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
16:33:39.0677 1060 AVGIDSDriver - ok
16:33:39.0697 1060 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
16:33:39.0697 1060 AVGIDSFilter - ok
16:33:39.0717 1060 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
16:33:39.0717 1060 AVGIDSHX - ok
16:33:39.0767 1060 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
16:33:39.0767 1060 AVGIDSShim - ok
16:33:39.0837 1060 [ DDA6A2A18841E4C9172BB85958B8D948 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
16:33:39.0867 1060 Avgldx86 - ok
16:33:39.0907 1060 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
16:33:39.0907 1060 Avgmfx86 - ok
16:33:39.0937 1060 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
16:33:39.0937 1060 Avgrkx86 - ok
16:33:39.0997 1060 [ 1263F2554ACE925C237A40B4C568D815 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
16:33:40.0027 1060 Avgtdix - ok
16:33:40.0067 1060 [ 493F32BA712319CA1B720E6A17EC38D7 ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
16:33:40.0097 1060 avgtp - ok
16:33:40.0147 1060 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
16:33:40.0147 1060 avgwd - ok
16:33:40.0207 1060 [ BF9C01A3040D75BFB95BEFFA216173DF ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
16:33:40.0207 1060 b57w2k - ok
16:33:40.0277 1060 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:33:40.0308 1060 Beep - ok
16:33:40.0358 1060 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
16:33:40.0408 1060 BITS - ok
16:33:40.0478 1060 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
16:33:40.0478 1060 Browser - ok
16:33:40.0658 1060 catchme - ok
16:33:40.0688 1060 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:33:40.0718 1060 cbidf2k - ok
16:33:40.0738 1060 cd20xrnt - ok
16:33:40.0768 1060 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:33:40.0798 1060 Cdaudio - ok
16:33:40.0848 1060 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:33:40.0858 1060 Cdfs - ok
16:33:40.0928 1060 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:33:40.0958 1060 Cdrom - ok
16:33:41.0009 1060 [ 61305C679E5766A03A09C0E966939206 ] CFRMD C:\WINDOWS\system32\DRIVERS\CFRMD.sys
16:33:41.0009 1060 CFRMD - ok
16:33:41.0019 1060 Changer - ok
16:33:41.0069 1060 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:33:41.0139 1060 CiSvc - ok
16:33:41.0199 1060 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:33:41.0249 1060 ClipSrv - ok
16:33:41.0329 1060 [ BEDDE57D8AF6509AF32E74A87583E89C ] CLPSLauncher C:\Program Files\Common Files\Comodo\launcher_service.exe
16:33:41.0329 1060 CLPSLauncher - ok
16:33:41.0379 1060 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:33:41.0449 1060 clr_optimization_v2.0.50727_32 - ok
16:33:41.0539 1060 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:33:41.0539 1060 clr_optimization_v4.0.30319_32 - ok
16:33:41.0579 1060 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:33:41.0599 1060 CmBatt - ok
16:33:41.0619 1060 CmdIde - ok
16:33:41.0649 1060 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:33:41.0649 1060 Compbatt - ok
16:33:41.0659 1060 COMSysApp - ok
16:33:41.0679 1060 Cpqarray - ok
16:33:41.0740 1060 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:33:41.0740 1060 CryptSvc - ok
16:33:41.0760 1060 dac2w2k - ok
16:33:41.0770 1060 dac960nt - ok
16:33:41.0840 1060 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:33:41.0850 1060 DcomLaunch - ok
16:33:41.0920 1060 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:33:41.0920 1060 Dhcp - ok
16:33:41.0980 1060 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:33:41.0980 1060 Disk - ok
16:33:41.0990 1060 dmadmin - ok
16:33:42.0060 1060 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:33:42.0190 1060 dmboot - ok
16:33:42.0350 1060 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:33:42.0471 1060 dmio - ok
16:33:42.0521 1060 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:33:42.0551 1060 dmload - ok
16:33:42.0601 1060 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
16:33:42.0621 1060 dmserver - ok
16:33:42.0661 1060 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:33:42.0661 1060 DMusic - ok
16:33:42.0711 1060 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:33:42.0721 1060 Dnscache - ok
16:33:42.0781 1060 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:33:42.0821 1060 Dot3svc - ok
16:33:42.0831 1060 dpti2o - ok
16:33:42.0901 1060 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:33:42.0911 1060 drmkaud - ok
