Author Topic: [Resolved] Crypt.AQLW; no firewall (Read 5888 times)

LindaM · « **on:** April 24, 2012, 05:04:04 PM »

I'm helping a friend with herr computer and she's been infected. Attached is a DSS log from her computer.

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421
Run by trish at 8:48:34 on 2012-04-24
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.2906 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://msn.com/
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do-Not-Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Fantapper: {8a86d350-37ab-410a-8531-7d1363f317b3} - c:\program files\brand affinity technologies\fantapper player\\IEInstaller.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll
BHO: Club Bing Toolbar Helper: {b771fea3-2a05-4c21-b1e2-55551a97d520} - c:\program files\club bing toolbar helper\Bmbho.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Club Bing Toolbar: {719d74ab-1af9-43a1-8c62-d8750628d93e} - c:\program files\club bing toolbar\Toolbar.dll
TB: Club Bing Toolbar Helper: {b771fea3-2a05-4c21-b1e2-55551a97d520} - c:\program files\club bing toolbar helper\Bmbho.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll
TB: {156ED6F5-38A0-43AC-98CC-40684021492C} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {313A832A-AAF3-4880-A8D0-C42BEE319C02} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [EmbarqVALite_McciTrayApp] c:\program files\embarqvalite\EMBARQHelpHelper.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ReminderApp] c:\program files\nova development\greeting card factory deluxe 8.0\ReminderApp.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\EVENTP~1.LNK -
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3978C37F-2B3B-45A3-B892-564ADCF83083} : NameServer = 192.168.1.1,192.168.1.10
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.0.2\ViProtocol.dll
Hosts: 94.63.147.16   www.google.com
Hosts: 94.63.147.17   www.bing.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\avgidsehx.sys [2011-12-23 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-2-22 299472]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-2-14 5104992]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-4-22 21504]
S2 FTSvc;Fantapper Player Update Service;c:\program files\brand affinity technologies\fantapper player\FantapperUpdateService.exe [2011-11-8 11776]
S2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\common files\avg secure search\vtoolbarupdater\11.0.2\ToolbarUpdater.exe [2012-4-23 932736]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-23 253088]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 dc3d;USBCCGP filter driver (dc3d);c:\windows\system32\drivers\dc3d.sys [2009-1-15 15360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-15 22344]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-23 40776]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-15 654408]
.
=============== Created Last 30 ================
.
2012-04-24 00:51:11   --------   d-----w-   c:\users\trish\appdata\roaming\AVG2012
2012-04-24 00:50:14   --------   d-----w-   c:\users\trish\appdata\local\AVG Secure Search
2012-04-24 00:49:38   --------   d-----w-   c:\programdata\AVG Secure Search
2012-04-24 00:49:32   --------   d-----w-   c:\program files\common files\AVG Secure Search
2012-04-24 00:49:29   --------   d-----w-   c:\program files\AVG Secure Search
2012-04-24 00:48:16   --------   d--h--w-   C:\$AVG
2012-04-23 23:26:30   70304   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-23 23:26:30   418464   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-04-23 18:59:07   40776   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-23 18:42:16   0   --sha-w-   c:\windows\system32\dds_trash_log.cmd
2012-04-19 23:59:30   72192   ----a-w-   c:\windows\system32\drivers\tdx.sys
2012-04-19 21:43:01   --------   d-----w-   c:\program files\Broadcom
2012-04-19 21:42:16   987136   ----a-w-   c:\windows\system32\BCMLogon.dll
2012-04-19 21:07:31   --------   d-----w-   c:\users\trish\appdata\local\Deployment
2012-04-19 20:37:02   --------   d-----w-   c:\program files\CCleaner
2012-04-18 01:10:55   --------   d-----w-   c:\program files\MALWAREBYTES ANTI-MALWARE
2012-04-17 23:32:55   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2012-04-17 23:32:53   1127424   ----a-w-   c:\windows\system32\wininet.dll
2012-04-17 23:32:51   678912   ----a-w-   c:\program files\internet explorer\iedvtool.dll
2012-04-17 21:57:07   141112   ----a-w-   c:\program files\internet explorer\sqmapi.dll
2012-04-17 21:57:04   194048   ----a-w-   c:\program files\internet explorer\IEShims.dll
2012-04-17 21:57:04   1799168   ----a-w-   c:\windows\system32\jscript9.dll
2012-04-17 21:56:55   1427456   ----a-w-   c:\windows\system32\inetcpl.cpl
2012-04-16 22:30:00   5120   ----a-w-   c:\windows\system32\wmi.dll
2012-04-16 22:30:00   172032   ----a-w-   c:\windows\system32\wintrust.dll
2012-04-16 22:30:00   157696   ----a-w-   c:\windows\system32\imagehlp.dll
2012-04-16 22:29:59   12800   ----a-w-   c:\windows\system32\drivers\fs_rec.sys
2012-04-16 21:49:02   --------   d-----w-   C:\5369dcd0e13be9bad7477e73
2012-04-15 13:20:29   --------   d-----w-   C:\AVG2012
2012-04-15 03:11:00   2409784   ----a-w-   c:\program files\windows mail\OESpamFilter.dat
.
==================== Find3M ====================
.
2012-04-04 19:56:40   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-02-22 09:25:52   299472   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2012-02-22 09:25:32   235216   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2012-01-31 08:46:50   31952   ----a-w-   c:\windows\system32\drivers\avgrkx86.sys
.
============= FINISH: 8:52:07.14 ===============

Thank you for your help.

Hoov · « **Reply #1 on:** April 24, 2012, 05:54:52 PM »

Hello, welcome to SpywareHammer.

I go by Hoov, and I will be helping you with your problem. I must ask you to do a few things for me.

First, tell me everything that you have done, if anything, to try and fix this problem.Also tell me any other problems you are having, no matter how small or long you have been dealing with them.

Second, please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

Third, follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go.

Fourth, Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

Fifth, if we start this fix, I need you to stick with me until the end. Just because your computer is running better does not mean it is fixed.

Before we start trying to fix your computer, you need to make sure your data is backed up. Also let me know of any software you have running that encrypts your harddrive.

One last thing, I need you to tell me if this computer belongs to a school or to a company or orginization of some kind. If it does, please let me know. Also tell me if there is an IT department responsible for this computer.

Now onto trying to fix your computer.

When you ran DDS did you get an attach.txt file ? If you did will you please post that log as well.

Also if at all possible, please get your friend involved in the repair. Even if she is a newbie, she will learn much that will help in the future.

Please start Malwarebytes' Anti-Malware and update it, then run a full scan on your computer. If it finds anything, fix it and then post the resulting log. If you don't find anything, post that log.

LindaM · « **Reply #2 on:** April 24, 2012, 06:16:34 PM »

Hi Hoov and thanks for your help.

The infected computer is not from business, it's a personal computer. Trish the owner of the computer has very little interest in learning how they work, she just wants it to work.

I have run AVG and that didn't pick up anything, I ran Malwarebytes and came up with nothing. I kept getting threat detections from AVg and moved them to the vault. I unistalled AVG and reinstalled a new copy. While running the new copy it came up with two threats that were moved to the vault (Trojan horse Crypt.AQWL and trojan horse BackDoor.Generic). I also ran CCleaner and deleted all the temp files.

I have no software that encrypts my hard drive.

I will stick with you to the end....I appreciate your help soooo much.

