Jump to content

IEXPLORE.EXE virus


Recommended Posts

Here are the log files from the first Recovery Scan Tool log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-05-2014
Ran by Dad (administrator) on OWNER-2E10CF6CF on 22-05-2014 11:57:39
Running from C:\Documents and Settings\Dad\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\WINDOWS\SYSTEM32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Intel Corporation) C:\WINDOWS\SYSTEM32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [413696 2008-09-06] (Apple Inc.)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [sDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [RunNarrator] - C:\WINDOWS\system32\Narrator.exe [53760 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-746137067-1214440339-839522115-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-746137067-1214440339-839522115-1004\...\Run: [Google Update*] => [X] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKU\S-1-5-21-746137067-1214440339-839522115-501\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [413696 2008-09-06] (Apple Inc.)
HKU\S-1-5-21-746137067-1214440339-839522115-501\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sportsfanshop.com/
SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKCU - {96C0682E-66D2-438B-A0A5-1E8802E2E473} URL = http://websearch.shopathome.com?user_id={97E3B1B9-6E27-495D-A792-E76B9CE4FA58}&q={searchTerms}
SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://search.avg.com/route/?d=4cc6d283&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} http://mail.harcros.com/dwa8W.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\n3i8mlbi.default
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: about:home
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @movenetworks.com/Quantum Media Player - C:\Documents and Settings\Dad\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @movenetworks.com/Quantum Media Player - C:\Documents and Settings\Dad\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\n3i8mlbi.default\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\n3i8mlbi.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009-10-08]
FF Extension: Video Downloader - C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\n3i8mlbi.default\Extensions\pyhpklbwhj@pyhpklbwhj.org.xpi [2004-08-04]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKCU\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Documents and Settings\Dad\Application Data\Move Networks
FF Extension: Move Media Player - C:\Documents and Settings\Dad\Application Data\Move Networks [2009-04-28]

Chrome:
=======
CHR HomePage: hxxp://mysearch.avg.com?cid={69506FDF-F663-40B7-A078-91B7DC45D646}&mid=055cbb5343a83d37928e2ae597f881e3-5059be6e24fcd37b0dee855a7bdc721c72820c16〈=en&ds=AVG&coid=&cmpid=&pr=fr&d=2013-08-26 19:05:46&v=18.1.5.512&pid=safeguard&sg=0&sap=hp
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.97\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Move Streaming Media Player) - C:\Documents and Settings\Dad\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
CHR Plugin: (Google Update) - C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Entanglement) - C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-04-08]
CHR Extension: (Poppit) - C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-04-08]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [116040 2008-10-01] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182184 2013-09-05] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 *etadpug; "C:\Program Files\Google\Desktop\Install\{51a43956-5e61-1513-945f-f933a118996f}\   \   \???\{51a43956-5e61-1513-945f-f933a118996f}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [123160 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [199960 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [150296 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22296 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [193304 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [238872 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [108312 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [28440 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [211224 2014-03-31] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-22] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-22 11:57 - 2014-05-22 11:58 - 00016804 _____ () C:\Documents and Settings\Dad\Desktop\FRST.txt
2014-05-22 11:57 - 2014-05-22 11:57 - 00000000 ____D () C:\FRST
2014-05-22 11:48 - 2014-05-22 11:48 - 01056768 _____ (Farbar) C:\Documents and Settings\Dad\Desktop\FRST.exe
2014-05-17 15:23 - 2014-05-17 15:23 - 00000060 _____ () C:\WINDOWS\setupact.log
2014-05-17 15:23 - 2014-05-17 15:23 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-17 14:53 - 2014-05-17 14:55 - 00003650 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-05-17 13:47 - 2014-05-17 13:48 - 00555216 _____ () C:\Documents and Settings\Dad\My Documents\cc_20140517_134720.reg
2014-05-16 14:58 - 2014-05-22 11:35 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 14:57 - 2014-05-16 14:57 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-16 14:57 - 2014-05-16 14:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-16 14:56 - 2014-05-16 19:04 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-16 14:56 - 2014-04-03 09:51 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-15 16:24 - 2014-05-15 16:24 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-05-15 16:24 - 2014-05-15 16:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-05-15 09:34 - 2014-05-15 09:34 - 00000128 _____ () C:\WINDOWS\wininit.ini
2014-05-14 16:01 - 2014-05-15 16:28 - 00000000 ____D () C:\Documents and Settings\Dad\Application Data\Biowxa
2014-05-14 15:58 - 2014-05-15 16:51 - 00000000 ____D () C:\Documents and Settings\Dad\Application Data\Oqysazz
2014-05-09 14:51 - 2014-05-09 14:51 - 00000754 _____ () C:\WINDOWS\WORDPAD.INI
2014-05-07 14:14 - 2014-05-07 14:14 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-05-07 13:03 - 2014-05-22 10:48 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-05-07 13:03 - 2014-05-07 13:03 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-05-07 13:03 - 2014-05-07 13:03 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-05-07 13:01 - 2014-05-07 14:11 - 00065536 _____ () C:\WINDOWS\system32\config\Spybot -.evt
2014-05-07 13:01 - 2014-05-07 13:01 - 00001842 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-05-07 13:01 - 2014-05-07 13:01 - 00001836 _____ () C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2014-05-07 13:01 - 2014-05-07 13:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2014-05-07 13:00 - 2014-05-12 09:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-05-07 13:00 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2014-05-07 12:59 - 2014-05-07 13:11 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-05-07 08:55 - 2014-03-12 05:48 - 00993280 _____ (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\uklaxts.dll
2014-05-06 17:42 - 2014-05-14 16:53 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat

==================== One Month Modified Files and Folders =======

2014-05-22 11:58 - 2014-05-22 11:57 - 00016804 _____ () C:\Documents and Settings\Dad\Desktop\FRST.txt
2014-05-22 11:57 - 2014-05-22 11:57 - 00000000 ____D () C:\FRST
2014-05-22 11:48 - 2014-05-22 11:48 - 01056768 _____ (Farbar) C:\Documents and Settings\Dad\Desktop\FRST.exe
2014-05-22 11:36 - 2014-02-22 14:20 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-22 11:35 - 2014-05-16 14:58 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-22 11:33 - 2008-05-27 16:34 - 01821651 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-22 11:33 - 2004-08-04 07:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-05-22 10:52 - 2013-08-14 14:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-05-22 10:48 - 2014-05-07 13:03 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-05-22 10:48 - 2008-05-27 11:25 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-05-22 10:48 - 2008-05-27 11:25 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-05-22 10:46 - 2014-03-27 08:38 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-05-22 10:46 - 2014-02-22 14:20 - 00000876 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-22 10:46 - 2008-05-27 16:42 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-21 16:58 - 2009-01-14 00:32 - 00000178 ___SH () C:\Documents and Settings\Dad\ntuser.ini
2014-05-21 16:58 - 2008-05-27 16:42 - 00032606 _____ () C:\WINDOWS\SchedLgU.Txt
2014-05-21 16:43 - 2004-08-20 11:21 - 00000211 ___SH () C:\boot.ini
2014-05-21 16:43 - 2004-08-04 07:00 - 00000477 _____ () C:\WINDOWS\win.ini
2014-05-21 16:43 - 2004-08-04 07:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-05-21 16:36 - 2008-05-27 16:33 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-05-21 15:58 - 2012-11-20 11:28 - 00001776 ____H () C:\Documents and Settings\Dad\My Documents\Default.rdp
2014-05-17 15:23 - 2014-05-17 15:23 - 00000060 _____ () C:\WINDOWS\setupact.log
2014-05-17 15:23 - 2014-05-17 15:23 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-17 15:02 - 2013-08-14 21:17 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-17 14:57 - 2008-06-08 20:14 - 90547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-17 14:55 - 2014-05-17 14:53 - 00003650 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-05-17 14:20 - 2012-10-25 03:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2749655$
2014-05-17 13:48 - 2014-05-17 13:47 - 00555216 _____ () C:\Documents and Settings\Dad\My Documents\cc_20140517_134720.reg
2014-05-17 13:46 - 2009-01-14 00:32 - 00000000 ____D () C:\Documents and Settings\Dad
2014-05-17 11:13 - 2008-09-23 19:11 - 00000000 ____D () C:\WINDOWS\l2schemas
2014-05-17 09:06 - 2008-06-08 20:18 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB915865$
2014-05-16 19:05 - 2009-01-01 21:34 - 00004526 _____ () C:\WINDOWS\system32\PerfStringBackup.TMP
2014-05-16 19:04 - 2014-05-16 14:56 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-16 14:57 - 2014-05-16 14:57 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-16 14:57 - 2014-05-16 14:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-16 14:57 - 2013-01-29 17:30 - 00000000 ____D () C:\Documents and Settings\Dad\Application Data\Malwarebytes
2014-05-16 14:56 - 2008-11-11 16:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-05-15 16:51 - 2014-05-14 15:58 - 00000000 ____D () C:\Documents and Settings\Dad\Application Data\Oqysazz
2014-05-15 16:28 - 2014-05-14 16:01 - 00000000 ____D () C:\Documents and Settings\Dad\Application Data\Biowxa
2014-05-15 16:28 - 2013-10-09 09:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-05-15 16:24 - 2014-05-15 16:24 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-05-15 16:24 - 2014-05-15 16:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-05-15 16:23 - 2013-08-14 14:56 - 00000000 ___HD () C:\$AVG
2014-05-15 14:41 - 2012-10-24 14:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-05-15 14:41 - 2008-10-24 12:00 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2014-05-15 14:40 - 2012-10-24 14:21 - 00000000 ____D () C:\Documents and Settings\Dad\Application Data\Skype
2014-05-15 13:52 - 2013-10-10 21:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862335$
2014-05-15 09:34 - 2014-05-15 09:34 - 00000128 _____ () C:\WINDOWS\wininit.ini
2014-05-14 16:53 - 2014-05-06 17:42 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-05-12 09:49 - 2014-05-07 13:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-05-09 14:51 - 2014-05-09 14:51 - 00000754 _____ () C:\WINDOWS\WORDPAD.INI
2014-05-09 12:18 - 2013-10-09 09:17 - 00000000 ____D () C:\Documents and Settings\Dad\Local Settings\Application Data\Avg2014
2014-05-08 14:02 - 2013-08-15 16:38 - 00000000 ____D () C:\WINDOWS\system32\cache
2014-05-07 14:14 - 2014-05-07 14:14 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-05-07 14:11 - 2014-05-07 13:01 - 00065536 _____ () C:\WINDOWS\system32\config\Spybot -.evt
2014-05-07 13:11 - 2014-05-07 12:59 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-05-07 13:03 - 2014-05-07 13:03 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-05-07 13:03 - 2014-05-07 13:03 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-05-07 13:01 - 2014-05-07 13:01 - 00001842 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-05-07 13:01 - 2014-05-07 13:01 - 00001836 _____ () C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2014-05-07 13:01 - 2014-05-07 13:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2014-05-03 09:14 - 2009-12-24 04:01 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-04-30 03:13 - 2004-08-04 07:00 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-04-30 03:13 - 2004-08-04 07:00 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
ZeroAccess:
C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install

Some content of TEMP:
====================
C:\Documents and Settings\Guest\Local Settings\Temp\tbbabylon.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

And from the additional Farbar Recovery Scan Tool

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-05-2014
Ran by Dad at 2014-05-22 11:59:25
Running from C:\Documents and Settings\Dad\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

123Scan (HKLM\...\{F11A6BF4-4669-44EA-8EE8-6162F62ACDC8}) (Version: 1.03.00 - Symbol Technologies)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (Version: 8.1.2 - Adobe Systems, Inc) Hidden
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 Security Update 1 (KB403742) (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81200000003}_Adobe Reader 8.1.2) (Version:  - )
Apple Mobile Device Support (HKLM\...\{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}) (Version: 2.1.1.13 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4577 - AVG Technologies)
AVG 2014 (Version: 14.0.3950 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4577 - AVG Technologies) Hidden
Belkin F7D1101 Basic Wireless USB Adapter (HKLM\...\InstallShield_{AFD89880-C544-4777-B645-FBF6D3391B11}) (Version: 1.0.0.4 - Belkin)
Belkin F7D1101 Basic Wireless USB Adapter (Version: 1.0.0.4 - Belkin) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
Google Chrome (HKCU\...\Google Chrome) (Version: 28.0.1500.72 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Intel® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version:  - )
Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Move Media Player (HKCU\...\Move Media Player) (Version:  - Move Networks)
Mozilla Firefox (3.5.15) (HKLM\...\Mozilla Firefox (3.5.15)) (Version: 3.5.15 (en-GB) - Mozilla)
MSN (HKLM\...\MSNINST) (Version:  - )
Poker Clock (HKLM\...\{B42362C5-4EA8-4261-9B85-071AC05F12D4}) (Version: 1.00.0000 - www.poker-clock.com)
QuickTime (HKLM\...\{8DC42D05-680B-41B0-8878-6C14D24602DB}) (Version: 7.55.90.70 - Apple Inc.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)

==================== Restore Points  =========================

==================== Hosts content: ==========================

2004-08-04 07:00 - 2004-08-04 07:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) =============

2014-05-07 13:00 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-05-07 13:00 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2004-08-04 07:00 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 07:00 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-05-07 13:00 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/17/2014 09:11:18 AM) (Source: SecurityCenter) (EventID: 1802) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Error: (05/17/2014 09:11:18 AM) (Source: WinMgmt) (EventID: 27) (User: )
Description: WinMgmt could not open the repository file.  This could be due to insufficient security access to the "<%SystemRoot%>\System32\WBEM\Repository", insufficient disk space or insufficient memory.

Error: (05/16/2014 07:05:18 PM) (Source: LoadPerf) (EventID: 3006) (User: )
Description: Unable to read the performance counter strings of the 009 language ID.
The Win32 status returned by the call is the first DWORD in Data section.

Error: (05/16/2014 07:05:14 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Error: (05/07/2014 02:32:00 PM) (Source: MsiInstaller) (EventID: 10005) (User: OWNER-2E10CF6CF)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 27054. CA_Error27054: SetupAction(0xC0070642): Installation failed.

Error: (03/09/2014 11:09:59 AM) (Source: LoadPerf) (EventID: 3006) (User: )
Description: Unable to read the performance counter strings of the 009 language ID.
The Win32 status returned by the call is the first DWORD in Data section.

Error: (03/09/2014 11:09:56 AM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Error: (02/12/2014 10:28:21 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service ASP.NET (ASP.NET) failed. The
Error code is the first DWORD in Data section.

Error: (02/12/2014 10:28:21 PM) (Source: LoadPerf) (EventID: 3006) (User: )
Description: Unable to read the performance counter strings of the 009 language ID.
The Win32 status returned by the call is the first DWORD in Data section.

Error: (02/12/2014 10:28:20 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service aspnet_state (ASP.NET State Service) failed. The
Error code is the first DWORD in Data section.

