New problems occured after receiving help!

[mexicano2232]

I had a major infection on my computer but it was cured. Here is the original topic: http://forums.malwarebytes.org/index.php?showtopic=110421&st=0

Now after all was done, I now have problems with my computer, such as: I cannot install Windows updates onto my computer, Windows Media Player does not load at all even when I click it or I try to play a song, Audacity cannot load any songs. And when I am using Google Chrome I cannot save a file onto my computer unless I run Chrome in Administrator.

This is very very frustrating. I have never had any of these problems until I downloaded and installed Malwarebytes. I regret making that decision but I need help!

[David H. Lipman]

Send a Personal Message to Larry Tate (LDTate) and request that the former thread be re-opened indicating you have continued problems.

[mexicano2232]

I did and he told me to start a new topic

[AdvancedSetup]

Your computer was infected with what appears to have been the ZeroAccess rootkit. It has nothing to do with the Malwarebytes program. Had you never used our program your computer was already damaged from this infection. It is a very nasty infection and does a lot of damage to most systems and cleaning up that damage can take a lot of time and often reinstalling Windows is simply easier.

To even have a chance at fixing your computer up please post back the following logs and prepare for this to take a while.

Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop

dds.scr

dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 right click and select Run as administrator

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.

When done, DDS will open two (2) logs:

1. DDS.txt
   
2. Attach.txt
   

• Save both reports to your desktop
  
• Please include the following logs in your next reply: DDS.txt and Attach.txt
  You can ignore the note about zipping the Attach.txt file in most cases.
  

[LDTate]

I did and he told me to start a new topic

Yes, in the Malware Removal forum.

I'll move it and please post the scan results AdvancedSetup ask you to do.

[mexicano2232]

Attach:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Basic

Boot Device: \Device\HarddiskVolume3

Install Date: 3/19/2008 1:13:05 PM

System Uptime: 6/15/2012 9:29:20 AM (4 hours ago)

.

Motherboard: Dell Inc. | | 0RY007

Processor: Intel® Celeron® CPU 420 @ 1.60GHz | Socket 775 | 1596/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 139 GiB total, 29.848 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 6.293 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Intel® 82562V-2 10/100 Network Connection

Device ID: PCI\VEN_8086&DEV_10C0&SUBSYS_020D1028&REV_02\3&2411E6FE&0&C8

Manufacturer: Intel

Name: Intel® 82562V-2 10/100 Network Connection

PNP Device ID: PCI\VEN_8086&DEV_10C0&SUBSYS_020D1028&REV_02\3&2411E6FE&0&C8

Service: e1express

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

µTorrent

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Apple Application Support

Apple Mobile Device Support

Apple Software Update

avast! Free Antivirus

Bonjour

BufferChm

CCleaner

Conexant D850 PCI V.92 Modem

Content Transfer

ConvertXtoDVD 4.1.19.365

CopyTrans Suite Remove Only

D1500

D1500_Help

Defraggler

DJ_SF_03_D1500_ProductContext

DJ_SF_03_D1500_Software

DJ_SF_03_D1500_Software_Min

Driver Reviver

eSupportQFolder

ffdshow [rev 3154] [2009-12-09]

Free PDF Tablet 0.1

Free Window Registry Repair

Google Chrome

Google Update Helper

GPBaseService

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Deskjet D1500 Printer Driver Software 10.0 Rel .3

HP Solution Center 10.0

HPProductAssistant

Intel® Network Connections 13.5.32.0

iTunes

LAME v3.98.3 for Audacity

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft XML Parser

Modem Diagnostic Tool

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NWZ-E350 WALKMAN Guide

OGA Notifier 2.0.0048.0

QuickConnect

Realtek High Definition Audio Driver

Revo Uninstaller Pro 2.5.8

SA30xx Media Converter

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

SolutionCenter

swMSM

Toolbox

UnloadSupport

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

WebReg

WinZip 12.1

YTD YouTube Downloader & Converter 3.6

.

==== Event Viewer Messages From Past Week ========

.

6/15/2012 9:39:58 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Internet Explorer 9 for Windows Vista.

6/15/2012 9:31:24 AM, Error: Service Control Manager [7003] - The TCP/IP NetBIOS Helper service depends the following service: NetBT. This service might not be installed.

6/15/2012 9:31:24 AM, Error: Service Control Manager [7000] - The SupportSoft RemoteAssist service failed to start due to the following error: The system cannot find the path specified.

6/15/2012 9:31:24 AM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

6/15/2012 8:57:47 AM, Error: volsnap [20] - The shadow copies of volume C: were aborted because of a failed free space computation.

6/10/2012 2:50:36 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

6/10/2012 2:44:52 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

6/10/2012 2:44:52 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).

.

==== End Of File ===========================

[mexicano2232]

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by aaron's at 13:00:40 on 2012-06-15

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1012.120 [GMT -6:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe

C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\wuauclt.exe

C:\Users\aaron's\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\aaron's\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\aaron's\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\aaron's\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\aaron's\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\aaron's\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\taskeng.exe

C:\Users\aaron's\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\aaron's\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\aaron's\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

.

============== Pseudo HJT Report ===============

.

uWindow Title = Internet Explorer, optimized for Bing and MSN

mStart Page = about:blank

uInternet Settings,ProxyOverride = <local>;*.local

uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch

BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

BHO: {dbc80044-a445-435b-bc74-9c25c1c588a9} - Java Plug-In 2 SSV Helper

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File

TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [Wisdom-soft AutoScreenRecorder 3.1 Pro] 0

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &Clean Traces

IE: &Download with &DAP

IE: Download &all with DAP

IE: Download all by YouTube Robot

IE: Download by YouTube Robot

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}

IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

Trusted Zone: adobe.com\kb2

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab

DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{884CF6F3-CFFC-4BB7-9187-C19679DE6405} : DhcpNameServer = 192.168.0.1

Notify: igfxcui - igfxdev.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-31 612184]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-31 337880]

R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2012-5-25 27080]

R2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2009-4-22 110304]

R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2012-1-2 87968]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-31 20696]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-1-31 57688]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-31 44768]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-12-19 21504]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1c9ee41abc7afe7;Google Update Service (gupdate1c9ee41abc7afe7);c:\program files\google\update\GoogleUpdate.exe [2009-6-15 133104]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-16 257696]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-6-15 133104]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-5-25 27192]

S3 UPnPService;UPnPService;c:\program files\common files\magix shared\upnpservice\UPnPService.exe [2009-4-22 544768]

S3 WnsDrvr;WnsDrvr;c:\windows\system32\drivers\wnsdrvr.sys [2009-6-7 25952]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== File Associations ===============

.

JSEFile=NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2012-06-15 18:18:20 -------- d-----w- c:\users\aaron's\appdata\roaming\redsn0w

2012-06-15 17:22:03 -------- d-----w- c:\users\aaron's\appdata\local\libimobiledevice

2012-06-15 01:32:57 -------- d-----w- C:\audacity_temp

2012-06-10 08:46:23 -------- d-----w- c:\windows\system32\catroot2

2012-06-04 07:23:09 -------- d-----w- c:\users\aaron's\appdata\local\ElevatedDiagnostics

2012-06-01 20:32:41 -------- d-----w- c:\users\aaron's\appdata\local\temp

2012-06-01 20:23:28 -------- d-sh--w- C:\$RECYCLE.BIN

2012-05-31 01:36:37 -------- d-----w- c:\users\aaron's\appdata\roaming\Malwarebytes

2012-05-31 01:35:56 -------- d-----w- c:\programdata\Malwarebytes

2012-05-31 01:35:54 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-31 01:35:54 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-31 00:36:42 399264 ----a-w- c:\windows\unhide.exe

2012-05-30 23:20:28 -------- d-----w- C:\found.000

2012-05-28 05:20:19 -------- dc----w- c:\program files\Free Window Registry Repair

2012-05-26 04:45:37 -------- d-----w- c:\programdata\PC Tools

2012-05-26 04:45:35 -------- d-----w- c:\users\aaron's\appdata\roaming\Product_PT

2012-05-26 03:54:52 -------- dc----w- c:\program files\Defraggler

2012-05-26 01:46:59 -------- d-----w- c:\users\aaron's\appdata\local\VS Revo Group

2012-05-26 01:46:30 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys

2012-05-26 01:46:23 -------- dc----w- c:\program files\VS Revo Group

2012-05-26 01:00:04 27080 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys

2012-05-25 23:55:14 511328 -c--a-w- c:\program files\common files\microsoft shared\capicom\CAPICOM.DLL

2012-05-25 23:45:12 74703 ----a-w- c:\windows\system32\mfc45.dll

.