16:33:42.0951 1060 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:33:43.0021 1060 EapHost - ok
16:33:43.0061 1060 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:33:43.0061 1060 ERSvc - ok
16:33:43.0112 1060 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
16:33:43.0122 1060 Eventlog - ok
16:33:43.0192 1060 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
16:33:43.0192 1060 EventSystem - ok
16:33:43.0242 1060 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:33:43.0272 1060 Fastfat - ok
16:33:43.0332 1060 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:33:43.0362 1060 FastUserSwitchingCompatibility - ok
16:33:43.0402 1060 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
16:33:43.0442 1060 Fdc - ok
16:33:43.0472 1060 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:33:43.0482 1060 Fips - ok
16:33:43.0502 1060 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
16:33:43.0532 1060 Flpydisk - ok
16:33:43.0582 1060 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:33:43.0582 1060 FltMgr - ok
16:33:43.0672 1060 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:33:43.0672 1060 FontCache3.0.0.0 - ok
16:33:43.0712 1060 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:33:43.0722 1060 Fs_Rec - ok
16:33:43.0752 1060 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:33:43.0752 1060 Ftdisk - ok
16:33:43.0813 1060 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:33:43.0853 1060 Gpc - ok
16:33:43.0953 1060 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:33:43.0953 1060 helpsvc - ok
16:33:43.0963 1060 HidServ - ok
16:33:44.0013 1060 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:33:44.0073 1060 hkmsvc - ok
16:33:44.0083 1060 hpn - ok
16:33:44.0143 1060 [ A84BBBDD125D370593004F6429F8445C ] HSFHWICH C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
16:33:44.0143 1060 HSFHWICH - ok
16:33:44.0233 1060 [ B678FA91CF4A1C19B462D8DB04CD02AB ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
16:33:44.0263 1060 HSF_DPV - ok
16:33:44.0313 1060 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:33:44.0323 1060 HTTP - ok
16:33:44.0373 1060 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:33:44.0393 1060 HTTPFilter - ok
16:33:44.0403 1060 i2omgmt - ok
16:33:44.0413 1060 i2omp - ok
16:33:44.0474 1060 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:33:44.0494 1060 i8042prt - ok
16:33:44.0604 1060 [ 9A883C3C4D91292C0D09DE7C728E781C ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
16:33:44.0634 1060 ialm - ok
16:33:44.0744 1060 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:33:44.0784 1060 idsvc - ok
16:33:44.0834 1060 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:33:44.0914 1060 Imapi - ok
16:33:44.0944 1060 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
16:33:44.0954 1060 ImapiService - ok
16:33:44.0964 1060 ini910u - ok
16:33:45.0024 1060 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
16:33:45.0034 1060 IntelIde - ok
16:33:45.0084 1060 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:33:45.0084 1060 intelppm - ok
16:33:45.0114 1060 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:33:45.0165 1060 Ip6Fw - ok
16:33:45.0215 1060 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:33:45.0215 1060 IpFilterDriver - ok
16:33:45.0255 1060 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:33:45.0295 1060 IpInIp - ok
16:33:45.0335 1060 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:33:45.0345 1060 IpNat - ok
16:33:45.0405 1060 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:33:45.0405 1060 IPSec - ok
16:33:45.0465 1060 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
16:33:45.0475 1060 irda - ok
16:33:45.0565 1060 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:33:45.0625 1060 IRENUM - ok
16:33:45.0675 1060 [ 49CC4533CE897CB2E93C1E84A818FDE5 ] Irmon C:\WINDOWS\System32\irmon.dll
16:33:45.0675 1060 Irmon - ok
16:33:45.0695 1060 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:33:45.0705 1060 isapnp - ok
16:33:45.0795 1060 [ 4F2143570D2250CA4C4A4C98553C82CD ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
16:33:45.0805 1060 JavaQuickStarterService - ok
16:33:45.0855 1060 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:33:45.0886 1060 Kbdclass - ok
16:33:45.0936 1060 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:33:45.0946 1060 kmixer - ok
16:33:45.0986 1060 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:33:45.0996 1060 KSecDD - ok
16:33:46.0046 1060 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
