AVG Found Hidden Rootkit

johndoe24 · #1 May 24th, 2012, 07:21 PM

I don't normally post information or program results without being asked to do so by CTH; however, I have no better way to explain this problem than to copy/paste the AVG report from a couple of hours ago:

AVG Detailed object information:
”Property name: Property value:”
"Object name";"<unknown>"
"Detection name";"Corrupted section atapi.sys[.text] +0x6852, size 1 bytes"
"Object type";"file"
"SDK Type";"Rootkit"
"Result";"Object is hidden"
"Action history";""

AVG offers only two options: 1) "Remove selected" or 2) Remove all healed." No options to move or quarantine are available. When I click "remove selected," the following message appears: "Object is hidden by a rootkit technique (which is usually used by a malicious software). Do you really want to delete it?"

I really don’t know if I want to delete it or not because I have no idea what will happen. What is a rootkit technique? Please advise. Thank you. jd24

Aaflac · #2 May 24th, 2012, 07:58 PM

Welcome, johndoe24!

Will be back with instructions shortly.

Thank you for your patience.

Aaflac · #3 May 24th, 2012, 08:14 PM

Please run the following diagnostics to check what is currently going on with the system:

Step 1:
Download DDS from one of these locations:
Link 1
Link 2

Save it to the Desktop

Make sure you temporarily disable your AntiVirus, Firewall, and any other AntiSpyware applications. They may interfere with the programs we are about to run.

If you wish to look at information on how to disable these programs, please refer to the information available through this link

XP: Double-click the downloaded file to run the program
Vista/Windows 7: Right-click DDS and select 'Run as Administrator'

When done, DDS opens two logs:
-DDS.txt (Opens on the Desktop)
-Attach.txt (Minimized on the TaskBar)

Save the reports to your Desktop, and post both reports in your reply.

Step 2:
Also download aswMBR

Save it to the Desktop.

XP: Double-click the downloaded file to run the program
Vista/Windows 7: Right-click the file and select 'Run as Administrator'

When promped with: This Application can use the Avast! Free AntiVirus for scanning...etc.
Select: Yes

The last line of the run in progress will provide the status of the Avast! scan.
It will say: Downloading Avast! virus definitiond database, etc.
When the Avast! scan is done, the last line changes to:
Avast Engine definitions #####

At this point, click the Scan button on the lower left of the aswMBR screen.

The last line will now say "Scanning" while in progress.

Upon completion of the scan, click >Save log< and save it to the Desktop.
Note:Please do NOT attempt to fix anything!!

Exit the program, and post the new aswMBR log in your reply.

Note that a file named MBR.dat is also created on the Desktop.

Please submit MBR.dat for analysis to VirusTotal

When you get to the website, use the Browse button to navigate to the location of MBR.dat
Click on the file, then, click the Open button.
The file is now displayed in the Submit Box.

Scroll down and click Send File, and wait for the results.

If you get a message saying: 'File has already been analyzed', click: 'Reanalyze file now'

Once scanned, and you see the full results page on your screen, go up to the address bar at the top of the browser, and copy the http:\\etc. address there.

Then, provide the http:\\ address to the results page in your reply.

johndoe24 · #4 May 24th, 2012, 08:58 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.3.0
Run by Rodney Vance at 14:04:50 on 2012-05-24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1178 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Rodney Vance\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.mycenturylink.com/
mSearchAssistant = hxxp://search.live.com/sphome.aspx
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SansaDispatch] c:\documents and settings\rodney vance\application data\sandisk\sansa updater\SansaDispatch.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [sHotKey] "c:\program files\sony\shotkey\sHotKey.exe"
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [Run StartupMonitor] StartupMonitor.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} - hxxps://ra.qwest.com/sdccommon/download/tgctlins.cab
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1255573949640
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255662146453
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{D6824586-049F-40FD-BF55-B16E205A8273} : DhcpNameServer = 192.168.0.1 205.171.3.25
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.0.2\ViProtocol.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\rodney vance\application data\mozilla\firefox\profiles\z1hrxo24.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={s earchTerms}
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cb9191d&v=6.103.018.001&i=23&tp=ab&iy=&ychte=u s&lng=en-US&q=
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillapl ugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillapl ugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\rodney vance\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\nuance\pdf reader\bin\nppdf.dll
FF - plugin: c:\program files\nuance\pdf reader\bin\nppdf.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_20 2_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2011-12-5 13880]
R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\common files\sony shared\vaio entertainment\vzcdb\VzFw.exe [2009-10-14 94290]
R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\pro gram files\common files\avg secure search\vtoolbarupdater\11.0.2\ToolbarUpdater.exe [2012-5-24 932736]
R2 ZDCNDIS5;ZDCNDIS5 NDIS5.1 Protocol Driver;c:\windows\system32\ZDCndis5.sys [2010-1-27 20736]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\driv ers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\driv ers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\ avgidsshimx.sys [2011-12-23 17232]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgi dshx.sys [2012-4-19 24896]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPl ayerUpdateService.exe [2011-11-18 257696]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\ eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-3-20 129976]
S3 QWXN720;Qwest 802.11n XN720 Driver;c:\windows\system32\drivers\WLANUHN.sys [2010-1-27 453120]
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\common files\sony shared\vaio entertainment\vcsw\vcsw.exe -runbyscm --> c:\program files\common files\sony shared\vaio entertainment\vcsw\VCSW.exe -RunBySCM [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-3-31 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30 319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-05-24 13:56:20 -------- d-----w- c:\documents and settings\rodney vance\local settings\application data\AVG Secure Search
2012-05-24 13:55:43 -------- d-----w- c:\documents and settings\rodney vance\application data\AVG Secure Search
2012-05-24 13:55:42 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search
2012-05-24 13:55:27 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-05-24 13:55:18 -------- d-----w- c:\program files\AVG Secure Search
2012-05-23 23:35:51 94208 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2012-05-23 23:35:44 144960 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2012-05-23 23:35:30 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-05-23 23:35:30 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-23 23:35:11 -------- d-----w- c:\program files\Real Alternative
2012-05-23 23:35:11 -------- d-----w- c:\documents and settings\rodney vance\local settings\application data\Real
2012-05-23 21:46:11 27136 ----a-w- c:\windows\system32\PCWizard.cpl
2012-05-23 21:46:09 -------- d-----w- c:\program files\PC Wizard 2008
2012-05-19 22:07:13 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2012-05-19 22:07:13 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-05-17 00:07:52 -------- d-----w- c:\program files\PrcView_5_2_15
2012-05-16 17:13:21 -------- d-----w- c:\documents and settings\rodney vance\application data\DriverCure
2012-05-16 17:13:17 -------- d-----w- c:\documents and settings\rodney vance\application data\SpeedyPC Software
2012-05-16 17:12:43 -------- d-----w- c:\program files\SpeedyPC Software
2012-05-16 17:12:43 -------- d-----w- c:\documents and settings\all users\application data\SpeedyPC Software
2012-05-13 23:07:08 -------- d-----w- c:\documents and settings\rodney vance\application data\AVG
2012-05-11 16:24:28 -------- d-----w- c:\windows\system32\XPSViewer
2012-05-11 16:11:56 -------- d-----w- c:\documents and settings\all users\application data\blekko toolbars
2012-05-11 16:10:48 -------- d-----w- c:\program files\RegScrubXP
2012-05-11 16:10:22 -------- d-----w- c:\documents and settings\rodney vance\local settings\application data\searchcom_001
2012-05-01 19:55:04 -------- d-----w- C:\My Pictures
2012-05-01 19:55:04 -------- d-----w- C:\My Documents
.
==================== Find3M ====================
.
2012-05-04 20:47:20 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-04 20:47:20 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-19 10:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-17 23:45:00 360328 ----a-w- c:\program files\SansaUpdaterInstall.exe
2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-19 11:17:28 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-03-18 18:21:40 141312 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-18 18:21:39 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-03-18 18:21:39 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 14:07:08.48 ===============

