Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: bluecountry on March 06, 2013, 12:13:32 PM
-
My PC is very inconsistent. Sometimes it runs good, others it can get quite slow and crash. I have attached logs below.
Adware
# AdwCleaner v2.004 - Logfile created 03/06/2013 at 14:23:42
# Updated 06/10/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Johnny Ola - JOHNNYOLA-PC
# Boot Mode : Normal
# Running from : C:\Users\Johnny Ola\Desktop\Computer Safety Programs\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Program Files\Common Files\AVG Secure Search
***** [Registry] *****
Key Found : HKLM\Software\Description
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v19.0 (en-US)
Profile name : default
File : C:\Users\Johnny Ola\AppData\Roaming\Mozilla\Firefox\Profiles\3yu3mje6.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v [Unable to get version]
File : C:\Users\Johnny Ola\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [3269 octets] - [04/09/2012 21:33:40]
AdwCleaner[S1].txt - [3838 octets] - [09/09/2012 22:55:56]
AdwCleaner[R2].txt - [1319 octets] - [13/09/2012 10:07:10]
AdwCleaner[R3].txt - [35966 octets] - [05/10/2012 14:56:42]
AdwCleaner[S2].txt - [401 octets] - [05/10/2012 14:57:06]
AdwCleaner[R4].txt - [35641 octets] - [09/10/2012 21:20:57]
AdwCleaner[R5].txt - [35727 octets] - [26/10/2012 19:20:32]
AdwCleaner[S3].txt - [35719 octets] - [26/10/2012 19:20:54]
AdwCleaner[R6].txt - [1620 octets] - [09/11/2012 11:02:00]
AdwCleaner[S4].txt - [1687 octets] - [09/11/2012 11:02:28]
AdwCleaner[R7].txt - [1740 octets] - [22/11/2012 17:54:38]
AdwCleaner[R8].txt - [1800 octets] - [22/11/2012 17:54:50]
AdwCleaner[S5].txt - [1867 octets] - [22/11/2012 17:55:01]
AdwCleaner[R9].txt - [1920 octets] - [01/12/2012 23:40:21]
AdwCleaner[S6].txt - [1987 octets] - [01/12/2012 23:40:35]
AdwCleaner[R10].txt - [2042 octets] - [14/12/2012 00:02:55]
AdwCleaner[S7].txt - [2108 octets] - [14/12/2012 00:03:11]
AdwCleaner[R11].txt - [2163 octets] - [23/12/2012 19:13:53]
AdwCleaner[S8].txt - [2229 octets] - [23/12/2012 19:14:06]
AdwCleaner[R12].txt - [2284 octets] - [26/01/2013 20:25:38]
AdwCleaner[R13].txt - [2345 octets] - [26/01/2013 20:25:53]
AdwCleaner[S9].txt - [2411 octets] - [26/01/2013 20:26:02]
AdwCleaner[R14].txt - [2466 octets] - [20/02/2013 19:29:42]
AdwCleaner[S10].txt - [2534 octets] - [20/02/2013 19:29:58]
AdwCleaner[R15].txt - [2588 octets] - [03/03/2013 17:49:40]
AdwCleaner[S11].txt - [2656 octets] - [03/03/2013 17:49:56]
AdwCleaner[R16].txt - [2577 octets] - [06/03/2013 14:23:42]
########## EOF - C:\AdwCleaner[R16].txt - [2638 octets] ##########
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.03.03.10
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Johnny Ola :: JOHNNYOLA-PC [administrator]
3/3/2013 5:30:22 PM
mbam-log-2013-03-03 (17-30-22).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 241758
Time elapsed: 8 minute(s), 38 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
MBAM
DDS
Log 1
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.15.2
Run by Johnny Ola at 13:13:19 on 2013-03-06
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\dlecserv.exe
C:\Windows\system32\dleccoms.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Sony\VAIO Center Access Bar\VCAB.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
C:\Users\Johnny Ola\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG2013\avgcfgex.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
BHO: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - c:\program files\dell printable web\toolband.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - c:\program files\dell printable web\toolband.dll
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
uRun: [Google Update] "c:\users\johnny ola\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [com.apple.dav.bookmarks.daemon] c:\program files\common files\apple\internet services\BookmarkDAV_client.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"
mRun: [VAIO Center Access Bar] "c:\program files\sony\vaio center access bar\VCAB.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
TCP: NameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{20DA44BE-98A1-475D-B8AC-88DF3AD26CDD} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{20DA44BE-98A1-475D-B8AC-88DF3AD26CDD} : DHCPNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
TCP: Interfaces\{D83D5627-FB49-437C-B3E7-C61C85550B27} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{D83D5627-FB49-437C-B3E7-C61C85550B27} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs= c:\windows\system32\guard32.dll c:\windows\system32\guard32.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg wsauth
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.152\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\johnny ola\appdata\roaming\mozilla\firefox\profiles\3yu3mje6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: c:\progra~1\meadco~1\npmeadax.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\users\johnny ola\appdata\local\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\users\johnny ola\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\johnny ola\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\johnny ola\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_171.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? DIRECTIO;DIRECTIO
R? ICScsiSV;Image Converter SCSI Service
R? IcVzMonLauncher;IcVzMonLauncher
R? SkypeUpdate;Skype Updater
R? VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection
R? VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP)
R? VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP)
R? WDC_SAM;WD SCSI Pass Thru driver
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? AVGIDSAgent;AVGIDSAgent
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSHX;AVGIDSHX
S? AVGIDSShim;AVGIDSShim
S? Avgldx86;AVG AVI Loader Driver
S? Avglogx;AVG Logging Driver
S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx86;AVG Anti-Rootkit Driver
S? Avgtdix;AVG TDI Driver
S? avgtp;avgtp
S? avgwd;AVG WatchDog
S? cmdGuard;COMODO Internet Security Sandbox Driver
S? cmdHlp;COMODO Internet Security Helper Driver
S? dlec_device;dlec_device
S? dlecCATSCustConnectService;dlecCATSCustConnectService
S? FontCache;Windows Font Cache Service
S? MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB)
S? R5U870FLx86;R5U870 UVC Lower Filter
S? R5U870FUx86;R5U870 UVC Upper Filter
S? regi;regi
S? SonyImgF;Sony Image Conversion Filter Driver
S? ti21sony;ti21sony
S? vmwvusb;VMware View Generic USB Driver
S? vToolbarUpdater12.2.6;vToolbarUpdater12.2.6
S? wsnm;VMware View Client
S? wsnm_usbctrl;VMware View USB Control
.
=============== File Associations ===============
.
ShellExec: VCExporterLaunch.exe: open="c:\program files\sony\vaio vp utilities\VCExporter.exe"" %1"
.
=============== Created Last 30 ================
.
2013-03-03 22:27:36 -------- d-----w- c:\programdata\Licenses
2013-02-21 00:28:52 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-13 03:42:28 2048512 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 03:42:26 1314816 ----a-w- c:\windows\system32\quartz.dll
2013-02-13 03:42:23 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 03:42:21 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-13 03:42:21 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe
.