This is my last Malwarebytes log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.23.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
trish :: TRISH-PC [administrator]

4/23/2012 6:11:01 PM
mbam-log-2012-04-23 (18-11-01).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 0
Time elapsed: 1 minute(s), 3 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

LindaM

LindaM · « **Reply #3 on:** April 24, 2012, 06:32:50 PM »

Here is the dss attach file:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 9/29/2008 5:12:30 AM
System Uptime: 4/24/2012 8:41:40 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0WX414
Processor: Intel(R) Core(TM)2 CPU T5300 @ 1.73GHz | Microprocessor | 1729/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 100 GiB total, 56.593 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.249 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Photosmart Premium C309g-m
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart Premium C309g-m
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart Premium C309g-m
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart Premium C309g-m
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.1
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Brochures & Flyers
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Funhouse II
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Photo Prints
ArcSoft Print Creations - Poster Creator
ArcSoft Print Creations - Quick Photo Book
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
AVG 2012
Bing Bar
Bing Rewards Client Installer
Broadcom Management Programs
BufferChm
C309g-m
CCleaner
Club Bing Toolbar
Club Bing Toolbar Helper
Dell Driver Download Manager
Dell Resource CD
Dell Wireless WLAN Card
Destinations
DeviceDiscovery
Easy Chef's Million Recipes
Embarq Toolbar
Fantapper Player
GPBaseService2
Greeting Card Factory Deluxe 8.0
Hallmark Card Studio 2009
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart Premium C309g-m All-In-One Driver Software 13.0 Rel .6
HP Print Projects 1.0
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
Image Plugin
Java Auto Updater
Java(TM) 6 Update 18
Macromedia Shockwave Player
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
MediaDirect
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Default Manager
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Standard 2006 Editor
Microsoft Digital Image Standard 2006 Library
Microsoft Digital Image Standard 2006 Update
Microsoft Encarta Encyclopedia Standard 2006
Microsoft Location Finder
Microsoft Money 2006
Microsoft Silverlight
Microsoft Streets & Trips 2006
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
OutlookAddinSetup
PS_AIO_06_C309g-m_SW_Min
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Scan
Scrapbook Factory Deluxe 4.0
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Sonic Activation Module
Spelling Dictionaries Support For Adobe Reader 9
Status
Toolbox
TrayApp
Uninstall EMBARQHelp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
WebReg
Windows Media Player Firefox Plugin
Works Upgrade
.
==== Event Viewer Messages From Past Week ========
.
4/24/2012 8:46:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/24/2012 8:46:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/24/2012 8:46:42 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 Avgtdix spldr Wanarpv6
4/24/2012 8:46:42 AM, Error: Service Control Manager [7023] - The DHCP Client service terminated with the following error: There are no more endpoints available from the endpoint mapper.
4/24/2012 8:46:42 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
4/24/2012 8:46:42 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
4/24/2012 8:46:42 AM, Error: Service Control Manager [7003] - The DNS Client service depends the following service: Tdx. This service might not be installed.
4/24/2012 8:46:42 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/24/2012 8:46:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
4/24/2012 8:46:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/24/2012 8:46:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/24/2012 8:43:33 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll Error Code: 21
4/24/2012 8:43:00 AM, Error: EventLog [6008] - The previous system shutdown at 8:40:07 AM on 4/24/2012 was unexpected.
4/24/2012 7:42:17 AM, Error: Service Control Manager [7023] - The Nod32krn service terminated with the following error: Access is denied.
4/24/2012 7:33:16 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
4/24/2012 7:33:16 AM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/24/2012 7:33:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
4/24/2012 7:27:25 AM, Error: Service Control Manager [7023] - The Tavsvc service terminated with the following error: Access is denied.
4/24/2012 7:26:11 AM, Error: Service Control Manager [7023] - The Ccalib8 service terminated with the following error: Access is denied.
4/24/2012 7:20:46 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgtdix
4/24/2012 7:20:46 AM, Error: Service Control Manager [7023] - The Wmccds service terminated with the following error: The specified module could not be found.
4/24/2012 7:20:46 AM, Error: Service Control Manager [7023] - The Webupdate service terminated with the following error: The specified module could not be found.
4/24/2012 7:20:46 AM, Error: Service Control Manager [7023] - The Tvtfilter service terminated with the following error: The specified module could not be found.
4/24/2012 7:20:46 AM, Error: Service Control Manager [7023] - The TMBMServer service terminated with the following error: The specified module could not be found.
4/24/2012 7:20:46 AM, Error: Service Control Manager [7023] - The Sscdbus service terminated with the following error: The specified module could not be found.
4/24/2012 7:20:46 AM, Error: Service Control Manager [7023] - The SimpTcp service terminated with the following error: The specified module could not be found.
4/24/2012 7:20:46 AM, Error: Service Control Manager [7023] - The SE2Cbus service terminated with the following error: The specified module could not be found.
4/24/2012 7:20:46 AM, Error: Service Control Manager [7023] - The Pnarp service terminated with the following error: The specified module could not be found.
4/24/2012 7:20:46 AM, Error: Service Control Manager [7023] - The IPassPeriodicUpdateService service terminated with the following error: The specified module could not be found.
4/24/2012 7:20:46 AM, Error: Service Control Manager [7023] - The Inort service terminated with the following error: The specified module could not be found.
4/24/2012 7:20:46 AM, Error: Service Control Manager [7023] - The Dmprimer service terminated with the following error: The specified module could not be found.
4/24/2012 7:20:46 AM, Error: Service Control Manager [7023] - The DellAMBrokerService service terminated with the following error: The specified module could not be found.
4/24/2012 7:20:46 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
4/24/2012 7:20:46 AM, Error: Service Control Manager [7023] - The Btaudio service terminated with the following error: The specified module could not be found.
4/24/2012 7:20:46 AM, Error: Service Control Manager [7023] - The Avhook service terminated with the following error: The specified module could not be found.
4/24/2012 7:20:46 AM, Error: Service Control Manager [7000] - The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.
4/23/2012 9:18:44 PM, Error: Service Control Manager [7023] - The IPassPeriodicUpdateService service terminated with the following error: Access is denied.
4/23/2012 9:14:04 PM, Error: Service Control Manager [7023] - The TMBMServer service terminated with the following error: Access is denied.
4/23/2012 9:13:15 PM, Error: Service Control Manager [7023] - The Dmprimer service terminated with the following error: Access is denied.
4/23/2012 9:07:29 PM, Error: atikmdag [52249] - CPLIB :: Initialization - Failed to load the library
4/23/2012 8:48:40 PM, Error: Service Control Manager [7000] - The AVG TDI Driver service failed to start due to the following error: The system cannot find the file specified.
4/23/2012 8:17:57 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
4/23/2012 8:17:57 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
4/23/2012 8:08:00 PM, Error: Service Control Manager [7023] - The Btaudio service terminated with the following error: Access is denied.
4/23/2012 8:07:08 PM, Error: Service Control Manager [7023] - The Pnarp service terminated with the following error: Access is denied.
4/23/2012 7:58:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
4/23/2012 7:47:28 PM, Error: Service Control Manager [7043] - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
4/23/2012 7:45:14 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
4/23/2012 7:41:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
4/23/2012 7:19:53 PM, Error: Service Control Manager [7023] - The Wmccds service terminated with the following error: Access is denied.
4/23/2012 7:17:35 PM, Error: Service Control Manager [7023] - The Webupdate service terminated with the following error: Access is denied.
4/23/2012 7:13:43 PM, Error: EventLog [6008] - The previous system shutdown at 7:11:23 PM on 4/23/2012 was unexpected.
4/23/2012 4:27:31 AM, Error: EventLog [6008] - The previous system shutdown at 8:32:13 PM on 4/22/2012 was unexpected.
4/23/2012 3:10:05 PM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00197E9564BE. The following error occurred: The wait operation timed out.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
4/23/2012 2:57:52 PM, Error: Service Control Manager [7023] - The Tvtfilter service terminated with the following error: Access is denied.
4/23/2012 2:56:50 PM, Error: Service Control Manager [7023] - The SimpTcp service terminated with the following error: Access is denied.
4/23/2012 2:56:28 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
4/23/2012 2:54:10 PM, Error: Service Control Manager [7023] - The Sscdbus service terminated with the following error: Access is denied.
4/23/2012 2:47:57 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
4/23/2012 2:46:21 PM, Error: Service Control Manager [7023] - The DellAMBrokerService service terminated with the following error: Access is denied.