System errors:
=============
Error: (05/22/2014 10:48:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (05/22/2014 10:48:52 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (05/22/2014 10:48:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (05/22/2014 10:48:52 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (05/21/2014 04:49:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (05/21/2014 04:49:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (05/21/2014 04:49:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (05/21/2014 04:07:54 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (05/21/2014 04:07:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (05/21/2014 04:07:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Microsoft Office Sessions:
=========================
Error: (05/17/2014 09:11:18 AM) (Source: SecurityCenter) (EventID: 1802) (User: )
Description:

Error: (05/17/2014 09:11:18 AM) (Source: WinMgmt) (EventID: 27) (User: )
Description:

Error: (05/16/2014 07:05:18 PM) (Source: LoadPerf) (EventID: 3006) (User: )
Description: 009

Error: (05/16/2014 07:05:14 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl

Error: (05/07/2014 02:32:00 PM) (Source: MsiInstaller) (EventID: 10005) (User: OWNER-2E10CF6CF)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 27054. CA_Error27054: SetupAction(0xC0070642): Installation failed.(NULL)(NULL)(NULL)

Error: (03/09/2014 11:09:59 AM) (Source: LoadPerf) (EventID: 3006) (User: )
Description: 009

Error: (03/09/2014 11:09:56 AM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl

Error: (02/12/2014 10:28:21 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: ASP.NETASP.NET

Error: (02/12/2014 10:28:21 PM) (Source: LoadPerf) (EventID: 3006) (User: )
Description: 009

Error: (02/12/2014 10:28:20 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: aspnet_stateASP.NET State Service

==================== Memory info ===========================

Percentage of memory in use: 72%
Total physical RAM: 1021.88 MB
Available physical RAM: 280.71 MB
Total Pagefile: 1950.09 MB
Available Pagefile: 1193.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1934.91 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:33.71 GB) (Free:18.38 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37 GB) (Disk ID: F52BCF0E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=34 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=4 GB) - (Type=DB)

==================== End Of Log ============================

Link to post
Share on other sites

I have scanned with multiple free tools, including malwarebytes, and they seem clean. But I am sure I still have something. My PC takes forever to boot and before I do anything iexplore.exe has opened and begins using huge amounts of memory and cpu's. I'm having issues with the iexplore.exe virus. There are usually 2-4 instances of iexplore.exe running in my task mngr processes. Sometimes, they close out/terminate only to reappear again in <30 minutes. Although I don't get redirection issues that much anymore (happened a few times in the past 2 days), I am very confident that this virus still remains on my computer.
 

I did a file search for iexplore.exe and found one suspect file called,  IEXPLORE.EXE-2D97EBE6.pf

 

My computer now cannot use "system restore to an earlier point", and will not allow me to boot in safe mode. I need help and am a relative novice navigating around the pc.

 

Any help?

 

Thank you in advance.

 

 

 

Here are the log files from the first Recovery Scan Tool log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-05-2014
Ran by Dad (administrator) on OWNER-2E10CF6CF on 22-05-2014 11:57:39
Running from C:\Documents and Settings\Dad\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\WINDOWS\SYSTEM32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Intel Corporation) C:\WINDOWS\SYSTEM32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [413696 2008-09-06] (Apple Inc.)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [sDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [RunNarrator] - C:\WINDOWS\system32\Narrator.exe [53760 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-746137067-1214440339-839522115-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-746137067-1214440339-839522115-1004\...\Run: [Google Update*] => [X] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKU\S-1-5-21-746137067-1214440339-839522115-501\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [413696 2008-09-06] (Apple Inc.)
HKU\S-1-5-21-746137067-1214440339-839522115-501\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sportsfanshop.com/
SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search...&p={searchTerms}
SearchScopes: HKCU - {96C0682E-66D2-438B-A0A5-1E8802E2E473} URL = http://websearch.sho...&q={searchTerms}
SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://search.avg.co...e}&iy=&ychte=us
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} http://mail.harcros.com/dwa8W.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\n3i8mlbi.default
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: about:home
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @movenetworks.com/Quantum Media Player - C:\Documents and Settings\Dad\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @movenetworks.com/Quantum Media Player - C:\Documents and Settings\Dad\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\n3i8mlbi.default\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\n3i8mlbi.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009-10-08]
FF Extension: Video Downloader - C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\n3i8mlbi.default\Extensions\pyhpklbwhj@pyhpklbwhj.org.xpi [2004-08-04]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKCU\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Documents and Settings\Dad\Application Data\Move Networks
FF Extension: Move Media Player - C:\Documents and Settings\Dad\Application Data\Move Networks [2009-04-28]

Chrome:
=======
CHR HomePage: hxxp://mysearch.avg.com?cid={69506FDF-F663-40B7-A078-91B7DC45D646}&mid=055cbb5343a83d37928e2ae597f881e3-5059be6e24fcd37b0dee855a7bdc721c72820c16〈=en&ds=AVG&coid=&cmpid=&pr=fr&d=2013-08-26 19:05:46&v=18.1.5.512&pid=safeguard&sg=0&sap=hp
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.97\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Move Streaming Media Player) - C:\Documents and Settings\Dad\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
CHR Plugin: (Google Update) - C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Entanglement) - C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-04-08]
CHR Extension: (Poppit) - C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-04-08]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [116040 2008-10-01] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182184 2013-09-05] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 *etadpug; "C:\Program Files\Google\Desktop\Install\{51a43956-5e61-1513-945f-f933a118996f}\   \   \???\{51a43956-5e61-1513-945f-f933a118996f}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [123160 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [199960 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [150296 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22296 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [193304 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [238872 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [108312 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [28440 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [211224 2014-03-31] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-22] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-22 11:57 - 2014-05-22 11:58 - 00016804 _____ () C:\Documents and Settings\Dad\Desktop\FRST.txt
2014-05-22 11:57 - 2014-05-22 11:57 - 00000000 ____D () C:\FRST
2014-05-22 11:48 - 2014-05-22 11:48 - 01056768 _____ (Farbar) C:\Documents and Settings\Dad\Desktop\FRST.exe
2014-05-17 15:23 - 2014-05-17 15:23 - 00000060 _____ () C:\WINDOWS\setupact.log
2014-05-17 15:23 - 2014-05-17 15:23 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-17 14:53 - 2014-05-17 14:55 - 00003650 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-05-17 13:47 - 2014-05-17 13:48 - 00555216 _____ () C:\Documents and Settings\Dad\My Documents\cc_20140517_134720.reg
2014-05-16 14:58 - 2014-05-22 11:35 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 14:57 - 2014-05-16 14:57 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-16 14:57 - 2014-05-16 14:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-16 14:56 - 2014-05-16 19:04 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-16 14:56 - 2014-04-03 09:51 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-15 16:24 - 2014-05-15 16:24 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-05-15 16:24 - 2014-05-15 16:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-05-15 09:34 - 2014-05-15 09:34 - 00000128 _____ () C:\WINDOWS\wininit.ini
2014-05-14 16:01 - 2014-05-15 16:28 - 00000000 ____D () C:\Documents and Settings\Dad\Application Data\Biowxa
2014-05-14 15:58 - 2014-05-15 16:51 - 00000000 ____D () C:\Documents and Settings\Dad\Application Data\Oqysazz
2014-05-09 14:51 - 2014-05-09 14:51 - 00000754 _____ () C:\WINDOWS\WORDPAD.INI
2014-05-07 14:14 - 2014-05-07 14:14 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-05-07 13:03 - 2014-05-22 10:48 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-05-07 13:03 - 2014-05-07 13:03 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-05-07 13:03 - 2014-05-07 13:03 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-05-07 13:01 - 2014-05-07 14:11 - 00065536 _____ () C:\WINDOWS\system32\config\Spybot -.evt
2014-05-07 13:01 - 2014-05-07 13:01 - 00001842 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-05-07 13:01 - 2014-05-07 13:01 - 00001836 _____ () C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2014-05-07 13:01 - 2014-05-07 13:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2014-05-07 13:00 - 2014-05-12 09:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-05-07 13:00 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2014-05-07 12:59 - 2014-05-07 13:11 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-05-07 08:55 - 2014-03-12 05:48 - 00993280 _____ (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\uklaxts.dll
2014-05-06 17:42 - 2014-05-14 16:53 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat

==================== One Month Modified Files and Folders =======

2014-05-22 11:58 - 2014-05-22 11:57 - 00016804 _____ () C:\Documents and Settings\Dad\Desktop\FRST.txt
2014-05-22 11:57 - 2014-05-22 11:57 - 00000000 ____D () C:\FRST
2014-05-22 11:48 - 2014-05-22 11:48 - 01056768 _____ (Farbar) C:\Documents and Settings\Dad\Desktop\FRST.exe
2014-05-22 11:36 - 2014-02-22 14:20 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-22 11:35 - 2014-05-16 14:58 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-22 11:33 - 2008-05-27 16:34 - 01821651 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-22 11:33 - 2004-08-04 07:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-05-22 10:52 - 2013-08-14 14:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-05-22 10:48 - 2014-05-07 13:03 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-05-22 10:48 - 2008-05-27 11:25 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-05-22 10:48 - 2008-05-27 11:25 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-05-22 10:46 - 2014-03-27 08:38 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-05-22 10:46 - 2014-02-22 14:20 - 00000876 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-22 10:46 - 2008-05-27 16:42 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-21 16:58 - 2009-01-14 00:32 - 00000178 ___SH () C:\Documents and Settings\Dad\ntuser.ini
2014-05-21 16:58 - 2008-05-27 16:42 - 00032606 _____ () C:\WINDOWS\SchedLgU.Txt
2014-05-21 16:43 - 2004-08-20 11:21 - 00000211 ___SH () C:\boot.ini
2014-05-21 16:43 - 2004-08-04 07:00 - 00000477 _____ () C:\WINDOWS\win.ini
2014-05-21 16:43 - 2004-08-04 07:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-05-21 16:36 - 2008-05-27 16:33 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-05-21 15:58 - 2012-11-20 11:28 - 00001776 ____H () C:\Documents and Settings\Dad\My Documents\Default.rdp
2014-05-17 15:23 - 2014-05-17 15:23 - 00000060 _____ () C:\WINDOWS\setupact.log
2014-05-17 15:23 - 2014-05-17 15:23 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-17 15:02 - 2013-08-14 21:17 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-17 14:57 - 2008-06-08 20:14 - 90547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-17 14:55 - 2014-05-17 14:53 - 00003650 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-05-17 14:20 - 2012-10-25 03:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2749655$
2014-05-17 13:48 - 2014-05-17 13:47 - 00555216 _____ () C:\Documents and Settings\Dad\My Documents\cc_20140517_134720.reg
2014-05-17 13:46 - 2009-01-14 00:32 - 00000000 ____D () C:\Documents and Settings\Dad
2014-05-17 11:13 - 2008-09-23 19:11 - 00000000 ____D () C:\WINDOWS\l2schemas
2014-05-17 09:06 - 2008-06-08 20:18 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB915865$
2014-05-16 19:05 - 2009-01-01 21:34 - 00004526 _____ () C:\WINDOWS\system32\PerfStringBackup.TMP
2014-05-16 19:04 - 2014-05-16 14:56 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-16 14:57 - 2014-05-16 14:57 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-16 14:57 - 2014-05-16 14:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-16 14:57 - 2013-01-29 17:30 - 00000000 ____D () C:\Documents and Settings\Dad\Application Data\Malwarebytes
2014-05-16 14:56 - 2008-11-11 16:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-05-15 16:51 - 2014-05-14 15:58 - 00000000 ____D () C:\Documents and Settings\Dad\Application Data\Oqysazz
2014-05-15 16:28 - 2014-05-14 16:01 - 00000000 ____D () C:\Documents and Settings\Dad\Application Data\Biowxa
2014-05-15 16:28 - 2013-10-09 09:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-05-15 16:24 - 2014-05-15 16:24 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-05-15 16:24 - 2014-05-15 16:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-05-15 16:23 - 2013-08-14 14:56 - 00000000 ___HD () C:\$AVG
2014-05-15 14:41 - 2012-10-24 14:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-05-15 14:41 - 2008-10-24 12:00 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2014-05-15 14:40 - 2012-10-24 14:21 - 00000000 ____D () C:\Documents and Settings\Dad\Application Data\Skype
2014-05-15 13:52 - 2013-10-10 21:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862335$
2014-05-15 09:34 - 2014-05-15 09:34 - 00000128 _____ () C:\WINDOWS\wininit.ini
2014-05-14 16:53 - 2014-05-06 17:42 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-05-12 09:49 - 2014-05-07 13:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-05-09 14:51 - 2014-05-09 14:51 - 00000754 _____ () C:\WINDOWS\WORDPAD.INI
2014-05-09 12:18 - 2013-10-09 09:17 - 00000000 ____D () C:\Documents and Settings\Dad\Local Settings\Application Data\Avg2014
2014-05-08 14:02 - 2013-08-15 16:38 - 00000000 ____D () C:\WINDOWS\system32\cache
2014-05-07 14:14 - 2014-05-07 14:14 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-05-07 14:11 - 2014-05-07 13:01 - 00065536 _____ () C:\WINDOWS\system32\config\Spybot -.evt
2014-05-07 13:11 - 2014-05-07 12:59 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-05-07 13:03 - 2014-05-07 13:03 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-05-07 13:03 - 2014-05-07 13:03 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-05-07 13:01 - 2014-05-07 13:01 - 00001842 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-05-07 13:01 - 2014-05-07 13:01 - 00001836 _____ () C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2014-05-07 13:01 - 2014-05-07 13:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2014-05-03 09:14 - 2009-12-24 04:01 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-04-30 03:13 - 2004-08-04 07:00 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-04-30 03:13 - 2004-08-04 07:00 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
ZeroAccess:
C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install

Some content of TEMP:
====================
C:\Documents and Settings\Guest\Local Settings\Temp\tbbabylon.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

And from the additional Farbar Recovery Scan Tool

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-05-2014
Ran by Dad at 2014-05-22 11:59:25
Running from C:\Documents and Settings\Dad\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

123Scan (HKLM\...\{F11A6BF4-4669-44EA-8EE8-6162F62ACDC8}) (Version: 1.03.00 - Symbol Technologies)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (Version: 8.1.2 - Adobe Systems, Inc) Hidden
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 Security Update 1 (KB403742) (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81200000003}_Adobe Reader 8.1.2) (Version:  - )
Apple Mobile Device Support (HKLM\...\{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}) (Version: 2.1.1.13 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4577 - AVG Technologies)
AVG 2014 (Version: 14.0.3950 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4577 - AVG Technologies) Hidden
Belkin F7D1101 Basic Wireless USB Adapter (HKLM\...\InstallShield_{AFD89880-C544-4777-B645-FBF6D3391B11}) (Version: 1.0.0.4 - Belkin)
Belkin F7D1101 Basic Wireless USB Adapter (Version: 1.0.0.4 - Belkin) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
Google Chrome (HKCU\...\Google Chrome) (Version: 28.0.1500.72 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Intel® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version:  - )
Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Move Media Player (HKCU\...\Move Media Player) (Version:  - Move Networks)
Mozilla Firefox (3.5.15) (HKLM\...\Mozilla Firefox (3.5.15)) (Version: 3.5.15 (en-GB) - Mozilla)
MSN (HKLM\...\MSNINST) (Version:  - )
Poker Clock (HKLM\...\{B42362C5-4EA8-4261-9B85-071AC05F12D4}) (Version: 1.00.0000 - www.poker-clock.com)
QuickTime (HKLM\...\{8DC42D05-680B-41B0-8878-6C14D24602DB}) (Version: 7.55.90.70 - Apple Inc.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)

==================== Restore Points  =========================

==================== Hosts content: ==========================

2004-08-04 07:00 - 2004-08-04 07:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) =============

2014-05-07 13:00 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-05-07 13:00 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2004-08-04 07:00 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 07:00 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-05-07 13:00 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/17/2014 09:11:18 AM) (Source: SecurityCenter) (EventID: 1802) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Error: (05/17/2014 09:11:18 AM) (Source: WinMgmt) (EventID: 27) (User: )
Description: WinMgmt could not open the repository file.  This could be due to insufficient security access to the "<%SystemRoot%>\System32\WBEM\Repository", insufficient disk space or insufficient memory.

Error: (05/16/2014 07:05:18 PM) (Source: LoadPerf) (EventID: 3006) (User: )
Description: Unable to read the performance counter strings of the 009 language ID.
The Win32 status returned by the call is the first DWORD in Data section.

Error: (05/16/2014 07:05:14 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Error: (05/07/2014 02:32:00 PM) (Source: MsiInstaller) (EventID: 10005) (User: OWNER-2E10CF6CF)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 27054. CA_Error27054: SetupAction(0xC0070642): Installation failed.

Error: (03/09/2014 11:09:59 AM) (Source: LoadPerf) (EventID: 3006) (User: )
Description: Unable to read the performance counter strings of the 009 language ID.
The Win32 status returned by the call is the first DWORD in Data section.

Error: (03/09/2014 11:09:56 AM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Error: (02/12/2014 10:28:21 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service ASP.NET (ASP.NET) failed. The
Error code is the first DWORD in Data section.