==================== Find3M ====================

.

2012-05-20 01:09:28 1668 ----a-w- c:\windows\system32\ASOROSet.bin

2012-05-05 06:11:12 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-05 06:11:12 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-25 18:11:36 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-04-25 18:11:36 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-02 13:36:21 2044928 ----a-w- c:\windows\system32\win32k.sys

2012-03-30 12:39:11 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-03-20 23:28:50 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys

.

============= FINISH: 13:03:37.77 ===============

[LDTate]

Next:

Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
   
   
2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
   
   
3. Click the Start Scan button.
   
   
4. If a suspicious object is detected, the default action will be Skip, click on Continue.
   
   
5. If Malicious objects are found then ensure Cure is selected
   
6. If TDLFS File System is found then ensure Delete is selected
   
7. Then click Continue Reboot now to finish the cleaning process.
   
   

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

[mexicano2232]

14:37:18.0592 4832 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31

14:37:19.0337 4832 ============================================================

14:37:19.0337 4832 Current date / time: 2012/06/15 14:37:19.0337

14:37:19.0338 4832 SystemInfo:

14:37:19.0338 4832

14:37:19.0338 4832 OS Version: 6.0.6002 ServicePack: 2.0

14:37:19.0338 4832 Product type: Workstation

14:37:19.0338 4832 ComputerName: MEZA-PC

14:37:19.0338 4832 UserName: aaron's

14:37:19.0338 4832 Windows directory: C:\Windows

14:37:19.0338 4832 System windows directory: C:\Windows

14:37:19.0338 4832 Processor architecture: Intel x86

14:37:19.0338 4832 Number of processors: 1

14:37:19.0338 4832 Page size: 0x1000

14:37:19.0338 4832 Boot type: Normal boot

14:37:19.0338 4832 ============================================================

14:37:21.0592 4832 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

14:37:21.0679 4832 Drive \Device\Harddisk5\DR5 - Size: 0x3C8C0000 (0.95 Gb), SectorSize: 0x200, Cylinders: 0x7B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

14:37:21.0685 4832 ============================================================

14:37:21.0685 4832 \Device\Harddisk0\DR0:

14:37:21.0685 4832 MBR partitions:

14:37:21.0685 4832 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x18000, BlocksNum 0x1400000

14:37:21.0685 4832 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1418000, BlocksNum 0x115ED000

14:37:21.0685 4832 \Device\Harddisk5\DR5:

14:37:21.0691 4832 MBR partitions:

14:37:21.0691 4832 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x6, StartLBA 0xF9, BlocksNum 0x1E4407

14:37:21.0691 4832 ============================================================

14:37:21.0834 4832 C: <-> \Device\Harddisk0\DR0\Partition1

14:37:21.0997 4832 D: <-> \Device\Harddisk0\DR0\Partition0

14:37:21.0998 4832 ============================================================

14:37:21.0998 4832 Initialize success

14:37:21.0998 4832 ============================================================

14:38:00.0600 4252 ============================================================

14:38:00.0600 4252 Scan started

14:38:00.0600 4252 Mode: Manual; SigCheck; TDLFS;

14:38:00.0600 4252 ============================================================

14:38:03.0906 4252 ACEDRV09 (ec818aed40e3359fe49ddb1700151e56) C:\Windows\system32\drivers\ACEDRV09.sys

14:38:04.0203 4252 ACEDRV09 - ok

14:38:04.0293 4252 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

14:38:04.0328 4252 ACPI - ok

14:38:04.0377 4252 ADASPROT - ok

14:38:04.0455 4252 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

14:38:04.0495 4252 AdobeFlashPlayerUpdateSvc - ok

14:38:04.0537 4252 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

14:38:04.0576 4252 adp94xx - ok

14:38:04.0610 4252 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

14:38:04.0648 4252 adpahci - ok

14:38:04.0671 4252 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

14:38:04.0696 4252 adpu160m - ok

14:38:04.0737 4252 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

14:38:04.0768 4252 adpu320 - ok

14:38:04.0802 4252 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

14:38:05.0311 4252 AeLookupSvc - ok

14:38:05.0395 4252 AERTFilters (a6ce73469591554279da63be715dbc93) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe

14:38:05.0415 4252 AERTFilters - ok

14:38:05.0448 4252 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys

14:38:05.0467 4252 Afc - ok

14:38:05.0509 4252 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

14:38:05.0714 4252 AFD - ok

14:38:05.0849 4252 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys

14:38:05.0873 4252 agp440 - ok

14:38:06.0334 4252 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

14:38:06.0501 4252 aic78xx - ok

14:38:06.0567 4252 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe

14:38:06.0935 4252 ALG - ok

14:38:06.0976 4252 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys

14:38:06.0996 4252 aliide - ok

14:38:07.0024 4252 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys

14:38:07.0048 4252 amdagp - ok

14:38:07.0057 4252 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys

14:38:07.0083 4252 amdide - ok

14:38:07.0115 4252 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

14:38:07.0298 4252 AmdK7 - ok

14:38:07.0325 4252 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

14:38:07.0422 4252 AmdK8 - ok

14:38:07.0506 4252 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll

14:38:07.0652 4252 Appinfo - ok

14:38:07.0842 4252 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

14:38:07.0864 4252 Apple Mobile Device - ok

14:38:07.0921 4252 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

14:38:07.0944 4252 arc - ok

14:38:07.0983 4252 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

14:38:08.0005 4252 arcsas - ok

14:38:08.0142 4252 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\Windows\system32\drivers\aswFsBlk.sys

14:38:08.0201 4252 aswFsBlk - ok

14:38:08.0257 4252 aswMonFlt (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys

14:38:08.0276 4252 aswMonFlt - ok

14:38:08.0290 4252 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\Windows\system32\drivers\aswRdr.sys

14:38:08.0312 4252 aswRdr - ok

14:38:08.0369 4252 aswSnx (dcb199b967375753b5019ec15f008f53) C:\Windows\system32\drivers\aswSnx.sys

14:38:08.0436 4252 aswSnx - ok

14:38:08.0493 4252 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\Windows\system32\drivers\aswSP.sys

14:38:08.0530 4252 aswSP - ok

14:38:08.0569 4252 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\Windows\system32\drivers\aswTdi.sys

14:38:08.0588 4252 aswTdi - ok

14:38:08.0644 4252 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

14:38:08.0730 4252 AsyncMac - ok

14:38:08.0788 4252 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

14:38:08.0808 4252 atapi - ok

14:38:08.0874 4252 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

14:38:08.0924 4252 AudioEndpointBuilder - ok

14:38:08.0932 4252 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

14:38:08.0975 4252 Audiosrv - ok

14:38:09.0064 4252 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

14:38:09.0083 4252 avast! Antivirus - ok

14:38:09.0137 4252 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

14:38:09.0205 4252 Beep - ok

14:38:09.0448 4252 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll

14:38:09.0520 4252 BFE - ok

14:38:09.0659 4252 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll

14:38:09.0760 4252 BITS - ok

14:38:09.0805 4252 blbdrive - ok

14:38:09.0958 4252 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

14:38:10.0024 4252 Bonjour Service - ok

14:38:10.0062 4252 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

14:38:10.0168 4252 bowser - ok

14:38:10.0192 4252 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

14:38:10.0243 4252 BrFiltLo - ok

14:38:10.0264 4252 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

14:38:10.0307 4252 BrFiltUp - ok

14:38:10.0358 4252 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll

14:38:10.0411 4252 Browser - ok

14:38:10.0588 4252 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

14:38:10.0697 4252 Brserid - ok

14:38:10.0727 4252 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

14:38:10.0814 4252 BrSerWdm - ok

14:38:10.0843 4252 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

14:38:10.0931 4252 BrUsbMdm - ok

14:38:10.0952 4252 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

14:38:11.0028 4252 BrUsbSer - ok

14:38:11.0064 4252 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

14:38:11.0142 4252 BTHMODEM - ok

14:38:11.0152 4252 catchme - ok

14:38:11.0250 4252 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

14:38:11.0337 4252 cdfs - ok

14:38:11.0381 4252 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

14:38:11.0453 4252 cdrom - ok

14:38:11.0503 4252 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

14:38:11.0548 4252 CertPropSvc - ok

14:38:11.0575 4252 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

14:38:11.0663 4252 circlass - ok

14:38:11.0796 4252 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

14:38:11.0830 4252 CLFS - ok

14:38:11.0927 4252 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

14:38:12.0037 4252 clr_optimization_v2.0.50727_32 - ok

14:38:12.0127 4252 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

14:38:12.0292 4252 clr_optimization_v4.0.30319_32 - ok

14:38:12.0312 4252 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys

14:38:12.0335 4252 cmdide - ok

14:38:12.0365 4252 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\drivers\compbatt.sys