==================== Find3M ====================
.
2013-03-03 23:00:09 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-03 23:00:09 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-21 00:28:29 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-02-21 00:28:29 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-08 22:11:21 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 13:23:05.20 ===============
Log 2
NO attach log
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
To prevent your anti-virus application interfering with ComboFix we need to disable it. See here (http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications-4.html) for a tutorial regarding how to do so if you are unsure.
- Close any open windows and double click ComboFix.exe to run it.
You will see the following image:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png)
Click I Agree to start the program.
ComboFix will then extract the necessary files and you will see this:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png)
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose YES.
(http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif)
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://i424.photobucket.com/albums/pp322/digistar/whatnext.png)
Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
-
combofix log
ComboFix 13-03-07.03 - Johnny Ola 03/09/2013 9:07.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.961 [GMT -5:00]
Running from: c:\users\Johnny Ola\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Johnny Ola\AppData\Local\assembly\tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-02-09 to 2013-03-09 )))))))))))))))))))))))))))))))
.
.
2013-03-09 14:19 . 2013-03-09 14:19 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-03-09 14:19 . 2013-03-09 14:19 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-03-09 14:19 . 2013-03-09 14:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-03 22:27 . 2013-03-03 22:27 -------- d-----w- c:\programdata\Licenses
2013-02-21 00:28 . 2013-02-21 00:28 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-13 03:42 . 2013-01-04 01:38 2048512 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 03:42 . 2012-11-08 03:48 1314816 ----a-w- c:\windows\system32\quartz.dll
2013-02-13 03:42 . 2013-01-04 11:28 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 03:42 . 2013-01-05 05:26 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-13 03:42 . 2013-01-05 05:26 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-03 23:00 . 2012-07-24 00:02 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-03 23:00 . 2011-10-11 18:18 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-21 00:28 . 2012-08-01 01:51 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-02-21 00:28 . 2011-10-17 04:18 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-14 17:45 . 2013-01-14 17:45 53248 ----a-r- c:\users\Johnny Ola\AppData\Roaming\Microsoft\Installer\{A009A2F5-F89B-430B-9EE6-E71461F3B4EB}\ARPPRODUCTICON.exe
2012-12-16 13:12 . 2012-12-22 08:01 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-22 08:01 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 21:49 . 2011-10-11 20:06 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-08 11:38 . 2013-03-08 11:38 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Johnny Ola\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Johnny Ola\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Johnny Ola\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Johnny Ola\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-11-28 59280]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-11-28 59280]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"com.apple.dav.bookmarks.daemon"="c:\program files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-11-28 59280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-06 4423680]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-24 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-24 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-24 133912]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-04-17 321656]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2007-04-02 411768]
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-03-06 36864]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-11-29 151952]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
.
c:\users\Johnny Ola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Johnny Ola\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-04-24 00:19 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0ssiefr.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg wsauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2011-05-03 15:43 4321112 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-10-11 20:04 136176 ----atw- c:\users\Johnny Ola\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-11-29 05:49 151952 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-12-14 21:49 824232 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickBooks Simple Start]
2007-01-31 05:59 371712 ----a-w- c:\program files\Intuit\SimpleStartEntice\entice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunSpySweeperScheduleAtStartup]
2011-10-26 06:49 10752 ----a-w- c:\windows\System32\msfeedssync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-04-06 18:18 1822720 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-03-08 02:38 835584 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSecurity]
2007-03-14 00:13 2322432 ----a-w- c:\program files\Sony\VAIO Security Center\VSC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
2006-12-07 01:08 577536 ----a-w- c:\program files\Sony\VAIO Survey\Vista VAIO Survey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-06 04:34 1630672 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-11 19:59]
.
2013-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-11 19:59]
.
2013-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-463125951-12254502-3284758742-1005Core.job
- c:\users\Johnny Ola\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-11 20:04]
.
2013-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-463125951-12254502-3284758742-1005UA.job
- c:\users\Johnny Ola\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-11 20:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{20DA44BE-98A1-475D-B8AC-88DF3AD26CDD}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{D83D5627-FB49-437C-B3E7-C61C85550B27}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\Johnny Ola\AppData\Roaming\Mozilla\Firefox\Profiles\3yu3mje6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-TeamSpeak 3 Client - c:\users\Johnny Ola\AppData\Local\TeamSpeak 3 Client\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-09 10:15
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1044)
c:\windows\system32\guard32.dll
c:\windows\system32\wsauth.dll
.
- - - - - - - > 'Explorer.exe'(5472)
c:\windows\system32\guard32.dll
c:\users\Johnny Ola\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2013\avgrsx.exe
c:\program files\AVG\AVG2013\avgcsrvx.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\AVG\AVG2013\avgidsagent.exe
c:\program files\AVG\AVG2013\avgwdsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\spool\DRIVERS\W32X86\3\dlecserv.exe
c:\windows\system32\dleccoms.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\AVG\AVG2013\avgnsx.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\AVG\AVG2013\avgemcx.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
c:\program files\VMware\VMware View\Client\bin\wsnm.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe
.
**************************************************************************
.
Completion time: 2013-03-09 10:22:54 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-09 15:22
.
Pre-Run: 169,324,486,656 bytes free
Post-Run: 169,372,172,288 bytes free
.
- - End Of File - - 5570B0A3B0620D5DAECC125562B20544
-
Double-click on My Computer and right-click on the C drive and select Properties. Please tell me the size of the harddrive and how much free space your have.
SysProt Antirootkit
Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).
http://sites.google.com/site/sysprotantirootkit/ (http://sites.google.com/site/sysprotantirootkit/)
Unzip it into a folder on your desktop.
- Double click Sysprot.exe to start the program.
- Click on the Log tab.
- In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
- At the bottom of the page
- Hidden Objects Only << Selected
- Click on the Create Log button on the bottom right.
- After a few seconds a new window should appear.
- Select Scan Root Drive. Click on the Start button.
- When it is complete a new window will appear to indicate that the scan is finished.
- The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
**************************************************
- Download RogueKiller (http://tigzy.geekstogo.com/Tools/RogueKiller.exe) on the desktop
- Close all the running programs
- Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
- Otherwise just double-click on RogueKiller.exe
- Pre-scan will start. Let it finish.
- Click on SCAN button.