Error: (02/12/2014 10:28:21 PM) (Source: LoadPerf) (EventID: 3006) (User: )
Description: Unable to read the performance counter strings of the 009 language ID.
The Win32 status returned by the call is the first DWORD in Data section.

Error: (02/12/2014 10:28:20 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service aspnet_state (ASP.NET State Service) failed. The
Error code is the first DWORD in Data section.

System errors:
=============
Error: (05/22/2014 10:48:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (05/22/2014 10:48:52 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (05/22/2014 10:48:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (05/22/2014 10:48:52 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (05/21/2014 04:49:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (05/21/2014 04:49:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (05/21/2014 04:49:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (05/21/2014 04:07:54 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (05/21/2014 04:07:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (05/21/2014 04:07:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Microsoft Office Sessions:
=========================
Error: (05/17/2014 09:11:18 AM) (Source: SecurityCenter) (EventID: 1802) (User: )
Description:

Error: (05/17/2014 09:11:18 AM) (Source: WinMgmt) (EventID: 27) (User: )
Description:

Error: (05/16/2014 07:05:18 PM) (Source: LoadPerf) (EventID: 3006) (User: )
Description: 009

Error: (05/16/2014 07:05:14 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl

Error: (05/07/2014 02:32:00 PM) (Source: MsiInstaller) (EventID: 10005) (User: OWNER-2E10CF6CF)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 27054. CA_Error27054: SetupAction(0xC0070642): Installation failed.(NULL)(NULL)(NULL)

Error: (03/09/2014 11:09:59 AM) (Source: LoadPerf) (EventID: 3006) (User: )
Description: 009

Error: (03/09/2014 11:09:56 AM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl

Error: (02/12/2014 10:28:21 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: ASP.NETASP.NET

Error: (02/12/2014 10:28:21 PM) (Source: LoadPerf) (EventID: 3006) (User: )
Description: 009

Error: (02/12/2014 10:28:20 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: aspnet_stateASP.NET State Service

==================== Memory info ===========================

Percentage of memory in use: 72%
Total physical RAM: 1021.88 MB
Available physical RAM: 280.71 MB
Total Pagefile: 1950.09 MB
Available Pagefile: 1193.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1934.91 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:33.71 GB) (Free:18.38 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37 GB) (Disk ID: F52BCF0E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=34 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=4 GB) - (Type=DB)

==================== End Of Log ============================

 

 

 

Link to post
Share on other sites

It looks like you have a good amount of bad software in there. I would boot the computer into safe mode (restart pc and keep pressing f8 key until you see the option) and run MBAM. Also maybe Adwcleaner. You might need a rootkit remover as well. You can get these tools at bleepingcomputer.com. It is a great hive of pc troubleshooters and tools to use.

 

I am new to this sort of thing aswell so I would get more feedback( from the people here) than just mine before going wild on the pc and running programs. Best of luck.

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please attach this file to your next reply.

Link to post
Share on other sites

Thank you so much for responding and aiding me with this problem. I will follow your directions as completly as I can and will let you know if there is any directions I do not understand. Since I have developed this problem my PC is very slow so some of these procedures may take a minute or so. I will run these scans and post them in a short while.

Thank you again for helping me.

 

Cort

Link to post
Share on other sites

Here are the results of the Gmer rootkit scanner

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-05-23 11:08:20
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST340014A rev.8.16 37.25GB
Running: 8om2cyw9.exe; Driver: C:\DOCUME~1\Dad\LOCALS~1\Temp\kflcrfow.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                      ZwNotifyChangeKey [0xF571C6E0]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                      ZwNotifyChangeMultipleKeys [0xF571C800]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                      ZwOpenProcess [0xF571C010]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                      ZwOpenThread [0xF571C4D0]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                      ZwSuspendProcess [0xF571C300]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                      ZwSuspendThread [0xF571C3E0]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                      ZwTerminateProcess [0xF571C120]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                      ZwTerminateThread [0xF571C210]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                      ZwWriteVirtualMemory [0xF571C5E0]

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\Tcpip \Device\Ip                                          avgtdix.sys
AttachedDevice  \Driver\Tcpip \Device\Tcp                                         avgtdix.sys

Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                       ntoskrnl.exe
Device          \Driver\atapi \Device\Ide\IdePort0                                ntoskrnl.exe
Device          \Driver\atapi \Device\Ide\IdePort1                                ntoskrnl.exe
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e                       ntoskrnl.exe

AttachedDevice  \Driver\Tcpip \Device\Udp                                         avgtdix.sys
AttachedDevice  \Driver\Tcpip \Device\RawIp                                       avgtdix.sys
AttachedDevice  \FileSystem\Fastfat \Fat                                          fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\                           
Reg             HKLM\SYSTEM\CurrentControlSet\Services\@Parameters\0\x202e\x2764  192
Reg             HKLM\SYSTEM\ControlSet003\Services\ (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet003\Services\@Parameters\0\x202e\x2764      192

---- EOF - GMER 2.1 ----
 

Link to post
Share on other sites

Here is the log for the TDSS-Killer

 