16:33:46.0046 1060 LanmanServer - ok
16:33:46.0106 1060 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:33:46.0106 1060 lanmanworkstation - ok
16:33:46.0116 1060 lbrtfdc - ok
16:33:46.0216 1060 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:33:46.0236 1060 LmHosts - ok
16:33:46.0286 1060 [ F0435FE3C1EC2659D2BBF073CA0752EE ] massfilter C:\WINDOWS\system32\drivers\massfilter.sys
16:33:46.0286 1060 massfilter - ok
16:33:46.0336 1060 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys
16:33:46.0356 1060 MBAMSwissArmy - ok
16:33:46.0406 1060 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
16:33:46.0406 1060 mdmxsdk - ok
16:33:46.0446 1060 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:33:46.0466 1060 Messenger - ok
16:33:46.0506 1060 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:33:46.0516 1060 mnmdd - ok
16:33:46.0577 1060 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
16:33:46.0607 1060 mnmsrvc - ok
16:33:46.0657 1060 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:33:46.0657 1060 Modem - ok
16:33:46.0677 1060 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:33:46.0717 1060 Mouclass - ok
16:33:46.0757 1060 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:33:46.0777 1060 MountMgr - ok
16:33:46.0837 1060 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
16:33:46.0837 1060 MpFilter - ok
16:33:46.0857 1060 mraid35x - ok
16:33:46.0877 1060 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:33:46.0877 1060 MRxDAV - ok
16:33:46.0957 1060 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:33:46.0967 1060 MRxSmb - ok
16:33:47.0007 1060 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
16:33:47.0047 1060 MSDTC - ok
16:33:47.0117 1060 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:33:47.0117 1060 Msfs - ok
16:33:47.0127 1060 MSIServer - ok
16:33:47.0197 1060 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:33:47.0227 1060 MSKSSRV - ok
16:33:47.0318 1060 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
16:33:47.0318 1060 MsMpSvc - ok
16:33:47.0368 1060 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:33:47.0398 1060 MSPCLOCK - ok
16:33:47.0418 1060 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:33:47.0468 1060 MSPQM - ok
16:33:47.0518 1060 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:33:47.0518 1060 mssmbios - ok
16:33:47.0578 1060 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:33:47.0578 1060 Mup - ok
16:33:47.0638 1060 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
16:33:47.0688 1060 napagent - ok
16:33:47.0748 1060 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:33:47.0758 1060 NDIS - ok
16:33:47.0798 1060 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:33:47.0798 1060 NdisTapi - ok
16:33:47.0818 1060 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:33:47.0818 1060 Ndisuio - ok
16:33:47.0828 1060 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:33:47.0878 1060 NdisWan - ok
16:33:47.0959 1060 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:33:47.0969 1060 NDProxy - ok
16:33:47.0999 1060 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:33:48.0009 1060 NetBIOS - ok
16:33:48.0029 1060 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:33:48.0079 1060 NetBT - ok
16:33:48.0119 1060 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
16:33:48.0119 1060 NetDDE - ok
16:33:48.0139 1060 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:33:48.0139 1060 NetDDEdsdm - ok
16:33:48.0239 1060 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:33:48.0239 1060 Netlogon - ok
16:33:48.0299 1060 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
16:33:48.0309 1060 Netman - ok
16:33:48.0359 1060 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:33:48.0379 1060 NetTcpPortSharing - ok
16:33:48.0409 1060 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:33:48.0419 1060 NIC1394 - ok
16:33:48.0459 1060 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
16:33:48.0469 1060 Nla - ok
16:33:48.0499 1060 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:33:48.0509 1060 Npfs - ok
16:33:48.0529 1060 [ 2ADC0CA9945C65284B3D19BC18765974 ] NSCIRDA C:\WINDOWS\system32\DRIVERS\nscirda.sys
16:33:48.0549 1060 NSCIRDA - ok
16:33:48.0609 1060 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:33:48.0660 1060 Ntfs - ok
16:33:48.0690 1060 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
16:33:48.0690 1060 NtLmSsp - ok
16:33:48.0760 1060 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:33:48.0770 1060 NtmsSvc - ok