- A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
- If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
-
1) Hard Drive:
290 GB
158 GB free.
2) Sysprot log
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
No Hidden Processes found
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
Service Name: ---
Module Base: 8FA76000
Module End: 8FA81000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: 8FA81000
Module End: 8FA89000
Hidden: Yes
Module Name: C:\Windows\system32\DRIVERS\WUDFRd.sys
Service Name: WUDFRd
Module Base: B0F09000
Module End: B0F34000
Hidden: Yes
Module Name: \??\C:\ComboFix\catchme.sys
Service Name: catchme
Module Base: B0F45000
Module End: B0F4D000
Hidden: Yes
Module Name: \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
Service Name: ---
Module Base: B0F4D000
Module End: B0F4F000
Hidden: Yes
******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAdjustPrivilegesToken
Address: 8E8DBFB0
Driver Base: 8E8CE000
Driver End: 8E949000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwAlpcConnectPort
Address: 8E8DC19C
Driver Base: 8E8CE000
Driver End: 8E949000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwConnectPort
Address: 8E8DB310
Driver Base: 8E8CE000
Driver End: 8E949000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwCreateFile
Address: 8E8DBC16
Driver Base: 8E8CE000
Driver End: 8E949000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwCreateSection
Address: 8E8DB9CA
Driver Base: 8E8CE000
Driver End: 8E949000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwCreateSymbolicLinkObject
Address: 8E8DCD14
Driver Base: 8E8CE000
Driver End: 8E949000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwCreateThread
Address: 8E8DACFC
Driver Base: 8E8CE000
Driver End: 8E949000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwLoadDriver
Address: 8E8DC746
Driver Base: 8E8CE000
Driver End: 8E949000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwMakeTemporaryObject
Address: 8E8DB5D8
Driver Base: 8E8CE000
Driver End: 8E949000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwNotifyChangeKey
Address: 8F1FE14A
Driver Base: 8F1FD000
Driver End: 8F200000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys
Function Name: ZwNotifyChangeMultipleKeys
Address: 8F1FE21A
Driver Base: 8F1FD000
Driver End: 8F200000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys
Function Name: ZwOpenFile
Address: 8E8DBDF2
Driver Base: 8E8CE000
Driver End: 8E949000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwOpenProcess
Address: 8F1FDD7C
Driver Base: 8F1FD000
Driver End: 8F200000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys
Function Name: ZwOpenSection
Address: 8E8DB872
Driver Base: 8E8CE000
Driver End: 8E949000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwSetSystemInformation
Address: 8E8DCA32
Driver Base: 8E8CE000
Driver End: 8E949000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwShutdownSystem
Address: 8E8DB542
Driver Base: 8E8CE000
Driver End: 8E949000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwSuspendProcess
Address: 8F1FDF6A
Driver Base: 8F1FD000
Driver End: 8F200000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys
Function Name: ZwSuspendThread
Address: 8F1FE000
Driver Base: 8F1FD000
Driver End: 8F200000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys
Function Name: ZwSystemDebugControl
Address: 8E8DB75E
Driver Base: 8E8CE000
Driver End: 8E949000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwTerminateProcess
Address: 8F1FDE32
Driver Base: 8F1FD000
Driver End: 8F200000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys
Function Name: ZwTerminateThread
Address: 8F1FDECE
Driver Base: 8F1FD000
Driver End: 8F200000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys
Function Name: ZwWriteVirtualMemory
Address: 8F1FE09C
Driver Base: 8F1FD000
Driver End: 8F200000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys
Function Name: ZwCreateThreadEx
Address: 8E8DC3CA
Driver Base: 8E8CE000
Driver End: 8E949000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
******************************************************************************************
******************************************************************************************
No Kernel Hooks found
******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied
-
Rogue Killer Report
RogueKiller V8.5.2 [Mar 9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Johnny Ola [Admin rights]
Mode : Scan -- Date : 03/10/2013 19:51:15
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 7 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{20DA44BE-98A1-475D-B8AC-88DF3AD26CDD} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{D83D5627-FB49-437C-B3E7-C61C85550B27} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{20DA44BE-98A1-475D-B8AC-88DF3AD26CDD} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{D83D5627-FB49-437C-B3E7-C61C85550B27} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK3252GSX ATA Device +++++
--- User ---
[MBR] 440a09e1bed8156a9860f538040ffaeb
[BSP] d22058caf6e661c75810f014eb71054c : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 7286 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 14923776 | Size: 297957 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_03102013_02d1951.txt >>
RKreport[1]_S_03102013_02d1951.txt
-
Please run RogueKiller again and choose "Delete" for anything found.
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
- Leave the check mark next to Remove found threats.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
RogueKiller has crashed all but once when I use it.
I tried to do what you said this morning but it crashed.
-
RogueKiller has crashed all but once when I use it.
I tried to do what you said this morning but it crashed.
Ok. Please run ESET and see what comes up.
-
No threats found, see picture.
[recovering disk space, attachment deleted by admin]
-
I also was able to re-run Rogue Killer and delete.
It only deleted 1, replaced 2.
See picture.
[recovering disk space, attachment deleted by admin]
-
Good, how's your computer running now? Any other issues before we cleanup?
-
Barely used it, but maybe better. Hard to say as it has good and bad days.
-
Ok, let's do some cleanup.
To uninstall ComboFix
- Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
- In the field, type in ComboFix /uninstall
(http://i424.photobucket.com/albums/pp322/digistar/Combofix_uninstall_image.jpg)
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
- Then, press Enter, or click OK.
- This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
***************************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.
(http://i424.photobucket.com/albums/pp322/digistar/diskcleanup2.jpg)
Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.
(http://i424.photobucket.com/albums/pp322/digistar/diskcleanup.jpg)
This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
*******************************************************
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer (http://www.bleepingcomputer.com/forums/tutorial49.html) from Spyware and Malware
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. (http://www.safer-networking.org/en/spybotsd/index.html) Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
-
OK...well
1) PC is still running slow....you say it's NOT malware/spyware...
what is it?
what can I do?
2) Should I delete...
-dds
-roguekiller
-esetmartin
-sysprot?
3) Already have spyware blaster....and the link posted to "how to use" is broken
4) I have commodo...should I un-install and install WOT
-
Please run RogueKiller and see if anything comes up.
Should I delete...
-dds
-roguekiller
-esetmartin
-sysprot?
Yes, uninstall all except RogueKiller.
- Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and save it to your Desktop.
- Extract its contents to your desktop.
- Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
(http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/TDSSKillernumber1.png)
- If an infected file is detected, the default action will be Cure, click on Continue.
(http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/TDSSKillernumber2.png)
- If a suspicious file is detected, the default action will be Skip, click on Continue.
(http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/TDSSKillernumber3.png)
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
(http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/TDSSKillerlastone3.png)
- Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..
-
OK...just did it, posted below. Now what?