11:20:31.0480 0x0818  TDSS rootkit removing tool 3.0.0.35 May 23 2014 07:32:03
11:21:21.0449 0x0818  ============================================================
11:21:21.0449 0x0818  Current date / time: 2014/05/23 11:21:21.0449
11:21:21.0449 0x0818  SystemInfo:
11:21:21.0449 0x0818  
11:21:21.0449 0x0818  OS Version: 5.1.2600 ServicePack: 3.0
11:21:21.0449 0x0818  Product type: Workstation
11:21:21.0449 0x0818  ComputerName: OWNER-2E10CF6CF
11:21:21.0449 0x0818  UserName: Dad
11:21:21.0449 0x0818  Windows directory: C:\WINDOWS
11:21:21.0449 0x0818  System windows directory: C:\WINDOWS
11:21:21.0449 0x0818  Processor architecture: Intel x86
11:21:21.0449 0x0818  Number of processors: 1
11:21:21.0449 0x0818  Page size: 0x1000
11:21:21.0449 0x0818  Boot type: Normal boot
11:21:21.0449 0x0818  ============================================================
11:21:27.0589 0x0818  KLMD registered as C:\WINDOWS\system32\drivers\56632559.sys
11:21:29.0058 0x0818  System UUID: {A487A299-1EA6-A733-A194-719BA8127F47}
11:21:35.0714 0x0818  Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:21:35.0730 0x0818  ============================================================
11:21:35.0730 0x0818  \Device\Harddisk0\DR0:
11:21:35.0730 0x0818  MBR partitions:
11:21:35.0730 0x0818  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x4369530
11:21:35.0730 0x0818  ============================================================
11:21:35.0949 0x0818  C: <-> \Device\Harddisk0\DR0\Partition1
11:21:35.0949 0x0818  ============================================================
11:21:35.0949 0x0818  Initialize success
11:21:35.0949 0x0818  ============================================================
11:22:06.0980 0x0f7c  ============================================================
11:22:06.0980 0x0f7c  Scan started
11:22:06.0980 0x0f7c  Mode: Manual;
11:22:06.0980 0x0f7c  ============================================================
11:22:06.0980 0x0f7c  KSN ping started
11:22:09.0121 0x0f7c  KSN ping finished: false
11:22:09.0621 0x0f7c  ================ Scan system memory ========================
11:22:09.0621 0x0f7c  System memory - ok
11:22:09.0621 0x0f7c  ================ Scan services =============================
11:22:12.0605 0x0f7c  Abiosdsk - ok
11:22:12.0621 0x0f7c  abp480n5 - ok
11:22:13.0105 0x0f7c  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:22:13.0168 0x0f7c  ACPI - ok
11:22:14.0011 0x0f7c  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
11:22:14.0027 0x0f7c  ACPIEC - ok
11:22:14.0027 0x0f7c  adpu160m - ok
11:22:14.0089 0x0f7c  [ 11C04B17ED2ABBB4833694BCD644AC90, 4F50E672B8C1CA951EF1E01E969C73968BDB656889849859881333ECD3751A24 ] aeaudio         C:\WINDOWS\system32\drivers\aeaudio.sys
11:22:14.0121 0x0f7c  aeaudio - ok
11:22:14.0214 0x0f7c  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
11:22:14.0277 0x0f7c  aec - ok
11:22:14.0605 0x0f7c  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
11:22:14.0683 0x0f7c  AFD - ok
11:22:14.0699 0x0f7c  Aha154x - ok
11:22:14.0699 0x0f7c  aic78u2 - ok
11:22:14.0714 0x0f7c  aic78xx - ok
11:22:14.0761 0x0f7c  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
11:22:14.0793 0x0f7c  Alerter - ok
11:22:15.0168 0x0f7c  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
11:22:15.0183 0x0f7c  ALG - ok
11:22:15.0214 0x0f7c  AliIde - ok
11:22:15.0230 0x0f7c  amsint - ok
11:22:15.0746 0x0f7c  [ B8E865D24F2753A35CC2A9A6A3CE1AD4, 07DF2B19F55F87B2038DA2D60B13062AC8E67F0B0D5028ABDBDFEF17209E54D6 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
11:22:15.0793 0x0f7c  Apple Mobile Device - ok
11:22:15.0949 0x0f7c  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
11:22:16.0058 0x0f7c  AppMgmt - ok
11:22:16.0074 0x0f7c  asc - ok
11:22:16.0074 0x0f7c  asc3350p - ok
11:22:16.0089 0x0f7c  asc3550 - ok
11:22:16.0949 0x0f7c  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:22:17.0261 0x0f7c  aspnet_state - ok
11:22:17.0558 0x0f7c  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:22:17.0574 0x0f7c  AsyncMac - ok
11:22:18.0058 0x0f7c  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
11:22:18.0058 0x0f7c  atapi - ok
11:22:18.0058 0x0f7c  Atdisk - ok
11:22:18.0527 0x0f7c  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:22:18.0543 0x0f7c  Atmarpc - ok
11:22:18.0605 0x0f7c  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
11:22:18.0636 0x0f7c  AudioSrv - ok
11:22:18.0949 0x0f7c  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
11:22:18.0949 0x0f7c  audstub - ok
11:22:19.0058 0x0f7c  [ 4F5490453284A641F159FF7AE6E0D736, E19F26462273D6E98F1C154695E2670DCF963BACAFD90B7EF0EF1DBB38264A7B ] Avgdiskx        C:\WINDOWS\system32\DRIVERS\avgdiskx.sys
11:22:19.0105 0x0f7c  Avgdiskx - ok
11:22:21.0746 0x0f7c  [ 792C8CDADE8C92629752E56A03F0FF1C, A39B6913402DB3A1CBD51E54C0C84434E14DC57B2F7E5CA7C58EBC2B21B7BBAB ] AVGIDSAgent     C:\Program Files\AVG\AVG2014\avgidsagent.exe
11:22:23.0339 0x0f7c  AVGIDSAgent - ok
11:22:23.0464 0x0f7c  [ 55F5A838BC67DD9A8B49D4B9E850E0C8, CA1C0E4FC070BE2794CC4EEF15A3548F56BEA5837F63B9C893FE273E8BB8BB84 ] AVGIDSDriver    C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
11:22:23.0527 0x0f7c  AVGIDSDriver - ok
11:22:24.0027 0x0f7c  [ FF4297EC210BC9A6BCFEF929694EA88D, 965F7ABD89B4157E9FD47A727C217C8B3170631F974E10684E0B96E8F4660559 ] AVGIDSHX        C:\WINDOWS\system32\DRIVERS\avgidshx.sys
11:22:24.0105 0x0f7c  AVGIDSHX - ok
11:22:24.0136 0x0f7c  [ F3643535D7598B950BC774D8E3D4626D, 0388539CD47132B5729A18D123E40CDC8791FF9B59AF3063BC3F0658E00DCCA5 ] AVGIDSShim      C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
11:22:24.0152 0x0f7c  AVGIDSShim - ok
11:22:24.0605 0x0f7c  [ D0F06211AE2BDD5F2F82279550EED31B, 431C24145B71ADDBBF6C4A44EC6F763F3C53D20614C379254657D04888FE4784 ] Avgldx86        C:\WINDOWS\system32\DRIVERS\avgldx86.sys
11:22:24.0699 0x0f7c  Avgldx86 - ok
11:22:24.0871 0x0f7c  [ 9D663E6EBFAF4E74A61B492A79AAB5A1, F411C248F4A22A6E6C4336CB2FF8386D866A84C5029D276F361B178636603F5B ] Avglogx         C:\WINDOWS\system32\DRIVERS\avglogx.sys
11:22:25.0011 0x0f7c  Avglogx - ok
11:22:25.0121 0x0f7c  [ 5E26854C4FF7368A79C48F01D4388E28, 39DA13AA3D3794378053AC012F88FEC076CFD7A0FACF985C70E8AA861F81554E ] Avgmfx86        C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
11:22:25.0168 0x0f7c  Avgmfx86 - ok
11:22:25.0449 0x0f7c  [ DAC682B3F40824E1E1011A899ED2AF36, 315890594177028C2BB03457C7C2E8A573698F1E7BC4D5A4ACDD195C32D8321E ] Avgrkx86        C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
11:22:25.0480 0x0f7c  Avgrkx86 - ok
11:22:25.0621 0x0f7c  [ CFA067ADD4D1A8D081FF816E817CAF39, BA6EF94A28C760DC7B506896630D60D61FE01C7DD37754823F28CF9236E38907 ] Avgtdix         C:\WINDOWS\system32\DRIVERS\avgtdix.sys
11:22:25.0746 0x0f7c  Avgtdix - ok
11:22:26.0168 0x0f7c  [ DBAEB3D23C653018629A76E53260E122, DF402D83206EDA77818D3B59456240E66C69D307FCC7419354BF363413BC7963 ] avgwd           C:\Program Files\AVG\AVG2014\avgwdsvc.exe
11:22:26.0324 0x0f7c  avgwd - ok
11:22:26.0371 0x0f7c  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
11:22:26.0371 0x0f7c  Beep - ok
11:22:26.0949 0x0f7c  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
11:22:27.0089 0x0f7c  BITS - ok
11:22:27.0527 0x0f7c  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
11:22:27.0574 0x0f7c  Browser - ok
11:22:27.0621 0x0f7c  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
11:22:27.0621 0x0f7c  cbidf2k - ok
11:22:27.0996 0x0f7c  [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:22:28.0011 0x0f7c  CCDECODE - ok
11:22:28.0043 0x0f7c  cd20xrnt - ok
11:22:28.0105 0x0f7c  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
11:22:28.0105 0x0f7c  Cdaudio - ok
11:22:28.0308 0x0f7c  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
11:22:28.0355 0x0f7c  Cdfs - ok
11:22:28.0621 0x0f7c  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:22:28.0668 0x0f7c  Cdrom - ok
11:22:28.0668 0x0f7c  Changer - ok
11:22:28.0714 0x0f7c  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
11:22:28.0746 0x0f7c  CiSvc - ok
11:22:29.0074 0x0f7c  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
11:22:29.0105 0x0f7c  ClipSrv - ok
11:22:29.0168 0x0f7c  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:22:29.0418 0x0f7c  clr_optimization_v2.0.50727_32 - ok
11:22:29.0433 0x0f7c  CmdIde - ok
11:22:29.0449 0x0f7c  COMSysApp - ok
11:22:29.0464 0x0f7c  Cpqarray - ok
11:22:29.0543 0x0f7c  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
11:22:29.0558 0x0f7c  CryptSvc - ok
11:22:29.0574 0x0f7c  dac2w2k - ok
11:22:29.0589 0x0f7c  dac960nt - ok
11:22:30.0058 0x0f7c  [ 18BFB544389F26E76A8982EE4BC54FA6, 1A994992C22DB0374F6EAD0413B39BB04645286F55078B793CF54EF75F868774 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
11:22:30.0074 0x0f7c  DcomLaunch - detected Trojan.Win32.Patched.pj ( 0 )
11:22:30.0074 0x0f7c  DcomLaunch ( Trojan.Win32.Patched.pj ) - infected
11:22:30.0074 0x0f7c  Force sending object to P2P due to detect: C:\WINDOWS\system32\rpcss.dll
11:22:30.0199 0x0f7c  Object send P2P result: false
11:22:30.0605 0x0f7c  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
11:22:30.0621 0x0f7c  Dhcp - ok
11:22:31.0074 0x0f7c  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
11:22:31.0105 0x0f7c  Disk - ok
11:22:31.0121 0x0f7c  dmadmin - ok
11:22:31.0386 0x0f7c  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
11:22:31.0761 0x0f7c  dmboot - ok
11:22:32.0168 0x0f7c  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
11:22:32.0261 0x0f7c  dmio - ok
11:22:32.0668 0x0f7c  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
11:22:32.0683 0x0f7c  dmload - ok
11:22:32.0777 0x0f7c  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
11:22:32.0777 0x0f7c  dmserver - ok
11:22:32.0855 0x0f7c  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
11:22:32.0886 0x0f7c  DMusic - ok
11:22:33.0199 0x0f7c  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
11:22:33.0230 0x0f7c  Dnscache - ok
11:22:33.0730 0x0f7c  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
11:22:33.0839 0x0f7c  Dot3svc - ok
11:22:33.0855 0x0f7c  dpti2o - ok
11:22:34.0183 0x0f7c  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
11:22:34.0214 0x0f7c  drmkaud - ok
11:22:34.0308 0x0f7c  [ 98B46B331404A951CABAD8B4877E1276, DC683271BFF3BCC40D656E8190A4BA25E76B5876FE3C22C66ED789068C7017A7 ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
11:22:34.0386 0x0f7c  E100B - ok
11:22:34.0527 0x0f7c  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
11:22:34.0543 0x0f7c  EapHost - ok
11:22:34.0605 0x0f7c  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
11:22:34.0621 0x0f7c  ERSvc - ok
11:22:34.0918 0x0f7c  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
11:22:34.0964 0x0f7c  Eventlog - ok
11:22:35.0105 0x0f7c  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
11:22:35.0199 0x0f7c  EventSystem - ok
11:22:35.0308 0x0f7c  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
11:22:35.0308 0x0f7c  Fastfat - ok
11:22:35.0730 0x0f7c  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:22:35.0824 0x0f7c  FastUserSwitchingCompatibility - ok
11:22:36.0230 0x0f7c  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
11:22:36.0261 0x0f7c  Fdc - ok
11:22:36.0449 0x0f7c  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
11:22:36.0449 0x0f7c  Fips - ok
11:22:36.0714 0x0f7c  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:22:36.0746 0x0f7c  Flpydisk - ok
11:22:37.0214 0x0f7c  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
11:22:37.0277 0x0f7c  FltMgr - ok
11:22:37.0433 0x0f7c  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:22:37.0527 0x0f7c  FontCache3.0.0.0 - ok
11:22:37.0871 0x0f7c  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:22:37.0871 0x0f7c  Fs_Rec - ok
11:22:37.0933 0x0f7c  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:22:38.0011 0x0f7c  Ftdisk - ok
11:22:38.0418 0x0f7c  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:22:38.0449 0x0f7c  Gpc - ok
11:22:38.0918 0x0f7c  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:22:38.0964 0x0f7c  helpsvc - ok
11:22:39.0011 0x0f7c  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
11:22:39.0043 0x0f7c  HidServ - ok
11:22:39.0464 0x0f7c  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:22:39.0496 0x0f7c  hidusb - ok
11:22:39.0714 0x0f7c  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
11:22:39.0730 0x0f7c  hkmsvc - ok
11:22:39.0761 0x0f7c  hpn - ok
11:22:40.0089 0x0f7c  [ 77E4FF0B73BC0AEAAF39BF0C8104231F, A5D35FCD9E52003D990EB97DF1634DE9B516647C8DAAD3152550CD875DBBDA82 ] HSFHWBS2        C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
11:22:40.0168 0x0f7c  HSFHWBS2 - ok
11:22:40.0886 0x0f7c  [ 60E1604729A15EF4A3B05F298427B3B1, 139DE473F645A300DD436B4AA8359A23FCE3BB9688B6B597E89F8ADBC36A71B9 ] HSF_DP          C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
11:22:41.0339 0x0f7c  HSF_DP - ok
11:22:41.0511 0x0f7c  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
11:22:41.0683 0x0f7c  HTTP - ok
11:22:41.0964 0x0f7c  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
11:22:41.0980 0x0f7c  HTTPFilter - ok
11:22:42.0011 0x0f7c  i2omgmt - ok
11:22:42.0043 0x0f7c  i2omp - ok
11:22:42.0105 0x0f7c  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:22:42.0152 0x0f7c  i8042prt - ok
11:22:42.0793 0x0f7c  [ 9A883C3C4D91292C0D09DE7C728E781C, 34DD9E781C42FF55BF83F62DFE7B0F4FE3CAEF19B517245BA004C2C641493A98 ] ialm            C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
11:22:43.0402 0x0f7c  ialm - ok
11:22:44.0246 0x0f7c  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:22:44.0918 0x0f7c  idsvc - ok
11:22:45.0074 0x0f7c  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
11:22:45.0105 0x0f7c  Imapi - ok
11:22:45.0886 0x0f7c  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
11:22:45.0996 0x0f7c  ImapiService - ok
11:22:46.0011 0x0f7c  ini910u - ok
11:22:46.0183 0x0f7c  [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
11:22:46.0214 0x0f7c  IntelIde - ok
11:22:46.0496 0x0f7c  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:22:46.0527 0x0f7c  intelppm - ok
11:22:46.0949 0x0f7c  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
11:22:46.0980 0x0f7c  Ip6Fw - ok
11:22:47.0168 0x0f7c  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:22:47.0199 0x0f7c  IpFilterDriver - ok
11:22:47.0527 0x0f7c  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:22:47.0558 0x0f7c  IpInIp - ok
11:22:47.0652 0x0f7c  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:22:47.0714 0x0f7c  IpNat - ok
11:22:48.0011 0x0f7c  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:22:48.0074 0x0f7c  IPSec - ok
11:22:48.0136 0x0f7c  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
11:22:48.0152 0x0f7c  IRENUM - ok
11:22:48.0589 0x0f7c  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:22:48.0605 0x0f7c  isapnp - ok
11:22:48.0918 0x0f7c  [ 9ECF00E19736054E019C532AED8228FC, F5A64A8269EA3655BBD4850298F335C0BD30535258928ED7CE62A32A3363E60B ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
11:22:49.0043 0x0f7c  JavaQuickStarterService - ok
11:22:49.0261 0x0f7c  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:22:49.0293 0x0f7c  Kbdclass - ok
11:22:49.0371 0x0f7c  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:22:49.0386 0x0f7c  kbdhid - ok
11:22:49.0496 0x0f7c  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
11:22:49.0589 0x0f7c  kmixer - ok
11:22:49.0683 0x0f7c  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
11:22:49.0683 0x0f7c  KSecDD - ok
11:22:49.0777 0x0f7c  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
11:22:49.0839 0x0f7c  lanmanserver - ok
11:22:50.0214 0x0f7c  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:22:50.0261 0x0f7c  lanmanworkstation - ok
11:22:50.0277 0x0f7c  lbrtfdc - ok
11:22:50.0308 0x0f7c  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
11:22:50.0339 0x0f7c  LmHosts - ok
11:22:50.0777 0x0f7c  [ 0C6EA0109CFEDF441F06D031E9A8D1A9, 61C18F1DD1DC5719252564A60F9E0CBD0AD275C065C5B95F330921C582EA532F ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
11:22:50.0793 0x0f7c  MBAMProtector - ok
11:22:52.0324 0x0f7c  [ 0E08BDD7326E657D59DB40BAD23D8169, 428C6CCCC0BB540DFD35847776140D60C186B9D2D14F0ACCD1A4D42A8877BD98 ] MBAMScheduler   C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
11:22:53.0152 0x0f7c  MBAMScheduler - ok
11:22:53.0480 0x0f7c  [ A8E7F3DB083EB0839DFC1C763CDD2594, BDF416E360A52130B23B029C89E6406A97FB0516C52C7E63B94CAECEEB431A2E ] MBAMService     C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
11:22:53.0824 0x0f7c  MBAMService - ok
11:22:54.0105 0x0f7c  [ 661B911FA04E73FB073FF9B1C9BD2E05, C5FD4F528A59141418DA279291E88E51D406D01FAD36435569D97E95FBA66164 ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
11:22:54.0136 0x0f7c  MBAMSwissArmy - ok
11:22:54.0168 0x0f7c  [ EEAEA6514BA7C9D273B5E87C4E1AAB30, 3B724C6A8867B1B7A45D832150E0CFAC1004D3B972A2A7BFDD2ADDDB2488BB1E ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
11:22:54.0199 0x0f7c  mdmxsdk - ok
11:22:54.0636 0x0f7c  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
11:22:54.0652 0x0f7c  Messenger - ok
11:22:55.0105 0x0f7c  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
11:22:55.0105 0x0f7c  mnmdd - ok
11:22:55.0152 0x0f7c  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
11:22:55.0183 0x0f7c  mnmsrvc - ok
11:22:55.0355 0x0f7c  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
11:22:55.0355 0x0f7c  Modem - ok
11:22:55.0464 0x0f7c  [ 1992E0D143B09653AB0F9C5E04B0FD65, 1431EC53A65F561C235A08F926C5348A6B21B06A08C075DE8172A88EE0AA634E ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys
11:22:55.0464 0x0f7c  MODEMCSA - ok
11:22:55.0746 0x0f7c  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:22:55.0761 0x0f7c  Mouclass - ok
11:22:55.0793 0x0f7c  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:22:55.0824 0x0f7c  mouhid - ok
11:22:56.0261 0x0f7c  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
11:22:56.0261 0x0f7c  MountMgr - ok
11:22:56.0261 0x0f7c  mraid35x - ok
11:22:56.0339 0x0f7c  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:22:56.0402 0x0f7c  MRxDAV - ok
11:22:56.0605 0x0f7c  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:22:56.0871 0x0f7c  MRxSmb - ok
11:22:57.0714 0x0f7c  [ B03E3F64B70F8031E65EB26DA23DE91A, 73184B4A75C1EA5D10B9D78A9E705432551DE15231F10C5A31021896D0938D80 ] MSCamSvc        C:\Program Files\Microsoft LifeCam\MSCamS32.exe
11:22:57.0777 0x0f7c  MSCamSvc - ok
11:22:58.0277 0x0f7c  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
11:22:58.0293 0x0f7c  MSDTC - ok
11:22:58.0496 0x0f7c  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