johndoe24 · #5 May 24th, 2012, 09:00 PM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/14/2009 6:31:38 PM
System Uptime: 5/24/2012 1:06:52 AM (13 hours ago)
.
Motherboard: ASUSTek Computer Inc. | | P4SD-VL
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | CPU 1 | 3192/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 228 GiB total, 169.992 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP127: 2/24/2012 3:08:41 PM - Software Distribution Service 3.0
RP128: 2/25/2012 3:00:37 PM - Software Distribution Service 3.0
RP129: 2/26/2012 3:00:50 PM - Software Distribution Service 3.0
RP130: 2/27/2012 3:00:43 PM - Software Distribution Service 3.0
RP131: 2/28/2012 3:00:38 PM - Software Distribution Service 3.0
RP132: 2/29/2012 3:00:46 PM - Software Distribution Service 3.0
RP133: 3/1/2012 3:00:40 PM - Software Distribution Service 3.0
RP134: 3/2/2012 12:10:01 PM - Software Distribution Service 3.0
RP135: 3/2/2012 3:00:36 PM - Software Distribution Service 3.0
RP136: 3/4/2012 8:46:10 AM - Software Distribution Service 3.0
RP137: 3/4/2012 3:00:38 PM - Software Distribution Service 3.0
RP138: 3/5/2012 3:00:53 PM - Software Distribution Service 3.0
RP139: 3/6/2012 3:00:35 PM - Software Distribution Service 3.0
RP140: 3/7/2012 3:00:36 PM - Software Distribution Service 3.0
RP141: 3/8/2012 1:12:52 PM - Software Distribution Service 3.0
RP142: 3/8/2012 3:00:38 PM - Software Distribution Service 3.0
RP143: 3/9/2012 3:00:35 PM - Software Distribution Service 3.0
RP144: 3/10/2012 3:48:19 PM - Software Distribution Service 3.0
RP145: 3/11/2012 3:00:41 PM - Software Distribution Service 3.0
RP146: 3/12/2012 3:00:38 PM - Software Distribution Service 3.0
RP147: 3/13/2012 3:00:56 PM - Software Distribution Service 3.0
RP148: 3/15/2012 10:23:15 AM - Software Distribution Service 3.0
RP149: 3/15/2012 3:00:43 PM - Software Distribution Service 3.0
RP150: 3/16/2012 12:26:45 PM - Installed VAIO Update 3
RP151: 3/16/2012 3:00:39 PM - Software Distribution Service 3.0
RP152: 3/17/2012 12:40:59 PM - Software Distribution Service 3.0
RP153: 3/17/2012 12:57:01 PM - Software Distribution Service 3.0
RP154: 3/17/2012 1:04:56 PM - Software Distribution Service 3.0
RP155: 3/17/2012 1:11:20 PM - Installed VAIO Update 3
RP156: 3/17/2012 1:20:03 PM - Installed Microsoft Download Manager
RP157: 3/17/2012 1:44:05 PM - Installed Windows Internet Explorer 8.
RP158: 3/17/2012 1:46:24 PM - Software Distribution Service 3.0
RP159: 3/17/2012 2:53:07 PM - Software Distribution Service 3.0
RP160: 3/17/2012 4:31:40 PM - Software Distribution Service 3.0
RP161: 3/17/2012 5:11:56 PM - Software Distribution Service 3.0
RP162: 3/17/2012 11:02:48 PM - Software Distribution Service 3.0
RP163: 3/18/2012 3:00:46 PM - Software Distribution Service 3.0
RP164: 3/19/2012 3:00:45 PM - Software Distribution Service 3.0
RP165: 3/20/2012 11:37:38 AM - Software Distribution Service 3.0
RP166: 3/20/2012 1:03:55 PM - Software Distribution Service 3.0
RP167: 3/20/2012 1:18:30 PM - Software Distribution Service 3.0
RP168: 3/20/2012 4:27:54 PM - Software Distribution Service 3.0
RP169: 3/20/2012 6:42:37 PM - Software Distribution Service 3.0
RP170: 3/21/2012 3:00:49 PM - Software Distribution Service 3.0
RP171: 3/22/2012 3:00:35 PM - Software Distribution Service 3.0
RP172: 3/23/2012 3:00:43 PM - Software Distribution Service 3.0
RP173: 3/24/2012 12:16:08 PM - Software Distribution Service 3.0
RP174: 3/24/2012 3:00:47 PM - Software Distribution Service 3.0
RP175: 3/25/2012 3:00:40 PM - Software Distribution Service 3.0
RP176: 3/25/2012 6:21:17 PM - Installed Windows Media Player 10
RP177: 3/26/2012 3:00:37 PM - Software Distribution Service 3.0
RP178: 3/26/2012 5:48:16 PM - Removed Microsoft Download Manager
RP179: 3/26/2012 5:49:45 PM - Software Distribution Service 3.0
RP180: 3/26/2012 5:57:01 PM - Installed Microsoft Fix it 50123
RP181: 3/26/2012 6:16:17 PM - Removed FixCleaner
RP182: 3/27/2012 3:00:34 PM - Software Distribution Service 3.0
RP183: 3/28/2012 3:00:36 PM - Software Distribution Service 3.0
RP184: 3/29/2012 3:00:35 PM - Software Distribution Service 3.0
RP185: 3/30/2012 3:00:35 PM - Software Distribution Service 3.0
RP186: 3/31/2012 3:00:34 PM - Software Distribution Service 3.0
RP187: 4/1/2012 3:00:43 PM - Software Distribution Service 3.0
RP188: 4/2/2012 3:00:34 PM - Software Distribution Service 3.0
RP189: 4/3/2012 3:00:35 PM - Software Distribution Service 3.0
RP190: 4/4/2012 3:00:38 PM - Software Distribution Service 3.0
RP191: 4/5/2012 3:00:35 PM - Software Distribution Service 3.0
RP192: 4/6/2012 3:00:35 PM - Software Distribution Service 3.0
RP193: 4/7/2012 3:00:35 PM - Software Distribution Service 3.0
RP194: 4/8/2012 3:00:36 PM - Software Distribution Service 3.0
RP195: 4/9/2012 3:00:36 PM - Software Distribution Service 3.0
RP196: 4/10/2012 3:00:35 PM - Software Distribution Service 3.0
RP197: 4/11/2012 3:00:36 PM - Software Distribution Service 3.0
RP198: 4/12/2012 3:00:40 PM - Software Distribution Service 3.0
RP199: 4/12/2012 4:01:56 PM - Software Distribution Service 3.0
RP200: 4/13/2012 12:12:34 AM - Software Distribution Service 3.0
RP201: 4/13/2012 3:00:34 PM - Software Distribution Service 3.0
RP202: 4/14/2012 3:00:34 PM - Software Distribution Service 3.0
RP203: 4/15/2012 3:00:37 PM - Software Distribution Service 3.0
RP204: 4/16/2012 3:01:02 PM - Software Distribution Service 3.0
RP205: 4/17/2012 3:00:36 PM - Software Distribution Service 3.0
RP206: 4/18/2012 3:00:34 PM - Software Distribution Service 3.0
RP207: 4/19/2012 3:00:36 PM - Software Distribution Service 3.0
RP208: 4/22/2012 6:03:31 PM - Software Distribution Service 3.0
RP209: 4/23/2012 3:35:48 PM - Software Distribution Service 3.0
RP210: 4/24/2012 3:00:35 PM - Software Distribution Service 3.0
RP211: 4/25/2012 3:00:35 PM - Software Distribution Service 3.0
RP212: 4/26/2012 3:00:34 PM - Software Distribution Service 3.0
RP213: 4/27/2012 3:00:36 PM - Software Distribution Service 3.0
RP214: 4/28/2012 3:00:35 PM - Software Distribution Service 3.0
RP215: 4/29/2012 3:00:34 PM - Software Distribution Service 3.0
RP216: 4/30/2012 3:04:03 PM - Software Distribution Service 3.0
RP217: 5/1/2012 3:00:38 PM - Software Distribution Service 3.0
RP218: 5/2/2012 3:00:42 PM - Software Distribution Service 3.0
RP219: 5/3/2012 3:00:36 PM - Software Distribution Service 3.0
RP220: 5/4/2012 3:00:39 PM - Software Distribution Service 3.0
RP221: 5/5/2012 8:20:39 PM - Software Distribution Service 3.0
RP222: 5/6/2012 3:00:34 PM - Software Distribution Service 3.0
RP223: 5/7/2012 3:00:34 PM - Software Distribution Service 3.0
RP224: 5/8/2012 3:00:32 PM - Software Distribution Service 3.0
RP225: 5/9/2012 4:04:21 PM - System Checkpoint
RP226: 5/10/2012 4:27:16 PM - System Checkpoint
RP227: 5/11/2012 3:01:30 PM - Software Distribution Service 3.0
RP228: 5/12/2012 9:33:10 AM - Installed AVG 2012
RP229: 5/12/2012 9:45:44 AM - Removed AVG 2012
RP230: 5/12/2012 3:00:37 PM - Software Distribution Service 3.0
RP231: 5/13/2012 3:42:32 PM - System Checkpoint
RP232: 5/14/2012 3:53:19 PM - System Checkpoint
RP233: 5/15/2012 5:14:47 PM - System Checkpoint
RP234: 5/17/2012 3:03:12 PM - System Checkpoint
RP235: 5/17/2012 3:05:15 PM - Software Distribution Service 3.0
RP236: 5/18/2012 3:00:48 PM - Software Distribution Service 3.0
RP237: 5/19/2012 4:36:21 PM - System Checkpoint
RP238: 5/20/2012 5:03:54 PM - System Checkpoint
RP239: 5/21/2012 5:21:59 PM - System Checkpoint
RP240: 5/22/2012 3:02:18 PM - Software Distribution Service 3.0
RP241: 5/23/2012 11:58:52 AM - Removed EuroTalk Talk Now!
RP242: 5/23/2012 11:59:50 AM - Removed HiJackThis
RP243: 5/23/2012 12:05:10 PM - Removed Nuance PDF Reader.
RP244: 5/23/2012 12:06:55 PM - Removed Quicken 2010.
RP245: 5/23/2012 12:16:15 PM - Removed TurboTax 2009 wneiper
RP246: 5/23/2012 12:16:46 PM - Removed TurboTax 2009 wnmiper
RP247: 5/23/2012 12:17:32 PM - Removed TurboTax 2009 WinPerTaxSupport
RP248: 5/23/2012 12:18:50 PM - Removed TurboTax 2009 WinPerFedFormset
RP249: 5/23/2012 12:20:14 PM - Removed TurboTax 2009 WinPerReleaseEngine
RP250: 5/23/2012 12:22:46 PM - Removed TurboTax 2009 wrapper
RP251: 5/23/2012 5:34:59 PM - Installed Real Alternative
RP252: 5/23/2012 6:04:40 PM - Removed AVG 2012
RP253: 5/23/2012 6:07:44 PM - Removed AVG 2012
RP254: 5/24/2012 7:48:16 AM - Installed AVG 2012
RP255: 5/24/2012 7:50:32 AM - Installed AVG 2012
.
==== Installed Programs ======================
.
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Premiere Standard
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
Agere Systems AC'97 Modem
AI RoboForm (All Users)
Apple Software Update
ArcSoft PhotoStudio 5.5
ArcSoft Software Suite
AVG 2012
Canon CanoScan Toolbox 4.5
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon iP4900 series On-screen Manual
Canon iP4900 series Printer Driver
Canon iP4900 series User Registration
Canon My Printer
Canon Solution Menu EX
Canon Utilities Easy-PhotoPrint
CCleaner
ClientTools
Compatibility Pack for the 2007 Office system
Data Lifeguard Diagnostic for Windows 1.22
DIGOpt
FinePixViewer Resource
FinePixViewer Ver.5.1
FUJIFILM USB Driver
Garmin Lifetime Updater
Garmin USB Drivers
Garmin VoiceStudio v2.10
Garmin WebUpdater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) PRO Network Adapters and Drivers
Java Auto Updater
Java(TM) 7 Update 3
LaCie Backup Software v1.5.2215
Managed DirectX (0901)
Manual CanoScan LiDE 35
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Easy Assist v2
Microsoft Office File Validation Add-In
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Office XP Web Components
Microsoft Silverlight
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MoodLogic
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netscape Internet Service
NetViewer 1.2.7.220
NVIDIA Windows 2000/XP Display Drivers
OpenMG Limited Patch 3.4-03-12-16-01
OpenMG Metadata Extractor for Windows Media Player
OpenMG Secure Module 3.4.00
PC Wizard 2008.1.86
Primo
RAW FILE CONVERTER LE
Real Alternative 1.9.0
Runtime
Sansa Updater
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB913433)
Segoe UI
SonicStage 2.0.02
SonicStage Mastering Studio 1.2
SonicStage Mastering Studio Plugins 1.0
SonicStage MP3 Add-on program
Sony Certificate PCH
Sony Download Taxi 1.5.0.0
Sony Picture Utility
Sony TV Tuner Library 1.0
Sony Video Shared Library
Sophos Windows Shortcut Exploit Protection Tool
StartupMonitor
SUPERAntiSpyware
swMSM
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wneiper
TurboTax 2011 wnmiper
TurboTax 2011 wrapper
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
VAIO Edit Components
VAIO Entertainment Platform
VAIO Help and Support
VAIO Media 3.0
VAIO Media Integrated Server 3.0
VAIO Media Redistribution 3.0
VAIO Registration
VAIO SLIT-C Screen Saver
VAIO SLIT Pattern Wallpaper
VAIO Survey Standalone
VAIO System Information
VAIO Update 3
WebFldrs XP
Welcome to VAIO life
Windows Driver Package - Analog Devices (smwdm) MEDIA (10/01/2003 5.12.01.3860)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live Upload Tool
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WOT for Internet Explorer
.
==== Event Viewer Messages From Past Week ========
.
5/23/2012 2:20:43 PM, error: Service Control Manager [7000] - The Acronis Scheduler2 Service service failed to start due to the following error: The system cannot find the path specified.
5/21/2012 5:06:44 PM, error: Service Control Manager [7034] - The Secunia PSI Agent service terminated unexpectedly. It has done this 1 time(s).
5/18/2012 2:35:35 PM, error: Service Control Manager [7034] - The AVGIDSAgent service terminated unexpectedly. It has done this 2 time(s).
5/18/2012 10:50:05 AM, error: Service Control Manager [7034] - The AVGIDSAgent service terminated unexpectedly. It has done this 1 time(s).
5/17/2012 2:33:34 PM, error: Service Control Manager [7023] - The Help and Support service terminated with the following error: The specified module could not be found.
.
==== End Of File ===========================