4/23/2012 2:43:52 PM, Error: Service Control Manager [7023] - The Inort service terminated with the following error: Access is denied.
4/23/2012 2:43:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
4/23/2012 2:43:40 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/23/2012 2:42:43 PM, Error: Service Control Manager [7023] - The Avhook service terminated with the following error: Access is denied.
4/23/2012 2:42:16 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
4/23/2012 2:42:16 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
4/23/2012 2:19:51 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
4/23/2012 2:18:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/23/2012 2:18:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/23/2012 2:18:50 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Wanarpv6
4/23/2012 2:18:50 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/23/2012 2:18:50 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/23/2012 2:18:50 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
4/23/2012 2:18:50 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/23/2012 2:18:50 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/23/2012 2:18:50 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/23/2012 2:18:50 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/23/2012 2:18:50 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
4/23/2012 2:18:50 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/23/2012 2:17:27 PM, Error: EventLog [6008] - The previous system shutdown at 2:13:02 PM on 4/23/2012 was unexpected.
4/23/2012 11:13:45 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
4/23/2012 11:13:09 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows Vista (KB2679255).
4/23/2012 1:27:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
4/23/2012 1:27:42 PM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/23/2012 1:27:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
4/23/2012 1:15:22 PM, Error: EventLog [6008] - The previous system shutdown at 1:14:03 PM on 4/23/2012 was unexpected.
4/23/2012 1:12:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/22/2012 7:35:13 PM, Error: Service Control Manager [7000] - The McAfee Protection Manager service failed to start due to the following error: The system cannot find the path specified.
4/22/2012 7:35:13 PM, Error: Service Control Manager [7000] - The McAfee Network Agent service failed to start due to the following error: The system cannot find the path specified.
4/22/2012 6:09:10 PM, Error: EventLog [6008] - The previous system shutdown at 6:05:55 PM on 4/22/2012 was unexpected.
4/22/2012 6:00:47 PM, Error: Service Control Manager [7022] - The HP Network Devices Support service hung on starting.
4/22/2012 5:57:21 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Network Devices Support service to connect.
4/22/2012 5:57:21 PM, Error: Service Control Manager [7000] - The HP Network Devices Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/22/2012 5:56:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service HPSLPSVC with arguments "" in order to run the server: {10DA4F3C-CC99-4190-BE4D-58330754E882}
4/19/2012 7:58:36 PM, Error: Service Control Manager [7003] - The DHCP Client service depends the following service: Tdx. This service might not be installed.
4/19/2012 7:19:41 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
4/19/2012 3:51:44 PM, Error: EventLog [6008] - The previous system shutdown at 3:49:47 PM on 4/19/2012 was unexpected.
4/18/2012 7:58:29 AM, Error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/18/2012 7:58:28 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect.
4/18/2012 7:51:19 AM, Error: EventLog [6008] - The previous system shutdown at 7:48:50 AM on 4/18/2012 was unexpected.
4/18/2012 7:44:18 AM, Error: EventLog [6008] - The previous system shutdown at 7:41:34 AM on 4/18/2012 was unexpected.
4/18/2012 7:38:07 AM, Error: EventLog [6008] - The previous system shutdown at 7:35:18 AM on 4/18/2012 was unexpected.
4/18/2012 7:10:54 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.
4/18/2012 7:10:54 AM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/18/2012 7:06:59 AM, Error: EventLog [6008] - The previous system shutdown at 7:04:13 AM on 4/18/2012 was unexpected.
4/18/2012 7:03:54 AM, Error: Service Control Manager [7034] - The Roxio Hard Drive Watcher 9 service terminated unexpectedly. It has done this 1 time(s).
4/18/2012 7:00:48 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the RoxMediaDB9 service to connect.
4/18/2012 7:00:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service RoxMediaDB9 with arguments "" in order to run the server: {5EFBB572-1CBD-47DA-8BBA-5BAB9CADD108}
4/17/2012 9:02:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Interactive Services Detection service to connect.
4/17/2012 9:02:31 PM, Error: Service Control Manager [7000] - The Interactive Services Detection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/17/2012 8:57:00 PM, Error: EventLog [6008] - The previous system shutdown at 8:55:17 PM on 4/17/2012 was unexpected.
4/17/2012 8:45:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
4/17/2012 8:40:39 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.
4/17/2012 8:11:36 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Update service, but this action failed with the following error: An instance of the service is already running.
4/17/2012 6:23:21 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2675157 (Security Update) into Staging(Staging) state
4/17/2012 6:23:21 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2675157 (Security Update) into Resolved(Resolved) state
4/17/2012 6:21:51 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2675157-9_neutral_LDR from package KB2675157(Security Update) into Staging(Staging) state
4/17/2012 6:21:51 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2675157-8_neutral_GDR from package KB2675157(Security Update) into Staging(Staging) state
4/17/2012 6:21:51 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2675157-7_neutral_LDR from package KB2675157(Security Update) into Staging(Staging) state
4/17/2012 6:21:51 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2675157-6_neutral_GDR from package KB2675157(Security Update) into Staging(Staging) state
4/17/2012 6:21:51 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2675157-5_neutral_LDR from package KB2675157(Security Update) into Staging(Staging) state
4/17/2012 6:21:51 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2675157-4_neutral_GDR from package KB2675157(Security Update) into Staging(Staging) state
4/17/2012 6:21:51 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2675157-3_neutral_LDR from package KB2675157(Security Update) into Staging(Staging) state
4/17/2012 6:21:51 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2675157-26_neutral_GDR from package KB2675157(Security Update) into Staging(Staging) state
4/17/2012 6:21:51 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2675157-25_neutral_LDR from package KB2675157(Security Update) into Staging(Staging) state
4/17/2012 6:21:51 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2675157-24_neutral_GDR from package KB2675157(Security Update) into Staging(Staging) state
4/17/2012 6:21:51 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2675157-23_neutral_LDR from package KB2675157(Security Update) into Staging(Staging) state
4/17/2012 6:21:51 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2675157-22_neutral_GDR from package KB2675157(Security Update) into Staging(Staging) state
4/17/2012 6:21:51 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2675157-21_neutral_LDR from package KB2675157(Security Update) into Staging(Staging) state
4/17/2012 6:21:51 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2675157-20_neutral_GDR from package KB2675157(Security Update) into Staging(Staging) state
4/17/2012 6:21:51 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2675157-2_neutral_GDR from package KB2675157(Security Update) into Staging(Staging) state
4/17/2012 6:21:51 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2675157-19_neutral_LDR from package KB2675157(Security Update) into Staging(Staging) state
4/17/2012 6:21:51 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2675157-18_neutral_GDR from package KB2675157(Security Update) into Staging(Staging) state
4/17/2012 6:21:51 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2675157-17_neutral_LDR from package KB2675157(Security Update) into Staging(Staging) state
4/17/2012 6:21:51 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2675157-16_neutral_GDR from package KB2675157(Security Update) into Staging(Staging) state
4/17/2012 6:21:51 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2675157-15_neutral_LDR from package KB2675157(Security Update) into Staging(Staging) state
4/17/2012 6:21:51 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2675157-14_neutral_GDR from package KB2675157(Security Update) into Staging(Staging) state
4/17/2012 6:21:51 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2675157-13_neutral_LDR from package KB2675157(Security Update) into Staging(Staging) state
4/17/2012 6:21:51 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2675157-12_neutral_GDR from package KB2675157(Security Update) into Staging(Staging) state
4/17/2012 6:21:51 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2675157-11_neutral_LDR from package KB2675157(Security Update) into Staging(Staging) state
4/17/2012 6:21:51 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2675157-10_neutral_GDR from package KB2675157(Security Update) into Staging(Staging) state
4/17/2012 6:21:51 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2675157-1_neutral_LDR from package KB2675157(Security Update) into Staging(Staging) state
4/17/2012 5:49:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Print Spooler service to connect.
4/17/2012 5:49:17 PM, Error: Service Control Manager [7000] - The Print Spooler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/17/2012 5:43:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Fantapper Player Update Service service to connect.
4/17/2012 5:43:17 PM, Error: Service Control Manager [7000] - The Fantapper Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