14:38:12.0386 4252 Compbatt - ok

14:38:12.0393 4252 COMSysApp - ok

14:38:12.0425 4252 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

14:38:12.0444 4252 crcdisk - ok

14:38:12.0467 4252 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

14:38:12.0560 4252 Crusoe - ok

14:38:12.0618 4252 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll

14:38:12.0654 4252 CryptSvc - ok

14:38:12.0727 4252 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

14:38:12.0796 4252 DcomLaunch - ok

14:38:12.0945 4252 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

14:38:13.0018 4252 DfsC - ok

14:38:13.0151 4252 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe

14:38:13.0606 4252 DFSR - ok

14:38:13.0763 4252 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll

14:38:13.0823 4252 Dhcp - ok

14:38:13.0903 4252 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

14:38:13.0926 4252 disk - ok

14:38:13.0980 4252 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll

14:38:14.0063 4252 Dnscache - ok

14:38:14.0122 4252 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll

14:38:14.0186 4252 dot3svc - ok

14:38:14.0234 4252 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll

14:38:14.0317 4252 DPS - ok

14:38:14.0358 4252 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

14:38:14.0390 4252 drmkaud - ok

14:38:14.0452 4252 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

14:38:14.0504 4252 DXGKrnl - ok

14:38:14.0739 4252 e1express (422ca8361d33da819976b428b9c8e560) C:\Windows\system32\DRIVERS\e1e6032.sys

14:38:14.0771 4252 e1express - ok

14:38:14.0812 4252 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

14:38:14.0898 4252 E1G60 - ok

14:38:14.0950 4252 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll

14:38:15.0000 4252 EapHost - ok

14:38:15.0112 4252 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

14:38:15.0139 4252 Ecache - ok

14:38:15.0191 4252 ElRawDisk (e00cdaed2c0dbdc60c6e5d000dee01e9) C:\Windows\system32\drivers\ElRawDsk.sys

14:38:15.0212 4252 ElRawDisk - ok

14:38:15.0280 4252 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

14:38:15.0312 4252 elxstor - ok

14:38:15.0390 4252 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll

14:38:15.0505 4252 EMDMgmt - ok

14:38:15.0748 4252 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll

14:38:15.0834 4252 EventSystem - ok

14:38:15.0948 4252 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

14:38:16.0049 4252 exfat - ok

14:38:16.0102 4252 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

14:38:16.0163 4252 fastfat - ok

14:38:16.0213 4252 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

14:38:16.0263 4252 fdc - ok

14:38:16.0347 4252 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll

14:38:16.0417 4252 fdPHost - ok

14:38:16.0596 4252 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

14:38:16.0696 4252 FDResPub - ok

14:38:16.0744 4252 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

14:38:16.0766 4252 FileInfo - ok

14:38:16.0818 4252 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

14:38:16.0875 4252 Filetrace - ok

14:38:16.0906 4252 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

14:38:16.0980 4252 flpydisk - ok

14:38:17.0038 4252 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

14:38:17.0114 4252 FltMgr - ok

14:38:17.0200 4252 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll

14:38:17.0366 4252 FontCache - ok

14:38:17.0489 4252 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

14:38:17.0510 4252 FontCache3.0.0.0 - ok

14:38:17.0563 4252 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys

14:38:17.0671 4252 Fs_Rec - ok

14:38:17.0701 4252 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

14:38:17.0722 4252 gagp30kx - ok

14:38:17.0796 4252 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll

14:38:17.0852 4252 gpsvc - ok

14:38:17.0967 4252 gupdate1c9ee41abc7afe7 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe

14:38:17.0995 4252 gupdate1c9ee41abc7afe7 - ok

14:38:18.0001 4252 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe

14:38:18.0025 4252 gupdatem - ok

14:38:18.0386 4252 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

14:38:18.0452 4252 HDAudBus - ok

14:38:18.0496 4252 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

14:38:18.0576 4252 HidBth - ok

14:38:18.0601 4252 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

14:38:18.0692 4252 HidIr - ok

14:38:18.0753 4252 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll

14:38:18.0881 4252 hidserv - ok

14:38:18.0928 4252 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

14:38:18.0961 4252 HidUsb - ok

14:38:19.0010 4252 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll

14:38:19.0065 4252 hkmsvc - ok

14:38:19.0167 4252 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

14:38:19.0187 4252 HpCISSs - ok

14:38:19.0278 4252 hpqcxs08 (f50f7984fdd151edd8a70a8dbd9e2a44) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

14:38:19.0312 4252 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning

14:38:19.0312 4252 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)

14:38:19.0417 4252 HSF_DPV (99f85640054ba65190b860d878a7c9ae) C:\Windows\system32\DRIVERS\HSX_DPV.sys

14:38:19.0551 4252 HSF_DPV - ok

14:38:19.0603 4252 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys

14:38:19.0645 4252 HSXHWBS2 - ok

14:38:19.0716 4252 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys

14:38:19.0826 4252 HTTP - ok

14:38:19.0873 4252 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

14:38:19.0907 4252 i2omp - ok

14:38:20.0027 4252 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

14:38:20.0081 4252 i8042prt - ok

14:38:20.0281 4252 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys

14:38:20.0332 4252 iaStor - ok

14:38:20.0385 4252 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

14:38:20.0431 4252 iaStorV - ok

14:38:20.0612 4252 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

14:38:20.0681 4252 idsvc - ok

14:38:21.0001 4252 igfx (a9221d13d8f1f772010ee293ba9baeb7) C:\Windows\system32\DRIVERS\igdkmd32.sys

14:38:21.0432 4252 igfx - ok

14:38:21.0572 4252 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

14:38:21.0596 4252 iirsp - ok

14:38:21.0727 4252 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll

14:38:21.0798 4252 IKEEXT - ok

14:38:21.0961 4252 IntcAzAudAddService (f42f2f88017a2e2b6f783acef6c2c149) C:\Windows\system32\drivers\RTKVHDA.sys

14:38:22.0266 4252 IntcAzAudAddService - ok

14:38:22.0447 4252 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys

14:38:22.0468 4252 intelide - ok

14:38:22.0621 4252 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

14:38:22.0703 4252 intelppm - ok

14:38:22.0770 4252 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll

14:38:22.0833 4252 IPBusEnum - ok

14:38:22.0886 4252 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:38:22.0939 4252 IpFilterDriver - ok

14:38:23.0015 4252 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll

14:38:23.0122 4252 iphlpsvc - ok

14:38:23.0134 4252 IpInIp - ok

14:38:23.0169 4252 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

14:38:23.0250 4252 IPMIDRV - ok

14:38:23.0362 4252 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

14:38:23.0413 4252 IPNAT - ok

14:38:23.0530 4252 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe

14:38:23.0601 4252 iPod Service - ok

14:38:23.0663 4252 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

14:38:23.0701 4252 IRENUM - ok

14:38:23.0747 4252 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys

14:38:23.0768 4252 isapnp - ok

14:38:23.0893 4252 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

14:38:23.0928 4252 iScsiPrt - ok

14:38:23.0956 4252 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

14:38:23.0979 4252 iteatapi - ok

14:38:23.0999 4252 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

14:38:24.0027 4252 iteraid - ok

14:38:24.0100 4252 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

14:38:24.0123 4252 kbdclass - ok

14:38:24.0184 4252 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

14:38:24.0222 4252 kbdhid - ok

14:38:24.0279 4252 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

14:38:24.0376 4252 KeyIso - ok

14:38:24.0406 4252 kl1 (6512f37e1b52531bfd8d65fa95b6ee63) C:\Windows\system32\DRIVERS\kl1.sys