11:50:21.0894 5604 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:50:22.0262 5604 ============================================================
11:50:22.0263 5604 Current date / time: 2013/03/23 11:50:22.0262
11:50:22.0263 5604 SystemInfo:
11:50:22.0263 5604
11:50:22.0263 5604 OS Version: 6.0.6002 ServicePack: 2.0
11:50:22.0263 5604 Product type: Workstation
11:50:22.0263 5604 ComputerName: JOHNNYOLA-PC
11:50:22.0263 5604 UserName: Johnny Ola
11:50:22.0263 5604 Windows directory: C:\Windows
11:50:22.0263 5604 System windows directory: C:\Windows
11:50:22.0263 5604 Processor architecture: Intel x86
11:50:22.0263 5604 Number of processors: 2
11:50:22.0263 5604 Page size: 0x1000
11:50:22.0263 5604 Boot type: Normal boot
11:50:22.0263 5604 ============================================================
11:50:24.0464 5604 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:50:24.0504 5604 ============================================================
11:50:24.0504 5604 \Device\Harddisk0\DR0:
11:50:24.0516 5604 MBR partitions:
11:50:24.0516 5604 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xE3B800, BlocksNum 0x245F2800
11:50:24.0516 5604 ============================================================
11:50:24.0839 5604 C: <-> \Device\Harddisk0\DR0\Partition1
11:50:24.0839 5604 ============================================================
11:50:24.0839 5604 Initialize success
11:50:24.0839 5604 ============================================================
11:50:35.0167 5100 ============================================================
11:50:35.0167 5100 Scan started
11:50:35.0167 5100 Mode: Manual;
11:50:35.0167 5100 ============================================================
11:50:36.0432 5100 ================ Scan system memory ========================
11:50:36.0432 5100 System memory - ok
11:50:36.0433 5100 ================ Scan services =============================
11:50:37.0003 5100 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
11:50:37.0008 5100 ACPI - ok
11:50:37.0132 5100 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:50:37.0165 5100 AdobeARMservice - ok
11:50:37.0227 5100 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
11:50:37.0236 5100 adp94xx - ok
11:50:37.0296 5100 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
11:50:37.0303 5100 adpahci - ok
11:50:37.0323 5100 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
11:50:37.0326 5100 adpu160m - ok
11:50:37.0344 5100 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
11:50:37.0348 5100 adpu320 - ok
11:50:37.0412 5100 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:50:37.0414 5100 AeLookupSvc - ok
11:50:37.0462 5100 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
11:50:37.0468 5100 AFD - ok
11:50:37.0503 5100 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:50:37.0506 5100 agp440 - ok
11:50:37.0626 5100 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
11:50:37.0630 5100 aic78xx - ok
11:50:37.0652 5100 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
11:50:37.0654 5100 ALG - ok
11:50:37.0704 5100 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
11:50:37.0722 5100 aliide - ok
11:50:37.0777 5100 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
11:50:37.0780 5100 amdagp - ok
11:50:37.0829 5100 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
11:50:37.0841 5100 amdide - ok
11:50:37.0863 5100 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
11:50:37.0866 5100 AmdK7 - ok
11:50:37.0881 5100 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
11:50:37.0883 5100 AmdK8 - ok
11:50:37.0970 5100 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
11:50:37.0972 5100 Appinfo - ok
11:50:38.0064 5100 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:50:38.0067 5100 Apple Mobile Device - ok
11:50:38.0121 5100 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
11:50:38.0124 5100 arc - ok
11:50:38.0186 5100 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
11:50:38.0196 5100 arcsas - ok
11:50:38.0344 5100 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:50:38.0346 5100 aspnet_state - ok
11:50:38.0375 5100 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:50:38.0378 5100 AsyncMac - ok
11:50:38.0415 5100 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
11:50:38.0416 5100 atapi - ok
11:50:38.0482 5100 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:50:38.0490 5100 AudioEndpointBuilder - ok
11:50:38.0501 5100 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
11:50:38.0506 5100 Audiosrv - ok
11:50:38.0860 5100 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
11:50:39.0031 5100 AVGIDSAgent - ok
11:50:39.0123 5100 [ 7BB2C605094DBCA536D127B434214862 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
11:50:39.0128 5100 AVGIDSDriver - ok
11:50:39.0165 5100 [ 8F50F98686C9A397A19FCBAE284DB1C5 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
11:50:39.0183 5100 AVGIDSHX - ok
11:50:39.0202 5100 [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
11:50:39.0204 5100 AVGIDSShim - ok
11:50:39.0280 5100 [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
11:50:39.0284 5100 Avgldx86 - ok
11:50:39.0351 5100 [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx C:\Windows\system32\DRIVERS\avglogx.sys
11:50:39.0356 5100 Avglogx - ok
11:50:39.0389 5100 [ AF7AA9BA434CD28833A66E90993E8DFD ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
11:50:39.0393 5100 Avgmfx86 - ok
11:50:39.0518 5100 [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
11:50:39.0530 5100 Avgrkx86 - ok
11:50:39.0599 5100 [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
11:50:39.0604 5100 Avgtdix - ok
11:50:39.0708 5100 [ 3001E24F340D400BFF85935E5777FC5B ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
11:50:39.0719 5100 avgtp - ok
11:50:39.0761 5100 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
11:50:39.0765 5100 avgwd - ok
11:50:39.0856 5100 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
11:50:39.0889 5100 Beep - ok
11:50:39.0940 5100 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
11:50:39.0946 5100 BFE - ok
11:50:40.0037 5100 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
11:50:40.0057 5100 BITS - ok
11:50:40.0064 5100 blbdrive - ok
11:50:40.0149 5100 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:50:40.0157 5100 Bonjour Service - ok
11:50:40.0202 5100 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:50:40.0234 5100 bowser - ok
11:50:40.0280 5100 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
11:50:40.0282 5100 BrFiltLo - ok
11:50:40.0326 5100 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
11:50:40.0340 5100 BrFiltUp - ok
11:50:40.0387 5100 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
11:50:40.0448 5100 Browser - ok
11:50:40.0597 5100 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
11:50:40.0624 5100 Brserid - ok
11:50:40.0643 5100 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
11:50:40.0677 5100 BrSerWdm - ok
11:50:40.0702 5100 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
11:50:40.0749 5100 BrUsbMdm - ok
11:50:40.0783 5100 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
11:50:40.0841 5100 BrUsbSer - ok
11:50:40.0890 5100 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
11:50:40.0892 5100 BTHMODEM - ok
11:50:40.0965 5100 catchme - ok
11:50:41.0035 5100 [ 5753532C476B83119D85AA43B1B10AB3 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe
11:50:41.0036 5100 CCALib8 - ok
11:50:41.0069 5100 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:50:41.0072 5100 cdfs - ok
11:50:41.0137 5100 [ 837EEF65AF62D4E8A37C41D3879F7274 ] Cdr4_xp C:\Windows\system32\drivers\Cdr4_xp.sys
11:50:41.0139 5100 Cdr4_xp - ok
11:50:41.0216 5100 [ 579DA2F9F5401F55DAE2CF8779D61DFC ] Cdralw2k C:\Windows\system32\drivers\Cdralw2k.sys
11:50:41.0229 5100 Cdralw2k - ok
11:50:41.0273 5100 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:50:41.0289 5100 cdrom - ok