Hoov · « **Reply #4 on:** April 24, 2012, 06:43:29 PM »

Can you get into the AVG logs and post one of them from when the virus was detected?

* Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix''s window while it''s running. That may cause it to stall

LindaM · « **Reply #5 on:** April 25, 2012, 04:11:28 PM »

Evening Hoov,

Attached is the AVG scan:

Scan "Whole computer scan" completed.
Infections;"2";"2";"0"
Folders selected for scanning:;"Whole computer scan"
Scan started:;"Monday, April 23, 2012, 9:15:45 PM"
Scan finished:;"Monday, April 23, 2012, 11:06:12 PM (1 hour(s) 50 minute(s) 27 second(s))"
Total object scanned:;"1646758"
User who launched the scan:;"trish"

Infections
;"File";"Infection";"Result"
;"C:\Windows\System32\alcxsens.dll";"Trojan horse Crypt.AQLW";"Moved to Virus Vault"
;"C:\backup\Drivers\input\R141200\SynTPEnh.exe";"Trojan horse BackDoor.Generic15.AOXD";"Moved to Virus Vault"

After trying to run ComboFix last night the computer would go into a memory dump at the ComboFix output folders and restart.

I have uninstalled AVG because it refused to disable the program.

While I was uninstalling AVG I noticed a new program:
"I Want This" 215 Apps installed on 4/24/2012 3.39MB

I tried running ComboFix tonight two times during a regular startup and the system would crash at the output folders.
I tried running ComboFix in the Safe Mode without a network connection and it ran until the output folders again and the system crashed.

Hmmmm.....

Thanks
Linda

Hoov · « **Reply #6 on:** April 25, 2012, 04:23:44 PM »

Please download Rkill by Grinler and save it to your desktop.

Link 2
Link 3
Link 4

Double-click on the Rkill desktop icon to run the tool.
If using Vista, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.

Now update Malwarebytes' Anti-Malware and run a full scan with it. Fix anything it finds, and post the log. if it finds nothing, post that log instead. [/list]

LindaM · « **Reply #7 on:** April 25, 2012, 05:25:43 PM »

Downloaded and ran Rkill...It worked and I've updated Malwarebytes; full scan is running now

LindaM · « **Reply #8 on:** April 26, 2012, 02:35:34 AM »

Malwarebytes scan log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.25.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
trish :: TRISH-PC [administrator]

4/25/2012 7:23:25 PM
mbam-log-2012-04-25 (19-23-25).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 350207
Time elapsed: 3 hour(s), 34 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 33
HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\CLSID\{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CLSID\{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.BHO (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.BHO.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.FBApi (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.FBApi.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.Sandbox (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.Sandbox.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCU\Software\Cr_Installer\2258 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This|Publisher (Adware.GamePlayLab) -> Data: 215 Apps -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 5
C:\Program Files\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\trish\Local Settings\Application Data\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\trish\Local Settings\Application Data\I Want This\Chrome (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\trish\AppData\Local\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\trish\AppData\Local\I Want This\Chrome (Adware.GamePlayLab) -> Quarantined and deleted successfully.

Files Detected: 17
C:\Windows\System32\psimsvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\ADIDTSFiltService.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\queuemgr.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Program Files\I Want This\I Want This.dll (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Program Files\I Want This\I Want This.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Program Files\I Want This\I Want ThisGui.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Program Files\I Want This\Uninstall.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Users\trish\AppData\Local\Temp\air6355.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Windows\System32\tbhsd.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\Temp\wwerwdmbtuqbnjxf.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\ms0cfg32.exe (Exploit.Drop.CFG) -> Quarantined and deleted successfully.
C:\Program Files\I Want This\I Want This.ini (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files\I Want This\I Want This.ico (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files\I Want This\I Want ThisInstaller.log (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\trish\Local Settings\Application Data\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\trish\AppData\Local\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files\I Want This\I Want This.dll (PUP.GamePlayLab) -> Quarantined and deleted successfully.

(end)

The computer restarted and went into the memory dump.

LindaM · « **Reply #9 on:** April 27, 2012, 06:13:18 AM »

I started the computer this morning and I came up with the following AVG threats detected:

1. File Name: C:\windows\System32\DELL.A02.dll
Threat name: IDP.Trojan.1C8D1A13
Moved to vault

2. File Name: C:\Windows\System32\FreshIO.dll
Threat name: IDP.Trojan.1C8D1A13
Moved to vault.

I'm updating AVG and running another scan, will post results when the scan is complete.

LindaM

Hoov · « **Reply #10 on:** April 27, 2012, 06:25:08 AM »

Sorry, I missed your post yesterday.

* Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix''s window while it''s running. That may cause it to stall

LindaM · « **Reply #11 on:** April 27, 2012, 11:23:31 AM »

Hey Hoov,

No problem about missing the post, did the post at 3 am before I went to work.

AVG is no longer working...tried to uninstall and reinstall. It would not uninstall completely.

I ran the Combofix program 3 times and each time I get the following messages:

1) The recycle bin is corrupted - empty the bin for this drive - chose yes option

2) Freeware implementation of XCACLS has stopped working...Windows is looking for a solution.

Linda

Hoov · « **Reply #12 on:** April 27, 2012, 02:06:49 PM »

Can you open your recycle bin?

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on click on the change parameters option.
Once you are in there, check all four boxes and then click on the OK button.
Now click the Start Scan button.
This is what you will see during the scan,

and this is what you will see when the scan is done if any threats are found. Don't change any of the recommended actions. Click the continue button.
Once the fix is done you might see this,

or it may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

LindaM · « **Reply #13 on:** April 27, 2012, 04:36:21 PM »