14:38:24.0437 4252 kl1 - ok

14:38:24.0530 4252 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

14:38:24.0567 4252 KSecDD - ok

14:38:24.0649 4252 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll

14:38:24.0727 4252 KtmRm - ok

14:38:24.0791 4252 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll

14:38:24.0888 4252 LanmanServer - ok

14:38:25.0031 4252 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll

14:38:25.0113 4252 LanmanWorkstation - ok

14:38:25.0209 4252 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

14:38:25.0248 4252 lltdio - ok

14:38:25.0328 4252 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll

14:38:25.0394 4252 lltdsvc - ok

14:38:25.0434 4252 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

14:38:25.0521 4252 lmhosts - ok

14:38:25.0567 4252 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

14:38:25.0605 4252 LSI_FC - ok

14:38:25.0627 4252 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

14:38:25.0649 4252 LSI_SAS - ok

14:38:25.0667 4252 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

14:38:25.0692 4252 LSI_SCSI - ok

14:38:25.0766 4252 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

14:38:25.0829 4252 luafv - ok

14:38:25.0843 4252 MCSTRM - ok

14:38:25.0881 4252 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

14:38:25.0946 4252 mdmxsdk - ok

14:38:25.0994 4252 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

14:38:26.0014 4252 megasas - ok

14:38:26.0126 4252 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

14:38:26.0184 4252 MMCSS - ok

14:38:26.0237 4252 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

14:38:26.0289 4252 Modem - ok

14:38:26.0347 4252 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

14:38:26.0403 4252 monitor - ok

14:38:26.0458 4252 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

14:38:26.0479 4252 mouclass - ok

14:38:26.0532 4252 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

14:38:26.0614 4252 mouhid - ok

14:38:26.0682 4252 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

14:38:26.0704 4252 MountMgr - ok

14:38:26.0744 4252 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

14:38:26.0766 4252 mpio - ok

14:38:26.0837 4252 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

14:38:26.0869 4252 mpsdrv - ok

14:38:26.0966 4252 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll

14:38:27.0065 4252 MpsSvc - ok

14:38:27.0110 4252 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

14:38:27.0130 4252 Mraid35x - ok

14:38:27.0237 4252 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

14:38:27.0297 4252 MRxDAV - ok

14:38:27.0358 4252 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

14:38:27.0469 4252 mrxsmb - ok

14:38:27.0532 4252 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:38:27.0587 4252 mrxsmb10 - ok

14:38:27.0642 4252 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:38:27.0677 4252 mrxsmb20 - ok