11:22:58.0496 0x0f7c  Msfs - ok
11:22:58.0777 0x0f7c  [ 7A0F9CBDBDB135113B9A3C138E20C85D, 2AEC135A2108ED1708368ADD496FD373862C00532CB495A9A68D6C54A82975EE ] MSHUSBVideo     C:\WINDOWS\system32\Drivers\nx6000.sys
11:22:58.0808 0x0f7c  MSHUSBVideo - ok
11:22:58.0824 0x0f7c  MSIServer - ok
11:22:59.0230 0x0f7c  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:22:59.0261 0x0f7c  MSKSSRV - ok
11:22:59.0324 0x0f7c  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:22:59.0339 0x0f7c  MSPCLOCK - ok
11:22:59.0511 0x0f7c  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
11:22:59.0511 0x0f7c  MSPQM - ok
11:22:59.0808 0x0f7c  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:22:59.0808 0x0f7c  mssmbios - ok
11:22:59.0933 0x0f7c  [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
11:22:59.0949 0x0f7c  MSTEE - ok
11:23:00.0168 0x0f7c  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
11:23:00.0168 0x0f7c  Mup - ok
11:23:00.0464 0x0f7c  [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:23:00.0511 0x0f7c  NABTSFEC - ok
11:23:00.0636 0x0f7c  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
11:23:00.0777 0x0f7c  napagent - ok
11:23:01.0246 0x0f7c  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
11:23:01.0246 0x0f7c  NDIS - ok
11:23:01.0293 0x0f7c  [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:23:01.0308 0x0f7c  NdisIP - ok
11:23:01.0714 0x0f7c  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:23:01.0746 0x0f7c  NdisTapi - ok
11:23:01.0793 0x0f7c  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:23:01.0808 0x0f7c  Ndisuio - ok
11:23:01.0871 0x0f7c  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:23:01.0918 0x0f7c  NdisWan - ok
11:23:02.0261 0x0f7c  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
11:23:02.0261 0x0f7c  NDProxy - ok
11:23:02.0339 0x0f7c  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
11:23:02.0371 0x0f7c  NetBIOS - ok
11:23:02.0918 0x0f7c  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
11:23:02.0964 0x0f7c  NetBT - ok
11:23:03.0089 0x0f7c  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
11:23:03.0168 0x0f7c  NetDDE - ok
11:23:03.0527 0x0f7c  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
11:23:03.0558 0x0f7c  NetDDEdsdm - ok
11:23:03.0636 0x0f7c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
11:23:03.0652 0x0f7c  Netlogon - ok
11:23:03.0918 0x0f7c  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
11:23:04.0043 0x0f7c  Netman - ok
11:23:04.0136 0x0f7c  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:23:04.0214 0x0f7c  NetTcpPortSharing - ok
11:23:04.0527 0x0f7c  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
11:23:04.0589 0x0f7c  Nla - ok
11:23:04.0652 0x0f7c  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
11:23:04.0652 0x0f7c  Npfs - ok
11:23:05.0293 0x0f7c  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
11:23:05.0308 0x0f7c  Ntfs - ok
11:23:05.0339 0x0f7c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
11:23:05.0339 0x0f7c  NtLmSsp - ok
11:23:05.0652 0x0f7c  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
11:23:05.0808 0x0f7c  NtmsSvc - ok
11:23:06.0121 0x0f7c  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
11:23:06.0121 0x0f7c  Null - ok
11:23:06.0183 0x0f7c  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:23:06.0183 0x0f7c  NwlnkFlt - ok
11:23:06.0558 0x0f7c  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:23:06.0589 0x0f7c  NwlnkFwd - ok
11:23:06.0699 0x0f7c  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
11:23:06.0730 0x0f7c  Parport - ok
11:23:06.0761 0x0f7c  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
11:23:06.0761 0x0f7c  PartMgr - ok
11:23:06.0918 0x0f7c  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
11:23:06.0933 0x0f7c  ParVdm - ok
11:23:06.0996 0x0f7c  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
11:23:07.0043 0x0f7c  PCI - ok
11:23:07.0058 0x0f7c  PCIDump - ok
11:23:07.0355 0x0f7c  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\drivers\PCIIde.sys
11:23:07.0355 0x0f7c  PCIIde - ok
11:23:07.0449 0x0f7c  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
11:23:07.0449 0x0f7c  Pcmcia - ok
11:23:07.0464 0x0f7c  PDCOMP - ok
11:23:07.0480 0x0f7c  PDFRAME - ok
11:23:07.0480 0x0f7c  PDRELI - ok
11:23:07.0496 0x0f7c  PDRFRAME - ok
11:23:07.0511 0x0f7c  perc2 - ok
11:23:07.0511 0x0f7c  perc2hib - ok
11:23:07.0933 0x0f7c  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
11:23:07.0933 0x0f7c  PlugPlay - ok
11:23:07.0980 0x0f7c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
11:23:07.0980 0x0f7c  PolicyAgent - ok
11:23:08.0183 0x0f7c  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:23:08.0214 0x0f7c  PptpMiniport - ok
11:23:08.0511 0x0f7c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:23:08.0511 0x0f7c  ProtectedStorage - ok
11:23:08.0574 0x0f7c  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
11:23:08.0605 0x0f7c  PSched - ok
11:23:09.0043 0x0f7c  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:23:09.0074 0x0f7c  Ptilink - ok
11:23:09.0074 0x0f7c  ql1080 - ok
11:23:09.0089 0x0f7c  Ql10wnt - ok
11:23:09.0105 0x0f7c  ql12160 - ok
11:23:09.0105 0x0f7c  ql1240 - ok
11:23:09.0121 0x0f7c  ql1280 - ok
11:23:09.0168 0x0f7c  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:23:09.0183 0x0f7c  RasAcd - ok
11:23:09.0621 0x0f7c  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
11:23:09.0668 0x0f7c  RasAuto - ok
11:23:09.0793 0x0f7c  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:23:09.0839 0x0f7c  Rasl2tp - ok
11:23:09.0964 0x0f7c  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
11:23:10.0043 0x0f7c  RasMan - ok
11:23:10.0371 0x0f7c  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:23:10.0418 0x0f7c  RasPppoe - ok
11:23:10.0480 0x0f7c  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
11:23:10.0480 0x0f7c  Raspti - ok
11:23:10.0589 0x0f7c  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:23:10.0652 0x0f7c  Rdbss - ok
11:23:10.0683 0x0f7c  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:23:10.0714 0x0f7c  RDPCDD - ok
11:23:11.0261 0x0f7c  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:23:11.0339 0x0f7c  rdpdr - ok
11:23:11.0699 0x0f7c  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
11:23:11.0714 0x0f7c  RDPWD - ok
11:23:11.0824 0x0f7c  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
11:23:11.0902 0x0f7c  RDSessMgr - ok
11:23:12.0246 0x0f7c  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
11:23:12.0293 0x0f7c  redbook - ok
11:23:12.0371 0x0f7c  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
11:23:12.0402 0x0f7c  RemoteAccess - ok
11:23:12.0496 0x0f7c  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
11:23:12.0558 0x0f7c  RemoteRegistry - ok
11:23:12.0714 0x0f7c  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
11:23:12.0808 0x0f7c  RpcLocator - ok
11:23:13.0168 0x0f7c  [ 18BFB544389F26E76A8982EE4BC54FA6, 1A994992C22DB0374F6EAD0413B39BB04645286F55078B793CF54EF75F868774 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
11:23:13.0183 0x0f7c  RpcSs - detected Trojan.Win32.Patched.pj ( 0 )
11:23:13.0183 0x0f7c  RpcSs ( Trojan.Win32.Patched.pj ) - infected
11:23:13.0183 0x0f7c  Force sending object to P2P due to detect: C:\WINDOWS\system32\rpcss.dll
11:23:13.0261 0x0f7c  Object send P2P result: false
11:23:13.0808 0x0f7c  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
11:23:13.0902 0x0f7c  RSVP - ok
11:23:14.0589 0x0f7c  [ B29EEB1EA7971BD83069EB2E2258D224, A3DF2E4BA03BAB85EE7CBD6C3224999167DC8618328443855A4C280FBB889E1A ] RTL8192su       C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
11:23:14.0902 0x0f7c  RTL8192su - ok
11:23:15.0246 0x0f7c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
11:23:15.0246 0x0f7c  SamSs - ok
11:23:15.0308 0x0f7c  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
11:23:15.0355 0x0f7c  SCardSvr - ok
11:23:15.0589 0x0f7c  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
11:23:15.0668 0x0f7c  Schedule - ok
11:23:17.0152 0x0f7c  [ 11D94599270AA1603F75CB5ACBBD266F, 950746109BD7AA5BCF2F4320F40CFD268B34CB3DBE6073616B75A5254FE00469 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
11:23:17.0964 0x0f7c  SDScannerService - ok
11:23:19.0605 0x0f7c  [ D91D8344E73283999777083BF17D54E2, 018F500DD49A192617E57998A2E9833C5C9EB72A2B186AF25B5CB91329B1E267 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
11:23:20.0636 0x0f7c  SDUpdateService - ok
11:23:20.0761 0x0f7c  [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService    C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
11:23:20.0839 0x0f7c  SDWSCService - ok
11:23:20.0902 0x0f7c  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:23:20.0918 0x0f7c  Secdrv - ok
11:23:21.0386 0x0f7c  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
11:23:21.0402 0x0f7c  seclogon - ok
11:23:21.0433 0x0f7c  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
11:23:21.0449 0x0f7c  SENS - ok
11:23:21.0480 0x0f7c  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
11:23:21.0511 0x0f7c  serenum - ok
11:23:21.0902 0x0f7c  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
11:23:21.0933 0x0f7c  Serial - ok
11:23:22.0058 0x0f7c  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
11:23:22.0058 0x0f7c  Sfloppy - ok
11:23:22.0683 0x0f7c  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
11:23:22.0871 0x0f7c  SharedAccess - ok
11:23:23.0308 0x0f7c  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:23:23.0324 0x0f7c  ShellHWDetection - ok
11:23:23.0339 0x0f7c  Simbad - ok
11:23:23.0402 0x0f7c  [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:23:23.0418 0x0f7c  SLIP - ok
11:23:23.0808 0x0f7c  [ 5018A9DB5EB62E3EDB3110F82F556285, 5C90FF4609F6FC77C91FD820DF73C43A7FD72533B8522C78067E7F1EBB09FA65 ] smwdm           C:\WINDOWS\system32\drivers\smwdm.sys
11:23:24.0105 0x0f7c  smwdm - ok
11:23:24.0121 0x0f7c  Sparrow - ok
11:23:24.0246 0x0f7c  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
11:23:24.0277 0x0f7c  splitter - ok
11:23:24.0355 0x0f7c  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
11:23:24.0386 0x0f7c  Spooler - ok
11:23:24.0824 0x0f7c  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
11:23:24.0886 0x0f7c  sr - ok
11:23:25.0027 0x0f7c  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
11:23:25.0121 0x0f7c  srservice - ok
11:23:25.0418 0x0f7c  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
11:23:25.0605 0x0f7c  Srv - ok
11:23:25.0777 0x0f7c  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
11:23:25.0808 0x0f7c  SSDPSRV - ok
11:23:25.0980 0x0f7c  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
11:23:26.0121 0x0f7c  stisvc - ok
11:23:26.0183 0x0f7c  [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:23:26.0199 0x0f7c  streamip - ok
11:23:26.0261 0x0f7c  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
11:23:26.0277 0x0f7c  swenum - ok
11:23:26.0652 0x0f7c  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
11:23:26.0714 0x0f7c  swmidi - ok
11:23:26.0746 0x0f7c  SwPrv - ok
11:23:26.0761 0x0f7c  symc810 - ok
11:23:26.0761 0x0f7c  symc8xx - ok
11:23:26.0777 0x0f7c  sym_hi - ok
11:23:26.0793 0x0f7c  sym_u3 - ok
11:23:26.0871 0x0f7c  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
11:23:26.0902 0x0f7c  sysaudio - ok
11:23:27.0043 0x0f7c  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
11:23:27.0105 0x0f7c  SysmonLog - ok
11:23:27.0230 0x0f7c  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
11:23:27.0324 0x0f7c  TapiSrv - ok
11:23:28.0230 0x0f7c  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:23:28.0464 0x0f7c  Tcpip - ok
11:23:28.0824 0x0f7c  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
11:23:28.0824 0x0f7c  TDPIPE - ok
11:23:28.0871 0x0f7c  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
11:23:28.0886 0x0f7c  TDTCP - ok
11:23:28.0949 0x0f7c  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
11:23:28.0980 0x0f7c  TermDD - ok
11:23:29.0136 0x0f7c  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
11:23:29.0293 0x0f7c  TermService - ok
11:23:29.0652 0x0f7c  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
11:23:29.0668 0x0f7c  Themes - ok
11:23:29.0793 0x0f7c  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
11:23:29.0871 0x0f7c  TlntSvr - ok
11:23:29.0871 0x0f7c  TosIde - ok
11:23:30.0027 0x0f7c  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
11:23:30.0074 0x0f7c  TrkWks - ok
11:23:30.0418 0x0f7c  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
11:23:30.0418 0x0f7c  Udfs - ok
11:23:30.0433 0x0f7c  ultra - ok
11:23:30.0621 0x0f7c  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
11:23:30.0793 0x0f7c  Update - ok
11:23:31.0230 0x0f7c  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
11:23:31.0355 0x0f7c  upnphost - ok
11:23:31.0652 0x0f7c  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
11:23:31.0683 0x0f7c  UPS - ok
11:23:31.0730 0x0f7c  [ C1CA131F4E3ED63D6BC89A35FFAD4CDA, 7F44A40698FCF45A10F4EB4C1D041F44DE0231E0419BF199172E852A6668F6BB ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
11:23:31.0746 0x0f7c  USBAAPL - ok
11:23:32.0214 0x0f7c  [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
11:23:32.0246 0x0f7c  usbaudio - ok
11:23:32.0308 0x0f7c  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:23:32.0324 0x0f7c  usbccgp - ok
11:23:32.0761 0x0f7c  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:23:32.0777 0x0f7c  usbehci - ok
11:23:33.0183 0x0f7c  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:23:33.0261 0x0f7c  usbhub - ok
11:23:33.0339 0x0f7c  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:23:33.0371 0x0f7c  usbprint - ok
11:23:33.0746 0x0f7c  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:23:33.0761 0x0f7c  usbscan - ok
11:23:33.0886 0x0f7c  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:23:33.0902 0x0f7c  USBSTOR - ok
11:23:33.0933 0x0f7c  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:23:33.0949 0x0f7c  usbuhci - ok
11:23:34.0183 0x0f7c  [ 813236B1183CFCF289E367BD5DE6E29E, 167FE18A96F330AEEC1A4C419770C15EFEB536D43838285E51E7A62E95DF4674 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
11:23:34.0261 0x0f7c  usbvideo - ok
11:23:34.0527 0x0f7c  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
11:23:34.0558 0x0f7c  VgaSave - ok
11:23:34.0574 0x0f7c  ViaIde - ok
11:23:34.0761 0x0f7c  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
11:23:34.0808 0x0f7c  VolSnap - ok
11:23:35.0168 0x0f7c  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
11:23:35.0277 0x0f7c  VSS - ok
11:23:35.0761 0x0f7c  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
11:23:35.0855 0x0f7c  W32Time - ok
11:23:35.0918 0x0f7c  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:23:35.0949 0x0f7c  Wanarp - ok
11:23:35.0964 0x0f7c  WDICA - ok
11:23:36.0355 0x0f7c  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
11:23:36.0464 0x0f7c  wdmaud - ok
11:23:36.0527 0x0f7c  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
11:23:36.0558 0x0f7c  WebClient - ok
11:23:37.0136 0x0f7c  [ F59ED5A43B988A18EF582BB07B2327A7, E870821C9C4E31D3B05049FBA5D81358F9C30E6A67F600D4EA3A5736CA344028 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
11:23:37.0433 0x0f7c  winachsf - ok
11:23:38.0121 0x0f7c  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
11:23:38.0214 0x0f7c  winmgmt - ok
11:23:38.0277 0x0f7c  [ C7E39EA41233E9F5B86C8DA3A9F1E4A8, 98C21DEEB7124426D749FACDAD06EBD7F500AE5C465A98D558919C2A51C08554 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
11:23:38.0324 0x0f7c  WmdmPmSN - ok
11:23:38.0621 0x0f7c  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
11:23:38.0980 0x0f7c  Wmi - ok
11:23:39.0089 0x0f7c  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:23:39.0152 0x0f7c  WmiApSrv - ok
11:23:39.0246 0x0f7c  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
11:23:39.0293 0x0f7c  wscsvc - ok
11:23:39.0355 0x0f7c  [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:23:39.0386 0x0f7c  WSTCODEC - ok
11:23:39.0793 0x0f7c  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
11:23:39.0793 0x0f7c  wuauserv - ok
11:23:40.0043 0x0f7c  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
11:23:40.0339 0x0f7c  WZCSVC - ok
11:23:40.0730 0x0f7c  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
11:23:40.0777 0x0f7c  xmlprov - ok
11:23:41.0839 0x0f7c  ‮etadpug - detected Rootkit.Win32.PMax.gen ( 0 )
11:23:42.0168 0x0f7c  ‮etadpug ( Rootkit.Win32.PMax.gen ) - infected
11:23:42.0168 0x0f7c  ================ Scan global ===============================
11:23:42.0449 0x0f7c  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
11:23:43.0058 0x0f7c  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
11:23:43.0277 0x0f7c  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
11:23:43.0339 0x0f7c  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
11:23:43.0355 0x0f7c  [ Global ] - ok
11:23:43.0355 0x0f7c  ================ Scan MBR ==================================
11:23:43.0824 0x0f7c  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
11:23:46.0980 0x0f7c  \Device\Harddisk0\DR0 - ok
11:23:46.0996 0x0f7c  ================ Scan VBR ==================================
11:23:47.0011 0x0f7c  [ E7FD64642493735C3F0EEB7C0AC189F4 ] \Device\Harddisk0\DR0\Partition1
11:23:47.0027 0x0f7c  \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b ( 0 )
11:23:47.0027 0x0f7c  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected
11:23:52.0839 0x0f7c  AV detected via SS1: AVG AntiVirus Free Edition 2014, 2014.0, enabled, updated
11:23:52.0933 0x0f7c  Win FW state via NFM: enabled
11:23:52.0933 0x0f7c  ============================================================
11:23:52.0933 0x0f7c  Scan finished
11:23:52.0933 0x0f7c  ============================================================
11:23:52.0949 0x080c  Detected object count: 4
11:23:52.0949 0x080c  Actual detected object count: 4
11:25:58.0855 0x080c  DcomLaunch ( Trojan.Win32.Patched.pj ) - skipped by user
11:25:58.0855 0x080c  DcomLaunch ( Trojan.Win32.Patched.pj ) - User select action: Skip
11:25:58.0855 0x080c  RpcSs ( Trojan.Win32.Patched.pj ) - skipped by user
11:25:58.0855 0x080c  RpcSs ( Trojan.Win32.Patched.pj ) - User select action: Skip
11:25:58.0855 0x080c  ‮etadpug ( Rootkit.Win32.PMax.gen ) - skipped by user
11:25:58.0855 0x080c  ‮etadpug ( Rootkit.Win32.PMax.gen ) - User select action: Skip
11:25:58.0855 0x080c  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - skipped by user
11:25:58.0855 0x080c  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Skip
11:27:59.0074 0x048c  Deinitialize success
 