johndoe24 · #6 May 24th, 2012, 09:31 PM

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-24 14:13:54
-----------------------------
14:13:54.078 OS Version: Windows 5.1.2600 Service Pack 3
14:13:54.078 Number of processors: 2 586 0x304
14:13:54.125 ComputerName: VALUED-E91AB895 UserName: Rodney Vance
14:14:09.015 Initialize success
14:17:06.890 AVAST engine defs: 12052401
14:17:37.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:17:37.437 Disk 0 Vendor: WDC_WD2500AAJB-00J3A0 01.03E01 Size: 238475MB BusType: 3
14:17:37.468 Disk 0 MBR read successfully
14:17:37.468 Disk 0 MBR scan
14:17:37.546 Disk 0 Windows XP default MBR code
14:17:37.546 Disk 0 Partition 1 00 12 Compaq diag NTFS 5130 MB offset 63
14:17:37.562 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 233342 MB offset 10506510
14:17:37.578 Disk 0 scanning sectors +488392065
14:17:37.703 Disk 0 scanning C:\WINDOWS\system32\drivers
14:19:17.656 Service scanning
14:19:20.203 Service ACPI C:\WINDOWS\System32\DRIVERS\ACPI.sys **LOCKED** 32
14:20:04.703 Modules scanning
14:20:22.140 Disk 0 trace - called modules:
14:20:22.187 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys >>UNKNOWN [0x8a4fe699]<<
14:20:22.187 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a617ab8]
14:20:22.203 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000062[0x8a6429e8]
14:20:22.218 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a61b940]
14:20:25.578 AVAST engine scan C:\WINDOWS
14:20:43.296 AVAST engine scan C:\WINDOWS\system32
14:31:02.875 AVAST engine scan C:\WINDOWS\system32\drivers
14:31:37.171 AVAST engine scan C:\Documents and Settings\Rodney Vance
14:36:21.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Rodney Vance\Desktop\MBR.dat"
14:36:21.203 The log file has been saved successfully to "C:\Documents and Settings\Rodney Vance\Desktop\aswMBR.txt"

johndoe24 · #7 May 24th, 2012, 09:53 PM

× Cookies are disabled! This site requires cookies to be enabled to work properly
CommunityStatisticsDocumentationFAQAboutJoin our community
Sign in

Analysis completed.
SHA256: db48c59b65e33a307369f7a472a7f4c7174597d7726297422f 3c54947c8b2f80
SHA1: c56edc7d7ecdff74a309b3b00d2a5890b2906fe7
MD5: 2689a04366184621df55e76fe6a0f4bd
File size: 512 bytes ( 512 bytes )
File name: MBR.dat
File type: unknown
Detection ratio: 0 / 42
Analysis date: 2012-05-24 20:47:24 UTC ( 0 minutes ago )

00More details
Antivirus Result Update
AhnLab-V3 - 20120524
AntiVir - 20120524
Antiy-AVL - 20120524
Avast - 20120524
AVG - 20120524
BitDefender - 20120524
ByteHero - 20120522
CAT-QuickHeal - 20120524
ClamAV - 20120524
Commtouch - 20120524
Comodo - 20120524
DrWeb - 20120524
Emsisoft - 20120524
eSafe - 20120524
F-Prot - 20120524
F-Secure - 20120524
Fortinet - 20120524
GData - 20120524
Ikarus - 20120524
Jiangmin - 20120524
K7AntiVirus - 20120524
Kaspersky - 20120524
McAfee - 20120524
McAfee-GW-Edition - 20120524
Microsoft - 20120524
NOD32 - 20120524
Norman - 20120523
nProtect - 20120524
Panda - 20120524
PCTools - 20120522
Rising - 20120524
Sophos - 20120524
SUPERAntiSpyware - 20120524
Symantec - 20120524
TheHacker - 20120524
TotalDefense - 20120524
TrendMicro - 20120524
TrendMicro-HouseCall - 20120524
VBA32 - 20120524
VIPRE - 20120524
ViRobot - 20120524
VirusBuster - 20120524

Comments
Votes
Additional information
No comments

More comments
Leave your comment...? Rich Text AreaToolbar Bold (Ctrl+B) Italic (Ctrl+I) Underline (Ctrl+U) Undo (Ctrl+Z) Redo (Ctrl+Y) StylesStyles ▼
Remove Formatting

Post comment
You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community No votesMore votes
An error occurred Blog | Twitter | contact@virustotal.com| Google groups | TOS & Privacy Policy × Recover your passwordEnter the email address associated to your VirusTotal Community account and we'll send you a message so you can setup a new password.
Email: Recover password Cancel
× Join VirusTotal CommunityInteract with other VirusTotal users and have an active voice when fighting today's Internet threats. Find out more about VirusTotal Community.
First name Last name Username * Email * Password * Confirm password * * Required field Sign up Cancel
× Sign inUsername or email Password Forgot your password? Sign in Cancel

johndoe24 · #8 May 24th, 2012, 10:02 PM

Oops! I rechecked your instructions for this step and realized my error of sending a "copy" of the virustotal.com results page instead of the requested address. I hope this does it:

https://www.virustotal.com/file/db48...is/1337892444/

johndoe24 · #9 May 24th, 2012, 10:04 PM

Standing by for further instructions

Aaflac · #10 May 24th, 2012, 11:53 PM

Please do the following:

Download an updated version of ComboFix

Save ComboFix.exe to the Desktop!!

Make sure you temporarily disable your AntiVirus, Firewall, and any other AntiSpyware applications. They may interfere with the running of CF.

Note: For information on how to disable protective programs, refer to this link

XP: Double-click on ComboFix.exe to run the program.

For XP only, when given the option, DO install the Recovery Console .

Click on Yes, to continue scanning for malware.

When finished, CF produces a report.

Please provide a copy of the C:\ComboFix.txt in your reply.