14:38:27.0708 4252 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys

14:38:27.0730 4252 msahci - ok

14:38:27.0767 4252 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

14:38:27.0790 4252 msdsm - ok

14:38:27.0852 4252 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe

14:38:27.0915 4252 MSDTC - ok

14:38:27.0991 4252 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

14:38:28.0043 4252 Msfs - ok

14:38:28.0165 4252 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

14:38:28.0214 4252 msisadrv - ok

14:38:28.0340 4252 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll

14:38:28.0424 4252 MSiSCSI - ok

14:38:28.0440 4252 msiserver - ok

14:38:28.0502 4252 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

14:38:28.0550 4252 MSKSSRV - ok

14:38:28.0588 4252 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

14:38:28.0645 4252 MSPCLOCK - ok

14:38:28.0662 4252 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

14:38:28.0702 4252 MSPQM - ok

14:38:28.0766 4252 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

14:38:28.0801 4252 MsRPC - ok

14:38:29.0011 4252 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

14:38:29.0042 4252 mssmbios - ok

14:38:29.0125 4252 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

14:38:29.0180 4252 MSTEE - ok

14:38:29.0438 4252 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

14:38:29.0543 4252 Mup - ok

14:38:29.0790 4252 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll

14:38:29.0853 4252 napagent - ok

14:38:29.0912 4252 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

14:38:29.0949 4252 NativeWifiP - ok

14:38:30.0035 4252 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

14:38:30.0148 4252 NDIS - ok

14:38:30.0211 4252 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

14:38:30.0262 4252 NdisTapi - ok

14:38:30.0426 4252 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

14:38:30.0479 4252 Ndisuio - ok

14:38:30.0540 4252 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

14:38:30.0596 4252 NdisWan - ok

14:38:30.0655 4252 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

14:38:30.0702 4252 NDProxy - ok

14:38:30.0766 4252 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

14:38:30.0829 4252 NetBIOS - ok

14:38:30.0892 4252 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

14:38:30.0917 4252 Netlogon - ok

14:38:30.0987 4252 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll

14:38:31.0061 4252 Netman - ok

14:38:31.0132 4252 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll

14:38:31.0197 4252 netprofm - ok

14:38:31.0338 4252 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

14:38:31.0420 4252 NetTcpPortSharing - ok

14:38:31.0724 4252 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

14:38:31.0772 4252 nfrd960 - ok

14:38:31.0903 4252 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll

14:38:31.0980 4252 NlaSvc - ok

14:38:32.0027 4252 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

14:38:32.0073 4252 Npfs - ok

14:38:32.0133 4252 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll

14:38:32.0177 4252 nsi - ok

14:38:32.0237 4252 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

14:38:32.0300 4252 nsiproxy - ok

14:38:32.0440 4252 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

14:38:32.0527 4252 Ntfs - ok

14:38:32.0677 4252 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

14:38:32.0755 4252 ntrigdigi - ok

14:38:32.0810 4252 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

14:38:32.0861 4252 Null - ok

14:38:32.0938 4252 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

14:38:32.0963 4252 nvraid - ok

14:38:32.0989 4252 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

14:38:33.0009 4252 nvstor - ok

14:38:33.0137 4252 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys

14:38:33.0159 4252 nv_agp - ok

14:38:33.0172 4252 NwlnkFlt - ok

14:38:33.0187 4252 NwlnkFwd - ok

14:38:33.0398 4252 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

14:38:33.0456 4252 odserv - ok

14:38:33.0508 4252 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

14:38:33.0600 4252 ohci1394 - ok

14:38:33.0673 4252 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

14:38:33.0703 4252 ose - ok

14:38:33.0797 4252 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

14:38:33.0930 4252 p2pimsvc - ok

14:38:33.0947 4252 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

14:38:33.0987 4252 p2psvc - ok

14:38:34.0034 4252 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

14:38:34.0111 4252 Parport - ok

14:38:34.0231 4252 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys

14:38:34.0300 4252 partmgr - ok

14:38:34.0393 4252 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

14:38:34.0478 4252 Parvdm - ok

14:38:34.0537 4252 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll

14:38:34.0632 4252 PcaSvc - ok

14:38:34.0693 4252 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

14:38:34.0719 4252 pci - ok

14:38:34.0774 4252 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

14:38:34.0796 4252 pciide - ok

14:38:34.0819 4252 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

14:38:34.0874 4252 pcmcia - ok

14:38:34.0923 4252 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys

14:38:34.0995 4252 pcouffin - ok

14:38:35.0055 4252 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

14:38:35.0165 4252 PEAUTH - ok

14:38:35.0307 4252 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll

14:38:35.0438 4252 pla - ok

14:38:35.0697 4252 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll

14:38:35.0779 4252 PlugPlay - ok

14:38:35.0861 4252 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

14:38:35.0901 4252 PNRPAutoReg - ok

14:38:35.0940 4252 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

14:38:35.0997 4252 PNRPsvc - ok

14:38:36.0066 4252 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll

14:38:36.0137 4252 PolicyAgent - ok

14:38:36.0235 4252 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

14:38:36.0284 4252 PptpMiniport - ok

14:38:36.0329 4252 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

14:38:36.0400 4252 Processor - ok

14:38:36.0468 4252 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll

14:38:36.0650 4252 ProfSvc - ok

14:38:36.0706 4252 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

14:38:36.0746 4252 ProtectedStorage - ok

14:38:36.0801 4252 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

14:38:36.0847 4252 PSched - ok

14:38:36.0889 4252 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys

14:38:36.0907 4252 PxHelp20 - ok

14:38:36.0966 4252 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

14:38:37.0026 4252 ql2300 - ok

14:38:37.0142 4252 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

14:38:37.0174 4252 ql40xx - ok

14:38:37.0244 4252 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll

14:38:37.0286 4252 QWAVE - ok

14:38:37.0347 4252 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

14:38:37.0386 4252 QWAVEdrv - ok

14:38:37.0514 4252 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys

14:38:37.0666 4252 R300 - ok

14:38:37.0910 4252 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

14:38:37.0948 4252 RasAcd - ok

14:38:38.0012 4252 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll

14:38:38.0084 4252 RasAuto - ok

14:38:38.0224 4252 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

14:38:38.0274 4252 Rasl2tp - ok

14:38:38.0361 4252 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll

14:38:38.0436 4252 RasMan - ok

14:38:38.0511 4252 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

14:38:38.0543 4252 RasPppoe - ok

14:38:38.0611 4252 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

14:38:38.0647 4252 RasSstp - ok

14:38:38.0717 4252 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

14:38:38.0778 4252 rdbss - ok

14:38:38.0863 4252 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

14:38:38.0927 4252 RDPCDD - ok

14:38:38.0985 4252 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys

14:38:39.0049 4252 rdpdr - ok

14:38:39.0080 4252 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

14:38:39.0119 4252 RDPENCDD - ok

14:38:39.0188 4252 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys

14:38:39.0291 4252 RDPWD - ok

14:38:39.0396 4252 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll

14:38:39.0440 4252 RemoteAccess - ok

14:38:39.0507 4252 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll

14:38:39.0553 4252 RemoteRegistry - ok

14:38:39.0588 4252 Revoflt (b9bb8e2093c1615ad6ea55ad96214354) C:\Windows\system32\DRIVERS\revoflt.sys

14:38:39.0611 4252 Revoflt - ok

14:38:39.0677 4252 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

14:38:39.0826 4252 RpcLocator - ok

14:38:39.0919 4252 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

14:38:40.0037 4252 RpcSs - ok

14:38:40.0097 4252 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

14:38:40.0136 4252 rspndr - ok

14:38:40.0187 4252 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

14:38:40.0212 4252 SamSs - ok

14:38:40.0289 4252 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

14:38:40.0310 4252 sbp2port - ok

14:38:40.0373 4252 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll

14:38:40.0420 4252 SCardSvr - ok

14:38:40.0557 4252 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll

14:38:40.0766 4252 Schedule - ok

14:38:40.0838 4252 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

14:38:40.0870 4252 SCPolicySvc - ok

14:38:40.0981 4252 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll

14:38:41.0223 4252 SDRSVC - ok

14:38:41.0255 4252 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

14:38:41.0338 4252 secdrv - ok

14:38:41.0390 4252 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll

14:38:41.0432 4252 seclogon - ok

14:38:41.0484 4252 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll

14:38:41.0536 4252 SENS - ok

14:38:41.0563 4252 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

14:38:41.0644 4252 Serenum - ok

14:38:41.0684 4252 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

14:38:41.0751 4252 Serial - ok

14:38:41.0809 4252 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

14:38:41.0848 4252 sermouse - ok

14:38:41.0934 4252 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll

14:38:41.0999 4252 SessionEnv - ok

14:38:42.0037 4252 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys

14:38:42.0094 4252 sffdisk - ok

14:38:42.0122 4252 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys

14:38:42.0166 4252 sffp_mmc - ok

14:38:42.0305 4252 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys

14:38:42.0334 4252 sffp_sd - ok

14:38:42.0378 4252 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

14:38:42.0458 4252 sfloppy - ok

14:38:42.0514 4252 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll

14:38:42.0586 4252 SharedAccess - ok

14:38:42.0661 4252 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll

14:38:42.0807 4252 ShellHWDetection - ok

14:38:42.0850 4252 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys

14:38:42.0873 4252 sisagp - ok

14:38:42.0895 4252 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

14:38:42.0918 4252 SiSRaid2 - ok

14:38:42.0977 4252 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

14:38:42.0999 4252 SiSRaid4 - ok

14:38:43.0297 4252 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe

14:38:43.0646 4252 slsvc - ok

14:38:43.0822 4252 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll

14:38:43.0870 4252 SLUINotify - ok

14:38:43.0957 4252 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

14:38:44.0005 4252 Smb - ok

14:38:44.0064 4252 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

14:38:44.0121 4252 SNMPTRAP - ok

14:38:44.0192 4252 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

14:38:44.0213 4252 spldr - ok

14:38:44.0279 4252 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe

14:38:44.0379 4252 Spooler - ok

14:38:44.0416 4252 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

14:38:44.0497 4252 srv - ok

14:38:44.0539 4252 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

14:38:44.0589 4252 srv2 - ok

14:38:44.0621 4252 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

14:38:44.0666 4252 srvnet - ok

14:38:44.0729 4252 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll

14:38:44.0800 4252 SSDPSRV - ok

14:38:44.0863 4252 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll

14:38:44.0910 4252 SstpSvc - ok

14:38:45.0086 4252 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll

14:38:45.0164 4252 stisvc - ok

14:38:45.0242 4252 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

14:38:45.0262 4252 swenum - ok

14:38:45.0335 4252 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll

14:38:45.0408 4252 swprv - ok

14:38:45.0459 4252 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

14:38:45.0488 4252 Symc8xx - ok

14:38:45.0522 4252 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

14:38:45.0551 4252 Sym_hi - ok

14:38:45.0585 4252 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

14:38:45.0608 4252 Sym_u3 - ok

14:38:45.0706 4252 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll

14:38:45.0827 4252 SysMain - ok

14:38:45.0867 4252 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

14:38:45.0949 4252 TabletInputService - ok

14:38:46.0062 4252 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll

14:38:46.0131 4252 TapiSrv - ok

14:38:46.0252 4252 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll

14:38:46.0305 4252 TBS - ok

14:38:46.0458 4252 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys

14:38:46.0520 4252 Tcpip - ok

14:38:46.0545 4252 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys

14:38:46.0593 4252 Tcpip6 - ok

14:38:46.0649 4252 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

14:38:46.0842 4252 tcpipreg - ok

14:38:46.0906 4252 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

14:38:46.0961 4252 TDPIPE - ok

14:38:47.0018 4252 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

14:38:47.0118 4252 TDTCP - ok

14:38:47.0179 4252 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

14:38:47.0222 4252 tdx - ok

14:38:47.0286 4252 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

14:38:47.0309 4252 TermDD - ok

14:38:47.0383 4252 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll

14:38:47.0453 4252 TermService - ok

14:38:47.0525 4252 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll

14:38:47.0570 4252 Themes - ok

14:38:47.0632 4252 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

14:38:47.0674 4252 THREADORDER - ok

14:38:47.0791 4252 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll

14:38:47.0841 4252 TrkWks - ok

14:38:47.0926 4252 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe

14:38:47.0959 4252 TrustedInstaller - ok

14:38:48.0035 4252 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

14:38:48.0089 4252 tssecsrv - ok

14:38:48.0180 4252 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

14:38:48.0308 4252 tunmp - ok

14:38:48.0352 4252 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

14:38:48.0376 4252 tunnel - ok

14:38:48.0416 4252 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

14:38:48.0436 4252 uagp35 - ok

14:38:48.0505 4252 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

14:38:48.0569 4252 udfs - ok

14:38:48.0645 4252 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe

14:38:48.0689 4252 UI0Detect - ok

14:38:48.0742 4252 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys

14:38:48.0774 4252 uliagpkx - ok

14:38:48.0820 4252 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

14:38:48.0852 4252 uliahci - ok

14:38:48.0882 4252 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

14:38:48.0914 4252 UlSata - ok

14:38:48.0952 4252 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

14:38:49.0001 4252 ulsata2 - ok

14:38:49.0064 4252 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

14:38:49.0103 4252 umbus - ok

14:38:49.0177 4252 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll

14:38:49.0246 4252 upnphost - ok

14:38:49.0478 4252 UPnPService (be2f0e19796e57d49bc8f8e0d045884a) C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

