[A] Afd.sys has Trojan Horse Agent_r, multiple TH Crypt infections..

Inactive
By kvcummins
Mar 12, 2012
Topic Status:
Not open for further replies.
  1. As noted in the title, my afd.sys has an Agent_r variant, and I periodically get Crypt infections of various files. I have AVG 2012, updated and running. Here are my logs:

    MBAM LOG::


    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.11.07

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Jamie :: CUMMINS-VISTA [administrator]

    Protection: Enabled

    3/11/2012 9:57:54 AM
    mbam-log-2012-03-11 (09-57-54).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 234878
    Time elapsed: 15 minute(s), 43 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  2. kvcummins

    kvcummins Newcomer, in training Topic Starter

    GMER LOG::


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-03-12 08:29:44
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0
    Running: 4jtuc65q.exe; Driver: C:\Users\Jamie\AppData\Local\Temp\uxtiqpow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB38E1F3C]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB38E1FE4]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB38E2080]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB38E211C]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!KeSetEvent + 3F1 822EEB74 4 Bytes [3C, 1F, 8E, B3]
    .text ntkrnlpa.exe!KeSetEvent + 621 822EEDA4 8 Bytes [E4, 1F, 8E, B3, 80, 20, 8E, ...]
    .text ntkrnlpa.exe!KeSetEvent + 681 822EEE04 4 Bytes [1C, 21, 8E, B3]
    .text C:\Windows\system32\drivers\afd.sys section is writeable [0x93CA4000, 0x9C71, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtProtectVirtualMemory 76E14BA4 5 Bytes JMP 0120000A
    .text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtWriteVirtualMemory 76E154E4 5 Bytes JMP 0125000A
    .text C:\Windows\system32\svchost.exe[1364] ntdll.dll!KiUserExceptionDispatcher 76E15C28 5 Bytes JMP 010E000A
    .text C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe[3320] ntdll.dll!DbgBreakPoint 76DF878E 1 Byte [90]

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73097817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [730EA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7309BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7308F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [730975E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7308E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [730C8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7309DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7308FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7308FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [730871CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7311CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [730BC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7308D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73086853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7308687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73092AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    ---- Processes - GMER 1.0.15 ----

    Process PING.EXE (*** hidden *** ) 1192
    Process C:\Windows\System32\ping.exe (*** hidden *** ) 3804

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Classes\CLSID\{7A0D1738-10EA-47FF-92BE-4E137B5BE1A4}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{7A0D1738-10EA-47FF-92BE-4E137B5BE1A4}\InprocServer32@ C:\nDoors\Atlantica\StmOCX.dll?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    Reg HKLM\SOFTWARE\Classes\CLSID\{7A0D1738-10EA-47FF-92BE-4E137B5BE1A4}\InprocServer32@ThreadingModel Apartment??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    Reg HKLM\SOFTWARE\Classes\CLSID\{7A0D1738-10EA-47FF-92BE-4E137B5BE1A4}\Programmable
    Reg HKLM\SOFTWARE\Classes\CLSID\{7A0D1738-10EA-47FF-92BE-4E137B5BE1A4}\TypeLib
    Reg HKLM\SOFTWARE\Classes\CLSID\{7A0D1738-10EA-47FF-92BE-4E137B5BE1A4}\TypeLib@ {0AB6D809-3081-494F-BD93-D58F480BF0E3}??????????????????????????????????????????????????????????????????????????????????????????

    ---- Files - GMER 1.0.15 ----

    File C:\Windows\$NtUninstallKB36441$\2453711976 0 bytes
    File C:\Windows\$NtUninstallKB36441$\2956803684 0 bytes
    File C:\Windows\$NtUninstallKB36441$\2956803684\@ 2048 bytes
    File C:\Windows\$NtUninstallKB36441$\2956803684\cfg.ini 298 bytes
    File C:\Windows\$NtUninstallKB36441$\2956803684\Desktop.ini 4608 bytes
    File C:\Windows\$NtUninstallKB36441$\2956803684\L 0 bytes
    File C:\Windows\$NtUninstallKB36441$\2956803684\L\qnbwvoto 273408 bytes
    File C:\Windows\$NtUninstallKB36441$\2956803684\oemid 15 bytes
    File C:\Windows\$NtUninstallKB36441$\2956803684\U 0 bytes
    File C:\Windows\$NtUninstallKB36441$\2956803684\U\00000001.@ 2048 bytes
    File C:\Windows\$NtUninstallKB36441$\2956803684\U\00000002.@ 224768 bytes
    File C:\Windows\$NtUninstallKB36441$\2956803684\U\00000004.@ 1024 bytes
    File C:\Windows\$NtUninstallKB36441$\2956803684\U\80000000.@ 66560 bytes
    File C:\Windows\$NtUninstallKB36441$\2956803684\U\80000004.@ 12800 bytes
    File C:\Windows\$NtUninstallKB36441$\2956803684\U\80000032.@ 96256 bytes
    File C:\Windows\$NtUninstallKB36441$\2956803684\version 861 bytes

    ---- EOF - GMER 1.0.15 ----
  3. kvcummins

    kvcummins Newcomer, in training Topic Starter

    DDS LOG::