11:50:41.0345 5100 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
11:50:41.0347 5100 CertPropSvc - ok
11:50:41.0370 5100 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
11:50:41.0395 5100 circlass - ok
11:50:41.0434 5100 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
11:50:41.0440 5100 CLFS - ok
11:50:41.0519 5100 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:50:41.0546 5100 clr_optimization_v2.0.50727_32 - ok
11:50:41.0610 5100 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:50:41.0614 5100 clr_optimization_v4.0.30319_32 - ok
11:50:41.0681 5100 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:50:41.0683 5100 CmBatt - ok
11:50:41.0793 5100 [ 2A2D72271844C52F004901A60312B96A ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
11:50:41.0816 5100 cmdAgent - ok
11:50:41.0892 5100 [ 623C7421D76860837CE0643950A117E7 ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys
11:50:41.0902 5100 cmdGuard - ok
11:50:41.0938 5100 [ 5A6ED5F670CD80EC338A94A8A08EC7F1 ] cmdHlp C:\Windows\system32\DRIVERS\cmdhlp.sys
11:50:41.0940 5100 cmdHlp - ok
11:50:41.0997 5100 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:50:42.0000 5100 cmdide - ok
11:50:42.0062 5100 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:50:42.0072 5100 Compbatt - ok
11:50:42.0078 5100 COMSysApp - ok
11:50:42.0086 5100 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
11:50:42.0088 5100 crcdisk - ok
11:50:42.0126 5100 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
11:50:42.0153 5100 Crusoe - ok
11:50:42.0250 5100 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:50:42.0254 5100 CryptSvc - ok
11:50:42.0327 5100 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:50:42.0340 5100 DcomLaunch - ok
11:50:42.0384 5100 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:50:42.0387 5100 DfsC - ok
11:50:42.0522 5100 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
11:50:42.0564 5100 DFSR - ok
11:50:42.0654 5100 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
11:50:42.0673 5100 Dhcp - ok
11:50:42.0700 5100 DIRECTIO - ok
11:50:42.0744 5100 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
11:50:42.0750 5100 disk - ok
11:50:42.0829 5100 [ 0E19B0CAE77759BFA2C75FB3B5C10166 ] dlecCATSCustConnectService C:\Windows\system32\spool\DRIVERS\W32X86\3\\dlecserv.exe
11:50:42.0836 5100 dlecCATSCustConnectService - ok
11:50:42.0841 5100 dlec_device - ok
11:50:42.0898 5100 [ F206E28ED74C491FD5D7C0A1119CE37F ] DMICall C:\Windows\system32\DRIVERS\DMICall.sys
11:50:42.0900 5100 DMICall - ok
11:50:42.0951 5100 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:50:43.0015 5100 Dnscache - ok
11:50:43.0062 5100 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:50:43.0067 5100 dot3svc - ok
11:50:43.0152 5100 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
11:50:43.0157 5100 DPS - ok
11:50:43.0239 5100 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:50:43.0241 5100 drmkaud - ok
11:50:43.0371 5100 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:50:43.0393 5100 DXGKrnl - ok
11:50:43.0481 5100 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
11:50:43.0533 5100 E1G60 - ok
11:50:43.0592 5100 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
11:50:43.0598 5100 EapHost - ok
11:50:43.0644 5100 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
11:50:43.0649 5100 Ecache - ok
11:50:43.0733 5100 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:50:43.0739 5100 ehRecvr - ok
11:50:43.0815 5100 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
11:50:43.0818 5100 ehSched - ok
11:50:43.0866 5100 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
11:50:43.0884 5100 ehstart - ok
11:50:43.0945 5100 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
11:50:43.0951 5100 elxstor - ok
11:50:44.0026 5100 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
11:50:44.0037 5100 EMDMgmt - ok
11:50:44.0109 5100 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
11:50:44.0115 5100 EventSystem - ok
11:50:44.0172 5100 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
11:50:44.0176 5100 exfat - ok
11:50:44.0219 5100 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:50:44.0252 5100 fastfat - ok
11:50:44.0298 5100 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:50:44.0331 5100 fdc - ok
11:50:44.0372 5100 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
11:50:44.0386 5100 fdPHost - ok
11:50:44.0411 5100 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
11:50:44.0413 5100 FDResPub - ok
11:50:44.0436 5100 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:50:44.0439 5100 FileInfo - ok
11:50:44.0469 5100 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:50:44.0473 5100 Filetrace - ok
11:50:44.0491 5100 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:50:44.0542 5100 flpydisk - ok
11:50:44.0594 5100 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:50:44.0600 5100 FltMgr - ok
11:50:44.0685 5100 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
11:50:44.0701 5100 FontCache - ok
11:50:44.0785 5100 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:50:44.0788 5100 FontCache3.0.0.0 - ok
11:50:44.0845 5100 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:50:44.0855 5100 Fs_Rec - ok
11:50:44.0907 5100 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
11:50:44.0909 5100 gagp30kx - ok
11:50:44.0962 5100 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:50:44.0996 5100 GEARAspiWDM - ok
11:50:45.0062 5100 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
11:50:45.0116 5100 gpsvc - ok
11:50:45.0209 5100 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
11:50:45.0211 5100 gupdate - ok
11:50:45.0224 5100 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
11:50:45.0225 5100 gupdatem - ok
11:50:45.0269 5100 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:50:45.0275 5100 HdAudAddService - ok
11:50:45.0314 5100 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
11:50:45.0325 5100 HDAudBus - ok
11:50:45.0337 5100 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
11:50:45.0373 5100 HidBth - ok
11:50:45.0402 5100 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
11:50:45.0404 5100 HidIr - ok
11:50:45.0457 5100 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
11:50:45.0459 5100 hidserv - ok
11:50:45.0529 5100 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:50:45.0607 5100 HidUsb - ok
11:50:45.0721 5100 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:50:45.0725 5100 hkmsvc - ok
11:50:45.0840 5100 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
11:50:45.0869 5100 HpCISSs - ok
11:50:45.0984 5100 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
11:50:46.0027 5100 HSFHWAZL - ok
11:50:46.0111 5100 [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
11:50:46.0130 5100 HSF_DPV - ok
11:50:46.0156 5100 [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
11:50:46.0161 5100 HSXHWAZL - ok
11:50:46.0205 5100 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:50:46.0214 5100 HTTP - ok
11:50:46.0302 5100 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
11:50:46.0361 5100 i2omp - ok
11:50:46.0424 5100 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
11:50:46.0467 5100 i8042prt - ok
11:50:46.0545 5100 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
11:50:46.0552 5100 iaStorV - ok
11:50:46.0851 5100 [ 4B2CD05E33D86EBD486DAA0B403743F9 ] ICScsiSV C:\Program Files\Sony\Image Converter 3\ICScsiSV.exe
11:50:46.0864 5100 ICScsiSV - ok
11:50:46.0911 5100 [ F3DA2B062A361C2BC9DC6E42F6D283F0 ] IcVzMonLauncher C:\Program Files\Sony\Image Converter 3\IcVzMonLauncher.exe
11:50:46.0924 5100 IcVzMonLauncher - ok
11:50:47.0031 5100 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
11:50:47.0166 5100 IDriverT - ok
11:50:47.0263 5100 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:50:47.0280 5100 idsvc - ok
11:50:47.0706 5100 [ 040BCB496D604A9859657088F400F0EB ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