Hoov,
The recycle bin does open and its empty.
Here is the first part of the TDSSKiller file:
17:53:26.0596 4572   TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
17:53:28.0599 4572   ============================================================
17:53:28.0599 4572   Current date / time: 2012/04/27 17:53:28.0599
17:53:28.0599 4572   SystemInfo:
17:53:28.0599 4572
17:53:28.0599 4572   OS Version: 6.0.6002 ServicePack: 2.0
17:53:28.0599 4572   Product type: Workstation
17:53:28.0599 4572   ComputerName: TRISH-PC
17:53:28.0599 4572   UserName: trish
17:53:28.0599 4572   Windows directory: C:\Windows
17:53:28.0599 4572   System windows directory: C:\Windows
17:53:28.0600 4572   Processor architecture: Intel x86
17:53:28.0600 4572   Number of processors: 2
17:53:28.0600 4572   Page size: 0x1000
17:53:28.0600 4572   Boot type: Normal boot
17:53:28.0600 4572   ============================================================
17:53:33.0591 4572   Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:53:33.0595 4572   Drive \Device\Harddisk1\DR1 - Size: 0xF080000 (0.23 Gb), SectorSize: 0x200, Cylinders: 0x1E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:53:33.0597 4572   ============================================================
17:53:33.0597 4572   \Device\Harddisk0\DR0:
17:53:33.0601 4572   MBR partitions:
17:53:33.0601 4572   \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1400000
17:53:33.0602 4572   \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x141B800, BlocksNum 0xC778800
17:53:33.0718 4572   \Device\Harddisk1\DR1:
17:53:33.0719 4572   MBR partitions:
17:53:33.0720 4572   \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x783E0
17:53:33.0720 4572   ============================================================
17:53:33.0898 4572   C: <-> \Device\Harddisk0\DR0\Partition1
17:53:34.0013 4572   D: <-> \Device\Harddisk0\DR0\Partition0
17:53:34.0013 4572   ============================================================
17:53:34.0013 4572   Initialize success
17:53:34.0019 4572   ============================================================
17:54:04.0237 4392   ============================================================
17:54:04.0237 4392   Scan started
17:54:04.0237 4392   Mode: Manual; SigCheck; TDLFS;
17:54:04.0237 4392   ============================================================
17:54:10.0273 4392   .tdx - ok
17:54:11.0108 4392   ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
17:54:11.0373 4392   ACDaemon - ok
17:54:11.0770 4392   ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
17:54:11.0812 4392   ACPI - ok
17:54:12.0190 4392   AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:54:12.0269 4392   AdobeFlashPlayerUpdateSvc - ok
17:54:12.0641 4392   adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
17:54:12.0967 4392   adp94xx - ok
17:54:13.0055 4392   adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
17:54:13.0088 4392   adpahci - ok
17:54:13.0241 4392   adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
17:54:13.0271 4392   adpu160m - ok
17:54:13.0303 4392   adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
17:54:13.0325 4392   adpu320 - ok
17:54:13.0459 4392   AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
17:54:14.0185 4392   AeLookupSvc - ok
17:54:15.0513 4392   AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
17:54:15.0703 4392   AFD - ok
17:54:16.0031 4392   agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
17:54:16.0066 4392   agp440 - ok
17:54:16.0450 4392   aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:54:16.0488 4392   aic78xx - ok
17:54:16.0673 4392   ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
17:54:17.0255 4392   ALG - ok
17:54:17.0402 4392   aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
17:54:17.0416 4392   aliide - ok
17:54:17.0841 4392   amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
17:54:17.0870 4392   amdagp - ok
17:54:17.0951 4392   amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
17:54:17.0969 4392   amdide - ok
17:54:18.0146 4392   AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
17:54:22.0281 4392   AmdK7 - ok
17:54:22.0453 4392   AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
17:54:22.0546 4392   AmdK8 - ok
17:54:22.0597 4392   amsint - ok
17:54:22.0803 4392   Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
17:54:22.0926 4392   Appinfo - ok
17:54:23.0433 4392   arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
17:54:23.0461 4392   arc - ok
17:54:23.0479 4392   arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
17:54:23.0494 4392   arcsas - ok
17:54:23.0604 4392   AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:54:23.0684 4392   AsyncMac - ok
17:54:23.0778 4392   atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
17:54:23.0796 4392   atapi - ok
17:54:24.0090 4392   Ati External Event Utility (c74d9a831b523ef5a66f4f13b2ddea2e) C:\Windows\system32\Ati2evxx.exe
17:54:24.0212 4392   Ati External Event Utility - ok
17:54:24.0775 4392   atikmdag (184e2b47542badbe5ca606f0fc9a90cc) C:\Windows\system32\DRIVERS\atikmdag.sys
17:54:25.0001 4392   atikmdag - ok
17:54:25.0367 4392   AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
17:54:25.0440 4392   AudioEndpointBuilder - ok
17:54:25.0446 4392   Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
17:54:25.0478 4392   Audiosrv - ok
17:54:28.0781 4392   AVGIDSAgent (f5689fba4360be50839999882e0a9d99) C:\Program Files\AVG\AVG2012\avgidsagent.exe
17:54:29.0300 4392   AVGIDSAgent - ok
17:54:30.0296 4392   avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
17:54:30.0346 4392   avgwd - ok
17:54:30.0687 4392   BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
17:54:30.0722 4392   BBSvc - ok
17:54:32.0485 4392   BCM42RLY - ok
17:54:33.0755 4392   BCM43XV (cdf7f28ffd693b1b4137845dd1ef1ccc) C:\Windows\system32\DRIVERS\bcmwl6.sys
17:54:33.0795 4392   BCM43XV - ok
17:54:33.0885 4392   BCM43XX (cdf7f28ffd693b1b4137845dd1ef1ccc) C:\Windows\system32\DRIVERS\bcmwl6.sys
17:54:33.0925 4392   BCM43XX - ok