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
    Run by Jamie at 8:31:09 on 2012-03-12
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1408 [GMT -5:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Google\Update\1.3.21.99\GoogleCrashHandler.exe
    C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\iWin Games\iWinTrusted.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
    C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
    C:\Program Files\Spare Backup\SpareBackup.exe
    C:\Windows\sttray.exe
    C:\Windows\System32\ico.exe
    C:\Windows\Samsung\PanelMgr\SSMMgr.exe
    C:\Windows\System32\wpcumi.exe
    C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\ProgramData\Verizon\UA_ar\UtilityApplication.exe
    C:\Users\Jamie\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Users\Jamie\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe
    C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
    C:\Program Files\OpenCase\OpenCASE Media Agent\PandoBinaries\NBCPandoREST.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\PDFtypewriter\Printer\PDFtypewriter_Printer_Monitor.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://www.google.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
    mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
    mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    uURLSearchHooks: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
    mURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
    BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\17.0.963.79\npchrome_frame.dll
    TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
    TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
    uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
    uRun: [Steam] "c:\program files\steam\steam.exe" -silent
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    uRun: [HLBackupScheduler] c:\program files\verizon v cast media manager\V CAST Backup Scheduler.exe
    uRun: [Google Update] "c:\users\jamie\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [MusicManager] "c:\users\jamie\appdata\local\programs\google\musicmanager\MusicManager.exe"
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [2A9C11379E70151611846A09A51B34FFC6EF6D31._service_run] "c:\program files\google\chrome\application\chrome.exe" --type=service
    uRun: [NCsoft]
    uRun: [NCsoft Launcher] c:\program files\ncsoft\launcher\NCLauncher.exe /Minimized
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [Camera Assistant Software] "c:\program files\camera assistant software for gateway\traybar.exe"
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [Spare Backup] "c:\program files\spare backup\SpareBackup.exe" /silent
    mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [PDFtypewriterPrinterMonitor] "c:\program files\pdftypewriter\printer\PDFtypewriterMonitorStart.exe"
    mRun: [SigmatelSysTrayApp] sttray.exe
    mRun: [Mouse Suite 98 Daemon] ICO.EXE
    mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
    mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
    mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
    mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
    mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    StartupFolder: c:\users\jamie\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\jamie\appdata\roaming\dropbox\bin\Dropbox.exe
    StartupFolder: c:\users\jamie\appdata\roaming\micros~1\windows\startm~1\programs\startup\launch~1.lnk - c:\users\jamie\appdata\roaming\verizon\ua_ar\UtilityApplication.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\launch~1.lnk - c:\programdata\verizon\ua_ar\UtilityApplication.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
    IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
    IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
    IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
    IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    LSP: c:\windows\system32\wpclsp.dll
    LSP: mswsock.dll
    Trusted Zone: real.com\rhap-app-4-0
    Trusted Zone: real.com\rhapreg
    Trusted Zone: rhapsody.com\rhap-app-4-0
    Trusted Zone: rhapsody.com\rhapreg
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{5C2B85B4-2188-4694-8514-9FB5B35EE722} : NameServer = 192.168.1.1
    TCP: Interfaces\{ADF67151-6190-40DF-9538-0890B562DCC8} : DhcpNameServer = 192.168.1.1
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
    Handler: dst - {BF6DC600-9B21-44EE-81CF-62883B4FA20A} - c:\program files\ata\dstctrl\DSTProtocol.dll
    Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\17.0.963.79\npchrome_frame.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\jamie\appdata\roaming\mozilla\firefox\profiles\cqnge4ae.default\
    FF - prefs.js: browser.search.selectedEngine - Inbox Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80115&language=en&qkw=
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
    FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
    FF - component: c:\users\jamie\appdata\roaming\mozilla\firefox\profiles\cqnge4ae.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\users\jamie\appdata\roaming\mozilla\firefox\profiles\cqnge4ae.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
    FF - component: c:\users\jamie\appdata\roaming\mozilla\firefox\profiles\cqnge4ae.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\download manager\npfpdlm.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\nos\bin\np_gp.dll
    FF - plugin: c:\program files\picasa2\npPicasa3.dll
    FF - plugin: c:\program files\total immersion\dfusionhomewebplugin\NPDFusionWebFirefox.dll
    FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
    FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
    FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\users\jamie\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\users\jamie\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\users\jamie\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\jamie\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-15 21504]
    R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2011-4-8 176848]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-11 652360]
    R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\opencase\opencase media agent\MediaAgent.exe [2008-8-29 835208]
    R2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\splashtop\splashtop remote\server\SRService.exe [2011-12-21 529768]
    R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2007-8-12 5120]
    R2 SSUService;Splashtop Software Updater Service;c:\program files\splashtop\splashtop software updater\SSUService.exe [2011-11-10 370504]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
    R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-3-31 218688]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-11 20464]
    R3 MRVW147;Marvell TOPDOG (TM) 802.11bgn Driver for Vista Native WIFI (CB8x/EC8x);c:\windows\system32\drivers\MRVW147.sys [2009-1-5 534016]
    S2 avgarcln;ATSWPDRV;c:\windows\system32\svchost.exe -k netsvcs [2008-9-15 21504]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1c94bdc33e1bc90;Google Update Service (gupdate1c94bdc33e1bc90);c:\program files\google\update\GoogleUpdate.exe [2008-11-21 133104]
    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-7-30 30312]
    S3 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
    S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-7-10 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
    S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
    S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-11-20 30192]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2008-11-21 133104]
    S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-7-30 121192]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-7-30 12776]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-7-30 136680]
    S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-7-30 114152]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
    S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
    .
    =============== Created Last 30 ================
    .
    2012-03-11 14:11:38 -------- d-----w- c:\users\jamie\appdata\roaming\Malwarebytes
    2012-03-11 14:11:29 -------- d-----w- c:\programdata\Malwarebytes
    2012-03-11 14:11:28 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-11 14:11:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-03-10 23:33:23 -------- d-----w- c:\users\jamie\appdata\roaming\AVG2012
    2012-03-10 23:32:16 -------- d-----w- c:\programdata\AVG2012
    2012-03-10 03:45:25 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-03-09 19:01:41 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-03-09 18:46:28 -------- d-----w- c:\users\jamie\appdata\roaming\mIRC
    2012-03-09 18:46:25 -------- d-----w- c:\program files\mIRC
    2012-03-01 23:25:52 -------- d-----w- c:\users\jamie\appdata\local\NCSoft
    2012-03-01 22:53:58 -------- d-----w- c:\users\jamie\appdata\local\assembly
    2012-03-01 22:53:07 -------- d-----w- c:\program files\NCSoft
    2012-03-01 04:17:22 -------- d-----w- c:\program files\iPod
    2012-03-01 04:07:37 -------- d-----w- c:\program files\Bonjour
    2012-02-24 22:04:17 -------- d-----w- c:\users\jamie\appdata\roaming\Chrome
    2012-02-23 20:07:14 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
    2012-02-23 20:07:01 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
    2012-02-23 20:05:19 -------- d-----w- c:\windows\system32\RsFx
    2012-02-23 20:03:21 -------- d-----w- c:\windows\system32\1033
    2012-02-23 19:57:07 -------- d-----w- c:\program files\Microsoft SQL Server
    2012-02-23 19:56:50 -------- d-----w- c:\program files\Microsoft Synchronization Services
    2012-02-23 19:56:49 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2012-02-23 19:56:15 188128 ----a-w- c:\programdata\microsoft\vcsexpress\10.0\1033\ResourceCache.dll
    2012-02-23 19:51:37 -------- d-----w- c:\program files\Microsoft Help Viewer
    2012-02-23 19:51:36 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
    2012-02-18 23:21:48 -------- d-----w- c:\program files\LEGO Island
    2012-02-18 23:21:16 32768 ----a-w- c:\windows\_ds4BEE.tmp
    2012-02-18 22:30:56 -------- d-----w- c:\users\jamie\appdata\roaming\.minecraft
    2012-02-18 21:53:03 -------- d-----w- c:\users\jamie\D-Fend Reloaded
    2012-02-18 21:53:01 -------- d-----w- c:\program files\D-Fend Reloaded
    2012-02-15 07:59:07 680448 ----a-w- c:\windows\system32\msvcrt.dll
    2012-02-15 07:59:06 2044416 ----a-w- c:\windows\system32\win32k.sys
    2012-02-15 07:59:05 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    .
    ==================== Find3M ====================
    .
    2012-03-08 22:37:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-02-12 01:09:31 2360 ----a-w- c:\windows\system32\ealregsnapshot1.reg
    2012-02-01 22:46:55 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2012-01-29 23:14:22 2272 ----a-w- c:\windows\system32\w95inf16.dll
    2012-01-29 23:14:21 4608 ----a-w- c:\windows\system32\w95inf32.dll
    2011-12-28 16:35:03 1393736 ----a-w- c:\users\jamie\gotomypc_626.exe
    2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
    2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
    2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    .
    ============= FINISH: 8:31:54.09 ===============
  4. kvcummins

    kvcummins Newcomer, in training Topic Starter

    ATTACH.TXT::