11:50:47.0750 5100 igfx - ok
11:50:47.0769 5100 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
11:50:47.0772 5100 iirsp - ok
11:50:47.0802 5100 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
11:50:47.0811 5100 IKEEXT - ok
11:50:47.0850 5100 [ FE9BF2EF80A435BA0B5F8FD9C926D5A8 ] Image Converter video recording monitor for VAIO Entertainment C:\Program Files\Sony\Image Converter 3\IcVzMon.exe
11:50:47.0852 5100 Image Converter video recording monitor for VAIO Entertainment - ok
11:50:47.0888 5100 [ CE3034F551E06F7A290DA4D8DF29246E ] inspect C:\Windows\system32\DRIVERS\inspect.sys
11:50:47.0896 5100 inspect - ok
11:50:48.0089 5100 [ 2BD6633DB50A98534AA3262E0F9F5A14 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
11:50:48.0166 5100 IntcAzAudAddService - ok
11:50:48.0219 5100 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
11:50:48.0251 5100 intelide - ok
11:50:48.0291 5100 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:50:48.0293 5100 intelppm - ok
11:50:48.0341 5100 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:50:48.0344 5100 IPBusEnum - ok
11:50:48.0381 5100 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:50:48.0410 5100 IpFilterDriver - ok
11:50:48.0481 5100 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:50:48.0492 5100 iphlpsvc - ok
11:50:48.0498 5100 IpInIp - ok
11:50:48.0527 5100 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
11:50:48.0530 5100 IPMIDRV - ok
11:50:48.0565 5100 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
11:50:48.0577 5100 IPNAT - ok
11:50:48.0667 5100 [ EF1C51222117B37AFBFF8F4642EA8C62 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:50:48.0680 5100 iPod Service - ok
11:50:48.0721 5100 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:50:48.0781 5100 IRENUM - ok
11:50:48.0837 5100 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:50:48.0854 5100 isapnp - ok
11:50:48.0893 5100 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
11:50:48.0897 5100 iScsiPrt - ok
11:50:48.0915 5100 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
11:50:48.0918 5100 iteatapi - ok
11:50:48.0940 5100 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
11:50:48.0942 5100 iteraid - ok
11:50:48.0974 5100 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
11:50:48.0977 5100 IviRegMgr - ok
11:50:49.0001 5100 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:50:49.0003 5100 kbdclass - ok
11:50:49.0034 5100 [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
11:50:49.0036 5100 kbdhid - ok
11:50:49.0061 5100 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
11:50:49.0128 5100 KeyIso - ok
11:50:49.0184 5100 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:50:49.0195 5100 KSecDD - ok
11:50:49.0345 5100 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
11:50:49.0382 5100 KtmRm - ok
11:50:49.0423 5100 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
11:50:49.0428 5100 LanmanServer - ok
11:50:49.0495 5100 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:50:49.0502 5100 LanmanWorkstation - ok
11:50:49.0579 5100 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:50:49.0592 5100 lltdio - ok
11:50:49.0680 5100 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:50:49.0710 5100 lltdsvc - ok
11:50:49.0744 5100 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:50:49.0752 5100 lmhosts - ok
11:50:49.0816 5100 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
11:50:49.0820 5100 LSI_FC - ok
11:50:49.0880 5100 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
11:50:49.0888 5100 LSI_SAS - ok
11:50:49.0958 5100 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
11:50:49.0961 5100 LSI_SCSI - ok
11:50:49.0994 5100 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
11:50:50.0015 5100 luafv - ok
11:50:50.0053 5100 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:50:50.0068 5100 Mcx2Svc - ok
11:50:50.0097 5100 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
11:50:50.0129 5100 mdmxsdk - ok
11:50:50.0165 5100 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
11:50:50.0167 5100 megasas - ok
11:50:50.0219 5100 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
11:50:50.0223 5100 MMCSS - ok
11:50:50.0258 5100 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
11:50:50.0291 5100 Modem - ok
11:50:50.0348 5100 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:50:50.0350 5100 monitor - ok
11:50:50.0369 5100 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:50:50.0371 5100 mouclass - ok
11:50:50.0434 5100 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:50:50.0437 5100 mouhid - ok
11:50:50.0518 5100 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
11:50:50.0555 5100 MountMgr - ok
11:50:50.0676 5100 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:50:50.0699 5100 MozillaMaintenance - ok
11:50:50.0746 5100 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
11:50:50.0749 5100 mpio - ok
11:50:50.0792 5100 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:50:50.0794 5100 mpsdrv - ok
11:50:50.0927 5100 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
11:50:50.0961 5100 MpsSvc - ok
11:50:50.0987 5100 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
11:50:51.0015 5100 Mraid35x - ok
11:50:51.0054 5100 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:50:51.0058 5100 MRxDAV - ok
11:50:51.0094 5100 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:50:51.0157 5100 mrxsmb - ok
11:50:51.0206 5100 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:50:51.0243 5100 mrxsmb10 - ok
11:50:51.0282 5100 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:50:51.0298 5100 mrxsmb20 - ok
11:50:51.0315 5100 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
11:50:51.0318 5100 msahci - ok
11:50:51.0417 5100 [ 8E46A7BAC823DD82D4FB2A34C3DF4C1D ] MSCSPTISRV C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
11:50:51.0640 5100 MSCSPTISRV - ok
11:50:51.0672 5100 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:50:51.0676 5100 msdsm - ok
11:50:51.0773 5100 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
11:50:51.0819 5100 MSDTC - ok
11:50:51.0872 5100 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:50:51.0904 5100 Msfs - ok
11:50:51.0994 5100 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:50:52.0025 5100 msisadrv - ok
11:50:52.0092 5100 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:50:52.0122 5100 MSiSCSI - ok
11:50:52.0127 5100 msiserver - ok
11:50:52.0183 5100 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:50:52.0213 5100 MSKSSRV - ok
11:50:52.0257 5100 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:50:52.0290 5100 MSPCLOCK - ok
11:50:52.0325 5100 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:50:52.0327 5100 MSPQM - ok
11:50:52.0352 5100 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:50:52.0357 5100 MsRPC - ok
11:50:52.0411 5100 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
11:50:52.0412 5100 mssmbios - ok
11:50:52.0539 5100 MSSQL$VAIO_VEDB - ok
11:50:52.0569 5100 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
11:50:52.0571 5100 MSSQLServerADHelper - ok
11:50:52.0672 5100 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:50:52.0717 5100 MSTEE - ok
11:50:52.0756 5100 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
11:50:52.0758 5100 Mup - ok
11:50:52.0823 5100 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
11:50:52.0834 5100 napagent - ok
11:50:52.0902 5100 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:50:52.0930 5100 NativeWifiP - ok
11:50:53.0001 5100 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:50:53.0011 5100 NDIS - ok
11:50:53.0066 5100 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:50:53.0092 5100 NdisTapi - ok
11:50:53.0127 5100 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:50:53.0135 5100 Ndisuio - ok
11:50:53.0181 5100 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:50:53.0204 5100 NdisWan - ok