17:54:34.0105 4392   bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
17:54:34.0195 4392   bcm4sbxp - ok
17:54:34.0455 4392   Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:54:34.0615 4392   Beep - ok
17:54:34.0725 4392   BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
17:54:34.0845 4392   BITS - ok
17:54:34.0845 4392   blbdrive - ok
17:54:35.0235 4392   bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
17:54:35.0345 4392   bowser - ok
17:54:35.0545 4392   BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:54:35.0585 4392   BrFiltLo - ok
17:54:35.0615 4392   BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:54:35.0695 4392   BrFiltUp - ok
17:54:35.0875 4392   Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
17:54:35.0975 4392   Browser - ok
17:54:36.0385 4392   Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:54:36.0495 4392   Brserid - ok
17:54:36.0695 4392   BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:54:36.0765 4392   BrSerWdm - ok
17:54:36.0845 4392   BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:54:36.0985 4392   BrUsbMdm - ok
17:54:37.0025 4392   BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:54:37.0105 4392   BrUsbSer - ok
17:54:37.0205 4392   BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:54:37.0295 4392   BTHMODEM - ok
17:54:37.0745 4392   catchme - ok
17:54:37.0955 4392   cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:54:38.0015 4392   cdfs - ok
17:54:38.0085 4392   cdr4_2k - ok
17:54:38.0155 4392   cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
17:54:38.0275 4392   cdrom - ok
17:54:38.0645 4392   CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
17:54:38.0765 4392   CertPropSvc - ok
17:54:38.0835 4392   Cinemsup - ok
17:54:39.0065 4392   circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
17:54:39.0145 4392   circlass - ok
17:54:39.0255 4392   CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
17:54:39.0295 4392   CLFS - ok
17:54:39.0705 4392   clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:54:39.0725 4392   clr_optimization_v2.0.50727_32 - ok
17:54:40.0665 4392   clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:54:40.0735 4392   clr_optimization_v4.0.30319_32 - ok
17:54:40.0805 4392   CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
17:54:40.0865 4392   CmBatt - ok
17:54:41.0045 4392   cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
17:54:41.0075 4392   cmdide - ok
17:54:41.0225 4392   Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
17:54:41.0235 4392   Compbatt - ok
17:54:41.0245 4392   COMSysApp - ok
17:54:41.0455 4392   crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
17:54:41.0475 4392   crcdisk - ok
17:54:41.0675 4392   Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
17:54:41.0795 4392   Crusoe - ok
17:54:41.0895 4392   CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
17:54:41.0955 4392   CryptSvc - ok
17:54:41.0975 4392   db2jds - ok
17:54:42.0045 4392   dc3d (6b62f5f9a987d08f67fc1302e4b67aed) C:\Windows\system32\DRIVERS\dc3d.sys
17:54:42.0075 4392   dc3d - ok
17:54:42.0285 4392   DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
17:54:42.0375 4392   DcomLaunch - ok
17:54:42.0435 4392   Defrag32b - ok
17:54:42.0695 4392   DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
17:54:42.0745 4392   DfsC - ok
17:54:44.0965 4392   DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
17:54:45.0175 4392   DFSR - ok
17:54:47.0655 4392   Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
17:54:47.0765 4392   Dhcp - ok
17:54:48.0015 4392   disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
17:54:48.0035 4392   disk - ok
17:54:48.0335 4392   DLABMFSM (a53723176d0002feb486eff8e17812f2) C:\Windows\system32\DLA\DLABMFSM.SYS
17:54:48.0345 4392   DLABMFSM - ok
17:54:48.0575 4392   DLABOIOM (d4587063acea776699251e177d719586) C:\Windows\system32\DLA\DLABOIOM.SYS
17:54:48.0585 4392   DLABOIOM - ok
17:54:48.0705 4392   DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
17:54:48.0715 4392   DLACDBHM - ok
17:54:48.0775 4392   DLADResM (c950c2e7b9ed1a4fc4a2ac7ec044f1d6) C:\Windows\system32\DLA\DLADResM.SYS
17:54:48.0785 4392   DLADResM - ok
17:54:48.0815 4392   DLAIFS_M (24400137e387a24410c52a591f3cfb4d) C:\Windows\system32\DLA\DLAIFS_M.SYS
17:54:48.0825 4392   DLAIFS_M - ok
17:54:49.0175 4392   DLAOPIOM (29a303feceb28641ecebdae89eb71c63) C:\Windows\system32\DLA\DLAOPIOM.SYS
17:54:49.0195 4392   DLAOPIOM - ok
17:54:49.0205 4392   DLAPoolM (c93e33a22a1ae0c5508f3fb1f6d0a50c) C:\Windows\system32\DLA\DLAPoolM.SYS
17:54:49.0215 4392   DLAPoolM - ok
17:54:49.0335 4392   DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
17:54:49.0355 4392   DLARTL_M - ok
17:54:49.0655 4392   DLAUDFAM (b953498c35a31e5ac98f49adbcf3e627) C:\Windows\system32\DLA\DLAUDFAM.SYS
17:54:49.0665 4392   DLAUDFAM - ok
17:54:49.0905 4392   DLAUDF_M (4897704c093c1f59ce58fc65e1e1ef1e) C:\Windows\system32\DLA\DLAUDF_M.SYS
17:54:49.0925 4392   DLAUDF_M - ok
17:54:50.0065 4392   dmserver - ok
17:54:50.0375 4392   Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
17:54:50.0525 4392   Dnscache - ok
17:54:50.0805 4392   dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
17:54:50.0855 4392   dot3svc - ok
17:54:51.0165 4392   Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
17:54:51.0325 4392   Dot4 - ok
17:54:51.0345 4392   Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
17:54:51.0385 4392   Dot4Print - ok
17:54:51.0615 4392   dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
17:54:51.0755 4392   dot4usb - ok
17:54:52.0635 4392   DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
17:54:52.0675 4392   DPS - ok
17:54:52.0815 4392   drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:54:52.0905 4392   drmkaud - ok
17:54:53.0525 4392   DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\Windows\system32\Drivers\DRVMCDB.SYS
17:54:53.0535 4392   DRVMCDB - ok
17:54:53.0765 4392   DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
17:54:53.0785 4392   DRVNDDM - ok
17:54:53.0835 4392   dtsagntsvc - ok