16:33:48.0820 1060 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
16:33:48.0840 1060 Null - ok
16:33:48.0880 1060 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:33:48.0980 1060 NwlnkFlt - ok
16:33:49.0020 1060 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:33:49.0020 1060 NwlnkFwd - ok
16:33:49.0050 1060 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:33:49.0050 1060 ohci1394 - ok
16:33:49.0110 1060 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
16:33:49.0120 1060 Parport - ok
16:33:49.0130 1060 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:33:49.0130 1060 PartMgr - ok
16:33:49.0150 1060 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:33:49.0220 1060 ParVdm - ok
16:33:49.0260 1060 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:33:49.0260 1060 PCI - ok
16:33:49.0270 1060 PCIDump - ok
16:33:49.0290 1060 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
16:33:49.0290 1060 PCIIde - ok
16:33:49.0300 1060 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
16:33:49.0310 1060 Pcmcia - ok
16:33:49.0320 1060 PDCOMP - ok
16:33:49.0341 1060 PDFRAME - ok
16:33:49.0351 1060 PDRELI - ok
16:33:49.0361 1060 PDRFRAME - ok
16:33:49.0381 1060 perc2 - ok
16:33:49.0391 1060 perc2hib - ok
16:33:49.0491 1060 [ F042EE4C8D66248D9B86DCF52ABAE416 ] PEVSystemStart C:\Brombic\pev.3XE
16:33:49.0501 1060 PEVSystemStart - ok
16:33:49.0531 1060 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
16:33:49.0531 1060 PlugPlay - ok
16:33:49.0541 1060 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
16:33:49.0551 1060 PolicyAgent - ok
16:33:49.0591 1060 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:33:49.0621 1060 PptpMiniport - ok
16:33:49.0631 1060 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:33:49.0641 1060 ProtectedStorage - ok
16:33:49.0671 1060 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:33:49.0711 1060 PSched - ok
16:33:49.0771 1060 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:33:49.0801 1060 Ptilink - ok
16:33:49.0811 1060 ql1080 - ok
16:33:49.0831 1060 Ql10wnt - ok
16:33:49.0841 1060 ql12160 - ok
16:33:49.0851 1060 ql1240 - ok
16:33:49.0871 1060 ql1280 - ok
16:33:49.0911 1060 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:33:49.0911 1060 RasAcd - ok
16:33:49.0961 1060 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:33:49.0971 1060 RasAuto - ok
16:33:50.0011 1060 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
16:33:50.0031 1060 Rasirda - ok
16:33:50.0072 1060 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:33:50.0102 1060 Rasl2tp - ok
16:33:50.0152 1060 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:33:50.0162 1060 RasMan - ok
16:33:50.0232 1060 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:33:50.0282 1060 RasPppoe - ok
16:33:50.0342 1060 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:33:50.0362 1060 Raspti - ok
16:33:50.0412 1060 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:33:50.0422 1060 Rdbss - ok
16:33:50.0452 1060 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:33:50.0452 1060 RDPCDD - ok
16:33:50.0522 1060 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:33:50.0602 1060 rdpdr - ok
16:33:50.0652 1060 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:33:50.0652 1060 RDPWD - ok
16:33:50.0702 1060 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:33:50.0712 1060 RDSessMgr - ok
16:33:50.0753 1060 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:33:50.0773 1060 redbook - ok
16:33:50.0813 1060 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:33:50.0863 1060 RemoteAccess - ok
16:33:50.0923 1060 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
16:33:50.0963 1060 RemoteRegistry - ok
16:33:51.0013 1060 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
16:33:51.0033 1060 RpcLocator - ok
16:33:51.0083 1060 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
16:33:51.0093 1060 RpcSs - ok
16:33:51.0153 1060 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
16:33:51.0163 1060 RSVP - ok
16:33:51.0193 1060 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
16:33:51.0193 1060 SamSs - ok
16:33:51.0303 1060 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:33:52.0125 1060 SASDIFSV - ok
16:33:52.0165 1060 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:33:52.0805 1060 SASKUTIL - ok
16:33:52.0846 1060 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:33:52.0886 1060 SCardSvr - ok