 

Thank you again for  helping me with this.

 

I'll wait for your next instructions.

 

Cort

Link to post
Share on other sites

Fix with TDSS-Killer

Please read and follow these instructions carefully.

Download TDSSKiller.exe and save it to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • When the scan is finished, select copy to quarantine for the following entry.

    Rootkit.Boot.Cidox.b
  • Hit continue.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please post the contents of that log in your next reply.

Link to post
Share on other sites

Hi Marius,

                 I was beginning to wonder if I would hear back from you. I have run the TDSSKiller and my computer is crashing on reboot. I ran the scan and it said it found things and I copied to quarantine the item you instructed me to do. everything seemed fine but it shutdown. It also had a countdown when it told me it was shutting down.?? It looks like it is trying to restart now. I will post the logs if all comes back up.

Thanks,

               Cort

 

Link to post
Share on other sites

Now i am really worried. I followed the directions completly and now it keeps cycling through start up and shut down. A window opens and says it is closing  and a shutdown is initiated by NT Authority Sysytem and windows must restart because the DCOM Server Process Launcher service terminated unexpectedly. What Now????????

 

Waighting for a reply, please don't make me wait 3 days again,

          Cort

Link to post
Share on other sites

Hi Marius,

          Wow. Now the computer is completely inoperable. I can't get it to boot up without it going to the error message saying it is closing. How am I going to fix this now? I am posting this off another computer because my computer is in a never ending cycle. I am sure there is a TDSSKiller log on there but I can't keep it booted long enough to do anything. Can a malware cause your system to not boot properly? My safe boot function didn't work before I started downloading and scanning these fixes and I have disabled system restore awhile back. I am stuck. Please help me with this.