Notes:

1. Do not mouse-click the ComboFix window while it is running.
This action may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
3. CF disconnects your machine from the internet. However, the connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

johndoe24 · #11 May 25th, 2012, 12:54 AM

ComboFix 12-05-24.03 - Rodney Vance 05/24/2012 17:31:35.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1393 [GMT -6:00]
Running from: c:\documents and settings\Rodney Vance\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Rodney Vance\My Documents\~WRL2944.tmp
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\7b49533a38690802.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\SET5C.tmp
c:\windows\system32\SET7C.tmp
c:\windows\system32\SET7F.tmp
c:\windows\system32\SET8E.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-04-24 to 2012-05-24 )))))))))))))))))))))))))))))))
.
.
2012-05-24 13:56 . 2012-05-24 13:56 -------- d-----w- c:\documents and settings\Rodney Vance\Local Settings\Application Data\AVG Secure Search
2012-05-24 13:55 . 2012-05-24 13:55 -------- d-----w- c:\documents and settings\Rodney Vance\Application Data\AVG Secure Search
2012-05-24 13:55 . 2012-05-24 13:56 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2012-05-24 13:55 . 2012-05-24 13:55 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-05-24 13:55 . 2012-05-24 13:56 -------- d-----w- c:\program files\AVG Secure Search
2012-05-24 00:14 . 2012-05-24 00:14 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_ WLIDSVC\USERTILE.JS
2012-05-24 00:14 . 2012-05-24 00:14 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_ WLIDSVC\TEXTBOX.JS
2012-05-24 00:14 . 2012-05-24 00:14 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_ WLIDSVC\TILEBOX.JS
2012-05-24 00:14 . 2012-05-24 00:14 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_ WLIDSVC\UICORE.JS
2012-05-24 00:14 . 2012-05-24 00:14 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_ WLIDSVC\TEXT.JS
2012-05-24 00:14 . 2012-05-24 00:14 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_ WLIDSVC\UIRESOURCE.JS
2012-05-24 00:14 . 2012-05-24 00:14 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_ WLIDSVC\SAVEDUSER.JS
2012-05-24 00:14 . 2012-05-24 00:14 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_ WLIDSVC\NEWUSERCOMM.JS
2012-05-24 00:14 . 2012-05-24 00:14 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_ WLIDSVC\QUERYSTRING.JS
2012-05-24 00:13 . 2012-05-24 00:13 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_ WLIDSVC\IMAGE.JS
2012-05-24 00:13 . 2012-05-24 00:13 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_ WLIDSVC\LINK.JS
2012-05-24 00:13 . 2012-05-24 00:13 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_ WLIDSVC\LOCALIZATION.JS
2012-05-24 00:13 . 2012-05-24 00:13 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_ WLIDSVC\EXTERNALWRAPPER.JS
2012-05-24 00:13 . 2012-05-24 00:13 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_ WLIDSVC\CHECKBOX.JS
2012-05-24 00:13 . 2012-05-24 00:13 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_ WLIDSVC\COMBOBOX.JS
2012-05-24 00:13 . 2012-05-24 00:13 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_ WLIDSVC\DIVWRAPPER.JS
2012-05-24 00:13 . 2012-05-24 00:13 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_ WLIDSVC\BUTTON.JS
2012-05-23 23:38 . 2012-05-23 23:38 -------- d-----w- c:\documents and settings\Rodney Vance\Application Data\Media Player Classic
2012-05-23 23:35 . 2008-09-10 19:37 94208 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2012-05-23 23:35 . 2008-09-10 19:56 144960 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2012-05-23 23:35 . 2004-01-11 22:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-23 23:35 . 2003-03-19 03:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-05-23 23:35 . 2012-05-23 23:35 -------- d-----w- c:\program files\Real Alternative
2012-05-23 23:35 . 2012-05-23 23:35 -------- d-----w- c:\documents and settings\Rodney Vance\Local Settings\Application Data\Real
2012-05-23 21:46 . 2007-09-15 22:11 27136 ----a-w- c:\windows\system32\PCWizard.cpl
2012-05-23 21:46 . 2012-05-23 21:46 -------- d-----w- c:\program files\PC Wizard 2008
2012-05-19 22:07 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2012-05-19 22:07 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-05-17 00:07 . 2012-05-17 00:08 -------- d-----w- c:\program files\PrcView_5_2_15
2012-05-16 17:13 . 2012-05-16 17:13 -------- d-----w- c:\documents and settings\Rodney Vance\Application Data\DriverCure
2012-05-16 17:13 . 2012-05-16 17:13 -------- d-----w- c:\documents and settings\Rodney Vance\Application Data\SpeedyPC Software
2012-05-16 17:12 . 2012-05-17 00:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software
2012-05-16 17:12 . 2012-05-16 17:12 -------- d-----w- c:\program files\SpeedyPC Software
2012-05-13 23:07 . 2012-05-13 23:07 -------- d-----w- c:\documents and settings\Rodney Vance\Application Data\AVG
2012-05-11 16:24 . 2012-05-11 16:24 -------- d-----w- c:\program files\MSBuild
2012-05-11 16:24 . 2012-05-18 22:09 -------- d-----w- c:\windows\system32\XPSViewer
2012-05-11 16:23 . 2012-05-11 16:23 -------- d-----w- c:\program files\Reference Assemblies
2012-05-11 16:11 . 2012-05-23 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\blekko toolbars
2012-05-11 16:10 . 2012-05-17 00:46 -------- d-----w- c:\program files\RegScrubXP
2012-05-11 16:10 . 2012-05-11 16:11 -------- d-----w- c:\documents and settings\Rodney Vance\Local Settings\Application Data\searchcom_001
2012-05-01 19:55 . 2012-05-01 19:55 -------- d-----w- C:\My Pictures
2012-05-01 19:55 . 2012-05-01 19:55 -------- d-----w- C:\My Documents
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-05-04 20:47 . 2011-11-19 04:11 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-04 20:47 . 2011-09-10 02:22 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-19 10:50 . 2012-04-19 10:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-17 23:45 . 2012-04-17 23:45 360328 ----a-w- c:\program files\SansaUpdaterInstall.exe
2012-04-11 13:14 . 2002-08-29 01:04 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2004-04-01 01:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2002-08-29 01:04 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-19 11:17 . 2012-03-19 11:17 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-03-18 18:21 . 2012-03-18 18:23 141312 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-18 18:21 . 2011-12-17 17:48 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-03-18 18:21 . 2010-04-19 23:32 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-01 11:01 . 2004-04-01 01:06 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-04-01 01:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-03-01 11:01 . 2004-01-22 00:16 916992 ----a-w- c:\windows\system32\wininet.dll
2012-02-29 14:10 . 2004-04-01 01:06 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-04-01 01:05 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2012-04-07 18:12 . 2012-03-26 22:08 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-05-24 13:55 2067328 ----a-w- c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-05-24 2067328]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-05-21 160328]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-04-28 3905920]
"SansaDispatch"="c:\documents and settings\Rodney Vance\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2012-04-18 79872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 88363]
"ehTray"="c:\windows\ehome\ehtray.exe" [2008-04-14 50176]
"sHotKey"="c:\program files\SONY\sHotKey\sHotKey.exe" [2003-08-22 45056]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-21 86016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-05-24 1116544]
.
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 17:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony\\VAIO System Information\\SystemInfo.exe"=
"c:\\Program Files\\Sony\\Download Taxi\\SonyDownloadTaxi.exe"=
"c:\\Program Files\\Sony\\Download Taxi\\SonyDownloadTaxiHelper.exe"=
"c:\\Program Files\\LaCie\\Backup Software\\LacieBackup.exe"=
"c:\\Program Files\\CCleaner\\CCleaner.exe"=
"c:\\Program Files\\InstallShield Installation Information\\{761C9026-14F0-4352-8658-934558272404}\\Setup.exe"=
"c:\\Program Files\\Sony\\Download Taxi\\SonyDownloadTaxiNetworkDetect.exe"=
"c:\\Program Files\\Adobe\\Premiere Standard\\Adobe Premiere Standard.exe"=
"c:\\Program Files\\Online Services\\Netscape Online Setup\\NSSetup_SonyOEM.exe"=
"c:\\Program Files\\Canon\\Easy-PhotoPrint\\BJEZPRN.EXE"=
"c:\\Program Files\\Siber Systems\\AI RoboForm\\identities.exe"=
"c:\\Program Files\\Siber Systems\\AI RoboForm\\passcards.exe"=
"c:\\Program Files\\Siber Systems\\AI RoboForm\\safenotes.exe"=
"c:\\Program Files\\Sony\\Memory Stick Formatter\\MSFmt.exe"=
"c:\\Program Files\\Siber Systems\\AI RoboForm\\passwordgenerator.exe"=
"c:\\Program Files\\Siber Systems\\AI RoboForm\\robotaskbaricon.exe"=
"c:\\Program Files\\Sony\\SonicStage\\Omgjbox.exe"=
"c:\\Program Files\\Sony\\SonicStage\\CDBackup.exe"=
"c:\\Program Files\\Sony\\sonicstage mastering studio\\SSMS.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\Sony\\vaio media 3.0\\VmpClient.exe"=
"c:\\WINDOWS\\IP4000,3000\\uninstall.exe"=
"c:\\Program Files\\Siber Systems\\AI RoboForm\\rfwipeout.exe"=
"c:\\Program Files\\CCleaner\\uninst.exe"=
"c:\\WINDOWS\\ml-uninstall-v10.exe"=
"c:\\Program Files\\Sony\\Download Taxi\\unins000.exe"=
"c:\\Program Files\\Sony\\vaio media 3.0\\Vc.exe"=
"c:\\Program Files\\Sony\\vaio media integrated server\\Platform\\VMConsole.exe"=
"c:\\Program Files\\Sony\\vaio media integrated server\\Setup\\VMSetup.exe"=
"c:\\Program Files\\Outlook Express\\wab.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcstart.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Movie Maker\\moviemk.exe"=
"c:\\Program Files\\MoodLogic\\MoodLogic.exe"=
"c:\\Program Files\\Quicken\\qw.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Garmin\\WebUpdater\\WebUpdater.exe"=
"c:\\Program Files\\Garmin\\VoiceStudio\\VoiceStudio.exe"=
"c:\\Program Files\\Garmin\\USB_Drivers\\I386\\grmn0400.cat"=
"c:\\Program Files\\Garmin\\USB_Drivers\\I386\\grmnusb.sys"=
"c:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:Windows Remote Management
.
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/31/2012 4:46 AM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/22/2012 5:25 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [3/19/2012 5:17 AM 301248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 5:38 PM 116608]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [4/30/2012 9:44 AM 5106744]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 6:53 PM 13672]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [12/5/2011 12:04 PM 13880]
R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [10/14/2009 6:35 PM 94290]
R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\pro gram files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [5/24/2012 7:55 AM 932736]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\driv ers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\driv ers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\ avgidsshimx.sys [12/23/2011 1:32 PM 17232]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgi dshx.sys [4/19/2012 4:50 AM 24896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPl ayerUpdateService.exe [11/18/2011 10:11 PM 257696]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\ EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [3/20/2012 7:25 PM 129976]
S3 QWXN720;Qwest 802.11n XN720 Driver;c:\windows\system32\drivers\WLANUHN.sys [1/27/2010 6:26 PM 453120]
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM --> c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [3/31/2004 7:06 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AVGIDSAGENT
*NewlyCreated* - AVGLDX86
*NewlyCreated* - AVGMFX86
*NewlyCreated* - AVGWD
*NewlyCreated* - VTOOLBARUPDATER11.0.2
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [2011-11-19 20:47]
.
2012-05-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2012-05-22 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 22:17]
.
2012-05-22 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task d515eb66-b4da-4a8e-950a-a399b3062fa1.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-05-24 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task db1c5455-c948-444a-9249-b39493541ea4.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mycenturylink.com/
IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\AVG\AVG2012\avgdtiex.dll
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} - hxxps://ra.qwest.com/sdccommon/download/tgctlins.cab
FF - ProfilePath - c:\documents and settings\Rodney Vance\Application Data\Mozilla\Firefox\Profiles\z1hrxo24.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={s earchTerms}
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cb9191d&v=6.103.018.001&i=23&tp=ab&iy=&ychte=u s&lng=en-US&q=
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-24 17:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\documents and settings\Rodney Vance\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe? ?f?u?n?c?t?i?o?n?(?)? ?{?r?e?t?u?r?n? ?f?a?l?s?e?;?}? ? ?d?o?c?u?m?e?n?t?.?o?n?m?o?u?s?e?d?o?w
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(824)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2012-05-24 17:57:37
ComboFix-quarantined-files.txt 2012-05-24 23:57
.
Pre-Run: 182,240,821,248 bytes free
Post-Run: 182,542,540,800 bytes free
.
- - End Of File - - 08343F1B51F80B343FBAAB82BE902CB7