14:38:49.0538 4252 UPnPService ( UnsignedFile.Multi.Generic ) - warning

14:38:49.0538 4252 UPnPService - detected UnsignedFile.Multi.Generic (1)

14:38:49.0608 4252 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys

14:38:49.0699 4252 USBAAPL - ok

14:38:49.0714 4252 usbbus - ok

14:38:49.0779 4252 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

14:38:49.0827 4252 usbccgp - ok

14:38:49.0865 4252 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

14:38:49.0953 4252 usbcir - ok

14:38:49.0969 4252 UsbDiag - ok

14:38:50.0027 4252 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

14:38:50.0075 4252 usbehci - ok

14:38:50.0112 4252 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

14:38:50.0153 4252 usbhub - ok

14:38:50.0169 4252 USBModem - ok

14:38:50.0202 4252 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

14:38:50.0266 4252 usbohci - ok

14:38:50.0301 4252 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

14:38:50.0357 4252 usbprint - ok

14:38:50.0426 4252 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:38:50.0460 4252 USBSTOR - ok

14:38:50.0519 4252 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

14:38:50.0563 4252 usbuhci - ok

14:38:50.0631 4252 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll

14:38:50.0678 4252 UxSms - ok

14:38:50.0754 4252 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe

14:38:50.0816 4252 vds - ok

14:38:50.0880 4252 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

14:38:50.0944 4252 vga - ok

14:38:51.0003 4252 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

14:38:51.0078 4252 VgaSave - ok

14:38:51.0197 4252 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys

14:38:51.0218 4252 viaagp - ok

14:38:51.0260 4252 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

14:38:51.0341 4252 ViaC7 - ok

14:38:51.0407 4252 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys

14:38:51.0428 4252 viaide - ok

14:38:51.0495 4252 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

14:38:51.0517 4252 volmgr - ok

14:38:51.0582 4252 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

14:38:51.0619 4252 volmgrx - ok

14:38:51.0697 4252 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

14:38:51.0732 4252 volsnap - ok

14:38:51.0798 4252 vsbus (39d93b4c6c1216e00023f5f03420f54a) C:\Windows\system32\DRIVERS\vsb.sys

14:38:51.0831 4252 vsbus ( UnsignedFile.Multi.Generic ) - warning

14:38:51.0832 4252 vsbus - detected UnsignedFile.Multi.Generic (1)

14:38:51.0881 4252 vserial (ae90acf63103ecb9a5f40fcbd9166ae3) C:\Windows\system32\DRIVERS\vserial.sys

14:38:51.0936 4252 vserial ( UnsignedFile.Multi.Generic ) - warning

14:38:51.0936 4252 vserial - detected UnsignedFile.Multi.Generic (1)

14:38:51.0987 4252 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

14:38:52.0017 4252 vsmraid - ok

14:38:52.0164 4252 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe

14:38:52.0453 4252 VSS - ok

14:38:52.0542 4252 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll

14:38:52.0591 4252 W32Time - ok

14:38:52.0661 4252 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

14:38:52.0765 4252 WacomPen - ok

14:38:52.0939 4252 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

14:38:52.0972 4252 Wanarp - ok

14:38:52.0983 4252 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

14:38:53.0017 4252 Wanarpv6 - ok

14:38:53.0195 4252 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll

14:38:53.0318 4252 wcncsvc - ok

14:38:53.0353 4252 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll

14:38:53.0419 4252 WcsPlugInService - ok

14:38:53.0497 4252 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

14:38:53.0517 4252 Wd - ok

14:38:53.0602 4252 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

14:38:53.0651 4252 Wdf01000 - ok

14:38:53.0729 4252 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

14:38:53.0781 4252 WdiServiceHost - ok

14:38:53.0795 4252 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

14:38:53.0842 4252 WdiSystemHost - ok

14:38:54.0070 4252 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll

14:38:54.0129 4252 WebClient - ok

14:38:54.0200 4252 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll

14:38:54.0392 4252 Wecsvc - ok

14:38:54.0460 4252 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll

14:38:54.0514 4252 wercplsupport - ok

14:38:54.0576 4252 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll

14:38:54.0637 4252 WerSvc - ok

14:38:54.0730 4252 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

14:38:54.0808 4252 winachsf - ok

14:38:54.0971 4252 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll

14:38:55.0003 4252 WinDefend - ok

14:38:55.0023 4252 WinHttpAutoProxySvc - ok

14:38:55.0250 4252 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll

14:38:55.0295 4252 Winmgmt - ok

14:38:55.0404 4252 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll

14:38:55.0563 4252 WinRM - ok

14:38:55.0754 4252 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll

14:38:55.0841 4252 Wlansvc - ok

14:38:55.0920 4252 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\drivers\wmiacpi.sys

14:38:55.0997 4252 WmiAcpi - ok

14:38:56.0093 4252 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe

14:38:56.0158 4252 wmiApSrv - ok

14:38:56.0364 4252 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe

14:38:56.0480 4252 WMPNetworkSvc - ok

14:38:56.0675 4252 WnsDrvr (b4cd1f39807884b9d3217feb71d96952) C:\Windows\system32\drivers\WnsDrvr.sys

14:38:56.0685 4252 WnsDrvr ( UnsignedFile.Multi.Generic ) - warning

14:38:56.0685 4252 WnsDrvr - detected UnsignedFile.Multi.Generic (1)

14:38:56.0754 4252 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll

14:38:56.0851 4252 WPCSvc - ok

14:38:56.0914 4252 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll

14:38:57.0016 4252 WPDBusEnum - ok

14:38:57.0079 4252 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

14:38:57.0129 4252 WpdUsb - ok

14:38:57.0522 4252 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

14:38:57.0583 4252 WPFFontCache_v0400 - ok

14:38:57.0647 4252 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

14:38:57.0711 4252 ws2ifsl - ok

14:38:57.0770 4252 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll

14:38:57.0817 4252 wscsvc - ok

14:38:57.0831 4252 WSearch - ok

14:38:58.0029 4252 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll

14:38:58.0265 4252 wuauserv - ok

14:38:58.0495 4252 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

14:38:58.0561 4252 WUDFRd - ok

14:38:58.0616 4252 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll

14:38:58.0670 4252 wudfsvc - ok

14:38:58.0703 4252 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys

14:38:58.0731 4252 XAudio - ok

14:38:58.0777 4252 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe

14:38:58.0813 4252 XAudioService - ok

14:38:58.0861 4252 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

14:38:59.0139 4252 \Device\Harddisk0\DR0 - ok

14:38:59.0185 4252 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR5

14:39:00.0279 4252 \Device\Harddisk5\DR5 - ok

14:39:00.0312 4252 Boot (0x1200) (37aec735205a09bebb20a86b51fbed97) \Device\Harddisk0\DR0\Partition0

14:39:00.0314 4252 \Device\Harddisk0\DR0\Partition0 - ok

14:39:00.0332 4252 Boot (0x1200) (e963f7d02847b1c6af7ba856ce187ba5) \Device\Harddisk0\DR0\Partition1

14:39:00.0334 4252 \Device\Harddisk0\DR0\Partition1 - ok

14:39:00.0353 4252 Boot (0x1200) (80dd327d6b460d071eed70bfee11f636) \Device\Harddisk5\DR5\Partition0

14:39:00.0360 4252 \Device\Harddisk5\DR5\Partition0 - ok

14:39:00.0364 4252 ============================================================

14:39:00.0364 4252 Scan finished

14:39:00.0364 4252 ============================================================

14:39:00.0386 6060 Detected object count: 5

14:39:00.0386 6060 Actual detected object count: 5

14:42:35.0868 6060 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user

14:42:35.0870 6060 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:42:35.0874 6060 UPnPService ( UnsignedFile.Multi.Generic ) - skipped by user

14:42:35.0875 6060 UPnPService ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:42:35.0878 6060 vsbus ( UnsignedFile.Multi.Generic ) - skipped by user

14:42:35.0878 6060 vsbus ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:42:35.0881 6060 vserial ( UnsignedFile.Multi.Generic ) - skipped by user

14:42:35.0882 6060 vserial ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:42:35.0887 6060 WnsDrvr ( UnsignedFile.Multi.Generic ) - skipped by user

14:42:35.0887 6060 WnsDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:43:47.0142 4360 Deinitialize success

[LDTate]

Nothing bad there.