11:50:53.0243 5100 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:50:53.0245 5100 NDProxy - ok
11:50:53.0270 5100 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:50:53.0300 5100 NetBIOS - ok
11:50:53.0347 5100 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
11:50:53.0352 5100 netbt - ok
11:50:53.0394 5100 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
11:50:53.0396 5100 Netlogon - ok
11:50:53.0583 5100 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
11:50:53.0591 5100 Netman - ok
11:50:53.0649 5100 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:50:53.0681 5100 NetMsmqActivator - ok
11:50:53.0690 5100 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:50:53.0693 5100 NetPipeActivator - ok
11:50:53.0750 5100 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
11:50:53.0813 5100 netprofm - ok
11:50:53.0821 5100 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:50:53.0825 5100 NetTcpActivator - ok
11:50:53.0833 5100 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:50:53.0835 5100 NetTcpPortSharing - ok
11:50:54.0090 5100 [ 1D73499A6664B4DA05D750FF83FDB274 ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys
11:50:54.0144 5100 NETw4v32 - ok
11:50:54.0190 5100 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
11:50:54.0215 5100 nfrd960 - ok
11:50:54.0253 5100 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:50:54.0259 5100 NlaSvc - ok
11:50:54.0308 5100 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:50:54.0330 5100 Npfs - ok
11:50:54.0379 5100 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
11:50:54.0391 5100 nsi - ok
11:50:54.0483 5100 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:50:54.0525 5100 nsiproxy - ok
11:50:54.0609 5100 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:50:54.0634 5100 Ntfs - ok
11:50:54.0707 5100 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
11:50:54.0734 5100 ntrigdigi - ok
11:50:54.0779 5100 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
11:50:54.0781 5100 Null - ok
11:50:54.0827 5100 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:50:54.0849 5100 nvraid - ok
11:50:54.0873 5100 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:50:54.0875 5100 nvstor - ok
11:50:54.0890 5100 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:50:54.0893 5100 nv_agp - ok
11:50:54.0900 5100 NwlnkFlt - ok
11:50:54.0906 5100 NwlnkFwd - ok
11:50:55.0084 5100 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:50:55.0128 5100 odserv - ok
11:50:55.0201 5100 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
11:50:55.0204 5100 ohci1394 - ok
11:50:55.0240 5100 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:50:55.0244 5100 ose - ok
11:50:55.0354 5100 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
11:50:55.0410 5100 p2pimsvc - ok
11:50:55.0432 5100 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
11:50:55.0444 5100 p2psvc - ok
11:50:55.0481 5100 [ 753A8F339F231D2B857E2CCD51A6E6CA ] PACSPTISVR C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
11:50:55.0702 5100 PACSPTISVR - ok
11:50:55.0743 5100 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
11:50:55.0763 5100 Parport - ok
11:50:55.0800 5100 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:50:55.0826 5100 partmgr - ok
11:50:55.0842 5100 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
11:50:55.0845 5100 Parvdm - ok
11:50:55.0938 5100 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
11:50:55.0963 5100 PcaSvc - ok
11:50:56.0095 5100 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
11:50:56.0110 5100 pci - ok
11:50:56.0145 5100 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\DRIVERS\pciide.sys
11:50:56.0147 5100 pciide - ok
11:50:56.0214 5100 [ 3BB2244F343B610C29C98035504C9B75 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
11:50:56.0219 5100 pcmcia - ok
11:50:56.0287 5100 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:50:56.0304 5100 PEAUTH - ok
11:50:56.0417 5100 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
11:50:56.0454 5100 pla - ok
11:50:56.0513 5100 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:50:56.0523 5100 PlugPlay - ok
11:50:56.0676 5100 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
11:50:56.0683 5100 PNRPAutoReg - ok
11:50:56.0762 5100 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
11:50:56.0770 5100 PNRPsvc - ok
11:50:56.0809 5100 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:50:56.0847 5100 PolicyAgent - ok
11:50:56.0907 5100 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:50:56.0935 5100 PptpMiniport - ok
11:50:56.0979 5100 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
11:50:57.0012 5100 Processor - ok
11:50:57.0070 5100 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
11:50:57.0078 5100 ProfSvc - ok
11:50:57.0117 5100 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
11:50:57.0120 5100 ProtectedStorage - ok
11:50:57.0184 5100 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
11:50:57.0220 5100 PSched - ok
11:50:57.0299 5100 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
11:50:57.0324 5100 PxHelp20 - ok
11:50:57.0481 5100 [ 3007C594B10783C84C0261E280CF1CFD ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
11:50:57.0662 5100 QBCFMonitorService - ok
11:50:57.0812 5100 [ 92AA40E2B692E8637D45FB2D01137D17 ] QBFCService C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
11:50:58.0201 5100 QBFCService - ok
11:50:58.0318 5100 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
11:50:58.0335 5100 ql2300 - ok
11:50:58.0368 5100 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
11:50:58.0372 5100 ql40xx - ok
11:50:58.0458 5100 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
11:50:58.0465 5100 QWAVE - ok
11:50:58.0510 5100 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:50:58.0518 5100 QWAVEdrv - ok
11:50:58.0585 5100 [ 9C9D24115F13AF3AEA05E1343A032BB1 ] R5U870FLx86 C:\Windows\system32\Drivers\R5U870FLx86.sys
11:50:58.0629 5100 R5U870FLx86 - ok
11:50:58.0679 5100 [ 18B4C879647661DE37B49C2E48D65820 ] R5U870FUx86 C:\Windows\system32\Drivers\R5U870FUx86.sys
11:50:58.0683 5100 R5U870FUx86 - ok
11:50:58.0707 5100 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:50:58.0710 5100 RasAcd - ok
11:50:58.0749 5100 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
11:50:58.0756 5100 RasAuto - ok
11:50:58.0816 5100 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:50:58.0851 5100 Rasl2tp - ok
11:50:58.0894 5100 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
11:50:58.0901 5100 RasMan - ok
11:50:58.0967 5100 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:50:59.0058 5100 RasPppoe - ok
11:50:59.0107 5100 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:50:59.0110 5100 RasSstp - ok
11:50:59.0204 5100 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:50:59.0221 5100 rdbss - ok
11:50:59.0282 5100 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:50:59.0285 5100 RDPCDD - ok
11:50:59.0313 5100 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
11:50:59.0319 5100 rdpdr - ok
11:50:59.0341 5100 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:50:59.0343 5100 RDPENCDD - ok
11:50:59.0385 5100 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:50:59.0406 5100 RDPWD - ok
11:50:59.0458 5100 [ 91A60C9B73DC6F433001DD2EC861A338 ] regi C:\Windows\system32\drivers\regi.sys
11:50:59.0460 5100 regi - ok
11:50:59.0528 5100 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:50:59.0547 5100 RemoteAccess - ok
11:50:59.0572 5100 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:50:59.0579 5100 RemoteRegistry - ok
11:50:59.0608 5100 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
11:50:59.0612 5100 RpcLocator - ok
11:50:59.0652 5100 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
11:50:59.0662 5100 RpcSs - ok
11:50:59.0690 5100 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:50:59.0704 5100 rspndr - ok