johndoe24 · #12 May 25th, 2012, 01:29 AM

Looks I lost my normal centurylink homepage and email login. Any way to get things back to normal?

Aaflac · #13 May 25th, 2012, 02:57 AM

See if the connection can be manually restored by restarting your computer.

Please download the latest version of: TDSSKiller.exe
Save to the Desktop.

Execute the downloaded file:
XP: Double-click the file to run the program

In the TDSSKiller Scan prompt, click on: Change parameters
Check the box besides: Detect TDLFS file system
Click: OK

Press the button: Start Scan

The tool scans and detects two object types:
Malicious (where the malware has been identified)
Suspicious (where the malware cannot be identified)

When the scan is over, the tool outputs a list of detected objects (Malicious or Suspicious) with their description.

It automatically selects an action (Cure or Delete) for Malicious objects. Leave the setting as it is.

It also prompts the User to select an action to apply to Suspicious objects (Skip, by default).
Leave the setting as it is.

After clicking 'Next/Continue', the tool applies the selected actions.

A Reboot Required prompt may appear after a disinfection.
Please reboot!!

By default, the tool outputs its log to the system disk root folder (the disk with the Windows operating system,
normally C:\).

Logs have a name like:
C:\TDSSKiller.2.4.7_22.02.2012_15.31.43_log.txt

Please post the TDSSKiller log in your reply.

Also need to know whether TDSSKiller needed a reboot.

Aaflac · #14 May 25th, 2012, 04:09 AM

Also, please download DeFogger

Save to the Desktop
Double-click Defogger.exe to run the tool.
When the program console appears, click the Disable button to make sure CD Emulation drivers are not in play.
Click Yes to continue.
When the Finished! message appears, click: OK
Click on the OK button to exit the program.
If DeFogger asks to reboot the machine, also click: OK

Please do not re-enable these drivers until otherwise instructed.

Last, run aswMBR once again, as instructed in Post#3, but, this time, do not submit MBR.dat to VirusTotal.