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  
• Double click on ComboFix.exe & follow the prompts.
  Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
  Note: If you have XP SP3, use the XP SP2 package.
  If Vista or Windows 7, skip the Recovery Console part
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

[mexicano2232]

ComboFix 12-06-15.06 - aaron's 06/15/2012 15:14:27.3.1 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1012.366 [GMT -6:00]

Running from: c:\users\aaron's\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\drivers\netbt.sys . . . is missing!!

.

.

((((((((((((((((((((((((( Files Created from 2012-05-15 to 2012-06-15 )))))))))))))))))))))))))))))))

.

.

2012-06-15 21:45 . 2012-06-15 21:50 -------- d-----w- c:\users\aaron's\AppData\Local\temp

2012-06-15 21:45 . 2012-06-15 21:45 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-15 18:18 . 2012-06-15 18:18 -------- d-----w- c:\users\aaron's\AppData\Roaming\redsn0w

2012-06-15 17:22 . 2012-06-15 17:22 -------- d-----w- c:\users\aaron's\AppData\Local\libimobiledevice

2012-06-15 01:32 . 2012-06-15 01:32 -------- d-----w- C:\audacity_temp

2012-06-14 22:32 . 2012-06-14 22:32 -------- dc----w- c:\program files\Apple Software Update

2012-06-10 08:46 . 2012-06-14 22:28 -------- d-----w- c:\windows\system32\catroot2

2012-06-04 07:23 . 2012-06-04 07:28 -------- d-----w- c:\users\aaron's\AppData\Local\ElevatedDiagnostics

2012-05-31 01:36 . 2012-05-31 01:36 -------- d-----w- c:\users\aaron's\AppData\Roaming\Malwarebytes

2012-05-31 01:35 . 2012-05-31 01:35 -------- d-----w- c:\programdata\Malwarebytes

2012-05-31 01:35 . 2012-05-31 01:36 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-31 01:35 . 2012-04-04 21:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-31 00:36 . 2012-05-31 00:36 399264 ----a-w- c:\windows\unhide.exe

2012-05-30 23:20 . 2012-05-30 23:20 -------- d-----w- C:\found.000

2012-05-28 05:20 . 2012-05-28 05:35 -------- dc----w- c:\program files\Free Window Registry Repair

2012-05-26 04:45 . 2012-05-26 04:45 -------- d-----w- c:\programdata\PC Tools

2012-05-26 04:45 . 2012-05-26 04:45 -------- d-----w- c:\users\aaron's\AppData\Roaming\Product_PT

2012-05-26 03:54 . 2012-05-26 03:55 -------- dc----w- c:\program files\Defraggler

2012-05-26 01:46 . 2012-05-26 01:46 -------- d-----w- c:\users\aaron's\AppData\Local\VS Revo Group

2012-05-26 01:46 . 2009-12-30 17:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys

2012-05-26 01:46 . 2012-05-26 01:46 -------- dc----w- c:\program files\VS Revo Group

2012-05-26 01:00 . 2012-04-17 14:25 27080 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys

2012-05-25 23:55 . 2010-09-23 18:29 511328 -c--a-w- c:\program files\Common Files\Microsoft Shared\CAPICOM\CAPICOM.DLL

2012-05-25 23:45 . 2012-05-25 23:45 74703 ----a-w- c:\windows\system32\mfc45.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-05 06:11 . 2012-04-17 01:13 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-05 06:11 . 2012-01-13 21:17 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-25 18:11 . 2012-04-25 18:11 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-04-25 18:11 . 2012-04-25 18:11 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2012-04-03 08:16 . 2012-05-09 20:19 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-03 08:16 . 2012-05-09 20:19 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-02 13:36 . 2012-05-09 20:19 2044928 ----a-w- c:\windows\system32\win32k.sys

2012-03-30 12:39 . 2012-05-09 20:22 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-03-20 23:28 . 2012-05-09 20:22 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 123536 -c--a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Wisdom-soft AutoScreenRecorder 3.1 Pro"="0" [X]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-01-03 9210400]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 150552]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 173592]

"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-20 583016]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R3 ADASPROT;SYSTWEAKASO;c:\program files\Advanced System Optimizer 3\adasprot32.sys [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]

S2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2009-04-22 110304]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2012-01-03 87968]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

hpdevmgmt REG_MULTI_SZ hpqcxs08

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 06:11]

.

2012-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-16 05:16]

.

2012-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-16 05:16]

.

2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4031169062-1864207035-1914167420-1000Core.job

- c:\users\aaron's\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-25 18:57]

.

2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4031169062-1864207035-1914167420-1000UA.job

- c:\users\aaron's\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-25 18:57]

.

.

------- Supplementary Scan -------

.

mStart Page = about:blank

uInternet Settings,ProxyOverride = <local>;*.local

uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch

IE: &Clean Traces

IE: &Download with &DAP

IE: Download &all with DAP

IE: Download all by YouTube Robot

IE: Download by YouTube Robot

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

Trusted Zone: adobe.com\kb2

TCP: DhcpNameServer = 192.168.0.1

.

.

------- File Associations -------

.

JSEFile=NOTEPAD.EXE %1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-06-15 15:50

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\SetID\Internal]

@Denied: (A 2) (LocalSystem)

"DEVICE2"="vaaur8rPygA="

"DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"1106312873\" expireTime=\"1309830893\" productStatus=\"1\" obSize=\"2\" InstallTS=\"1289332796\" isSubsc=\"0\" authStat_ts=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"1\" moduleId1=\"7\" moduleId2=\"10\" relType=\"1\" />"

.

[HKEY_USERS\S-1-5-21-4031169062-1864207035-1914167420-1000\Software\SecuROM\License information*]

"datasecu"=hex:a2,07,db,f1,87,7b,e6,76,34,33,d8,56,f0,9d,a6,d8,bd,40,00,1e,dc,

22,28,34,9f,c8,10,46,ac,39,d7,ef,93,1a,1e,bb,4f,4c,cf,2c,0b,8c,b0,fd,de,f0,\

"rkeysecu"=hex:2e,94,cc,97,cf,8d,95,62,3d,19,af,1e,26,41,cb,4b

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\windows\system32\conime.exe

c:\program files\Windows Media Player\wmplayer.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\system32\RacAgent.exe

c:\windows\system32\lpremove.exe

.

**************************************************************************

.

Completion time: 2012-06-15 16:04:08 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-15 22:02

ComboFix2.txt 2012-06-01 20:32

.

Pre-Run: 32,107,421,696 bytes free

Post-Run: 33,018,576,896 bytes free

.

- - End Of File - - 4915FD97B7EEBCB432167A380CD08573

[LDTate]

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  :filefind
  netbt.sys

  
  

• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

[mexicano2232]

SystemLook 30.07.11 by jpshortstuff

Log created at 17:44 on 15/06/2012 by aaron's

Administrator - Elevation successful

========== filefind ==========

Searching for "netbt.sys"

C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6000.16386_none_5e2e0665fa591691\netbt.sys --a---- 184320 bytes [08:57 02/11/2006] [08:57 02/11/2006] E3A168912E7EEFC3BD3B814720D68B41

C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys --a---- 184320 bytes [16:41 19/12/2008] [05:55 19/01/2008] 7C5FEE5B1C5728507CD96FB4A13E7A02

C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys --a---- 185856 bytes [18:55 12/09/2009] [04:45 11/04/2009] 70635790371DAC98714CA365AFED79C2

-= EOF =-

[LDTate]

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

FCopy::
C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys | c:\windows\system32\drivers\netbt.sys


Folder::
c:\windows\$NtUninstallKB23894$


ClearJavaCache::

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

[mexicano2232]

ComboFix 12-06-15.06 - aaron's 06/15/2012 18:23:05.4.1 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1012.370 [GMT -6:00]

Running from: c:\users\aaron's\Desktop\ComboFix.exe

Command switches used :: c:\users\aaron's\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\drivers\netbt.sys . . . is missing!!