Thanks,

     Cort

Link to post
Share on other sites

No, unfortunately, that was one of the first things I discovered wrong. That and system restore no longer worked. When I press F8 and go into the black screen, I have tried safe mode and safe mode with networking and I get the same error mesage. It is a Dell Dimension 4600. I do not have the CD's for this either. It is the shops computer and I am trying to get it back and running. Do you think I should reset to factory settings? I am pretty sure this Dell has that option with F11. Maybe the malware won't allow that and mess it up even more. The only thing I really need to save is my networking software for our server. I don't know, I am getting worried. It didn't like the TDSSKiller though.

 

I will see what you have to say and follow your instructions on how to proceed.

 

Thanks for all your help Marius,

            Cort

Link to post
Share on other sites

Scan with FRST (using UBCD4Win)

We need to try and boot your computer using the Ultimate Boot CD for Windows (UBCD4win)

Please print this guide for future reference!

You will need: a blank CD, a Windows XP CD, a clean computer, and a flash drive.

Please follow the steps below and let me know if you were successful. If you were unable to create the UBCD4win, please tell me what error messages you got and/or what steps you got hung up on.

Step 1 - creating the ISO file

1. Please select a mirror and download the Ultimate Boot CD for Windows to your Desktop

  • Double-Click on the UBCD4Win.exe that you just downloaded to your desktop.
  • Follow all of the instructions/prompts that come up
  • Note: Do not install to a folder with spaces in it's name, it is best to use the default C:\UBCD4Win
  • Note: Your Anti-Virus may report viruses or trojans when you extract UBCD4Win, these are "False-Positives." Read here for information regarding the files that normally trigger AV software.
  • At the very end, uncheck "Run UBCD4WinBuilder.exe when installation is complete", then click Finish



2. Insert your XP CD with SP1/SP2/SP3 into a CD Rom drive

  • Open My Computer, navigate to: C:\ubcd4win
  • Double-click on UBCD4WinBuilder.exe
  • Click I Agree to the UBCD4Win PE Builder License
  • Click No when prompted to Search for Windows installation files
  • For Source: click on the ellipsis (...), then click on the drive with your Windows XP CD, then press Ok
  • For Custom: no information is necessary, leave blank
  • For Output: keep the default BartPE
  • For Media output select Create ISO image: (enter filename)
    Note: you can leave the default file name and path as well (C:\UBCD4Win\UBCD4WinBuilder.iso), but if you do change it make sure it is a folder without spaces in the name
  • Note: If your XP install disc is SP1 then please click the Plugins button and modify the following options:
    Click on each option, then click Enable/Disable so the correct value is displayed.

    Disabled - !Critical: DComLaunch Service [building with XP SP1-DISABLE]
    Enabled - !Critical: LargeIDE Fix (KB331958) [building with XP SP1-ENABLE]
  • Note: If you have a Dell XP install disc you will need to follow the instructions here: http://www.ubcd4win.com/faq.htm#dell



3. Click on the "Build" button

  • You will see the Windows EULA message. Click on I Agree
  • You will now see the Build Screen. Let it run its course
  • When the Build is finished you can click close, then exit


4. Burn your ISO file to CD



==========

Step 2 - downloading Farbar's Recovery Scan Tool (FRST)

Next, from your clean computer, download Farbar Recovery Scan Tool and save it to your flash drive.

note: you will need the 32-bit version to run with UBCD4Win

Now plug your flash drive back into your sick computer and move on to the next step.

==========

Step 3 - booting to the UBCD4Win CD

Restart Your sick Computer Using the UBCD4Win Disc That You Have Created

  • Insert the UBCD4Win disc in to one of your CD/DVD drives
  • Restart your computer, the computer should choose to boot from the UBCD4Win CD automatically
  • If it doesn't and you are asked if you want to boot from CD, then choose that option
    note: more information on booting from CD can be obtained here
  • In the window that pops up select Launch The Ultimate Boot CD For Windows and press Enter
  • It may take a little longer for the desktop to appear than it does when you start your computer normally, just let the process run itself until the desktop appears
  • Once the desktop appears, you will receive a message asking: Do you want to start Network support?, click Yes
  • You should now have a desktop that looks like this:
    Main.jpg



==========

Step 4 - running the FRST scan

  • Single click My computer from your UBCD4Win desktop to navigate to the Farbar Recovery Scan Tool (FRST.exe) you saved to your flash drive.
  • Double click on FRST.exe to begin running the tool
  • When the tool opens click Yes to disclaimer
    note: if prompted to download the latest version, please do so from the link in Step 2
  • Click on the Scan button
  • It will make a log (FRST.txt) on the flash drive, close it and safely remove the USB drive
  • Insert the USB drive into your clean computer and post the log in your next reply

Link to post
Share on other sites

Hi Marius,

                 Well it looks like trying to fix this thing did more harm than good. I should have left it limping along. I don't have a Windows XP CD. And this thing keeps asking for a floppy disc????? Do they even make those things anymore? I honesly thought it would be a few scans and fixes and it would be back to almost as good as new. So, since I don't have an XP CD, I am at a loss. Any suggestions?

 

Thanks for your help with this Marius. Don't leave me hanging,

 

Cort

Link to post
Share on other sites

Create/Scan with Kaspersky Rescue Disk

Follow the instructions on this page for downloading the kav_rescue_10.iso (200 mb) file and creating the Kaspersky Rescue Disk.

Make sure you set to boot the machine from the CDRom drive first. Then save and exit the BIOS. The computer will begin to boot. Insert the disc in the CDrom drive, then restart the machine. It should then boot from that CD.

It's best if you refer to the instructions and images at Kaspersky How to record Kaspersky Rescue Disk 10 to a CD/DVD and boot my computer from the disk?

Once it boots from CD, press a key so it continues to boot from that CD.

Select the language, then be sure to select Kaspersky Rescue Disk Graphic Mode.

Kaspersky should begin scanning your machine. If it finds infection, look carefully at the files it lists. If any of them seem to be legit files, do not allow it to clean/quarantine/delete them. Rather, save the log and post the results for me to look over.

Link to post
Share on other sites

Hi Marius,

             Regarding this issue, because I need to keep the computer from endlessly going through this cycle:

 

Now i am really worried. I followed the directions completly and now it keeps cycling through start up and shut down. A window opens and says it is closing  and a shutdown is initiated by NT Authority Sysytem and windows must restart because the DCOM Server Process Launcher service terminated unexpectedly. What Now????????

 

 

When the desktop comes up and the error box opens with this message and the 60 second timer counts down, will the start > run > shutdown -a        abort work long enough for me to work on the infected PC? How can I keep the computer from going into this shutdown cycle?

 

I don't want to do anything now without asking first.

 

Thanks Marius,

 

Cort

Link to post
Share on other sites

The computer is booting up and just when the desktop gets loaded the error message displays and begins the shutdown countdown. When it finishes the countdown it shutsdown and then restarts. Only to do the same thing over and over and over. So, can you tell me how to make it stop from shutting down so I can run scans and fixes? I haven't tried the start > run > "shutdown -a"  command prompt, or anything else yet. I am pwaiting for your direction. How should I proceed first?

 

Thanks,

 

Cort

Link to post
Share on other sites

Hi Marius,

                It worked and I have the TDSSKiller log

 