16:33:52.0966 1060 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:33:52.0976 1060 Schedule - ok
16:33:53.0016 1060 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:33:53.0056 1060 Secdrv - ok
16:33:53.0096 1060 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
16:33:53.0096 1060 seclogon - ok
16:33:53.0126 1060 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
16:33:53.0126 1060 SENS - ok
16:33:53.0156 1060 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
16:33:53.0196 1060 serenum - ok
16:33:53.0236 1060 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
16:33:53.0236 1060 Serial - ok
16:33:53.0326 1060 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:33:53.0356 1060 Sfloppy - ok
16:33:53.0406 1060 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
16:33:53.0416 1060 SharedAccess - ok
16:33:53.0446 1060 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:33:53.0446 1060 ShellHWDetection - ok
16:33:53.0466 1060 Simbad - ok
16:33:53.0486 1060 Sparrow - ok
16:33:53.0547 1060 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:33:53.0547 1060 splitter - ok
16:33:53.0587 1060 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:33:53.0597 1060 Spooler - ok
16:33:53.0647 1060 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:33:53.0647 1060 sr - ok
16:33:53.0697 1060 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
16:33:53.0707 1060 srservice - ok
16:33:53.0757 1060 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:33:53.0767 1060 Srv - ok
16:33:53.0827 1060 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:33:53.0827 1060 SSDPSRV - ok
16:33:53.0897 1060 [ 5813D453EF8CE49D607C255CF128ACEB ] STAC97 C:\WINDOWS\system32\drivers\stac97.sys
16:33:53.0897 1060 STAC97 - ok
16:33:53.0977 1060 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:33:53.0987 1060 stisvc - ok
16:33:54.0047 1060 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:33:54.0067 1060 swenum - ok
16:33:54.0097 1060 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:33:54.0097 1060 swmidi - ok
16:33:54.0107 1060 SwPrv - ok
16:33:54.0127 1060 symc810 - ok
16:33:54.0137 1060 symc8xx - ok
16:33:54.0147 1060 sym_hi - ok
16:33:54.0167 1060 sym_u3 - ok
16:33:54.0218 1060 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:33:54.0218 1060 sysaudio - ok
16:33:54.0308 1060 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:33:54.0348 1060 SysmonLog - ok
16:33:54.0388 1060 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:33:54.0398 1060 TapiSrv - ok
16:33:54.0468 1060 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:33:54.0478 1060 Tcpip - ok
16:33:54.0528 1060 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:33:54.0568 1060 TDPIPE - ok
16:33:54.0598 1060 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:33:54.0598 1060 TDTCP - ok
16:33:54.0628 1060 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:33:54.0648 1060 TermDD - ok
16:33:54.0708 1060 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
16:33:54.0718 1060 TermService - ok
16:33:54.0738 1060 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
16:33:54.0738 1060 Themes - ok
16:33:54.0798 1060 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
16:33:54.0818 1060 TlntSvr - ok
16:33:54.0838 1060 TosIde - ok
16:33:54.0888 1060 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:33:54.0898 1060 TrkWks - ok
16:33:55.0009 1060 [ AAF458CC200326BEF602B5339400BF86 ] tvnserver C:\Program Files\Common Files\Comodo\tvnserver.exe
16:33:55.0039 1060 tvnserver - ok
16:33:55.0079 1060 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:33:55.0099 1060 Udfs - ok
16:33:55.0109 1060 ultra - ok
16:33:55.0169 1060 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:33:55.0179 1060 Update - ok
16:33:55.0329 1060 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
16:33:55.0349 1060 upnphost - ok
16:33:55.0379 1060 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
16:33:55.0399 1060 UPS - ok
16:33:55.0429 1060 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:33:55.0449 1060 usbccgp - ok
16:33:55.0499 1060 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:33:55.0559 1060 usbehci - ok
16:33:55.0600 1060 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:33:55.0630 1060 usbhub - ok
16:33:55.0670 1060 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:33:55.0670 1060 usbstor - ok
16:33:55.0690 1060 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:33:55.0730 1060 usbuhci - ok
16:33:55.0770 1060 [ B6CC50279D6CD28E090A5D33244ADC9A ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys