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 11/19/2007 11:00:34 PM
    System Uptime: 3/11/2012 9:18:30 AM (23 hours ago)
    .
    Motherboard: Gateway | |
    Processor: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz | U2E1 | 1667/667mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 222 GiB total, 65.961 GiB free.
    D: is FIXED (NTFS) - 11 GiB total, 3.882 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1910: 3/7/2012 8:41:45 PM - Scheduled Checkpoint
    RP1911: 3/8/2012 4:35:34 PM - Installed Java(TM) 6 Update 31
    RP1912: 3/10/2012 5:29:25 PM - Installed AVG 2012
    RP1913: 3/10/2012 5:30:40 PM - Installed AVG 2012
    RP1914: 3/12/2012 5:28:30 AM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    3D Groove Playback Engine
    3DVIA player 5.0
    7-Zip 9.13 beta
    7 Wonders II (remove only)
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Media Player
    Adobe Reader X (10.1.2)
    Adobe Shockwave Player 11.6
    Agere Systems HDA Modem
    Amazon MP3 Downloader 1.0.10
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVG 2012
    AVG PC Tuneup 2011
    Ben 10 Alien Force Bounty Hunters
    BitPim 1.0.6
    BitTorrent
    Bonjour
    Brother MFL-Pro Suite
    Camera Assistant Software for Gateway
    CCScore
    Children of the Nile Demo
    Citrix Presentation Server Client - Web Only
    City of Heroes
    Click to Call with Skype
    Clone Wars
    Clue Classic (remove only)
    Coby Media Manager
    Compatibility Pack for the 2007 Office system
    Coupon Printer for Windows
    Creative Memories Memory Manager 3
    D-Fend Reloaded 1.2.1 (deinstall)
    D3DX10
    DAEMON Tools Lite
    DAEMON Tools Toolbar
    Disney Toontown Online
    DNA
    Dora's Big Birthday Adventure
    Download Manager 2.3.7
    Dropbox
    DSTCtrl
    Dungeon Keeper 2
    Dungeon Siege
    DUNGEONS - The Dark Lord (Steam Special Edition) Demo
    DVD Decrypter (Remove Only)
    DVD Shrink 3.2
    EA Download Manager
    Emperor's New Groove - Groove Center
    eMusic Download Manager
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSTOOLS
    essvatgt
    Europa Universalis III
    Farm Frenzy
    ffdshow [rev 2527] [2008-12-19]
    Free Realms
    Futuremark SystemInfo
    Game of LIFE (remove only)
    Gateway Connect
    Gateway Games
    Gateway Recovery Center Installer
    GIMP 2.6.8
    Git 1.7.0.2-preview20100309
    Google Chrome
    Google Chrome Frame
    Google Desktop
    Google Earth Plug-in
    Google Gears
    Google SketchUp 7
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hero Lab for the Pathfinder Beginner Box 3.9
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotline Client 1.8.5
    ieSpell
    ImageStream_2009-10
    Inbox Toolbar
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Matrix Storage Manager
    Intel(R) TV Wizard
    iTunes
    iWin Games (remove only)
    IZArc 3.81
    Jam11Connect (Beta)
    Java Auto Updater
    Java DB 10.5.3.0
    Java(TM) 6 Update 31
    Java(TM) SE Development Kit 6 Update 25
    JavaFX(TM) 1.3 SDK
    Jewel Quest - Heritage
    Jewel Quest Mysteries Curse of the Emerald Tear (remove only)
    JPG to PDF Converter 1.0
    Kodak EasyShare software
    KODAK Share Button App
    LabelPrint
    LeapFrog Connect
    LeapFrog Leapster2 Plugin
    Legerdemain - A Tale Fraught With Peril and Wonder
    LEGO Digital Designer
    LEGO Island
    LEGO Island 2
    LG USB Modem driver
    Logitech Desktop Messenger
    Logitech Harmony Remote Software 7
    Magicka - Demo
    Malwarebytes Anti-Malware version 1.60.1.1000
    Marvell(R) Wireless Card Software Package
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft Crimson Skies
    Microsoft Game Studios Common Redistributables Pack 1
    Microsoft Help Viewer 1.0
    Microsoft Office 2000 SR-1 Premium
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2008
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 Native Client
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server System CLR Types
    Microsoft SQL Server VSS Writer
    Microsoft Visual C# 2010 Express - ENU
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Works
    Microsoft WSE 2.0 SP3 Runtime
    Microsoft XML Parser
    Microsoft XNA Framework Redistributable 3.1
    mIRC
    Monopoly (remove only)
    Mouse Suite
    Mozilla Firefox 7.0.1 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Music Manager
    NBC Direct Beta
    NCsoft Launcher
    Nero 6 Demo
    Nero BurnRights
    NeroVision Express 2
    netbrdg
    Nexon Game Manager
    node.js
    Norton Internet Security
    OfotoXMI
    OGA Notifier 2.0.0048.0
    OLYMPUS Master 2
    OpenAL
    OpenCASE Media Agent
    Operation Mania (remove only)
    Origin
    Pajama Sam Life is Rough When You Lose Your Stuff
    PDFCanvas V1.5
    PDFtypewriter Printer Driver
    PDFtypewriter with PDF Printer Driver
    Peggle Deluxe 1.0
    Photo Album
    Picaboo X
    Picasa 3
    Pictureka! Museum Mayhem (remove only)
    Plants vs. Zombies
    Portal
    Power2Go 5.0
    PowerTeacher Gradebook
    PuTTY version 0.60
    QuickTime
    RD 2.12
    REACTOR
    Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
    Realtek USB 2.0 Card Reader
    Remote Control USB Driver
    RPTools MapTool
    Samsung CLP-310 Series
    SAMSUNG USB Driver for Mobile Phones
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Visual C# 2010 Express - ENU (KB2251489)
    Segoe UI
    Service Pack 1 for SQL Server 2008 (KB968369)
    SFR
    SHASTA
    Shutterfly Express Uploader
    Sid Meier's Alpha Centauri
    SigmaTel Audio
    skin0001
    SKINXSDK
    Skype™ 5.5
    Spare Backup
    Splashtop Remote Client
    Splashtop Streamer
    SPORE™ Creature Creator Trial Edition
    Sql Server Customer Experience Improvement Program
    Star Ruler
    Star Wars Math
    Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)
    Star Wars®: Knights of the Old Republic (TM)
    staticcr
    Steam
    swMSM
    Synaptics Pointing Device Driver
    System Requirements Lab for Intel
    TDM/MinGW
    The Fairly OddParents
    The Undergarden Demo
    TortoiseSVN 1.6.6.17493 (32 bit)
    Total Immersion D'Fusion Web Plugin
    Transcender Test Engine
    Transcender: Exam Cert-70-270
    TreasureUP XPS To Image Converter 1.0
    Tropix
    Typing Instructor for Kids 4
    UFO:AI 2.3.1
    Unity Web Player
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update Installer for WildTangent Games App
    Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
    V CAST Music with Rhapsody
    Verizon Wireless Software Utility Application for Android - Samsung
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    VPRINTOL
    VST Bridge 1.1
    WildTangent Games App (Gateway Games)
    Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)
    Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Messenger
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WIRELESS
    Wizard101
    XBMC
    Yahtzee (remove only)
    Yu-Gi-Oh! ONLINE 3
    Zip Motion Block Video codec (Remove Only)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/9/2012 4:57:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    3/9/2012 4:21:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 spldr Wanarpv6
    3/9/2012 3:23:51 PM, Error: Service Control Manager [7034] - The iWinTrusted service terminated unexpectedly. It has done this 1 time(s).
    3/9/2012 3:23:25 PM, Error: Service Control Manager [7034] - The Splashtop Software Updater Service service terminated unexpectedly. It has done this 1 time(s).
    3/9/2012 3:19:41 PM, Error: Service Control Manager [7023] - The UsbserFilt service terminated with the following error: Access is denied.
    3/9/2012 3:02:41 PM, Error: Service Control Manager [7023] - The Actser service terminated with the following error: Access is denied.
    3/9/2012 2:47:43 PM, Error: Service Control Manager [7023] - The Bmuservice service terminated with the following error: Access is denied.
    3/9/2012 2:32:43 PM, Error: Service Control Manager [7023] - The FVNETusb service terminated with the following error: Access is denied.
    3/9/2012 2:17:43 PM, Error: Service Control Manager [7023] - The Intel_MIPMNMP service terminated with the following error: Access is denied.