11:13:34.0875 0x08a4  TDSS rootkit removing tool 3.0.0.35 May 23 2014 07:32:03
11:14:06.0843 0x08a4  ============================================================
11:14:06.0843 0x08a4  Current date / time: 2014/05/27 11:14:06.0843
11:14:06.0843 0x08a4  SystemInfo:
11:14:06.0843 0x08a4  
11:14:06.0843 0x08a4  OS Version: 5.1.2600 ServicePack: 3.0
11:14:06.0843 0x08a4  Product type: Workstation
11:14:06.0843 0x08a4  ComputerName: OWNER-2E10CF6CF
11:14:06.0843 0x08a4  UserName: Dad
11:14:06.0843 0x08a4  Windows directory: C:\WINDOWS
11:14:06.0843 0x08a4  System windows directory: C:\WINDOWS
11:14:06.0843 0x08a4  Processor architecture: Intel x86
11:14:06.0843 0x08a4  Number of processors: 1
11:14:06.0843 0x08a4  Page size: 0x1000
11:14:06.0843 0x08a4  Boot type: Normal boot
11:14:06.0843 0x08a4  ============================================================
11:14:11.0031 0x08a4  KLMD registered as C:\WINDOWS\system32\drivers\01148283.sys
11:14:13.0937 0x08a4  System UUID: {A487A299-1EA6-A733-A194-719BA8127F47}
11:14:19.0875 0x08a4  Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:14:19.0875 0x08a4  ============================================================
11:14:19.0875 0x08a4  \Device\Harddisk0\DR0:
11:14:19.0875 0x08a4  MBR partitions:
11:14:19.0875 0x08a4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x4369530
11:14:19.0875 0x08a4  ============================================================
11:14:19.0921 0x08a4  C: <-> \Device\Harddisk0\DR0\Partition1
11:14:19.0921 0x08a4  ============================================================
11:14:19.0937 0x08a4  Initialize success
11:14:19.0937 0x08a4  ============================================================
11:15:22.0734 0x0114  ============================================================
11:15:22.0734 0x0114  Scan started
11:15:22.0734 0x0114  Mode: Manual;
11:15:22.0734 0x0114  ============================================================
11:15:22.0734 0x0114  KSN ping started
11:15:22.0828 0x0114  KSN ping finished: false
11:15:23.0078 0x0114  ================ Scan system memory ========================
11:15:23.0078 0x0114  System memory - ok
11:15:23.0078 0x0114  ================ Scan services =============================
11:15:23.0500 0x0114  Abiosdsk - ok
11:15:23.0515 0x0114  abp480n5 - ok
11:15:23.0609 0x0114  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:15:23.0671 0x0114  ACPI - ok
11:15:23.0968 0x0114  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
11:15:24.0000 0x0114  ACPIEC - ok
11:15:24.0000 0x0114  adpu160m - ok
11:15:24.0046 0x0114  [ 11C04B17ED2ABBB4833694BCD644AC90, 4F50E672B8C1CA951EF1E01E969C73968BDB656889849859881333ECD3751A24 ] aeaudio         C:\WINDOWS\system32\drivers\aeaudio.sys
11:15:24.0125 0x0114  aeaudio - ok
11:15:24.0187 0x0114  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
11:15:24.0234 0x0114  aec - ok
11:15:24.0312 0x0114  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
11:15:24.0359 0x0114  AFD - ok
11:15:24.0484 0x0114  Aha154x - ok
11:15:24.0484 0x0114  aic78u2 - ok
11:15:24.0500 0x0114  aic78xx - ok
11:15:24.0546 0x0114  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
11:15:24.0578 0x0114  Alerter - ok
11:15:24.0625 0x0114  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
11:15:24.0640 0x0114  ALG - ok
11:15:24.0640 0x0114  AliIde - ok
11:15:24.0656 0x0114  amsint - ok
11:15:24.0796 0x0114  [ B8E865D24F2753A35CC2A9A6A3CE1AD4, 07DF2B19F55F87B2038DA2D60B13062AC8E67F0B0D5028ABDBDFEF17209E54D6 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
11:15:24.0843 0x0114  Apple Mobile Device - ok
11:15:24.0937 0x0114  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
11:15:25.0046 0x0114  AppMgmt - ok
11:15:25.0062 0x0114  asc - ok
11:15:25.0078 0x0114  asc3350p - ok
11:15:25.0078 0x0114  asc3550 - ok
11:15:25.0203 0x0114  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:15:25.0359 0x0114  aspnet_state - ok
11:15:25.0515 0x0114  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:15:25.0515 0x0114  AsyncMac - ok
11:15:25.0593 0x0114  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
11:15:25.0609 0x0114  atapi - ok
11:15:25.0609 0x0114  Atdisk - ok
11:15:25.0656 0x0114  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:15:25.0687 0x0114  Atmarpc - ok
11:15:25.0734 0x0114  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
11:15:25.0750 0x0114  AudioSrv - ok
11:15:25.0796 0x0114  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
11:15:25.0812 0x0114  audstub - ok
11:15:25.0906 0x0114  [ 383D7AEC7F1A44B81F2069DB9EE5F313, 3C6BFBA33245C95B65999C73E9EA6861D47A5C50561E4B93DB59DFB361B8711D ] Avgdiskx        C:\WINDOWS\system32\DRIVERS\avgdiskx.sys
11:15:25.0937 0x0114  Avgdiskx - ok
11:15:27.0296 0x0114  [ 561CE09C52F6E945ED4CE7E173D1F542, 25FB1B55E22D4DF3B03B6D395B6C4749C03B950139767FA095C24234BD962782 ] AVGIDSAgent     C:\Program Files\AVG\AVG2014\avgidsagent.exe
11:15:28.0718 0x0114  AVGIDSAgent - ok
11:15:28.0859 0x0114  [ E76F8CDCC1BF9952D165CA5D90025730, 2A1AE74A25782C4407CA665FC5E3F15BD3F823E44DF0BB4103EDDEA70D81D887 ] AVGIDSDriver    C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
11:15:28.0921 0x0114  AVGIDSDriver - ok
11:15:29.0000 0x0114  [ 486A27CBB8314577A92BEFF025D52345, EBAD1BF93E5246680018DC9B110D0FDAB40D11B730D23CA56ECB5F39C9B6E6D1 ] AVGIDSHX        C:\WINDOWS\system32\DRIVERS\avgidshx.sys
11:15:29.0046 0x0114  AVGIDSHX - ok
11:15:29.0093 0x0114  [ B650C4774CAB608AAC9C650312DA2CBB, 20F3041B1D69BFDCBEDBCB07965B5FC8AB28C4FC8822A0D975FB5850A299A913 ] AVGIDSShim      C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
11:15:29.0734 0x0114  AVGIDSShim - ok
11:15:29.0843 0x0114  [ B295472342FCD8E0D15FC099552BA89D, BDB6E0487DF37CDDFFC82F0C2BAF9A3F4FA67210AE9D76BD62499C4F6348EB19 ] Avgldx86        C:\WINDOWS\system32\DRIVERS\avgldx86.sys
11:15:29.0906 0x0114  Avgldx86 - ok
11:15:30.0015 0x0114  [ 624A328461D9A365C1B41BC2B8AA055E, FF8C99FFEF51F493525CDD875569165B69205F3008691B9DEE0029D04D0F7B55 ] Avglogx         C:\WINDOWS\system32\DRIVERS\avglogx.sys
11:15:30.0093 0x0114  Avglogx - ok
11:15:30.0140 0x0114  [ A7A3E71F9E4F6F93AEAE2B1A88A12FCB, 6724D7BEBC9F0504E794C395459B82486800D409D86E137AD9DE6A5B09DAFA19 ] Avgmfx86        C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
11:15:30.0171 0x0114  Avgmfx86 - ok
11:15:30.0218 0x0114  [ F2C626DD5CF3F2FACBBA053F465563EB, 15881EE4F08B713209C6088E148ECF2245349E3B99D266BFE60442DEEDB38F29 ] Avgrkx86        C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
11:15:30.0234 0x0114  Avgrkx86 - ok
11:15:30.0359 0x0114  [ 16EDEFD8D99936B2410D082A494D2E3F, B8D18E37FB931B67893F2B4F24D7B20BFC0AC4C45F5FBC5231B942A186D8B3EC ] Avgtdix         C:\WINDOWS\system32\DRIVERS\avgtdix.sys
11:15:30.0937 0x0114  Avgtdix - ok
11:15:31.0093 0x0114  [ E5C581D358B62CF65776B8E4E17B9E5C, 955E4ECFD036330B139476CCCC7564B082C197D5E7577853E0C3D7B707EDB090 ] avgwd           C:\Program Files\AVG\AVG2014\avgwdsvc.exe
11:15:31.0187 0x0114  avgwd - ok
11:15:31.0234 0x0114  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
11:15:31.0265 0x0114  Beep - ok
11:15:31.0437 0x0114  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
11:15:31.0718 0x0114  BITS - ok
11:15:31.0796 0x0114  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
11:15:31.0828 0x0114  Browser - ok
11:15:31.0875 0x0114  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
11:15:31.0921 0x0114  cbidf2k - ok
11:15:31.0968 0x0114  [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:15:31.0984 0x0114  CCDECODE - ok
11:15:32.0000 0x0114  cd20xrnt - ok
11:15:32.0046 0x0114  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
11:15:32.0046 0x0114  Cdaudio - ok
11:15:32.0109 0x0114  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
11:15:32.0140 0x0114  Cdfs - ok
11:15:32.0171 0x0114  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:15:32.0203 0x0114  Cdrom - ok
11:15:32.0218 0x0114  Changer - ok
11:15:32.0265 0x0114  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
11:15:32.0265 0x0114  CiSvc - ok
11:15:32.0296 0x0114  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
11:15:32.0312 0x0114  ClipSrv - ok
11:15:32.0375 0x0114  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:15:32.0671 0x0114  clr_optimization_v2.0.50727_32 - ok
11:15:32.0687 0x0114  CmdIde - ok
11:15:32.0687 0x0114  COMSysApp - ok
11:15:32.0703 0x0114  Cpqarray - ok
11:15:32.0781 0x0114  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
11:15:32.0796 0x0114  CryptSvc - ok
11:15:32.0812 0x0114  dac2w2k - ok
11:15:32.0812 0x0114  dac960nt - ok
11:15:33.0000 0x0114  [ 18BFB544389F26E76A8982EE4BC54FA6, 1A994992C22DB0374F6EAD0413B39BB04645286F55078B793CF54EF75F868774 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
11:15:33.0125 0x0114  DcomLaunch - detected Trojan.Win32.Patched.pj ( 0 )
11:15:33.0125 0x0114  DcomLaunch ( Trojan.Win32.Patched.pj ) - infected
11:15:33.0125 0x0114  Force sending object to P2P due to detect: C:\WINDOWS\system32\rpcss.dll
11:15:33.0218 0x0114  Object send P2P result: false
11:15:33.0312 0x0114  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
11:15:33.0312 0x0114  Dhcp - ok
11:15:33.0343 0x0114  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
11:15:33.0359 0x0114  Disk - ok
11:15:33.0375 0x0114  dmadmin - ok
11:15:33.0750 0x0114  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
11:15:34.0031 0x0114  dmboot - ok
11:15:34.0125 0x0114  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
11:15:34.0171 0x0114  dmio - ok
11:15:34.0218 0x0114  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
11:15:34.0234 0x0114  dmload - ok
11:15:34.0281 0x0114  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
11:15:34.0281 0x0114  dmserver - ok
11:15:34.0328 0x0114  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
11:15:34.0343 0x0114  DMusic - ok
11:15:34.0390 0x0114  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
11:15:34.0406 0x0114  Dnscache - ok
11:15:34.0515 0x0114  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
11:15:34.0546 0x0114  Dot3svc - ok
11:15:34.0562 0x0114  dpti2o - ok
11:15:34.0703 0x0114  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
11:15:34.0703 0x0114  drmkaud - ok
11:15:34.0812 0x0114  [ 98B46B331404A951CABAD8B4877E1276, DC683271BFF3BCC40D656E8190A4BA25E76B5876FE3C22C66ED789068C7017A7 ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
11:15:34.0875 0x0114  E100B - ok
11:15:34.0921 0x0114  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
11:15:34.0953 0x0114  EapHost - ok
11:15:35.0000 0x0114  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
11:15:35.0015 0x0114  ERSvc - ok
11:15:35.0093 0x0114  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
11:15:35.0140 0x0114  Eventlog - ok
11:15:35.0250 0x0114  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
11:15:35.0343 0x0114  EventSystem - ok
11:15:35.0421 0x0114  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
11:15:35.0468 0x0114  Fastfat - ok
11:15:35.0562 0x0114  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:15:35.0718 0x0114  FastUserSwitchingCompatibility - ok
11:15:35.0750 0x0114  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
11:15:35.0765 0x0114  Fdc - ok
11:15:35.0796 0x0114  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
11:15:35.0812 0x0114  Fips - ok
11:15:35.0875 0x0114  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:15:35.0890 0x0114  Flpydisk - ok
11:15:35.0984 0x0114  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
11:15:36.0031 0x0114  FltMgr - ok
11:15:36.0140 0x0114  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:15:36.0203 0x0114  FontCache3.0.0.0 - ok
11:15:36.0218 0x0114  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:15:36.0234 0x0114  Fs_Rec - ok
11:15:36.0281 0x0114  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:15:36.0328 0x0114  Ftdisk - ok
11:15:36.0390 0x0114  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:15:36.0406 0x0114  Gpc - ok
11:15:36.0500 0x0114  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:15:36.0515 0x0114  helpsvc - ok
11:15:36.0562 0x0114  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
11:15:36.0562 0x0114  HidServ - ok
11:15:36.0609 0x0114  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:15:36.0609 0x0114  hidusb - ok
11:15:36.0781 0x0114  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
11:15:36.0812 0x0114  hkmsvc - ok
11:15:36.0812 0x0114  hpn - ok
11:15:36.0921 0x0114  [ 77E4FF0B73BC0AEAAF39BF0C8104231F, A5D35FCD9E52003D990EB97DF1634DE9B516647C8DAAD3152550CD875DBBDA82 ] HSFHWBS2        C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
11:15:37.0062 0x0114  HSFHWBS2 - ok
11:15:37.0406 0x0114  [ 60E1604729A15EF4A3B05F298427B3B1, 139DE473F645A300DD436B4AA8359A23FCE3BB9688B6B597E89F8ADBC36A71B9 ] HSF_DP          C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
11:15:38.0281 0x0114  HSF_DP - ok
11:15:38.0406 0x0114  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
11:15:38.0484 0x0114  HTTP - ok
11:15:38.0531 0x0114  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
11:15:38.0531 0x0114  HTTPFilter - ok
11:15:38.0546 0x0114  i2omgmt - ok
11:15:38.0562 0x0114  i2omp - ok
11:15:38.0609 0x0114  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:15:38.0765 0x0114  i8042prt - ok
11:15:39.0218 0x0114  [ 9A883C3C4D91292C0D09DE7C728E781C, 34DD9E781C42FF55BF83F62DFE7B0F4FE3CAEF19B517245BA004C2C641493A98 ] ialm            C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
11:15:39.0812 0x0114  ialm - ok
11:15:40.0171 0x0114  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:15:40.0468 0x0114  idsvc - ok
11:15:40.0531 0x0114  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
11:15:40.0546 0x0114  Imapi - ok
11:15:40.0640 0x0114  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
11:15:40.0796 0x0114  ImapiService - ok
11:15:40.0812 0x0114  ini910u - ok
11:15:40.0859 0x0114  [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
11:15:40.0859 0x0114  IntelIde - ok
11:15:40.0921 0x0114  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:15:40.0968 0x0114  intelppm - ok
11:15:41.0015 0x0114  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
11:15:41.0031 0x0114  Ip6Fw - ok
11:15:41.0093 0x0114  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:15:41.0093 0x0114  IpFilterDriver - ok
11:15:41.0156 0x0114  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:15:41.0218 0x0114  IpInIp - ok
11:15:41.0296 0x0114  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:15:41.0343 0x0114  IpNat - ok
11:15:41.0390 0x0114  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:15:41.0421 0x0114  IPSec - ok
11:15:41.0437 0x0114  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
11:15:41.0453 0x0114  IRENUM - ok
11:15:41.0484 0x0114  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:15:41.0484 0x0114  isapnp - ok
11:15:41.0640 0x0114  [ 9ECF00E19736054E019C532AED8228FC, F5A64A8269EA3655BBD4850298F335C0BD30535258928ED7CE62A32A3363E60B ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
11:15:41.0703 0x0114  JavaQuickStarterService - ok
11:15:41.0750 0x0114  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:15:41.0890 0x0114  Kbdclass - ok
11:15:41.0921 0x0114  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:15:41.0953 0x0114  kbdhid - ok
11:15:42.0031 0x0114  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
11:15:42.0031 0x0114  kmixer - ok
11:15:42.0109 0x0114  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
11:15:42.0140 0x0114  KSecDD - ok
11:15:42.0218 0x0114  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
11:15:42.0250 0x0114  lanmanserver - ok
11:15:42.0328 0x0114  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:15:42.0375 0x0114  lanmanworkstation - ok
11:15:42.0390 0x0114  lbrtfdc - ok
11:15:42.0437 0x0114  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
11:15:42.0453 0x0114  LmHosts - ok
11:15:42.0500 0x0114  [ 0C6EA0109CFEDF441F06D031E9A8D1A9, 61C18F1DD1DC5719252564A60F9E0CBD0AD275C065C5B95F330921C582EA532F ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
11:15:42.0500 0x0114  MBAMProtector - ok
11:15:43.0296 0x0114  [ 0E08BDD7326E657D59DB40BAD23D8169, 428C6CCCC0BB540DFD35847776140D60C186B9D2D14F0ACCD1A4D42A8877BD98 ] MBAMScheduler   C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
11:15:44.0000 0x0114  MBAMScheduler - ok
11:15:44.0312 0x0114  [ A8E7F3DB083EB0839DFC1C763CDD2594, BDF416E360A52130B23B029C89E6406A97FB0516C52C7E63B94CAECEEB431A2E ] MBAMService     C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
11:15:44.0593 0x0114  MBAMService - ok
11:15:44.0671 0x0114  [ 661B911FA04E73FB073FF9B1C9BD2E05, C5FD4F528A59141418DA279291E88E51D406D01FAD36435569D97E95FBA66164 ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
11:15:44.0703 0x0114  MBAMSwissArmy - ok
11:15:44.0734 0x0114  [ EEAEA6514BA7C9D273B5E87C4E1AAB30, 3B724C6A8867B1B7A45D832150E0CFAC1004D3B972A2A7BFDD2ADDDB2488BB1E ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
11:15:44.0750 0x0114  mdmxsdk - ok
11:15:44.0796 0x0114  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
11:15:44.0828 0x0114  Messenger - ok
11:15:44.0859 0x0114  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
11:15:44.0859 0x0114  mnmdd - ok
11:15:45.0093 0x0114  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
11:15:45.0125 0x0114  mnmsrvc - ok
11:15:45.0187 0x0114  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
11:15:45.0187 0x0114  Modem - ok
11:15:45.0296 0x0114  [ 1992E0D143B09653AB0F9C5E04B0FD65, 1431EC53A65F561C235A08F926C5348A6B21B06A08C075DE8172A88EE0AA634E ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys
11:15:45.0312 0x0114  MODEMCSA - ok
11:15:45.0343 0x0114  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:15:45.0343 0x0114  Mouclass - ok
11:15:45.0390 0x0114  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:15:45.0421 0x0114  mouhid - ok
11:15:45.0468 0x0114  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
11:15:45.0484 0x0114  MountMgr - ok
11:15:45.0578 0x0114  [ E1B6FCAE82474FC071155263E2841D54, 341E2CEB1A86586730130311C4FAF86851151D5F08EF915A5F89B6C4094AE1F4 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:15:45.0625 0x0114  MozillaMaintenance - ok
11:15:45.0640 0x0114  mraid35x - ok
11:15:45.0734 0x0114  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:15:45.0796 0x0114  MRxDAV - ok
11:15:46.0093 0x0114  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:15:46.0265 0x0114  MRxSmb - ok
11:15:46.0390 0x0114  [ B03E3F64B70F8031E65EB26DA23DE91A, 73184B4A75C1EA5D10B9D78A9E705432551DE15231F10C5A31021896D0938D80 ] MSCamSvc        C:\Program Files\Microsoft LifeCam\MSCamS32.exe
11:15:46.0421 0x0114  MSCamSvc - ok
11:15:46.0468 0x0114  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
11:15:46.0500 0x0114  MSDTC - ok
11:15:46.0546 0x0114  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
11:15:46.0546 0x0114  Msfs - ok
11:15:46.0609 0x0114  [ 7A0F9CBDBDB135113B9A3C138E20C85D, 2AEC135A2108ED1708368ADD496FD373862C00532CB495A9A68D6C54A82975EE ] MSHUSBVideo     C:\WINDOWS\system32\Drivers\nx6000.sys
11:15:46.0625 0x0114  MSHUSBVideo - ok
11:15:46.0625 0x0114  MSIServer - ok
11:15:46.0656 0x0114  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:15:46.0656 0x0114  MSKSSRV - ok
11:15:46.0671 0x0114  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:15:46.0687 0x0114  MSPCLOCK - ok
11:15:46.0703 0x0114  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
11:15:46.0703 0x0114  MSPQM - ok
11:15:46.0734 0x0114  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:15:46.0734 0x0114  mssmbios - ok
11:15:46.0796 0x0114  [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
11:15:46.0796 0x0114  MSTEE - ok
11:15:46.0875 0x0114  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
11:15:46.0906 0x0114  Mup - ok
11:15:47.0062 0x0114  [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:15:47.0093 0x0114  NABTSFEC - ok
11:15:47.0234 0x0114  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
11:15:47.0343 0x0114  napagent - ok
11:15:47.0453 0x0114  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
11:15:47.0515 0x0114  NDIS - ok
11:15:47.0562 0x0114  [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:15:47.0562 0x0114  NdisIP - ok
11:15:47.0609 0x0114  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:15:47.0609 0x0114  NdisTapi - ok
11:15:47.0656 0x0114  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:15:47.0671 0x0114  Ndisuio - ok
11:15:47.0750 0x0114  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:15:47.0781 0x0114  NdisWan - ok
11:15:47.0828 0x0114  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
11:15:47.0843 0x0114  NDProxy - ok
11:15:47.0875 0x0114  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
11:15:47.0890 0x0114  NetBIOS - ok
11:15:48.0109 0x0114  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
11:15:48.0171 0x0114  NetBT - ok
11:15:48.0250 0x0114  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
11:15:48.0281 0x0114  NetDDE - ok
11:15:48.0328 0x0114  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
11:15:48.0328 0x0114  NetDDEdsdm - ok
11:15:48.0375 0x0114  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
11:15:48.0375 0x0114  Netlogon - ok
11:15:48.0484 0x0114  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
11:15:48.0500 0x0114  Netman - ok
11:15:48.0578 0x0114  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:15:48.0625 0x0114  NetTcpPortSharing - ok
11:15:48.0750 0x0114  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
11:15:48.0828 0x0114  Nla - ok
11:15:48.0875 0x0114  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
11:15:48.0890 0x0114  Npfs - ok
11:15:49.0140 0x0114  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
11:15:49.0328 0x0114  Ntfs - ok
11:15:49.0375 0x0114  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
11:15:49.0375 0x0114  NtLmSsp - ok
11:15:49.0562 0x0114  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
11:15:49.0703 0x0114  NtmsSvc - ok
11:15:49.0734 0x0114  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
11:15:49.0734 0x0114  Null - ok
11:15:49.0796 0x0114  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:15:49.0796 0x0114  NwlnkFlt - ok
11:15:49.0828 0x0114  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:15:49.0843 0x0114  NwlnkFwd - ok
11:15:49.0906 0x0114  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
11:15:49.0937 0x0114  Parport - ok
11:15:49.0953 0x0114  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
11:15:49.0968 0x0114  PartMgr - ok
11:15:50.0015 0x0114  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
11:15:50.0031 0x0114  ParVdm - ok
11:15:50.0109 0x0114  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
11:15:50.0125 0x0114  PCI - ok
11:15:50.0140 0x0114  PCIDump - ok
11:15:50.0187 0x0114  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\drivers\PCIIde.sys
11:15:50.0187 0x0114  PCIIde - ok
11:15:50.0265 0x0114  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
11:15:50.0312 0x0114  Pcmcia - ok
11:15:50.0312 0x0114  PDCOMP - ok
11:15:50.0328 0x0114  PDFRAME - ok
11:15:50.0328 0x0114  PDRELI - ok
11:15:50.0343 0x0114  PDRFRAME - ok
11:15:50.0359 0x0114  perc2 - ok
11:15:50.0359 0x0114  perc2hib - ok
11:15:50.0437 0x0114  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
11:15:50.0453 0x0114  PlugPlay - ok
11:15:50.0468 0x0114  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
11:15:50.0468 0x0114  PolicyAgent - ok
11:15:50.0531 0x0114  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:15:50.0546 0x0114  PptpMiniport - ok
11:15:50.0578 0x0114  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:15:50.0578 0x0114  ProtectedStorage - ok
11:15:50.0640 0x0114  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
11:15:50.0671 0x0114  PSched - ok
11:15:50.0687 0x0114  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:15:50.0703 0x0114  Ptilink - ok
11:15:50.0703 0x0114  ql1080 - ok
11:15:50.0718 0x0114  Ql10wnt - ok
11:15:50.0718 0x0114  ql12160 - ok
11:15:50.0734 0x0114  ql1240 - ok
11:15:50.0734 0x0114  ql1280 - ok
11:15:50.0765 0x0114  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:15:50.0781 0x0114  RasAcd - ok
11:15:50.0843 0x0114  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
11:15:50.0875 0x0114  RasAuto - ok
11:15:50.0937 0x0114  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:15:50.0968 0x0114  Rasl2tp - ok
11:15:51.0062 0x0114  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
11:15:51.0171 0x0114  RasMan - ok
11:15:51.0203 0x0114  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:15:51.0250 0x0114  RasPppoe - ok
11:15:51.0281 0x0114  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
11:15:51.0281 0x0114  Raspti - ok
11:15:51.0375 0x0114  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:15:51.0437 0x0114  Rdbss - ok
11:15:51.0453 0x0114  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:15:51.0453 0x0114  RDPCDD - ok
11:15:51.0531 0x0114  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:15:51.0625 0x0114  rdpdr - ok
11:15:51.0718 0x0114  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
11:15:51.0765 0x0114  RDPWD - ok
11:15:51.0859 0x0114  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
11:15:51.0921 0x0114  RDSessMgr - ok
11:15:51.0984 0x0114  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
11:15:52.0000 0x0114  redbook - ok
11:15:52.0078 0x0114  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
11:15:52.0093 0x0114  RemoteAccess - ok
11:15:52.0156 0x0114  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
11:15:52.0171 0x0114  RemoteRegistry - ok
11:15:52.0250 0x0114  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
11:15:52.0296 0x0114  RpcLocator - ok
11:15:52.0453 0x0114  [ 18BFB544389F26E76A8982EE4BC54FA6, 1A994992C22DB0374F6EAD0413B39BB04645286F55078B793CF54EF75F868774 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
11:15:52.0468 0x0114  RpcSs - detected Trojan.Win32.Patched.pj ( 0 )
11:15:52.0468 0x0114  RpcSs ( Trojan.Win32.Patched.pj ) - infected
11:15:52.0468 0x0114  Force sending object to P2P due to detect: C:\WINDOWS\system32\rpcss.dll
11:15:52.0546 0x0114  Object send P2P result: false
11:15:52.0640 0x0114  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
11:15:52.0687 0x0114  RSVP - ok
11:15:52.0921 0x0114  [ B29EEB1EA7971BD83069EB2E2258D224, A3DF2E4BA03BAB85EE7CBD6C3224999167DC8618328443855A4C280FBB889E1A ] RTL8192su       C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
11:15:53.0187 0x0114  RTL8192su - ok
11:15:53.0218 0x0114  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
11:15:53.0218 0x0114  SamSs - ok
11:15:53.0312 0x0114  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
11:15:53.0343 0x0114  SCardSvr - ok
11:15:53.0453 0x0114  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
11:15:53.0515 0x0114  Schedule - ok
11:15:54.0171 0x0114  [ 11D94599270AA1603F75CB5ACBBD266F, 950746109BD7AA5BCF2F4320F40CFD268B34CB3DBE6073616B75A5254FE00469 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
11:15:54.0734 0x0114  SDScannerService - ok
11:15:55.0421 0x0114  [ D91D8344E73283999777083BF17D54E2, 018F500DD49A192617E57998A2E9833C5C9EB72A2B186AF25B5CB91329B1E267 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
11:15:56.0109 0x0114  SDUpdateService - ok
11:15:56.0203 0x0114  [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService    C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
11:15:56.0265 0x0114  SDWSCService - ok
11:15:56.0312 0x0114  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:15:56.0375 0x0114  Secdrv - ok
11:15:56.0421 0x0114  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
11:15:56.0437 0x0114  seclogon - ok
11:15:56.0453 0x0114  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
11:15:56.0468 0x0114  SENS - ok
11:15:56.0515 0x0114  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
11:15:56.0531 0x0114  serenum - ok
11:15:56.0578 0x0114  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
11:15:56.0625 0x0114  Serial - ok
11:15:56.0703 0x0114  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
11:15:56.0703 0x0114  Sfloppy - ok
11:15:56.0859 0x0114  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
11:15:56.0968 0x0114  SharedAccess - ok
11:15:57.0046 0x0114  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:15:57.0046 0x0114  ShellHWDetection - ok
11:15:57.0062 0x0114  Simbad - ok
11:15:57.0125 0x0114  [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:15:57.0156 0x0114  SLIP - ok
11:15:57.0375 0x0114  [ 5018A9DB5EB62E3EDB3110F82F556285, 5C90FF4609F6FC77C91FD820DF73C43A7FD72533B8522C78067E7F1EBB09FA65 ] smwdm           C:\WINDOWS\system32\drivers\smwdm.sys
11:15:57.0578 0x0114  smwdm - ok
11:15:57.0593 0x0114  Sparrow - ok
11:15:57.0656 0x0114  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
11:15:57.0937 0x0114  splitter - ok
11:15:58.0000 0x0114  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
11:15:58.0031 0x0114  Spooler - ok
11:15:58.0093 0x0114  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
11:15:58.0125 0x0114  sr - ok
11:15:58.0218 0x0114  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
11:15:58.0281 0x0114  srservice - ok
11:15:58.0437 0x0114  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
11:15:58.0562 0x0114  Srv - ok
11:15:58.0640 0x0114  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
11:15:58.0656 0x0114  SSDPSRV - ok
11:15:58.0812 0x0114  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
11:15:58.0968 0x0114  stisvc - ok
11:15:59.0000 0x0114  [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:15:59.0031 0x0114  streamip - ok
11:15:59.0078 0x0114  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
11:15:59.0078 0x0114  swenum - ok
11:15:59.0156 0x0114  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
11:15:59.0187 0x0114  swmidi - ok
11:15:59.0187 0x0114  SwPrv - ok
11:15:59.0203 0x0114  symc810 - ok
11:15:59.0218 0x0114  symc8xx - ok
11:15:59.0218 0x0114  sym_hi - ok
11:15:59.0234 0x0114  sym_u3 - ok
11:15:59.0296 0x0114  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
11:15:59.0312 0x0114  sysaudio - ok
11:15:59.0390 0x0114  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
11:15:59.0421 0x0114  SysmonLog - ok
11:15:59.0531 0x0114  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
11:15:59.0609 0x0114  TapiSrv - ok
11:15:59.0781 0x0114  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:15:59.0890 0x0114  Tcpip - ok
11:15:59.0953 0x0114  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
11:15:59.0953 0x0114  TDPIPE - ok
11:15:59.0984 0x0114  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
11:16:00.0000 0x0114  TDTCP - ok
11:16:00.0031 0x0114  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
11:16:00.0078 0x0114  TermDD - ok
11:16:00.0203 0x0114  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
11:16:00.0296 0x0114  TermService - ok
11:16:00.0359 0x0114  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
11:16:00.0359 0x0114  Themes - ok
11:16:00.0421 0x0114  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
11:16:00.0468 0x0114  TlntSvr - ok
11:16:00.0468 0x0114  TosIde - ok
11:16:00.0546 0x0114  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
11:16:00.0578 0x0114  TrkWks - ok
11:16:00.0640 0x0114  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
11:16:00.0671 0x0114  Udfs - ok
11:16:00.0687 0x0114  ultra - ok
11:16:00.0843 0x0114  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
11:16:01.0000 0x0114  Update - ok
11:16:01.0125 0x0114  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
11:16:01.0187 0x0114  upnphost - ok
11:16:01.0234 0x0114  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
11:16:01.0234 0x0114  UPS - ok
11:16:01.0296 0x0114  [ C1CA131F4E3ED63D6BC89A35FFAD4CDA, 7F44A40698FCF45A10F4EB4C1D041F44DE0231E0419BF199172E852A6668F6BB ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
11:16:01.0390 0x0114  USBAAPL - ok
11:16:01.0437 0x0114  [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
11:16:01.0453 0x0114  usbaudio - ok
11:16:01.0500 0x0114  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:16:01.0515 0x0114  usbccgp - ok
11:16:01.0531 0x0114  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:16:01.0546 0x0114  usbehci - ok
11:16:01.0609 0x0114  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:16:01.0640 0x0114  usbhub - ok
11:16:01.0703 0x0114  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:16:01.0718 0x0114  usbprint - ok
11:16:01.0765 0x0114  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:16:01.0781 0x0114  usbscan - ok
11:16:01.0828 0x0114  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:16:01.0843 0x0114  USBSTOR - ok
11:16:01.0890 0x0114  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:16:01.0921 0x0114  usbuhci - ok
11:16:02.0000 0x0114  [ 813236B1183CFCF289E367BD5DE6E29E, 167FE18A96F330AEEC1A4C419770C15EFEB536D43838285E51E7A62E95DF4674 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
11:16:02.0078 0x0114  usbvideo - ok
11:16:02.0125 0x0114  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
11:16:02.0140 0x0114  VgaSave - ok
11:16:02.0156 0x0114  ViaIde - ok
11:16:02.0203 0x0114  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
11:16:02.0218 0x0114  VolSnap - ok
11:16:02.0375 0x0114  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
11:16:02.0484 0x0114  VSS - ok
11:16:02.0562 0x0114  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
11:16:02.0656 0x0114  W32Time - ok
11:16:02.0718 0x0114  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:16:02.0718 0x0114  Wanarp - ok
11:16:02.0734 0x0114  WDICA - ok
11:16:02.0796 0x0114  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
11:16:02.0828 0x0114  wdmaud - ok
11:16:02.0906 0x0114  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
11:16:02.0937 0x0114  WebClient - ok
11:16:03.0187 0x0114  [ F59ED5A43B988A18EF582BB07B2327A7, E870821C9C4E31D3B05049FBA5D81358F9C30E6A67F600D4EA3A5736CA344028 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
11:16:03.0421 0x0114  winachsf - ok
11:16:03.0562 0x0114  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
11:16:03.0609 0x0114  winmgmt - ok
11:16:03.0687 0x0114  [ C7E39EA41233E9F5B86C8DA3A9F1E4A8, 98C21DEEB7124426D749FACDAD06EBD7F500AE5C465A98D558919C2A51C08554 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
11:16:03.0703 0x0114  WmdmPmSN - ok
11:16:03.0937 0x0114  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
11:16:04.0140 0x0114  Wmi - ok
11:16:04.0234 0x0114  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:16:04.0296 0x0114  WmiApSrv - ok
11:16:04.0375 0x0114  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
11:16:04.0406 0x0114  wscsvc - ok
11:16:04.0453 0x0114  [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:16:04.0453 0x0114  WSTCODEC - ok
11:16:04.0500 0x0114  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
11:16:04.0500 0x0114  wuauserv - ok
11:16:04.0703 0x0114  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
11:16:04.0718 0x0114  WZCSVC - ok
11:16:04.0781 0x0114  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
11:16:04.0828 0x0114  xmlprov - ok
11:16:04.0953 0x0114  ‮etadpug - detected Rootkit.Win32.PMax.gen ( 0 )
11:16:05.0093 0x0114  ‮etadpug ( Rootkit.Win32.PMax.gen ) - infected
11:16:05.0109 0x0114  ================ Scan global ===============================
11:16:05.0156 0x0114  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
11:16:05.0296 0x0114  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
11:16:05.0500 0x0114  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
11:16:05.0562 0x0114  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
11:16:05.0562 0x0114  [ Global ] - ok
11:16:05.0562 0x0114  ================ Scan MBR ==================================
11:16:05.0609 0x0114  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
11:16:05.0968 0x0114  \Device\Harddisk0\DR0 - ok
11:16:05.0984 0x0114  ================ Scan VBR ==================================
11:16:06.0000 0x0114  [ E7FD64642493735C3F0EEB7C0AC189F4 ] \Device\Harddisk0\DR0\Partition1
11:16:06.0000 0x0114  \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b ( 0 )
11:16:06.0000 0x0114  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected
11:16:06.0109 0x0114  AV detected via SS1: AVG AntiVirus Free Edition 2014, 2014.0, enabled, updated
11:16:06.0109 0x0114  Win FW state via NFM: enabled
11:16:06.0109 0x0114  ============================================================
11:16:06.0109 0x0114  Scan finished
11:16:06.0109 0x0114  ============================================================
11:16:06.0125 0x04f0  Detected object count: 4
11:16:06.0125 0x04f0  Actual detected object count: 4
11:19:00.0593 0x04f0  C:\WINDOWS\system32\rpcss.dll - copied to quarantine
11:19:05.0062 0x04f0  Backup copy found through SCO, using it..
11:19:05.0250 0x04f0  C:\WINDOWS\system32\rpcss.dll - will be cured on reboot
11:19:05.0250 0x04f0  DcomLaunch ( Trojan.Win32.Patched.pj ) - User select action: Cure
11:19:05.0531 0x04f0  C:\WINDOWS\system32\rpcss.dll - copied to quarantine
11:19:05.0828 0x04f0  Backup copy found through SCO, using it..
11:19:06.0046 0x04f0  C:\WINDOWS\system32\rpcss.dll - will be cured on reboot
11:19:06.0046 0x04f0  RpcSs ( Trojan.Win32.Patched.pj ) - User select action: Cure
11:19:06.0062 0x04f0  HKLM\SYSTEM\ControlSet001\services\‮etadpug - will be deleted on reboot
11:19:06.0062 0x04f0  HKLM\SYSTEM\ControlSet003\services\‮etadpug - will be deleted on reboot
11:19:06.0062 0x04f0  C:\Program Files\Google\Desktop\Install\{51a43956-5e61-1513-945f-f933a118996f}\   \   \‮ﯹ๛\{51a43956-5e61-1513-945f-f933a118996f}\GoogleUpdate.exe - will be deleted on reboot
11:19:06.0062 0x04f0  HKU\S-1-5-21-746137067-1214440339-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run:Google Update - will be deleted on reboot
11:19:06.0062 0x04f0  ‮etadpug ( Rootkit.Win32.PMax.gen ) - User select action: Delete
11:19:06.0109 0x04f0  \Device\Harddisk0\DR0\Partition1 - copied to quarantine
11:19:06.0109 0x04f0  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Quarantine
11:19:07.0281 0x04f0  KLMD registered as C:\WINDOWS\system32\drivers\46282390.sys
11:21:31.0562 0x0d38  Deinitialize success
 

 

Let me know what you think we should do now.

 

Thanks,

 

Cort

Link to post
Share on other sites

Combofix

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC_update.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


cfRC_screen_2.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

Hi Marius,

                 I am apprehensive to run combofix. I have downloaded it to the desktop but haven't run it yet. After what happened the last time I am leary that I will not be able to boot back up and render the computer unusable again. Is combofix safe? I realize I will need to turn AVG off also. AVG keeps popping open a window stating it has found a virus stating: Windows\System32\rpcss.dll        Is this a false positive? It is annoying and happens frequently. What are your thoughts?

 

Thanks,

 

Cort

Link to post
Share on other sites

Hi Marius,

                 One of my employees logged onto the computer and the AVG threat came up. She clicked on the remove threat bar and now it boots up onto a blue screen and nothing else. I am trying to get it to boot up to the desktop now. I will continue and notify you of my progress. Thanks for your help Marius. I would be completely lost without you. Please bare with me.

Thanks,

 

Cort

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.