LindaM · « **Reply #14 on:** April 27, 2012, 04:38:08 PM »

part 2 of the TDSSKIller file:
17:54:54.0445 4392   DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
17:54:54.0485 4392   DXGKrnl - ok
17:54:54.0575 4392   E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:54:54.0745 4392   E1G60 - ok
17:54:55.0265 4392   EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
17:54:55.0295 4392   EapHost - ok
17:54:55.0755 4392   Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
17:54:55.0775 4392   Ecache - ok
17:54:56.0195 4392   ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
17:54:56.0265 4392   ehRecvr - ok
17:54:56.0855 4392   ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
17:54:56.0925 4392   ehSched - ok
17:54:57.0025 4392   ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
17:54:57.0075 4392   ehstart - ok
17:54:57.0365 4392   elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
17:54:57.0395 4392   elxstor - ok
17:54:57.0630 4392   EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
17:54:57.0750 4392   EMDMgmt - ok
17:54:57.0758 4392   ESMCR - ok
17:54:58.0213 4392   EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
17:54:58.0316 4392   EventSystem - ok
17:54:58.0577 4392   exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
17:54:58.0657 4392   exfat - ok
17:54:58.0714 4392   fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
17:54:58.0773 4392   fastfat - ok
17:54:58.0979 4392   fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
17:54:59.0119 4392   fdc - ok
17:54:59.0228 4392   fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
17:54:59.0266 4392   fdPHost - ok
17:54:59.0308 4392   FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
17:54:59.0400 4392   FDResPub - ok
17:54:59.0495 4392   FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:54:59.0512 4392   FileInfo - ok
17:54:59.0796 4392   Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:54:59.0861 4392   Filetrace - ok
17:54:59.0941 4392   flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
17:55:00.0049 4392   flpydisk - ok
17:55:00.0295 4392   FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
17:55:00.0321 4392   FltMgr - ok
17:55:00.0481 4392   FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
17:55:00.0561 4392   FontCache - ok
17:55:00.0737 4392   FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:55:00.0750 4392   FontCache3.0.0.0 - ok
17:55:00.0821 4392   Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
17:55:00.0890 4392   Fs_Rec - ok
17:55:01.0763 4392   FTSvc (20b12280a2d5f9b4a33d48da46e36a2d) C:\Program Files\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe
17:55:01.0873 4392   FTSvc ( UnsignedFile.Multi.Generic ) - warning
17:55:01.0873 4392   FTSvc - detected UnsignedFile.Multi.Generic (1)
17:55:01.0925 4392   gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
17:55:01.0942 4392   gagp30kx - ok
17:55:02.0364 4392   gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
17:55:02.0428 4392   gpsvc - ok
17:55:02.0591 4392   HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
17:55:02.0683 4392   HdAudAddService - ok
17:55:02.0746 4392   HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:55:02.0812 4392   HDAudBus - ok
17:55:02.0964 4392   HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:55:03.0067 4392   HidBth - ok
17:55:03.0188 4392   HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
17:55:03.0258 4392   HidIr - ok
17:55:03.0476 4392   hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
17:55:03.0509 4392   hidserv - ok
17:55:03.0610 4392   HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
17:55:03.0655 4392   HidUsb - ok
17:55:03.0745 4392   hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
17:55:03.0788 4392   hkmsvc - ok
17:55:03.0826 4392   HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
17:55:03.0848 4392   HpCISSs - ok
17:55:05.0355 4392   hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
17:55:05.0377 4392   hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
17:55:05.0377 4392   hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
17:55:05.0485 4392   hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
17:55:05.0532 4392   hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
17:55:05.0532 4392   hpqddsvc - detected UnsignedFile.Multi.Generic (1)
17:55:05.0672 4392   HPSLPSVC (568e44f6dcfa173f3670172b69379891) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
17:55:05.0747 4392   HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
17:55:05.0747 4392   HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
17:55:06.0726 4392   HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
17:55:06.0790 4392   HSFHWAZL - ok
17:55:08.0274 4392   HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
17:55:08.0392 4392   HSF_DPV - ok
17:55:08.0542 4392   HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
17:55:08.0702 4392   HTTP - ok
17:55:08.0819 4392   i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
17:55:08.0843 4392   i2omp - ok
17:55:09.0031 4392   i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:55:09.0069 4392   i8042prt - ok
17:55:09.0163 4392   iaimfp3 (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\USB_RNDIS_XP.dll
17:55:09.0166 4392   iaimfp3 ( Backdoor.Multi.ZAccess.gen ) - infected
17:55:09.0166 4392   iaimfp3 - detected Backdoor.Multi.ZAccess.gen (0)
17:55:09.0236 4392   iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
17:55:09.0273 4392   iaStorV - ok
17:55:09.0371 4392   ichaud - ok
17:55:09.0767 4392   IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
17:55:09.0781 4392   IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:55:09.0781 4392   IDriverT - detected UnsignedFile.Multi.Generic (1)
17:55:10.0233 4392   idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:55:10.0323 4392   idsvc - ok
17:55:10.0499 4392   iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:55:10.0514 4392   iirsp - ok
17:55:10.0705 4392   IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
17:55:10.0814 4392   IKEEXT - ok
17:55:10.0837 4392   imountsrv - ok
17:55:10.0920 4392   intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
17:55:10.0936 4392   intelide - ok
17:55:11.0059 4392   intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
17:55:11.0143 4392   intelppm - ok
17:55:11.0331 4392   IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
17:55:11.0361 4392   IPBusEnum - ok
17:55:11.0621 4392   IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:55:11.0681 4392   IpFilterDriver - ok
17:55:11.0771 4392   iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
17:55:11.0831 4392   iphlpsvc - ok
17:55:11.0841 4392   IpInIp - ok
17:55:11.0911 4392   IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
17:55:11.0961 4392   IPMIDRV - ok
17:55:12.0591 4392   IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:55:12.0661 4392   IPNAT - ok
17:55:12.0781 4392   IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:55:12.0851 4392   IRENUM - ok
17:55:12.0881 4392   isamsmt - ok
17:55:13.0121 4392   isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
17:55:13.0141 4392   isapnp - ok
17:55:13.0191 4392   iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
17:55:13.0211 4392   iScsiPrt - ok
17:55:13.0921 4392   iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:55:13.0931 4392   iteatapi - ok
17:55:13.0941 4392   iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:55:13.0961 4392   iteraid - ok
17:55:14.0061 4392   kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:55:14.0131 4392   kbdclass - ok
17:55:14.0186 4392   kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
17:55:14.0281 4392   kbdhid - ok
17:55:14.0478 4392   KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:55:14.0583 4392   KeyIso - ok
17:55:14.0811 4392   KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
17:55:14.0913 4392   KSecDD - ok
17:55:15.0770 4392   KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
17:55:15.0849 4392   KtmRm - ok
17:55:16.0469 4392   LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
17:55:16.0565 4392   LanmanServer - ok
17:55:16.0816 4392   LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
17:55:16.0854 4392   LanmanWorkstation - ok
17:55:17.0031 4392   lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:55:17.0103 4392   lltdio - ok
17:55:17.0262 4392   lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
17:55:17.0383 4392   lltdsvc - ok
17:55:17.0530 4392   lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
17:55:17.0591 4392   lmhosts - ok
17:55:17.0800 4392   LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
17:55:17.0817 4392   LSI_FC - ok
17:55:17.0969 4392   LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
17:55:18.0024 4392   LSI_SAS - ok
17:55:18.0112 4392   LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
17:55:18.0132 4392   LSI_SCSI - ok
17:55:18.0484 4392   luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:55:18.0571 4392   luafv - ok
17:55:18.0576 4392   LwUsbHid - ok
17:55:18.0588 4392   lxcccustomerconnect - ok
17:55:18.0759 4392   MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
17:55:18.0785 4392   MBAMProtector - ok
17:55:20.0318 4392   MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:55:20.0415 4392   MBAMService - ok
17:55:20.0474 4392   MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
17:55:20.0487 4392   MBAMSwissArmy - ok
17:55:20.0604 4392   McciCMService (4f74184920b2d6e33024409b4c5c57c1) C:\Program Files\Common Files\Motive\McciCMService.exe
17:55:20.0640 4392   McciCMService ( UnsignedFile.Multi.Generic ) - warning
17:55:20.0640 4392   McciCMService - detected UnsignedFile.Multi.Generic (1)
17:55:20.0645 4392   mcpromgr - ok
17:55:20.0761 4392   Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2svc.dll
17:55:20.0819 4392   Mcx2Svc - ok
17:55:20.0952 4392   megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
17:55:20.0966 4392   megasas - ok
17:55:20.0971 4392   meraksmtp - ok
17:55:21.0045 4392   MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:55:21.0087 4392   MMCSS - ok
17:55:21.0172 4392   Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:55:21.0222 4392   Modem - ok
17:55:21.0332 4392   monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:55:21.0420 4392   monitor - ok
17:55:21.0498 4392   mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:55:21.0513 4392   mouclass - ok
17:55:21.0604 4392   mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
17:55:21.0688 4392   mouhid - ok
17:55:21.0917 4392   MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:55:21.0937 4392   MountMgr - ok