    3/9/2012 2:02:42 PM, Error: Service Control Manager [7023] - The Mnmdd service terminated with the following error: Access is denied.
    3/9/2012 1:47:48 PM, Error: Service Control Manager [7023] - The MA-620 service terminated with the following error: Access is denied.
    3/9/2012 1:32:54 PM, Error: Service Control Manager [7023] - The Aiclient service terminated with the following error: Access is denied.
    3/9/2012 1:17:50 PM, Error: Service Control Manager [7023] - The Lktimesync service terminated with the following error: Access is denied.
    3/9/2012 1:11:46 PM, Error: Service Control Manager [7030] - The USB3 Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    3/9/2012 1:06:41 PM, Error: Service Control Manager [7023] - The Sisnic service terminated with the following error: Access is denied.
    3/9/2012 1:05:42 PM, Error: Service Control Manager [7023] - The Avgtdi service terminated with the following error: Access is denied.
    3/9/2012 1:02:43 PM, Error: Service Control Manager [7023] - The RTL8023xp service terminated with the following error: Access is denied.
    3/9/2012 1:01:41 PM, Error: Service Control Manager [7023] - The Mi-raysat_3dsmax8 service terminated with the following error: Access is denied.
    3/5/2012 2:57:12 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
    3/11/2012 9:52:55 AM, Error: Service Control Manager [7023] - The Ptserial service terminated with the following error: Access is denied.
    3/11/2012 9:30:57 AM, Error: Service Control Manager [7023] - The ATSWPDRV service terminated with the following error: Access is denied.
    3/11/2012 9:24:03 AM, Error: Microsoft-Windows-WMPNSS-Service [14325] - Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.
    3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The USR1806V service terminated with the following error: The specified module could not be found.
    3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The UsbserFilt service terminated with the following error: The specified module could not be found.
    3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The TMMEmu service terminated with the following error: The specified module could not be found.
    3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The Sisnic service terminated with the following error: The specified module could not be found.
    3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The RTL8023xp service terminated with the following error: The specified module could not be found.
    3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The NWSIPX32 service terminated with the following error: The specified module could not be found.
    3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The Mnmdd service terminated with the following error: The specified module could not be found.
    3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The Mi-raysat_3dsmax8 service terminated with the following error: The specified module could not be found.
    3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The Mfetdik service terminated with the following error: The specified module could not be found.
    3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The MA-620 service terminated with the following error: The specified module could not be found.
    3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The Lxct_device service terminated with the following error: The specified module could not be found.
    3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The Lktimesync service terminated with the following error: The specified module could not be found.
    3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The Issm service terminated with the following error: The specified module could not be found.
    3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The Intel_MIPMNMP service terminated with the following error: The specified module could not be found.
    3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The Gdihook5 service terminated with the following error: The specified module could not be found.
    3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The FVNETusb service terminated with the following error: The specified module could not be found.
    3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The F700iob service terminated with the following error: The specified module could not be found.
    3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The Defrag32 service terminated with the following error: The specified module could not be found.
    3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The Bmuservice service terminated with the following error: The specified module could not be found.
    3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The Avgtdi service terminated with the following error: The specified module could not be found.
    3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The Aiclient service terminated with the following error: The specified module could not be found.
    3/11/2012 9:20:51 AM, Error: Service Control Manager [7023] - The Actser service terminated with the following error: The specified module could not be found.
    3/11/2012 9:20:51 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LeapFrog Connect Device Service service to connect.
    3/11/2012 9:20:51 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    3/11/2012 9:20:51 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    3/11/2012 9:20:51 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    3/11/2012 9:20:51 AM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
    3/11/2012 9:20:51 AM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified.
    3/11/2012 9:19:25 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Brother MFC-7820N USB with shared resource name Brother MFC-7820N USB. Error 1753. The printer cannot be used by others on the network.
    3/11/2012 9:19:11 AM, Error: EventLog [6008] - The previous system shutdown at 9:17:13 AM on 3/11/2012 was unexpected.
    3/10/2012 9:43:26 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6 ws2ifsl
    3/10/2012 9:43:26 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/10/2012 9:43:26 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    3/10/2012 9:43:26 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    3/10/2012 9:43:26 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    3/10/2012 9:43:26 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    3/10/2012 9:43:26 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    3/10/2012 9:43:26 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    3/10/2012 9:43:26 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    3/10/2012 9:43:26 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/10/2012 9:43:26 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    3/10/2012 9:43:26 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/10/2012 9:43:26 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    3/10/2012 9:43:26 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    3/10/2012 9:43:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    3/10/2012 9:42:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    3/10/2012 9:42:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    3/10/2012 9:42:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    3/10/2012 9:42:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    3/10/2012 9:42:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    3/10/2012 9:42:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    3/10/2012 5:29:04 PM, Error: Service Control Manager [7034] - The TMMEmu service terminated unexpectedly. It has done this 1 time(s).
    3/10/2012 5:14:14 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86
    3/10/2012 5:11:28 PM, Error: Service Control Manager [7000] - The AVG AVI Loader Driver service failed to start due to the following error: The system cannot find the file specified.
    3/10/2012 5:00:09 PM, Error: Service Control Manager [7034] - The Mfetdik service terminated unexpectedly. It has done this 1 time(s).
    3/10/2012 4:55:05 PM, Error: EventLog [6008] - The previous system shutdown at 1:32:17 PM on 3/10/2012 was unexpected.
    .
    ==== End Of File ===========================
  5. kvcummins