16:33:55.0770 1060 usb_rndisx - ok
16:33:55.0830 1060 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:33:55.0830 1060 VgaSave - ok
16:33:55.0840 1060 ViaIde - ok
16:33:55.0870 1060 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:33:55.0870 1060 VolSnap - ok
16:33:55.0920 1060 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
16:33:55.0960 1060 VSS - ok
16:33:56.0070 1060 [ EF51747440486C23BD466311048BD924 ] vToolbarUpdater12.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
16:33:56.0100 1060 vToolbarUpdater12.2.0 - ok
16:33:56.0421 1060 [ F0608F3B5B6D16F4870E867F9D069B6B ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys
16:33:56.0571 1060 w29n51 - ok
16:33:56.0631 1060 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
16:33:56.0641 1060 W32Time - ok
16:33:56.0671 1060 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:33:56.0691 1060 Wanarp - ok
16:33:56.0701 1060 WDICA - ok
16:33:56.0741 1060 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:33:56.0751 1060 wdmaud - ok
16:33:56.0801 1060 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
16:33:56.0811 1060 WebClient - ok
16:33:56.0881 1060 [ 0C5B9CF1BDF998750D9C5EEB5F8C55AC ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
16:33:56.0901 1060 winachsf - ok
16:33:57.0012 1060 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:33:57.0022 1060 winmgmt - ok
16:33:57.0052 1060 wltrysvc - ok
16:33:57.0102 1060 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
16:33:57.0102 1060 WmdmPmSN - ok
16:33:57.0172 1060 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
16:33:57.0182 1060 Wmi - ok
16:33:57.0252 1060 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:33:57.0342 1060 WmiApSrv - ok
16:33:57.0642 1060 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
16:33:57.0672 1060 WMPNetworkSvc - ok
16:33:57.0773 1060 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:33:57.0803 1060 WPFFontCache_v0400 - ok
16:33:57.0863 1060 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:33:57.0923 1060 WS2IFSL - ok
16:33:57.0973 1060 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
16:33:57.0973 1060 wscsvc - ok
16:33:58.0023 1060 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
16:33:58.0023 1060 wuauserv - ok
16:33:58.0073 1060 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:33:58.0073 1060 WudfPf - ok
16:33:58.0103 1060 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:33:58.0103 1060 WudfRd - ok
16:33:58.0133 1060 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
16:33:58.0143 1060 WudfSvc - ok
16:33:58.0273 1060 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:33:58.0414 1060 WZCSVC - ok
16:33:58.0464 1060 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:33:58.0464 1060 xmlprov - ok
16:33:58.0504 1060 [ F319AB77CB703DDDE78E53C45D9E0C72 ] ZTEusbmdm6k C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
16:33:58.0514 1060 ZTEusbmdm6k - ok
16:33:58.0574 1060 [ F319AB77CB703DDDE78E53C45D9E0C72 ] ZTEusbnmea C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
16:33:58.0574 1060 ZTEusbnmea - ok
16:33:58.0594 1060 [ F319AB77CB703DDDE78E53C45D9E0C72 ] ZTEusbser6k C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
16:33:58.0594 1060 ZTEusbser6k - ok
16:33:58.0624 1060 ================ Scan global ===============================
16:33:58.0674 1060 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
16:33:58.0724 1060 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:33:58.0754 1060 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:33:58.0774 1060 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
16:33:58.0774 1060 [Global] - ok
16:33:58.0784 1060 ================ Scan MBR ==================================
16:33:58.0814 1060 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
16:33:59.0024 1060 \Device\Harddisk0\DR0 - ok
16:33:59.0034 1060 ================ Scan VBR ==================================
16:33:59.0034 1060 [ B0A277C21AF35A1054C5E6B4D56FA92F ] \Device\Harddisk0\DR0\Partition1
16:33:59.0044 1060 \Device\Harddisk0\DR0\Partition1 - ok
16:33:59.0064 1060 [ 13DC5E28E76E04050F7165E082BCB4FF ] \Device\Harddisk0\DR0\Partition2
16:33:59.0075 1060 \Device\Harddisk0\DR0\Partition2 - ok
16:33:59.0075 1060 ============================================================
16:33:59.0075 1060 Scan finished
16:33:59.0075 1060 ============================================================
16:33:59.0095 3300 Detected object count: 0
16:33:59.0095 3300 Actual detected object count: 0