.

.

--------------- FCopy ---------------

.

c:\windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys --> c:\windows\system32\drivers\netbt.sys

.

((((((((((((((((((((((((( Files Created from 2012-05-16 to 2012-06-16 )))))))))))))))))))))))))))))))

.

.

2012-06-16 00:50 . 2012-06-16 00:56 -------- d-----w- c:\users\aaron's\AppData\Local\temp

2012-06-16 00:50 . 2012-06-16 00:50 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-15 18:18 . 2012-06-15 18:18 -------- d-----w- c:\users\aaron's\AppData\Roaming\redsn0w

2012-06-15 17:22 . 2012-06-15 17:22 -------- d-----w- c:\users\aaron's\AppData\Local\libimobiledevice

2012-06-15 01:32 . 2012-06-15 01:32 -------- d-----w- C:\audacity_temp

2012-06-14 22:32 . 2012-06-14 22:32 -------- dc----w- c:\program files\Apple Software Update

2012-06-10 08:46 . 2012-06-14 22:28 -------- d-----w- c:\windows\system32\catroot2

2012-06-04 07:23 . 2012-06-04 07:28 -------- d-----w- c:\users\aaron's\AppData\Local\ElevatedDiagnostics

2012-05-31 01:36 . 2012-05-31 01:36 -------- d-----w- c:\users\aaron's\AppData\Roaming\Malwarebytes

2012-05-31 01:35 . 2012-05-31 01:35 -------- d-----w- c:\programdata\Malwarebytes

2012-05-31 01:35 . 2012-05-31 01:36 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-31 01:35 . 2012-04-04 21:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-31 00:36 . 2012-05-31 00:36 399264 ----a-w- c:\windows\unhide.exe

2012-05-30 23:20 . 2012-05-30 23:20 -------- d-----w- C:\found.000

2012-05-28 05:20 . 2012-05-28 05:35 -------- dc----w- c:\program files\Free Window Registry Repair

2012-05-26 04:45 . 2012-05-26 04:45 -------- d-----w- c:\programdata\PC Tools

2012-05-26 04:45 . 2012-05-26 04:45 -------- d-----w- c:\users\aaron's\AppData\Roaming\Product_PT

2012-05-26 03:54 . 2012-05-26 03:55 -------- dc----w- c:\program files\Defraggler

2012-05-26 01:46 . 2012-05-26 01:46 -------- d-----w- c:\users\aaron's\AppData\Local\VS Revo Group

2012-05-26 01:46 . 2009-12-30 17:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys

2012-05-26 01:46 . 2012-05-26 01:46 -------- dc----w- c:\program files\VS Revo Group

2012-05-26 01:00 . 2012-04-17 14:25 27080 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys

2012-05-25 23:55 . 2010-09-23 18:29 511328 -c--a-w- c:\program files\Common Files\Microsoft Shared\CAPICOM\CAPICOM.DLL

2012-05-25 23:45 . 2012-05-25 23:45 74703 ----a-w- c:\windows\system32\mfc45.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-05 06:11 . 2012-04-17 01:13 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-05 06:11 . 2012-01-13 21:17 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-25 18:11 . 2012-04-25 18:11 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-04-25 18:11 . 2012-04-25 18:11 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2012-04-03 08:16 . 2012-05-09 20:19 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-03 08:16 . 2012-05-09 20:19 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-02 13:36 . 2012-05-09 20:19 2044928 ----a-w- c:\windows\system32\win32k.sys

2012-03-30 12:39 . 2012-05-09 20:22 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-03-20 23:28 . 2012-05-09 20:22 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 123536 -c--a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Wisdom-soft AutoScreenRecorder 3.1 Pro"="0" [X]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-01-03 9210400]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 150552]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 173592]

"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-20 583016]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R3 ADASPROT;SYSTWEAKASO;c:\program files\Advanced System Optimizer 3\adasprot32.sys [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]

S2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2009-04-22 110304]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2012-01-03 87968]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

hpdevmgmt REG_MULTI_SZ hpqcxs08

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-16 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 06:11]

.

2012-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-16 05:16]

.

2012-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-16 05:16]

.

2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4031169062-1864207035-1914167420-1000Core.job

- c:\users\aaron's\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-25 18:57]

.

2012-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4031169062-1864207035-1914167420-1000UA.job

- c:\users\aaron's\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-25 18:57]

.

.

------- Supplementary Scan -------

.

mStart Page = about:blank

uInternet Settings,ProxyOverride = <local>;*.local

uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch

IE: &Clean Traces

IE: &Download with &DAP

IE: Download &all with DAP

IE: Download all by YouTube Robot

IE: Download by YouTube Robot

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

Trusted Zone: adobe.com\kb2

TCP: DhcpNameServer = 192.168.0.1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-06-15 18:55

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\SetID\Internal]

@Denied: (A 2) (LocalSystem)

"DEVICE2"="vaaur8rPygA="

"DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"1106312873\" expireTime=\"1309830893\" productStatus=\"1\" obSize=\"2\" InstallTS=\"1289332796\" isSubsc=\"0\" authStat_ts=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"1\" moduleId1=\"7\" moduleId2=\"10\" relType=\"1\" />"

.

[HKEY_USERS\S-1-5-21-4031169062-1864207035-1914167420-1000\Software\SecuROM\License information*]

"datasecu"=hex:a2,07,db,f1,87,7b,e6,76,34,33,d8,56,f0,9d,a6,d8,bd,40,00,1e,dc,

22,28,34,9f,c8,10,46,ac,39,d7,ef,93,1a,1e,bb,4f,4c,cf,2c,0b,8c,b0,fd,de,f0,\

"rkeysecu"=hex:2e,94,cc,97,cf,8d,95,62,3d,19,af,1e,26,41,cb,4b

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\windows\system32\conime.exe

c:\program files\Windows Media Player\wmplayer.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Completion time: 2012-06-15 19:07:31 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-16 01:06

ComboFix2.txt 2012-06-15 22:04

ComboFix3.txt 2012-06-01 20:32

.

Pre-Run: 33,004,048,384 bytes free

Post-Run: 32,960,122,880 bytes free

.

- - End Of File - - A39907D264EED9841A682FD7505CFCCD

[LDTate]

That didn't work. Try it this way.

Let me know if you see: One file copied.

Go to Start->Run, copy / paste

copy C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys c:\windows\system32\drivers\netbt.sys

Enter

[mexicano2232]

I get a window that says "Windows cannot find 'copy'. Make sure you typed the name correctly and then try again."

[mexicano2232]

oh do I not copy and paste the word "copy" ?

[mexicano2232]

Oh. I'll just copy/paste C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys c:\windows\system32\drivers\netbt.sys

[mexicano2232]

It says " You are attempting to open a file of type 'System File' (.sys)" then I click on "open with" then it says windows cannot open this file. and to Use the web service to find the correct program or to select a program from a list of installed programs

[LDTate]

Give this a try and see if it solves the problem..........

Go to Start>Run and copy/paste in one at a time, tapping enter after each one.

wait a few seconds, then click on OK

regsvr32 c:\windows\system32\wuaueng.dll

regsvr32 c:\windows\system32\vbscript.dll

regsvr32 c:\windows\system32\mshtml.dll

regsvr32 c:\windows\system32\msjava.dll

regsvr32 c:\windows\system32\jscript.dll

regsvr32 c:\windows\system32\msxml.dll

regsvr32 c:\windows\system32\actxprxy.dll

regsvr32 c:\windows\system32\shdocvw.dll

Try Windows updates

====================================

If that didn't work:

Issues with getting Windows Updates.

Microsoft Help and Support worldwide. Go to this page and choose your region from the box in the upper right corner: http://support.microsoft.com/?pr=SecurityHome

[mexicano2232]

all failed except for the 2nd one

[mexicano2232]

the updates did install though

[mexicano2232]

nevermind. they did not install. it said that they did, but i refreshed windows update and they did not install

[mexicano2232]

i refreshed windows and it said they need to be installed so i clicked on install and i get the same error message