    kvcummins Newcomer, in training Topic Starter

    I suppose I should clarify the issues I'm having. AVG Resident Shield is alerting every 10-15 minutes about some %SYSTEM_ROOT%/system32/???.dll or ???.sys file that is infected with Crypt.AQLW, and within seconds, the AVG Identity Shield harps about the same file having the Win/Sirefef.ER trojan. In the past, afd.sys has reported several times with being infected with Agent_r.???, but it's whitelisted.

    I have tried booting into safe mode and running the AVG CLI scan, and even Clam from a USB stick. Neither seemed to find much it could fix. For a while, my AVG was out of commission because it couldn't verify the virus db. Upgrading to AVG 2012 seems to have fixed that.

    Thank you,
    Ken
  6. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  7. kvcummins

    kvcummins Newcomer, in training Topic Starter

    Ah-ha! Found and cleaned ZAccess! So far, under light use, there have been no virus alerts.

    TDSSKiller log:::


    21:27:41.0187 4984 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
    21:27:41.0559 4984 ============================================================
    21:27:41.0559 4984 Current date / time: 2012/03/12 21:27:41.0559
    21:27:41.0559 4984 SystemInfo:
    21:27:41.0559 4984
    21:27:41.0559 4984 OS Version: 6.0.6002 ServicePack: 2.0
    21:27:41.0559 4984 Product type: Workstation
    21:27:41.0559 4984 ComputerName: CUMMINS-VISTA
    21:27:41.0560 4984 UserName: Jamie
    21:27:41.0560 4984 Windows directory: C:\Windows
    21:27:41.0560 4984 System windows directory: C:\Windows
    21:27:41.0560 4984 Processor architecture: Intel x86
    21:27:41.0560 4984 Number of processors: 2
    21:27:41.0560 4984 Page size: 0x1000
    21:27:41.0560 4984 Boot type: Normal boot
    21:27:41.0560 4984 ============================================================
    21:27:42.0358 4984 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    21:27:42.0361 4984 \Device\Harddisk0\DR0:
    21:27:42.0361 4984 MBR used
    21:27:42.0361 4984 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x162B4A8
    21:27:42.0361 4984 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x162B4E7, BlocksNum 0x1BB9909A
    21:27:42.0440 4984 Initialize success
    21:27:42.0440 4984 ============================================================
    21:27:50.0145 6188 ============================================================
    21:27:50.0145 6188 Scan started
    21:27:50.0145 6188 Mode: Manual;
    21:27:50.0145 6188 ============================================================
    21:27:52.0200 6188 .avgldx86 - ok
    21:27:52.0402 6188 ac97intc (4b56caafed0b0b996341d74ce0e76565) C:\Windows\system32\drivers\ac97intc.sys
    21:27:52.0407 6188 ac97intc - ok
    21:27:52.0544 6188 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    21:27:52.0547 6188 ACPI - ok
    21:27:52.0706 6188 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    21:27:52.0716 6188 adp94xx - ok
    21:27:52.0825 6188 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    21:27:52.0833 6188 adpahci - ok
    21:27:52.0921 6188 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    21:27:52.0925 6188 adpu160m - ok
    21:27:53.0027 6188 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    21:27:53.0032 6188 adpu320 - ok
    21:27:53.0226 6188 AFD (ad449c418d76f6237652ae52b29870e1) C:\Windows\system32\drivers\afd.sys
    21:27:53.0230 6188 AFD ( Virus.Win32.ZAccess.k ) - infected
    21:27:53.0230 6188 AFD - detected Virus.Win32.ZAccess.k (0)
    21:27:53.0395 6188 AgereSoftModem (a19871ae65a769c65034b4dc44c29023) C:\Windows\system32\DRIVERS\AGRSM.sys
    21:27:53.0428 6188 AgereSoftModem - ok
    21:27:53.0568 6188 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    21:27:53.0571 6188 agp440 - ok
    21:27:53.0682 6188 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    21:27:53.0685 6188 aic78xx - ok
    21:27:53.0797 6188 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    21:27:53.0799 6188 aliide - ok
    21:27:53.0906 6188 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    21:27:53.0908 6188 amdagp - ok
    21:27:53.0998 6188 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    21:27:54.0001 6188 amdide - ok
    21:27:54.0099 6188 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    21:27:54.0102 6188 AmdK7 - ok
    21:27:54.0268 6188 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
    21:27:54.0273 6188 AmdK8 - ok
    21:27:54.0411 6188 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\Windows\system32\Drivers\ssadadb.sys
    21:27:54.0414 6188 androidusb - ok
    21:27:54.0548 6188 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    21:27:54.0551 6188 arc - ok
    21:27:54.0666 6188 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    21:27:54.0669 6188 arcsas - ok
    21:27:54.0821 6188 aswMonFlt (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys
    21:27:54.0823 6188 aswMonFlt - ok
    21:27:54.0946 6188 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    21:27:54.0948 6188 AsyncMac - ok
    21:27:55.0054 6188 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    21:27:55.0056 6188 atapi - ok
    21:27:55.0233 6188 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
    21:27:55.0237 6188 AVGIDSDriver - ok
    21:27:55.0345 6188 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
    21:27:55.0346 6188 AVGIDSEH - ok
    21:27:55.0447 6188 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
    21:27:55.0448 6188 AVGIDSFilter - ok
    21:27:55.0563 6188 AVGIDSShim (3fc2714e185c04308215d46730d41a94) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
    21:27:55.0564 6188 AVGIDSShim - ok
    21:27:55.0684 6188 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
    21:27:55.0690 6188 Avgldx86 - ok
    21:27:55.0823 6188 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
    21:27:55.0826 6188 Avgmfx86 - ok
    21:27:55.0952 6188 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
    21:27:55.0956 6188 Avgrkx86 - ok
    21:27:56.0092 6188 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
    21:27:56.0096 6188 Avgtdix - ok
    21:27:56.0350 6188 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
    21:27:56.0353 6188 bcm4sbxp - ok
    21:27:56.0477 6188 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    21:27:56.0479 6188 Beep - ok
    21:27:56.0574 6188 blbdrive - ok
    21:27:56.0744 6188 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    21:27:56.0748 6188 bowser - ok
    21:27:56.0864 6188 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    21:27:56.0866 6188 BrFiltLo - ok
    21:27:56.0973 6188 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    21:27:56.0975 6188 BrFiltUp - ok
    21:27:57.0096 6188 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    21:27:57.0099 6188 Brserid - ok
    21:27:57.0299 6188 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    21:27:57.0303 6188 BrSerWdm - ok
    21:27:57.0403 6188 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    21:27:57.0406 6188 BrUsbMdm - ok
    21:27:57.0517 6188 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    21:27:57.0520 6188 BrUsbSer - ok
    21:27:57.0664 6188 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    21:27:57.0667 6188 BTHMODEM - ok
    21:27:57.0851 6188 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    21:27:57.0860 6188 cdfs - ok
    21:27:57.0978 6188 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\Windows\system32\drivers\Cdr4_xp.sys
    21:27:57.0980 6188 Cdr4_xp - ok
    21:27:58.0089 6188 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\Windows\system32\drivers\Cdralw2k.sys
    21:27:58.0091 6188 Cdralw2k - ok
    21:27:58.0257 6188 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    21:27:58.0274 6188 cdrom - ok
    21:27:58.0412 6188 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    21:27:58.0414 6188 circlass - ok
    21:27:58.0520 6188 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    21:27:58.0527 6188 CLFS - ok