johndoe24 · #15 May 25th, 2012, 03:36 PM

08:23:31.0265 2208 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
08:23:31.0765 2208 ================================================== ==========
08:23:31.0765 2208 Current date / time: 2012/05/25 08:23:31.0765
08:23:31.0765 2208 SystemInfo:
08:23:31.0765 2208
08:23:31.0765 2208 OS Version: 5.1.2600 ServicePack: 3.0
08:23:31.0765 2208 Product type: Workstation
08:23:31.0765 2208 ComputerName: VALUED-E91AB895
08:23:31.0765 2208 UserName: Rodney Vance
08:23:31.0765 2208 Windows directory: C:\WINDOWS
08:23:31.0765 2208 System windows directory: C:\WINDOWS
08:23:31.0765 2208 Processor architecture: Intel x86
08:23:31.0765 2208 Number of processors: 2
08:23:31.0765 2208 Page size: 0x1000
08:23:31.0765 2208 Boot type: Normal boot
08:23:31.0765 2208 ================================================== ==========
08:23:34.0562 2208 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:23:34.0625 2208 Drive \Device\Harddisk5\DR7 - Size: 0x3B5980000 (14.84 Gb), SectorSize: 0x200, Cylinders: 0x790, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:23:34.0625 2208 ================================================== ==========
08:23:34.0625 2208 \Device\Harddisk0\DR0:
08:23:34.0625 2208 MBR partitions:
08:23:34.0625 2208 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xA0510E, BlocksNum 0x1C7BF473
08:23:34.0625 2208 \Device\Harddisk5\DR7:
08:23:34.0625 2208 MBR partitions:
08:23:34.0625 2208 \Device\Harddisk5\DR7\Partition0: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x1DAAC00
08:23:34.0625 2208 ================================================== ==========
08:23:34.0687 2208 C: <-> \Device\Harddisk0\DR0\Partition0
08:23:34.0703 2208 ================================================== ==========
08:23:34.0703 2208 Initialize success
08:23:34.0703 2208 ================================================== ==========
08:24:36.0343 3980 ================================================== ==========
08:24:36.0343 3980 Scan started
08:24:36.0343 3980 Mode: Manual; TDLFS;
08:24:36.0343 3980 ================================================== ==========
08:24:36.0656 3980 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
08:24:36.0656 3980 !SASCORE - ok
08:24:37.0140 3980 Abiosdsk - ok
08:24:37.0156 3980 abp480n5 - ok
08:24:37.0265 3980 ACPI (d8fb7d1c3f5bfa3f53fe9cc6367e9e99) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:24:37.0328 3980 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: d8fb7d1c3f5bfa3f53fe9cc6367e9e99, Fake md5: 8fd99680a539792a30e97944fdaecf17
08:24:37.0328 3980 ACPI ( Virus.Win32.Rloader.a ) - infected
08:24:37.0328 3980 ACPI - detected Virus.Win32.Rloader.a (0)
08:24:37.0375 3980 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:24:37.0390 3980 ACPIEC - ok
08:24:37.0406 3980 AcrSch2Svc - ok
08:24:37.0562 3980 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe
08:24:37.0640 3980 AdobeFlashPlayerUpdateSvc - ok
08:24:37.0656 3980 adpu160m - ok
08:24:37.0718 3980 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
08:24:37.0718 3980 aeaudio - ok
08:24:37.0921 3980 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:24:37.0968 3980 aec - ok
08:24:38.0062 3980 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:24:38.0093 3980 AFD - ok
08:24:38.0578 3980 AgereSoftModem (f1a97570ea402493bcc22246e8141ae6) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
08:24:39.0078 3980 AgereSoftModem - ok
08:24:39.0125 3980 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
08:24:39.0140 3980 agp440 - ok
08:24:39.0156 3980 Aha154x - ok
08:24:39.0156 3980 aic78u2 - ok
08:24:39.0171 3980 aic78xx - ok
08:24:39.0203 3980 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
08:24:39.0218 3980 Alerter - ok
08:24:39.0250 3980 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
08:24:39.0265 3980 ALG - ok
08:24:39.0265 3980 AliIde - ok
08:24:39.0281 3980 amsint - ok
08:24:39.0375 3980 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
08:24:39.0437 3980 AppMgmt - ok
08:24:39.0484 3980 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
08:24:39.0500 3980 Arp1394 - ok
08:24:39.0500 3980 asc - ok
08:24:39.0515 3980 asc3350p - ok
08:24:39.0531 3980 asc3550 - ok
08:24:39.0703 3980 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe
08:24:39.0875 3980 aspnet_state - ok
08:24:39.0921 3980 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:24:39.0921 3980 AsyncMac - ok
08:24:39.0968 3980 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:24:39.0968 3980 atapi - ok
08:24:39.0984 3980 Atdisk - ok
08:24:40.0015 3980 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:24:40.0046 3980 Atmarpc - ok
08:24:40.0093 3980 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
08:24:40.0109 3980 AudioSrv - ok
08:24:40.0156 3980 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:24:40.0156 3980 audstub - ok
08:24:42.0937 3980 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\avgidsagent.exe
08:24:45.0000 3980 AVGIDSAgent - ok
08:24:45.0359 3980 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
08:24:45.0375 3980 AVGIDSDriver - ok
08:24:45.0406 3980 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
08:24:45.0406 3980 AVGIDSFilter - ok
08:24:45.0437 3980 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
08:24:45.0453 3980 AVGIDSHX - ok
08:24:45.0468 3980 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
08:24:45.0468 3980 AVGIDSShim - ok
08:24:45.0578 3980 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
08:24:45.0593 3980 Avgldx86 - ok
08:24:45.0625 3980 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
08:24:45.0625 3980 Avgmfx86 - ok
08:24:45.0656 3980 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
08:24:45.0671 3980 Avgrkx86 - ok
08:24:45.0906 3980 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
08:24:45.0921 3980 Avgtdix - ok
08:24:46.0125 3980 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
08:24:46.0125 3980 avgwd - ok
08:24:46.0171 3980 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:24:46.0171 3980 Beep - ok
08:24:46.0359 3980 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
08:24:46.0500 3980 BITS - ok
08:24:46.0562 3980 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
08:24:46.0578 3980 Browser - ok
08:24:46.0687 3980 catchme - ok
08:24:46.0859 3980 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:24:46.0859 3980 cbidf2k - ok
08:24:46.0937 3980 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:24:46.0937 3980 CCDECODE - ok
08:24:46.0953 3980 cd20xrnt - ok
08:24:47.0015 3980 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:24:47.0031 3980 Cdaudio - ok
08:24:47.0078 3980 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:24:47.0093 3980 Cdfs - ok
08:24:47.0125 3980 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
08:24:47.0156 3980 cdrbsdrv - ok
08:24:47.0218 3980 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:24:47.0250 3980 Cdrom - ok
08:24:47.0250 3980 Changer - ok
08:24:47.0296 3980 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
08:24:47.0296 3980 CiSvc - ok
08:24:47.0343 3980 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
08:24:47.0343 3980 ClipSrv - ok
08:24:47.0515 3980 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe
08:24:47.0609 3980 clr_optimization_v2.0.50727_32 - ok
08:24:47.0734 3980 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe
08:24:47.0921 3980 clr_optimization_v4.0.30319_32 - ok
08:24:47.0937 3980 CmdIde - ok
08:24:47.0937 3980 COMSysApp - ok
08:24:47.0968 3980 Cpqarray - ok
08:24:48.0015 3980 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
08:24:48.0031 3980 CryptSvc - ok
08:24:48.0046 3980 dac2w2k - ok
08:24:48.0046 3980 dac960nt - ok
08:24:48.0250 3980 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
08:24:48.0390 3980 DcomLaunch - ok
08:24:48.0484 3980 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
08:24:48.0515 3980 Dhcp - ok
08:24:48.0546 3980 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:24:48.0562 3980 Disk - ok
08:24:48.0578 3980 dmadmin - ok
08:24:49.0093 3980 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:24:49.0359 3980 dmboot - ok
08:24:49.0406 3980 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
08:24:49.0406 3980 DMICall - ok
08:24:49.0468 3980 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:24:49.0515 3980 dmio - ok
08:24:49.0562 3980 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:24:49.0562 3980 dmload - ok
08:24:49.0593 3980 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
08:24:49.0609 3980 dmserver - ok
08:24:49.0656 3980 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:24:49.0671 3980 DMusic - ok
08:24:49.0859 3980 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
08:24:49.0875 3980 Dnscache - ok
08:24:49.0968 3980 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
08:24:50.0000 3980 Dot3svc - ok
08:24:50.0015 3980 dpti2o - ok
08:24:50.0046 3980 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:24:50.0046 3980 drmkaud - ok
08:24:50.0140 3980 E100B (afee15c5b16317ebf17f79cc1843465a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
08:24:50.0187 3980 E100B - ok
08:24:50.0203 3980 EagleXNt - ok
08:24:50.0250 3980 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
08:24:50.0265 3980 EapHost - ok
08:24:50.0343 3980 ehSched (f6d494d609d52a0e9596756c5540a978) C:\WINDOWS\ehome\ehSched.exe
08:24:50.0343 3980 ehSched - ok
08:24:50.0375 3980 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
08:24:50.0375 3980 ERSvc - ok
08:24:50.0453 3980 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:24:50.0453 3980 Eventlog - ok
08:24:50.0562 3980 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
08:24:50.0625 3980 EventSystem - ok
08:24:50.0703 3980 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:24:50.0781 3980 Fastfat - ok
08:24:50.0953 3980 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:24:51.0000 3980 FastUserSwitchingCompatibility - ok
08:24:51.0046 3980 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
08:24:51.0046 3980 Fdc - ok
08:24:51.0078 3980 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:24:51.0078 3980 Fips - ok
08:24:51.0093 3980 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:24:51.0109 3980 Flpydisk - ok
08:24:51.0171 3980 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
08:24:51.0203 3980 FltMgr - ok
08:24:51.0328 3980 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe
08:24:51.0328 3980 FontCache3.0.0.0 - ok
08:24:51.0359 3980 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:24:51.0359 3980 Fs_Rec - ok
08:24:51.0453 3980 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:24:51.0484 3980 Ftdisk - ok
08:24:51.0546 3980 getPlusHelper - ok
08:24:51.0609 3980 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:24:51.0625 3980 Gpc - ok
08:24:51.0671 3980 helpsvc - ok
08:24:51.0718 3980 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys
08:24:51.0718 3980 HidIr - ok
08:24:51.0890 3980 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
08:24:51.0906 3980 HidServ - ok
08:24:51.0968 3980 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
08:24:51.0984 3980 hkmsvc - ok
08:24:52.0000 3980 hpn - ok
08:24:52.0125 3980 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:24:52.0187 3980 HTTP - ok
08:24:52.0234 3980 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
08:24:52.0234 3980 HTTPFilter - ok
08:24:52.0234 3980 i2omgmt - ok
08:24:52.0250 3980 i2omp - ok
08:24:52.0296 3980 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:24:52.0312 3980 i8042prt - ok
08:24:52.0890 3980 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:24:52.0890 3980 idsvc - ok