11:50:59.0744 5100 [ 904FD29EC1FF2709099AE2CD1C09A913 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
11:50:59.0764 5100 RTL8169 - ok
11:50:59.0783 5100 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
11:50:59.0786 5100 SamSs - ok
11:50:59.0893 5100 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:50:59.0923 5100 sbp2port - ok
11:50:59.0966 5100 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:50:59.0971 5100 SCardSvr - ok
11:51:00.0098 5100 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
11:51:00.0112 5100 Schedule - ok
11:51:00.0157 5100 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
11:51:00.0158 5100 SCPolicySvc - ok
11:51:00.0230 5100 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:51:00.0236 5100 SDRSVC - ok
11:51:00.0273 5100 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:51:00.0325 5100 secdrv - ok
11:51:00.0371 5100 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
11:51:00.0384 5100 seclogon - ok
11:51:00.0433 5100 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
11:51:00.0441 5100 SENS - ok
11:51:00.0466 5100 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
11:51:00.0496 5100 Serenum - ok
11:51:00.0534 5100 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
11:51:00.0537 5100 Serial - ok
11:51:00.0563 5100 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
11:51:00.0565 5100 sermouse - ok
11:51:00.0631 5100 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
11:51:00.0636 5100 SessionEnv - ok
11:51:00.0682 5100 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:51:00.0740 5100 sffdisk - ok
11:51:00.0786 5100 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:51:00.0831 5100 sffp_mmc - ok
11:51:00.0872 5100 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:51:00.0963 5100 sffp_sd - ok
11:51:01.0002 5100 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
11:51:01.0017 5100 sfloppy - ok
11:51:01.0068 5100 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:51:01.0182 5100 SharedAccess - ok
11:51:01.0312 5100 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:51:01.0327 5100 ShellHWDetection - ok
11:51:01.0366 5100 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
11:51:01.0368 5100 sisagp - ok
11:51:01.0389 5100 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
11:51:01.0392 5100 SiSRaid2 - ok
11:51:01.0426 5100 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
11:51:01.0429 5100 SiSRaid4 - ok
11:51:01.0569 5100 [ A37740568718F245E818D0C5575B9AA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
11:51:01.0573 5100 SkypeUpdate - ok
11:51:01.0809 5100 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
11:51:01.0909 5100 slsvc - ok
11:51:01.0969 5100 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
11:51:01.0973 5100 SLUINotify - ok
11:51:02.0004 5100 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:51:02.0008 5100 Smb - ok
11:51:02.0035 5100 [ DB31D8989B3450569C29780E7FA98C48 ] SNC C:\Windows\system32\Drivers\SonyNC.sys
11:51:02.0065 5100 SNC - ok
11:51:02.0103 5100 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:51:02.0107 5100 SNMPTRAP - ok
11:51:02.0180 5100 [ 86DA2BEFB800D726FEA98A539606553C ] SonicStage Back-End Service C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
11:51:02.0192 5100 SonicStage Back-End Service - ok
11:51:02.0240 5100 [ FFDB6F1CB87B42F41B6DE116CD6EF809 ] SonyImgF C:\Windows\system32\DRIVERS\SonyImgF.sys
11:51:02.0257 5100 SonyImgF - ok
11:51:02.0285 5100 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
11:51:02.0288 5100 spldr - ok
11:51:02.0332 5100 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
11:51:02.0339 5100 Spooler - ok
11:51:02.0383 5100 [ E3E6C96B0EF4492C3C8FD0DEEF4E35A1 ] SPTISRV C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
11:51:02.0549 5100 SPTISRV - ok
11:51:02.0609 5100 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
11:51:02.0612 5100 SQLBrowser - ok
11:51:02.0639 5100 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
11:51:02.0642 5100 SQLWriter - ok
11:51:02.0742 5100 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
11:51:02.0784 5100 srv - ok
11:51:02.0835 5100 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:51:02.0875 5100 srv2 - ok
11:51:02.0924 5100 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:51:02.0929 5100 srvnet - ok
11:51:03.0003 5100 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:51:03.0039 5100 SSDPSRV - ok
11:51:03.0086 5100 [ 6EB13F919D22D5056B4FB66AA3BB497A ] SSScsiSV C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
11:51:03.0089 5100 SSScsiSV - ok
11:51:03.0175 5100 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:51:03.0213 5100 SstpSvc - ok
11:51:03.0259 5100 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
11:51:03.0271 5100 stisvc - ok
11:51:03.0301 5100 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
11:51:03.0303 5100 swenum - ok
11:51:03.0361 5100 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
11:51:03.0370 5100 swprv - ok
11:51:03.0417 5100 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
11:51:03.0425 5100 Symc8xx - ok
11:51:03.0477 5100 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
11:51:03.0492 5100 Sym_hi - ok
11:51:03.0513 5100 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
11:51:03.0515 5100 Sym_u3 - ok
11:51:03.0551 5100 [ 99DA94793332AADBB17BBB521AE56E21 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
11:51:03.0587 5100 SynTP - ok
11:51:03.0684 5100 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
11:51:03.0697 5100 SysMain - ok
11:51:03.0779 5100 SysProtDrv.sys - ok
11:51:03.0852 5100 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:51:03.0858 5100 TabletInputService - ok
11:51:03.0938 5100 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:51:03.0945 5100 TapiSrv - ok
11:51:03.0992 5100 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
11:51:04.0009 5100 TBS - ok
11:51:04.0087 5100 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:51:04.0136 5100 Tcpip - ok
11:51:04.0157 5100 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
11:51:04.0164 5100 Tcpip6 - ok
11:51:04.0220 5100 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:51:04.0251 5100 tcpipreg - ok
11:51:04.0302 5100 [ 009AEDE9FE870C247014450DC1E01D5D ] TcUsb C:\Windows\system32\Drivers\tcusb.sys
11:51:04.0305 5100 TcUsb - ok
11:51:04.0353 5100 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:51:04.0366 5100 TDPIPE - ok
11:51:04.0415 5100 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:51:04.0418 5100 TDTCP - ok
11:51:04.0471 5100 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:51:04.0480 5100 tdx - ok
11:51:04.0539 5100 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
11:51:04.0542 5100 TermDD - ok
11:51:04.0590 5100 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
11:51:04.0601 5100 TermService - ok
11:51:04.0655 5100 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
11:51:04.0662 5100 Themes - ok
11:51:04.0686 5100 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
11:51:04.0689 5100 THREADORDER - ok
11:51:04.0786 5100 [ DCD46A
-
Save these instructions so you can have access to them while in Safe Mode.
Please click here (http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/) to download AVP Tool by Kaspersky.
- Save it to your desktop.
- Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
- Double click the setup file to run it.
- Click Next to continue.
- Accept the License agreement and click on next.
- It will, by default, install it to your desktop folder. Click Next.
- It will then open a box There will be a tab that says Automatic scan.
- Under Automatic scan make sure these are checked.
- Hidden Startup Objects
- System Memory
- Disk Boot Sectors.
- My Computer.
- Also any other drives (Removable that you may have)
Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
Note: This tool will self uninstall when you close it so please save the log before closing it.