    21:27:58.0686 6188 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    21:27:58.0688 6188 CmBatt - ok
    21:27:58.0807 6188 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    21:27:58.0810 6188 cmdide - ok
    21:27:58.0922 6188 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    21:27:58.0925 6188 Compbatt - ok
    21:27:59.0018 6188 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
    21:27:59.0020 6188 cpudrv - ok
    21:27:59.0107 6188 cpuz130 - ok
    21:27:59.0228 6188 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    21:27:59.0231 6188 crcdisk - ok
    21:27:59.0340 6188 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    21:27:59.0343 6188 Crusoe - ok
    21:27:59.0530 6188 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
    21:27:59.0532 6188 DfsC - ok
    21:27:59.0634 6188 DgiVecp - ok
    21:27:59.0781 6188 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    21:27:59.0787 6188 disk - ok
    21:28:00.0021 6188 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    21:28:00.0025 6188 drmkaud - ok
    21:28:00.0187 6188 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    21:28:00.0190 6188 dtsoftbus01 - ok
    21:28:00.0319 6188 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    21:28:00.0326 6188 DXGKrnl - ok
    21:28:00.0426 6188 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    21:28:00.0429 6188 E1G60 - ok
    21:28:00.0563 6188 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    21:28:00.0568 6188 Ecache - ok
    21:28:00.0729 6188 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    21:28:00.0737 6188 elxstor - ok
    21:28:00.0918 6188 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    21:28:00.0923 6188 exfat - ok
    21:28:01.0067 6188 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    21:28:01.0072 6188 fastfat - ok
    21:28:01.0194 6188 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    21:28:01.0197 6188 fdc - ok
    21:28:01.0329 6188 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    21:28:01.0332 6188 FileInfo - ok
    21:28:01.0439 6188 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    21:28:01.0441 6188 Filetrace - ok
    21:28:01.0528 6188 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    21:28:01.0531 6188 flpydisk - ok
    21:28:01.0643 6188 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    21:28:01.0645 6188 FltMgr - ok
    21:28:01.0805 6188 fssfltr (bfaaa92861526bb0adcd01e964ab6609) C:\Windows\system32\DRIVERS\fssfltr.sys
    21:28:01.0808 6188 fssfltr - ok
    21:28:01.0949 6188 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    21:28:01.0952 6188 Fs_Rec - ok
    21:28:02.0063 6188 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    21:28:02.0066 6188 gagp30kx - ok
    21:28:02.0203 6188 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
    21:28:02.0204 6188 GEARAspiWDM - ok
    21:28:02.0358 6188 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    21:28:02.0365 6188 HdAudAddService - ok
    21:28:02.0488 6188 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    21:28:02.0494 6188 HDAudBus - ok
    21:28:02.0642 6188 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    21:28:02.0645 6188 HidBth - ok
    21:28:02.0742 6188 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    21:28:02.0744 6188 HidIr - ok
    21:28:02.0861 6188 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    21:28:02.0863 6188 HidUsb - ok
    21:28:02.0960 6188 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    21:28:02.0963 6188 HpCISSs - ok
    21:28:03.0082 6188 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    21:28:03.0087 6188 HTTP - ok
    21:28:03.0267 6188 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    21:28:03.0269 6188 i2omp - ok
    21:28:03.0391 6188 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    21:28:03.0394 6188 i8042prt - ok
    21:28:03.0556 6188 ialm (8318e04a6455ced1020bcc5039b62cfa) C:\Windows\system32\DRIVERS\ialmnt5.sys
    21:28:03.0601 6188 ialm - ok
    21:28:03.0772 6188 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\DRIVERS\iaStor.sys
    21:28:03.0776 6188 iaStor - ok
    21:28:03.0905 6188 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    21:28:03.0912 6188 iaStorV - ok
    21:28:04.0221 6188 igfx (a9221d13d8f1f772010ee293ba9baeb7) C:\Windows\system32\DRIVERS\igdkmd32.sys
    21:28:04.0268 6188 igfx - ok
    21:28:04.0386 6188 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    21:28:04.0388 6188 iirsp - ok
    21:28:04.0560 6188 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    21:28:04.0562 6188 intelide - ok
    21:28:04.0680 6188 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    21:28:04.0682 6188 intelppm - ok
    21:28:04.0808 6188 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    21:28:04.0811 6188 IpFilterDriver - ok
    21:28:04.0909 6188 IpInIp - ok
    21:28:04.0959 6188 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    21:28:04.0962 6188 IPMIDRV - ok
    21:28:05.0070 6188 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    21:28:05.0074 6188 IPNAT - ok
    21:28:05.0223 6188 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    21:28:05.0225 6188 IRENUM - ok
    21:28:05.0331 6188 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    21:28:05.0334 6188 isapnp - ok
    21:28:05.0467 6188 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    21:28:05.0472 6188 iScsiPrt - ok
    21:28:05.0573 6188 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    21:28:05.0576 6188 iteatapi - ok
    21:28:05.0683 6188 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    21:28:05.0686 6188 iteraid - ok
    21:28:05.0824 6188 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    21:28:05.0826 6188 kbdclass - ok
    21:28:05.0921 6188 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
    21:28:05.0924 6188 kbdhid - ok
    21:28:06.0060 6188 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
    21:28:06.0071 6188 KSecDD - ok
    21:28:06.0260 6188 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    21:28:06.0262 6188 lltdio - ok
    21:28:06.0399 6188 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    21:28:06.0402 6188 LSI_FC - ok
    21:28:06.0507 6188 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    21:28:06.0510 6188 LSI_SAS - ok
    21:28:06.0616 6188 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    21:28:06.0620 6188 LSI_SCSI - ok
    21:28:06.0728 6188 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    21:28:06.0732 6188 luafv - ok
    21:28:06.0877 6188 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
    21:28:06.0879 6188 MBAMProtector - ok
    21:28:06.0979 6188 MCSTRM - ok
    21:28:07.0063 6188 mdxgthkn - ok
    21:28:07.0189 6188 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    21:28:07.0191 6188 megasas - ok
    21:28:07.0322 6188 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    21:28:07.0325 6188 Modem - ok
    21:28:07.0441 6188 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    21:28:07.0444 6188 monitor - ok
    21:28:07.0551 6188 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    21:28:07.0553 6188 mouclass - ok
    21:28:07.0656 6188 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    21:28:07.0658 6188 mouhid - ok
    21:28:07.0764 6188 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    21:28:07.0767 6188 MountMgr - ok
    21:28:07.0872 6188 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    21:28:07.0876 6188 mpio - ok
    21:28:07.0981 6188 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    21:28:07.0985 6188 mpsdrv - ok
    21:28:08.0113 6188 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    21:28:08.0116 6188 Mraid35x - ok
    21:28:08.0398 6188 MRVW147 (ad9a2d2ab294ee7278b1ce48cea966ab) C:\Windows\system32\DRIVERS\MRVW147.sys
    21:28:08.0403 6188 MRVW147 - ok
    21:28:08.0528 6188 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    21:28:08.0532 6188 MRxDAV - ok
    21:28:08.0645 6188 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    21:28:08.0649 6188 mrxsmb - ok