08:24:52.0921 3980 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:24:52.0937 3980 Imapi - ok
08:24:53.0031 3980 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
08:24:53.0046 3980 ImapiService - ok
08:24:53.0062 3980 ini910u - ok
08:24:53.0078 3980 IntelIde - ok
08:24:53.0125 3980 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:24:53.0140 3980 intelppm - ok
08:24:53.0250 3980 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
08:24:53.0250 3980 IntuitUpdateServiceV4 - ok
08:24:53.0281 3980 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
08:24:53.0296 3980 ip6fw - ok
08:24:53.0343 3980 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:24:53.0359 3980 IpFilterDriver - ok
08:24:53.0375 3980 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:24:53.0390 3980 IpInIp - ok
08:24:53.0468 3980 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:24:53.0531 3980 IpNat - ok
08:24:53.0562 3980 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:24:53.0593 3980 IPSec - ok
08:24:53.0656 3980 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys
08:24:53.0671 3980 IrBus - ok
08:24:53.0703 3980 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:24:53.0703 3980 IRENUM - ok
08:24:53.0875 3980 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:24:53.0890 3980 isapnp - ok
08:24:54.0046 3980 JavaQuickStarterService (d9b1e929f2464d4c23fa9cb47df4a1d4) C:\Program Files\Java\jre7\bin\jqs.exe
08:24:54.0046 3980 JavaQuickStarterService - ok
08:24:54.0093 3980 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:24:54.0109 3980 Kbdclass - ok
08:24:54.0125 3980 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:24:54.0125 3980 kbdhid - ok
08:24:54.0203 3980 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:24:54.0265 3980 kmixer - ok
08:24:54.0328 3980 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:24:54.0328 3980 KSecDD - ok
08:24:54.0406 3980 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
08:24:54.0421 3980 lanmanserver - ok
08:24:54.0515 3980 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
08:24:54.0546 3980 lanmanworkstation - ok
08:24:54.0562 3980 lbrtfdc - ok
08:24:54.0625 3980 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
08:24:54.0625 3980 LmHosts - ok
08:24:54.0671 3980 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
08:24:54.0687 3980 Messenger - ok
08:24:54.0703 3980 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:24:54.0703 3980 mnmdd - ok
08:24:54.0734 3980 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
08:24:54.0796 3980 mnmsrvc - ok
08:24:54.0906 3980 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:24:54.0921 3980 Modem - ok
08:24:54.0953 3980 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:24:54.0953 3980 Mouclass - ok
08:24:55.0000 3980 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:24:55.0000 3980 mouhid - ok
08:24:55.0062 3980 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:24:55.0078 3980 MountMgr - ok
08:24:55.0171 3980 MozillaMaintenance (750babaabb49a8a2238fa4b58ac09af8) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:24:55.0234 3980 MozillaMaintenance - ok
08:24:55.0234 3980 mraid35x - ok
08:24:55.0328 3980 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:24:55.0390 3980 MRxDAV - ok
08:24:55.0578 3980 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:24:55.0703 3980 MRxSmb - ok
08:24:55.0781 3980 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
08:24:55.0859 3980 MSDTC - ok
08:24:55.0921 3980 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:24:55.0937 3980 Msfs - ok
08:24:55.0937 3980 MSIServer - ok
08:24:56.0000 3980 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:24:56.0000 3980 MSKSSRV - ok
08:24:56.0062 3980 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:24:56.0078 3980 MSPCLOCK - ok
08:24:56.0109 3980 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:24:56.0109 3980 MSPQM - ok
08:24:56.0171 3980 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:24:56.0187 3980 mssmbios - ok
08:24:56.0218 3980 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
08:24:56.0218 3980 MSTEE - ok
08:24:56.0281 3980 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:24:56.0281 3980 Mup - ok
08:24:56.0328 3980 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
08:24:56.0359 3980 NABTSFEC - ok
08:24:56.0500 3980 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
08:24:56.0578 3980 napagent - ok
08:24:56.0671 3980 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:24:56.0750 3980 NDIS - ok
08:24:56.0890 3980 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
08:24:56.0890 3980 NdisIP - ok
08:24:56.0968 3980 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:24:56.0968 3980 NdisTapi - ok
08:24:57.0015 3980 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:24:57.0031 3980 Ndisuio - ok
08:24:57.0078 3980 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:24:57.0109 3980 NdisWan - ok
08:24:57.0171 3980 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:24:57.0171 3980 NDProxy - ok
08:24:57.0203 3980 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:24:57.0218 3980 NetBIOS - ok
08:24:57.0296 3980 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:24:57.0343 3980 NetBT - ok
08:24:57.0421 3980 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:24:57.0468 3980 NetDDE - ok
08:24:57.0484 3980 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:24:57.0484 3980 NetDDEdsdm - ok
08:24:57.0515 3980 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:24:57.0515 3980 Netlogon - ok
08:24:57.0640 3980 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
08:24:57.0687 3980 Netman - ok
08:24:58.0031 3980 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:24:58.0031 3980 NetTcpPortSharing - ok
08:24:58.0078 3980 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
08:24:58.0093 3980 NIC1394 - ok
08:24:58.0234 3980 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
08:24:58.0234 3980 Nla - ok
08:24:58.0250 3980 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:24:58.0265 3980 Npfs - ok
08:24:58.0531 3980 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:24:58.0718 3980 Ntfs - ok
08:24:58.0718 3980 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
08:24:58.0734 3980 NtLmSsp - ok
08:24:59.0109 3980 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
08:24:59.0265 3980 NtmsSvc - ok
08:24:59.0312 3980 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:24:59.0312 3980 Null - ok
08:24:59.0984 3980 nv (75234dff894f91e272ace4873a49293b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:25:00.0234 3980 nv - ok
08:25:00.0281 3980 NVSvc (e36610a647c2be95daf3d512cf02314a) C:\WINDOWS\System32\nvsvc32.exe
08:25:00.0281 3980 NVSvc - ok
08:25:00.0375 3980 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:25:00.0375 3980 NwlnkFlt - ok
08:25:00.0406 3980 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:25:00.0406 3980 NwlnkFwd - ok
08:25:00.0468 3980 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
08:25:00.0484 3980 ohci1394 - ok
08:25:00.0625 3980 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:25:00.0656 3980 ose - ok
08:25:00.0937 3980 PACSPTISVR (1b42060512fe8fd1aee78d3739f344f8) C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
08:25:00.0968 3980 PACSPTISVR - ok
08:25:01.0046 3980 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
08:25:01.0062 3980 Parport - ok
08:25:01.0078 3980 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:25:01.0093 3980 PartMgr - ok
08:25:01.0140 3980 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:25:01.0140 3980 ParVdm - ok
08:25:01.0171 3980 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:25:01.0203 3980 PCI - ok
08:25:01.0203 3980 PCIDump - ok
08:25:01.0250 3980 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:25:01.0250 3980 PCIIde - ok
08:25:01.0312 3980 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:25:01.0343 3980 Pcmcia - ok
08:25:01.0359 3980 PDCOMP - ok
08:25:01.0359 3980 PDFRAME - ok
08:25:01.0375 3980 PDRELI - ok
08:25:01.0390 3980 PDRFRAME - ok
08:25:01.0390 3980 perc2 - ok
08:25:01.0406 3980 perc2hib - ok
08:25:01.0468 3980 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
08:25:01.0468 3980 pfc - ok
08:25:01.0562 3980 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:25:01.0562 3980 PlugPlay - ok
08:25:01.0593 3980 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:25:01.0593 3980 PolicyAgent - ok
08:25:01.0656 3980 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:25:01.0671 3980 PptpMiniport - ok
08:25:01.0703 3980 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
08:25:01.0718 3980 Processor - ok
08:25:01.0718 3980 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:25:01.0734 3980 ProtectedStorage - ok
08:25:01.0890 3980 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:25:01.0921 3980 PSched - ok
08:25:01.0937 3980 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:25:01.0937 3980 Ptilink - ok
08:25:02.0015 3980 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:25:02.0031 3980 PxHelp20 - ok
08:25:02.0031 3980 ql1080 - ok
08:25:02.0046 3980 Ql10wnt - ok
08:25:02.0062 3980 ql12160 - ok
08:25:02.0078 3980 ql1240 - ok
08:25:02.0093 3980 ql1280 - ok
08:25:02.0281 3980 QWXN720 (93ea7d94959bef66d0e4adbc8ce4e073) C:\WINDOWS\system32\DRIVERS\WLANUHN.sys
08:25:02.0437 3980 QWXN720 - ok
08:25:02.0468 3980 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:25:02.0484 3980 RasAcd - ok
08:25:02.0546 3980 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
08:25:02.0578 3980 RasAuto - ok
08:25:02.0625 3980 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:25:02.0640 3980 Rasl2tp - ok
08:25:02.0875 3980 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
08:25:02.0937 3980 RasMan - ok
08:25:02.0953 3980 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:25:02.0968 3980 RasPppoe - ok
08:25:03.0015 3980 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:25:03.0031 3980 Raspti - ok
08:25:03.0093 3980 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:25:03.0156 3980 Rdbss - ok
08:25:03.0187 3980 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:25:03.0203 3980 RDPCDD - ok
08:25:03.0296 3980 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:25:03.0359 3980 rdpdr - ok
08:25:03.0437 3980 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
08:25:03.0468 3980 RDPWD - ok
08:25:03.0531 3980 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
08:25:03.0578 3980 RDSessMgr - ok
08:25:03.0625 3980 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:25:03.0656 3980 redbook - ok
08:25:03.0703 3980 regi (24d3b49dab660a8b8afa40240e735e24) C:\WINDOWS\system32\drivers\regi.sys
08:25:03.0703 3980 regi - ok
08:25:03.0875 3980 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
08:25:03.0890 3980 RemoteAccess - ok
08:25:03.0968 3980 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
08:25:03.0984 3980 RemoteRegistry - ok
08:25:04.0046 3980 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
08:25:04.0062 3980 RpcLocator - ok
08:25:04.0250 3980 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
08:25:04.0250 3980 RpcSs - ok
08:25:04.0359 3980 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
08:25:04.0406 3980 RSVP - ok
08:25:04.0500 3980 SABProcEnum - ok
08:25:04.0515 3980 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:25:04.0515 3980 SamSs - ok
08:25:04.0578 3980 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
08:25:04.0578 3980 SASDIFSV - ok
08:25:04.0609 3980 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
08:25:04.0609 3980 SASKUTIL - ok
08:25:04.0687 3980 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
08:25:04.0718 3980 SCardSvr - ok