SuperDave · « **Reply #23 on:** August 22, 2012, 01:23:00 PM »

Quote

Seems that malware which was detected and as could be deleted by MBAM are sitting in computer, I found via Windows File Search those bad files and their behavior was crazy: 2 000 same files and so far and far.

They must be in quarantine. You can open MBAM and manage the quarantine folders.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

marsky · « **Reply #24 on:** August 23, 2012, 03:41:55 PM »

ESETOnline Scanner is ready and at once as I can see those threats have the same sort of origins ( not only ) considering with MBAM log but they has a differences. What a type of the clatters are creating in computer HDD? What can you apply to clean all threats simultaneously and safely from machine?

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=562a31639aa9934492c18507235ce0bc
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-23 09:12:26
# local_time=2012-08-24 12:12:26 (+0200, FLE Daylight Time)
# country="Latvia"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 975617 975617 0 0
# compatibility_mode=1024 16777175 100 0 704171 704171 0 0
# compatibility_mode=5891 16776869 42 92 10585 13490825 0 0
# compatibility_mode=8192 67108863 100 0 10638 10638 0 0
# scanned=31821
# found=6
# cleaned=0
# scan_time=3668
C:\Documents and Settings\user\Application Data\AVG\Rescue\PC Tuneup 2011\120702190836444.rsc   a variant of Win32/SpeedingUpMyPC application (unable to clean)   00000000000000000000000000000000   I
C:\Documents and Settings\user\My Documents\Downloads\Prometheus_2012_CAM_RIP_XVID_AT_rar_downloader_2762b.exe   probably a variant of Win32/ExpressFiles application (unable to clean)   00000000000000000000000000000000   I
C:\Program Files\ExpressFiles\ExpressFiles.exe   a variant of Win32/ExpressFiles.A application (unable to clean)   00000000000000000000000000000000   I
C:\Program Files\ExpressFiles\uninstall.exe   probably a variant of Win32/ExpressFiles application (unable to clean)   00000000000000000000000000000000   I
C:\Program Files\Uninstall Information\ib_uninst_0\uninstall.exe   Win32/InstallBrain application (unable to clean)   00000000000000000000000000000000   I
C:\Program Files\Uninstall Information\ib_uninst_479\uninstall.exe   Win32/InstallBrain application (unable to clean)   00000000000000000000000000000000   I

SuperDave · « **Reply #25 on:** August 23, 2012, 04:35:05 PM »

Quote

What can you apply to clean all threats simultaneously and safely from machine?

Each of these tools target different types of malware. That's why we run more than one. Exactly the same reason why it's wise to have a good, up-to-date AV, a program to protect against other types of malware and a third-party firewall.
Please try to uninstall C:\Program Files\ExpressFiles and C:\Program Files\Uninstall Information and run ESET again.

marsky · « **Reply #26 on:** August 24, 2012, 09:46:41 AM »

Freely to delete ExpressFiles not succeeded because of such Error deleting file or folder: Cannot delete FEUpdater: Access is denied. Make sure disk is not full or wright protected and that the file is not currently in use. Hence Uninstall Information I even hadn't been trying to touch sake for both. What will here be true things run to avoid ban?

SuperDave · « **Reply #27 on:** August 24, 2012, 04:45:40 PM »

Did you try going to Control Panel, Add/Remove and uninstall them from there?

marsky · « **Reply #28 on:** August 27, 2012, 03:05:38 PM »

Yes, through Control Panel deleted programs and folders from c:/ which you pointed plus TorrentSearch where was filedownload.exe, etc. Executed repeated ESET scan looks in optimistic way. What do you think need to do else to restore disc space? Secondly please advise me way how I need to uninstall Windows Recovery Console from computer correctly?

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=562a31639aa9934492c18507235ce0bc
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-27 08:48:43
# local_time=2012-08-27 11:48:43 (+0200, FLE Daylight Time)
# country="Latvia"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 1321220 1321220 0 0
# compatibility_mode=1024 16777175 100 0 1049774 1049774 0 0
# compatibility_mode=8192 67108863 100 0 3803 3803 0 0
# scanned=29758
# found=0
# cleaned=0
# scan_time=2243

SuperDave · « **Reply #29 on:** August 27, 2012, 04:33:35 PM »

Quote

What do you think need to do else to restore disc space? Secondly please advise me way how I need to uninstall Windows Recovery Console from computer correctly?

It appears that your computer is clear of infections. How much free space do you have on your HDD? Click "My Computer, right-click the C drive and give me the information from there.

Please go to this site to learn how to remove the Recovery Console.

Computer Hope Forum

News:

Author Topic: Disc space stolen by ... (Read 30536 times)

marsky

Re: Disc space stolen by ...

SuperDave

Re: Disc space stolen by ...

marsky

Re: Disc space stolen by ...

marsky

Re: Disc space stolen by ...

marsky

Re: Disc space stolen by ...

marsky

Re: Disc space stolen by ...

SuperDave

Re: Disc space stolen by ...

marsky

Re: Disc space stolen by ...

SuperDave

Re: Disc space stolen by ...

marsky

Re: Disc space stolen by ...

SuperDave

Re: Disc space stolen by ...

marsky

Re: Disc space stolen by ...

SuperDave

Re: Disc space stolen by ...

marsky

Re: Disc space stolen by ...

SuperDave

Re: Disc space stolen by ...