    21:28:08.0764 6188 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    21:28:08.0769 6188 mrxsmb10 - ok
    21:28:08.0891 6188 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    21:28:08.0895 6188 mrxsmb20 - ok
    21:28:09.0023 6188 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
    21:28:09.0026 6188 msahci - ok
    21:28:09.0163 6188 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    21:28:09.0166 6188 msdsm - ok
    21:28:09.0303 6188 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    21:28:09.0306 6188 Msfs - ok
    21:28:09.0434 6188 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    21:28:09.0436 6188 msisadrv - ok
    21:28:09.0549 6188 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    21:28:09.0552 6188 MSKSSRV - ok
    21:28:09.0658 6188 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    21:28:09.0660 6188 MSPCLOCK - ok
    21:28:09.0770 6188 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    21:28:09.0771 6188 MSPQM - ok
    21:28:09.0887 6188 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    21:28:09.0892 6188 MsRPC - ok
    21:28:10.0009 6188 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    21:28:10.0011 6188 mssmbios - ok
    21:28:10.0283 6188 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    21:28:10.0285 6188 MSTEE - ok
    21:28:10.0403 6188 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    21:28:10.0406 6188 Mup - ok
    21:28:10.0536 6188 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    21:28:10.0541 6188 NativeWifiP - ok
    21:28:10.0677 6188 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    21:28:10.0683 6188 NDIS - ok
    21:28:10.0822 6188 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    21:28:10.0824 6188 NdisTapi - ok
    21:28:10.0942 6188 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    21:28:10.0945 6188 Ndisuio - ok
    21:28:11.0062 6188 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    21:28:11.0066 6188 NdisWan - ok
    21:28:11.0305 6188 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    21:28:11.0308 6188 NDProxy - ok
    21:28:11.0436 6188 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    21:28:11.0439 6188 NetBIOS - ok
    21:28:11.0556 6188 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    21:28:11.0560 6188 netbt - ok
    21:28:11.0777 6188 NETw2v32 (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys
    21:28:11.0876 6188 NETw2v32 - ok
    21:28:12.0009 6188 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    21:28:12.0011 6188 nfrd960 - ok
    21:28:12.0120 6188 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    21:28:12.0122 6188 Npfs - ok
    21:28:12.0262 6188 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    21:28:12.0264 6188 nsiproxy - ok
    21:28:12.0417 6188 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    21:28:12.0432 6188 Ntfs - ok
    21:28:12.0552 6188 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    21:28:12.0555 6188 ntrigdigi - ok
    21:28:12.0682 6188 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
    21:28:12.0686 6188 NuidFltr - ok
    21:28:12.0801 6188 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    21:28:12.0803 6188 Null - ok
    21:28:12.0915 6188 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    21:28:12.0919 6188 nvraid - ok
    21:28:13.0008 6188 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    21:28:13.0010 6188 nvstor - ok
    21:28:13.0114 6188 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    21:28:13.0117 6188 nv_agp - ok
    21:28:13.0277 6188 NwlnkFlt - ok
    21:28:13.0400 6188 NwlnkFwd - ok
    21:28:13.0575 6188 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
    21:28:13.0577 6188 ohci1394 - ok
    21:28:13.0723 6188 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    21:28:13.0726 6188 Parport - ok
    21:28:13.0842 6188 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    21:28:13.0845 6188 partmgr - ok
    21:28:13.0981 6188 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    21:28:13.0983 6188 Parvdm - ok
    21:28:14.0112 6188 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    21:28:14.0116 6188 pci - ok
    21:28:14.0210 6188 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
    21:28:14.0213 6188 pciide - ok
    21:28:14.0313 6188 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
    21:28:14.0318 6188 pcmcia - ok
    21:28:14.0458 6188 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    21:28:14.0468 6188 PEAUTH - ok
    21:28:14.0593 6188 pelmouse (e541a80cdffd6077c761b4578efc0450) C:\Windows\system32\DRIVERS\pelmouse.sys
    21:28:14.0595 6188 pelmouse - ok
    21:28:14.0728 6188 pelusblf (6432858a4493e906a7d61b9b17a0672a) C:\Windows\system32\DRIVERS\pelusblf.sys
    21:28:14.0730 6188 pelusblf - ok
    21:28:14.0951 6188 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    21:28:14.0954 6188 PptpMiniport - ok
    21:28:15.0075 6188 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    21:28:15.0077 6188 Processor - ok
    21:28:15.0283 6188 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    21:28:15.0286 6188 PSched - ok
    21:28:15.0410 6188 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
    21:28:15.0412 6188 PxHelp20 - ok
    21:28:15.0554 6188 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    21:28:15.0588 6188 ql2300 - ok
    21:28:15.0706 6188 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    21:28:15.0711 6188 ql40xx - ok
    21:28:15.0828 6188 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    21:28:15.0831 6188 QWAVEdrv - ok
    21:28:15.0935 6188 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    21:28:15.0956 6188 RasAcd - ok
    21:28:16.0080 6188 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    21:28:16.0086 6188 Rasl2tp - ok
    21:28:16.0360 6188 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    21:28:16.0362 6188 RasPppoe - ok
    21:28:16.0480 6188 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    21:28:16.0483 6188 RasSstp - ok
    21:28:16.0595 6188 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    21:28:16.0600 6188 rdbss - ok
    21:28:16.0718 6188 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    21:28:16.0721 6188 RDPCDD - ok
    21:28:16.0836 6188 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    21:28:16.0842 6188 rdpdr - ok
    21:28:16.0963 6188 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    21:28:16.0965 6188 RDPENCDD - ok
    21:28:17.0089 6188 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    21:28:17.0096 6188 RDPWD - ok
    21:28:17.0386 6188 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\Windows\system32\DRIVERS\RsFx0103.sys
    21:28:17.0393 6188 RsFx0103 - ok
    21:28:17.0513 6188 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    21:28:17.0516 6188 rspndr - ok
    21:28:17.0658 6188 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
    21:28:17.0661 6188 RTL8169 - ok
    21:28:17.0779 6188 RTSTOR (d1fb9a678bd6c2b1129fcb09d5feb6dd) C:\Windows\system32\drivers\RTSTOR.SYS
    21:28:17.0782 6188 RTSTOR - ok
    21:28:17.0921 6188 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    21:28:17.0924 6188 sbp2port - ok
    21:28:18.0060 6188 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
    21:28:18.0064 6188 sdbus - ok
    21:28:18.0329 6188 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    21:28:18.0332 6188 secdrv - ok
    21:28:18.0466 6188 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    21:28:18.0469 6188 Serenum - ok
    21:28:18.0562 6188 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    21:28:18.0566 6188 Serial - ok
    21:28:18.0678 6188 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    21:28:18.0680 6188 sermouse - ok
    21:28:18.0822 6188 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
    21:28:18.0824 6188 sffdisk - ok
    21:28:18.0918 6188 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
    21:28:18.0920 6188 sffp_mmc - ok