17:55:22.0115 4392   mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
17:55:22.0134 4392   mpio - ok
17:55:22.0367 4392   mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:55:22.0410 4392   mpsdrv - ok
17:55:22.0562 4392   Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:55:22.0575 4392   Mraid35x - ok
17:55:22.0795 4392   MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
17:55:22.0861 4392   MRxDAV - ok
17:55:23.0404 4392   mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:55:23.0483 4392   mrxsmb - ok
17:55:23.0777 4392   mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:55:23.0815 4392   mrxsmb10 - ok
17:55:24.0261 4392   mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:55:24.0322 4392   mrxsmb20 - ok
17:55:24.0487 4392   msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
17:55:24.0571 4392   msahci - ok
17:55:25.0717 4392   msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
17:55:25.0825 4392   msdsm - ok
17:55:26.0214 4392   MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
17:55:26.0268 4392   MSDTC - ok
17:55:26.0373 4392   Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:55:26.0445 4392   Msfs - ok
17:55:26.0681 4392   msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:55:26.0695 4392   msisadrv - ok
17:55:26.0770 4392   MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
17:55:26.0845 4392   MSiSCSI - ok
17:55:26.0850 4392   msiserver - ok
17:55:26.0989 4392   MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:55:27.0019 4392   MSKSSRV - ok
17:55:27.0134 4392   MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:55:27.0216 4392   MSPCLOCK - ok
17:55:27.0278 4392   MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:55:27.0410 4392   MSPQM - ok
17:55:27.0670 4392   MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
17:55:27.0696 4392   MsRPC - ok
17:55:27.0826 4392   mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:55:27.0844 4392   mssmbios - ok
17:55:27.0903 4392   MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:55:27.0942 4392   MSTEE - ok
17:55:28.0495 4392   Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
17:55:28.0512 4392   Mup - ok
17:55:28.0643 4392   napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
17:55:28.0807 4392   napagent - ok
17:55:29.0456 4392   NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
17:55:29.0566 4392   NativeWifiP - ok
17:55:29.0897 4392   NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
17:55:29.0967 4392   NDIS - ok
17:55:30.0140 4392   NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:55:30.0201 4392   NdisTapi - ok
17:55:30.0295 4392   Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:55:30.0325 4392   Ndisuio - ok
17:55:30.0844 4392   NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:55:30.0887 4392   NdisWan - ok
17:55:31.0423 4392   NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:55:31.0484 4392   NDProxy - ok
17:55:31.0833 4392   Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\Windows\system32\HPZinw12.dll
17:55:31.0946 4392   Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:55:31.0946 4392   Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:55:32.0172 4392   NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:55:32.0218 4392   NetBIOS - ok
17:55:32.0501 4392   netbt (b78ee6f9c049a7cb103d1493f35cb32d) C:\Windows\system32\DRIVERS\netbt.sys
17:55:32.0503 4392   Suspicious file (Forged): C:\Windows\system32\DRIVERS\netbt.sys. Real md5: b78ee6f9c049a7cb103d1493f35cb32d, Fake md5: ecd64230a59cbd93c85f1cd1cab9f3f6
17:55:32.0504 4392   netbt ( Virus.Win32.ZAccess.k ) - infected
17:55:32.0504 4392   netbt - detected Virus.Win32.ZAccess.k (0)
17:55:32.0640 4392   Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:55:32.0662 4392   Netlogon - ok
17:55:33.0074 4392   Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
17:55:33.0166 4392   Netman - ok
17:55:33.0799 4392   netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
17:55:33.0870 4392   netprofm - ok
17:55:34.0377 4392   NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:55:34.0397 4392   NetTcpPortSharing - ok
17:55:34.0453 4392   NETw5x32 - ok
17:55:34.0709 4392   nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:55:34.0724 4392   nfrd960 - ok
17:55:34.0814 4392   NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
17:55:34.0913 4392   NlaSvc - ok
17:55:35.0095 4392   Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
17:55:35.0128 4392   Npfs - ok
17:55:35.0299 4392   nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
17:55:35.0365 4392   nsi - ok
17:55:35.0397 4392   nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:55:35.0482 4392   nsiproxy - ok
17:55:36.0279 4392   Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
17:55:36.0385 4392   Ntfs - ok
17:55:36.0615 4392   ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:55:36.0755 4392   ntrigdigi - ok
17:55:36.0885 4392   NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
17:55:36.0898 4392   NuidFltr - ok
17:55:36.0955 4392   Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:55:37.0067 4392   Null - ok
17:55:37.0396 4392   nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
17:55:37.0456 4392   nvraid - ok
17:55:37.0637 4392   nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
17:55:37.0733 4392   nvstor - ok
17:55:37.0906 4392   nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
17:55:37.0934 4392   nv_agp - ok
17:55:37.0940 4392   NwlnkFlt - ok
17:55:37.0952 4392   NwlnkFwd - ok
17:55:38.0443 4392   ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
17:55:38.0518 4392   ohci1394 - ok
17:55:38.0822 4392   p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:55:38.0879 4392   p2pimsvc - ok
17:55:38.0890 4392   p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:55:38.0925 4392   p2psvc - ok
17:55:39.0170 4392   Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
17:55:39.0363 4392   Parport - ok
17:55:39.0609 4392   partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
17:55:39.0634 4392   partmgr - ok
17:55:39.0754 4392   Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
17:55:39.0861 4392   Parvdm - ok
17:55:40.0118 4392   PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
17:55:40.0715 4392   PcaSvc - ok
17:55:40.0797 4392   pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
17:55:40.0827 4392   pci - ok
17:55:41.0015 4392   pciide (20b869152448f80ac49cf10264e91f5e) C:\Windows\system32\drivers\pciide.sys
17:55:41.0035 4392   pciide - ok
17:55:41.0294 4392   pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
17:55:41.0337 4392   pcmcia - ok
17:55:41.0931 4392   PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:55:42.0795 4392   PEAUTH - ok
17:55:42.0897 4392   pfc (957b82ec80ad7ead64e5e47df6b0dc40) C:\Windows\system32\drivers\pfc.sys
17:55:42.0920 4392   pfc ( UnsignedFile.Multi.Generic ) - warning
17:55:42.0920 4392   pfc - detected UnsignedFile.Multi.Generic (1)
17:55:43.0547 4392   pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
17:55:43.0717 4392   pla - ok
17:55:46.0011 4392   PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
17:55:46.0042 4392   PlugPlay - ok
17:55:46.0417 4392   Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\Windows\system32\HPZipm12.dll
17:55:46.0460 4392   Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:55:46.0460 4392   Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:55:46.0918 4392   PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:55:47.0157 4392   PNRPAutoReg - ok
17:55:47.0181 4392   PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:55:47.0269 4392   PNRPsvc - ok
17:55:48.0611 4392   PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
17:55:48.0786 4392   PolicyAgent - ok
17:55:49.0118 4392   PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:55:49.0211 4392   PptpMiniport - ok
17:55:49.0464 4392   Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
17:55:49.0551 4392   Processor - ok
17:55:49.0638 4392   ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
17:55:49.0693 4392   ProfSvc - ok
17:55:49.0809 4392   ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:55:49.0833 4392   ProtectedStorage - ok
17:55:50.0446 4392   PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
17:55:50.0508 4392   PSched - ok
17:55:50.0513 4392   psdvdisk - ok
17:55:50.0756 4392   PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
17:55:50.0774 4392   PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
17:55:50.0775 4392   PxHelp20 - detected UnsignedFile.Multi.Generic (1)
17:55:51.0215 4392   ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
17:55:51.0563 4392   ql2300 - ok
17:55:51.0600 4392   ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:55:51.0623 4392   ql40xx - ok
17:55:51.0900 4392   QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
17:55:51.0970 4392   QWAVE - ok
17:55:52.0153 4392   QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:55:52.0191 4392   QWAVEdrv - ok
17:55:55.0019 4392   R300 (184e2b47542badbe5ca606f0fc9a90cc) C:\Windows\system32\DRIVERS\atikmdag.sys
17:55:55.0176 4392   R300 - ok
17:55:56.0294 4392   radiosvr - ok
17:55:56.0320 4392   rampartsvc - ok
17:55:56.0899 4392   RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:55:56.0983 4392   RasAcd - ok
17:55:57.0482 4392   RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
17:55:57.0574 4392   RasAuto - ok
17:55:57.0579 4392   rasirda - ok
17:55:58.0174 4392   Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:55:58.0420 4392   Rasl2tp - ok
17:55:59.0013 4392   RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
17:55:59.0179 4392   RasMan - ok
17:55:59.0481 4392   RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
17:55:59.0514 4392   RasPppoe - ok
17:55:59.0883 4392   RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
17:55:59.0918 4392   RasSstp - ok

News:

Author Topic: [Resolved] Crypt.AQLW; no firewall (Read 5888 times)

LindaM

[Resolved] Crypt.AQLW; no firewall

Hoov

Re: [In Progress] Crypt.AQLW; no firewall

LindaM

Re: [In Progress] Crypt.AQLW; no firewall

LindaM

Re: [In Progress] Crypt.AQLW; no firewall

Hoov

Re: [In Progress] Crypt.AQLW; no firewall

LindaM

Re: [In Progress] Crypt.AQLW; no firewall

Hoov

Re: [In Progress] Crypt.AQLW; no firewall

LindaM

Re: [In Progress] Crypt.AQLW; no firewall

LindaM

Re: [In Progress] Crypt.AQLW; no firewall

LindaM

Re: [In Progress] Crypt.AQLW; no firewall

Hoov

Re: [In Progress] Crypt.AQLW; no firewall

LindaM

Re: [In Progress] Crypt.AQLW; no firewall

Hoov

Re: [In Progress] Crypt.AQLW; no firewall

LindaM

Re: [In Progress] Crypt.AQLW; no firewall

LindaM

Re: [In Progress] Crypt.AQLW; no firewall