08:25:04.0937 3980 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
08:25:05.0000 3980 Schedule - ok
08:25:05.0031 3980 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:25:05.0046 3980 Secdrv - ok
08:25:05.0093 3980 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
08:25:05.0093 3980 seclogon - ok
08:25:05.0156 3980 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
08:25:05.0156 3980 SENS - ok
08:25:05.0203 3980 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
08:25:05.0218 3980 Serial - ok
08:25:05.0265 3980 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:25:05.0265 3980 Sfloppy - ok
08:25:05.0421 3980 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
08:25:05.0500 3980 SharedAccess - ok
08:25:05.0593 3980 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:25:05.0593 3980 ShellHWDetection - ok
08:25:05.0609 3980 Simbad - ok
08:25:05.0640 3980 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
08:25:05.0656 3980 SLIP - ok
08:25:06.0203 3980 smrt (520a8d79fb1a53803b269ccfc1a1c388) C:\WINDOWS\system32\DRIVERS\smrt.sys
08:25:06.0453 3980 smrt - ok
08:25:06.0718 3980 smwdm (13739b36bd8d94d0fed7662aa7a4235d) C:\WINDOWS\system32\drivers\smwdm.sys
08:25:07.0015 3980 smwdm - ok
08:25:07.0187 3980 SonicStageMonitoring (89cb81394d58f450bddbf4ae3483ca72) C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
08:25:07.0187 3980 SonicStageMonitoring - ok
08:25:07.0281 3980 Sony TV Tuner Controller (cd1bea0cb0e96b828d225b106cbfb968) C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
08:25:07.0328 3980 Sony TV Tuner Controller - ok
08:25:07.0390 3980 Sony TV Tuner Manager (af35291f72f6cf0915765e44f1045305) C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
08:25:07.0390 3980 Sony TV Tuner Manager - ok
08:25:07.0437 3980 Sony TVTA Manager (efaaeed11aaf285435a0dcfe15047983) C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
08:25:07.0437 3980 Sony TVTA Manager - ok
08:25:07.0453 3980 Sparrow - ok
08:25:07.0500 3980 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:25:07.0515 3980 splitter - ok
08:25:07.0578 3980 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
08:25:07.0578 3980 Spooler - ok
08:25:07.0687 3980 SPTISRV (1a61d8c5c34b2169103eabca65b4653e) C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
08:25:07.0703 3980 SPTISRV - ok
08:25:07.0765 3980 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:25:07.0875 3980 sr - ok
08:25:08.0000 3980 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
08:25:08.0062 3980 srservice - ok
08:25:08.0203 3980 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:25:08.0312 3980 Srv - ok
08:25:08.0375 3980 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
08:25:08.0390 3980 SSDPSRV - ok
08:25:08.0593 3980 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
08:25:08.0703 3980 stisvc - ok
08:25:08.0750 3980 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
08:25:08.0765 3980 streamip - ok
08:25:09.0109 3980 SupportSoft RemoteAssist (9a97b7024e2ca4d42046bf272997e14c) C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
08:25:09.0125 3980 SupportSoft RemoteAssist - ok
08:25:09.0140 3980 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:25:09.0156 3980 swenum - ok
08:25:09.0187 3980 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:25:09.0203 3980 swmidi - ok
08:25:09.0218 3980 SwPrv - ok
08:25:09.0234 3980 symc810 - ok
08:25:09.0234 3980 symc8xx - ok
08:25:09.0250 3980 sym_hi - ok
08:25:09.0265 3980 sym_u3 - ok
08:25:09.0312 3980 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:25:09.0328 3980 sysaudio - ok
08:25:09.0390 3980 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
08:25:09.0421 3980 SysmonLog - ok
08:25:09.0531 3980 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
08:25:09.0609 3980 TapiSrv - ok
08:25:09.0906 3980 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:25:10.0000 3980 Tcpip - ok
08:25:10.0031 3980 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:25:10.0031 3980 TDPIPE - ok
08:25:10.0062 3980 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:25:10.0078 3980 TDTCP - ok
08:25:10.0109 3980 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:25:10.0125 3980 TermDD - ok
08:25:10.0265 3980 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
08:25:10.0359 3980 TermService - ok
08:25:10.0437 3980 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:25:10.0437 3980 Themes - ok
08:25:10.0500 3980 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
08:25:10.0531 3980 TlntSvr - ok
08:25:10.0531 3980 TosIde - ok
08:25:10.0593 3980 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
08:25:10.0625 3980 TrkWks - ok
08:25:10.0671 3980 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:25:10.0703 3980 Udfs - ok
08:25:10.0703 3980 ultra - ok
08:25:10.0765 3980 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
08:25:10.0781 3980 UMWdf - ok
08:25:11.0046 3980 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:25:11.0171 3980 Update - ok
08:25:11.0265 3980 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
08:25:11.0312 3980 upnphost - ok
08:25:11.0343 3980 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
08:25:11.0359 3980 UPS - ok
08:25:11.0406 3980 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:25:11.0406 3980 usbccgp - ok
08:25:11.0453 3980 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:25:11.0453 3980 usbehci - ok
08:25:11.0515 3980 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:25:11.0546 3980 usbhub - ok
08:25:11.0578 3980 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:25:11.0593 3980 usbprint - ok
08:25:11.0609 3980 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:25:11.0625 3980 usbscan - ok
08:25:11.0640 3980 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:25:11.0656 3980 usbstor - ok
08:25:11.0671 3980 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:25:11.0687 3980 usbuhci - ok
08:25:12.0078 3980 VAIO Entertainment Aggregation and Control Service (406616898caef1f4a9e999b7c1c61df1) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
08:25:12.0125 3980 VAIO Entertainment Aggregation and Control Service - ok
08:25:12.0203 3980 VAIO Entertainment File Import Service (0d6ddf8364e98c032b4b4ea1b7cd3ec5) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
08:25:12.0203 3980 VAIO Entertainment File Import Service - ok
08:25:12.0265 3980 VAIO Entertainment TV Device Arbitration Service (95283b3935b27846000806ecef0de84d) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHar dwareResourceManager.exe
08:25:12.0296 3980 VAIO Entertainment TV Device Arbitration Service - ok
08:25:12.0296 3980 VAIO Entertainment UPnP Client Adapter - ok
08:25:13.0093 3980 VAIOMediaPlatform-IntegratedServer-AppServer (fdf0f8023334f42627bd9e84b81071d8) C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
08:25:13.0609 3980 VAIOMediaPlatform-IntegratedServer-AppServer - ok
08:25:13.0640 3980 VAIOMediaPlatform-IntegratedServer-HTTP (a4168b6e6daf4329a89dfcdf0578ea57) C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
08:25:13.0640 3980 VAIOMediaPlatform-IntegratedServer-HTTP - ok
08:25:14.0078 3980 VAIOMediaPlatform-IntegratedServer-UPnP (9698ec124dd44d498ebcdefb756cac32) C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
08:25:14.0093 3980 VAIOMediaPlatform-IntegratedServer-UPnP - ok
08:25:14.0609 3980 VAIOMediaPlatform-VideoServer-AppServer (e676a2c17581d84cf739e2785e5e760b) C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
08:25:15.0078 3980 VAIOMediaPlatform-VideoServer-AppServer - ok
08:25:15.0109 3980 VAIOMediaPlatform-VideoServer-HTTP (a4168b6e6daf4329a89dfcdf0578ea57) C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
08:25:15.0125 3980 VAIOMediaPlatform-VideoServer-HTTP - ok
08:25:15.0453 3980 VAIOMediaPlatform-VideoServer-UPnP (9698ec124dd44d498ebcdefb756cac32) C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
08:25:15.0453 3980 VAIOMediaPlatform-VideoServer-UPnP - ok
08:25:15.0921 3980 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:25:15.0921 3980 VgaSave - ok
08:25:15.0937 3980 ViaIde - ok
08:25:16.0000 3980 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:25:16.0328 3980 VolSnap - ok
08:25:17.0046 3980 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
08:25:17.0156 3980 VSS - ok
08:25:17.0593 3980 vToolbarUpdater11.0.2 (56e1e4442e4613fb2039a6b7421f4e58) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
08:25:17.0609 3980 vToolbarUpdater11.0.2 - ok
08:25:17.0718 3980 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
08:25:17.0875 3980 W32Time - ok
08:25:18.0000 3980 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:25:18.0000 3980 Wanarp - ok
08:25:18.0015 3980 WDICA - ok
08:25:18.0078 3980 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:25:18.0109 3980 wdmaud - ok
08:25:18.0156 3980 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
08:25:18.0187 3980 WebClient - ok
08:25:18.0328 3980 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
08:25:18.0359 3980 winmgmt - ok
08:25:18.0937 3980 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
08:25:19.0312 3980 WinRM - ok
08:25:20.0109 3980 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:25:20.0484 3980 wlidsvc - ok
08:25:20.0921 3980 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
08:25:20.0921 3980 WmdmPmSN - ok
08:25:21.0218 3980 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
08:25:21.0218 3980 Wmi - ok
08:25:21.0343 3980 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
08:25:21.0375 3980 WmiApSrv - ok
08:25:21.0468 3980 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
08:25:21.0484 3980 WpdUsb - ok
08:25:22.0125 3980 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\ WPFFontCache_v0400.exe
08:25:22.0375 3980 WPFFontCache_v0400 - ok
08:25:22.0421 3980 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:25:22.0421 3980 WS2IFSL - ok
08:25:22.0484 3980 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
08:25:22.0500 3980 wscsvc - ok
08:25:22.0546 3980 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
08:25:22.0546 3980 WSTCODEC - ok
08:25:22.0578 3980 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
08:25:22.0578 3980 wuauserv - ok
08:25:22.0937 3980 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
08:25:23.0078 3980 WZCSVC - ok
08:25:23.0140 3980 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
08:25:23.0187 3980 xmlprov - ok
08:25:23.0234 3980 ZDCNDIS5 (228ef1572ced753fe18409bb77123204) C:\WINDOWS\system32\ZDCNDIS5.sys
08:25:23.0234 3980 ZDCNDIS5 - ok
08:25:23.0312 3980 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
08:25:24.0671 3980 \Device\Harddisk0\DR0 - ok
08:25:24.0671 3980 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR7
08:25:25.0000 3980 \Device\Harddisk5\DR7 - ok
08:25:25.0000 3980 Boot (0x1200) (6ef0437099adf61261ea0334ff9e0a91) \Device\Harddisk0\DR0\Partition0
08:25:25.0000 3980 \Device\Harddisk0\DR0\Partition0 - ok
08:25:25.0015 3980 Boot (0x1200) (7485c029dc73e06a5e618d6622683f2e) \Device\Harddisk5\DR7\Partition0
08:25:25.0015 3980 \Device\Harddisk5\DR7\Partition0 - ok
08:25:25.0015 3980 ================================================== ==========
08:25:25.0015 3980 Scan finished
08:25:25.0015 3980 ================================================== ==========
08:25:25.0046 3388 Detected object count: 1
08:25:25.0046 3388 Actual detected object count: 1
08:29:33.0281 3388 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine
08:29:33.0953 3388 Backup copy found, using it..
08:29:34.0031 3388 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
08:29:34.0031 3388 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
08:30:16.0906 3632 Deinitialize success