    21:28:19.0023 6188 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
    21:28:19.0026 6188 sffp_sd - ok
    21:28:19.0160 6188 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    21:28:19.0238 6188 sfloppy - ok
    21:28:19.0353 6188 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    21:28:19.0356 6188 sisagp - ok
    21:28:19.0454 6188 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    21:28:19.0457 6188 SiSRaid2 - ok
    21:28:19.0557 6188 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    21:28:19.0562 6188 SiSRaid4 - ok
    21:28:19.0708 6188 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    21:28:19.0712 6188 Smb - ok
    21:28:19.0870 6188 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    21:28:19.0873 6188 spldr - ok
    21:28:20.0046 6188 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    21:28:20.0050 6188 srv - ok
    21:28:20.0288 6188 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
    21:28:20.0294 6188 srv2 - ok
    21:28:20.0422 6188 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
    21:28:20.0427 6188 srvnet - ok
    21:28:20.0543 6188 ssadbus (48f44a1be434830b7c90fb730745f65a) C:\Windows\system32\DRIVERS\ssadbus.sys
    21:28:20.0549 6188 ssadbus - ok
    21:28:20.0692 6188 ssadmdfl (9630b486b62cc0adb0a89152ed0218d7) C:\Windows\system32\DRIVERS\ssadmdfl.sys
    21:28:20.0695 6188 ssadmdfl - ok
    21:28:20.0814 6188 ssadmdm (9afaa23421622c392b55508fa9613949) C:\Windows\system32\DRIVERS\ssadmdm.sys
    21:28:20.0820 6188 ssadmdm - ok
    21:28:20.0968 6188 ssadserd (1cac71d756ce00ae0681f9028dde874b) C:\Windows\system32\DRIVERS\ssadserd.sys
    21:28:20.0979 6188 ssadserd - ok
    21:28:21.0183 6188 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
    21:28:21.0216 6188 SSPORT - ok
    21:28:21.0371 6188 STHDA (513f70b6a184fe3765f679c5c64ea9e5) C:\Windows\system32\drivers\stwrt.sys
    21:28:21.0379 6188 STHDA - ok
    21:28:21.0506 6188 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
    21:28:21.0508 6188 StillCam - ok
    21:28:21.0665 6188 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    21:28:21.0668 6188 swenum - ok
    21:28:21.0792 6188 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    21:28:21.0796 6188 Symc8xx - ok
    21:28:21.0868 6188 SymIM - ok
    21:28:21.0957 6188 SymIMMP - ok
    21:28:22.0065 6188 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    21:28:22.0068 6188 Sym_hi - ok
    21:28:22.0208 6188 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    21:28:22.0211 6188 Sym_u3 - ok
    21:28:22.0328 6188 SynTP (21470bf105b96ded47e99e1ee7495e8f) C:\Windows\system32\DRIVERS\SynTP.sys
    21:28:22.0395 6188 SynTP - ok
    21:28:22.0585 6188 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
    21:28:22.0596 6188 Tcpip - ok
    21:28:22.0764 6188 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
    21:28:22.0773 6188 Tcpip6 - ok
    21:28:22.0915 6188 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    21:28:22.0918 6188 tcpipreg - ok
    21:28:23.0022 6188 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    21:28:23.0025 6188 TDPIPE - ok
    21:28:23.0135 6188 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    21:28:23.0138 6188 TDTCP - ok
    21:28:23.0245 6188 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    21:28:23.0249 6188 tdx - ok
    21:28:23.0362 6188 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    21:28:23.0365 6188 TermDD - ok
    21:28:23.0547 6188 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    21:28:23.0549 6188 tssecsrv - ok
    21:28:23.0674 6188 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    21:28:23.0677 6188 tunmp - ok
    21:28:23.0793 6188 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    21:28:23.0796 6188 tunnel - ok
    21:28:23.0924 6188 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    21:28:23.0927 6188 uagp35 - ok
    21:28:24.0051 6188 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    21:28:24.0061 6188 udfs - ok
    21:28:24.0260 6188 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    21:28:24.0264 6188 uliagpkx - ok
    21:28:24.0369 6188 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    21:28:24.0376 6188 uliahci - ok
    21:28:24.0483 6188 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    21:28:24.0504 6188 UlSata - ok
    21:28:24.0625 6188 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    21:28:24.0630 6188 ulsata2 - ok
    21:28:24.0745 6188 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    21:28:24.0747 6188 umbus - ok
    21:28:24.0931 6188 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
    21:28:24.0934 6188 USBAAPL - ok
    21:28:25.0067 6188 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
    21:28:25.0071 6188 usbaudio - ok
    21:28:25.0243 6188 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\Windows\system32\DRIVERS\lgusbbus.sys
    21:28:25.0245 6188 usbbus - ok
    21:28:25.0378 6188 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    21:28:25.0381 6188 usbccgp - ok
    21:28:25.0485 6188 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    21:28:25.0489 6188 usbcir - ok
    21:28:25.0612 6188 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\Windows\system32\DRIVERS\lgusbdiag.sys
    21:28:25.0615 6188 UsbDiag - ok
    21:28:25.0727 6188 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    21:28:25.0730 6188 usbehci - ok
    21:28:25.0831 6188 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    21:28:25.0837 6188 usbhub - ok
    21:28:25.0952 6188 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\Windows\system32\DRIVERS\lgusbmodem.sys
    21:28:25.0955 6188 USBModem - ok
    21:28:26.0069 6188 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    21:28:26.0072 6188 usbohci - ok
    21:28:26.0279 6188 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
    21:28:26.0282 6188 usbprint - ok
    21:28:26.0415 6188 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    21:28:26.0420 6188 USBSTOR - ok
    21:28:26.0523 6188 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    21:28:26.0526 6188 usbuhci - ok
    21:28:26.0644 6188 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    21:28:26.0650 6188 usbvideo - ok
    21:28:26.0765 6188 UVCFTR (7b8424bbaafbc127c8f55ad6007d6d6b) C:\Windows\system32\Drivers\UVCFTR_S.SYS
    21:28:26.0768 6188 UVCFTR - ok
    21:28:26.0918 6188 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    21:28:26.0921 6188 vga - ok
    21:28:27.0054 6188 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    21:28:27.0057 6188 VgaSave - ok
    21:28:27.0300 6188 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    21:28:27.0304 6188 viaagp - ok
    21:28:27.0420 6188 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    21:28:27.0423 6188 ViaC7 - ok
    21:28:27.0525 6188 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
    21:28:27.0527 6188 viaide - ok
    21:28:27.0648 6188 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    21:28:27.0652 6188 volmgr - ok
    21:28:27.0773 6188 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    21:28:27.0780 6188 volmgrx - ok
    21:28:27.0898 6188 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    21:28:27.0904 6188 volsnap - ok
    21:28:28.0009 6188 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    21:28:28.0013 6188 vsmraid - ok
    21:28:28.0264 6188 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    21:28:28.0266 6188 WacomPen - ok
    21:28:28.0372 6188 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    21:28:28.0375 6188 Wanarp - ok
    21:28:28.0439 6188 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    21:28:28.0441 6188 Wanarpv6 - ok
    21:28:28.0564 6188 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    21:28:28.0566 6188 Wd - ok
    21:28:28.0697 6188 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    21:28:28.0706 6188 Wdf01000 - ok
    21:28:28.0887 6188 WinDriver6 (097a8291df541f9b9af2c500797cdcaa) C:\Windows\system32\drivers\windrvr6.sys
    21:28:28.0893 6188 WinDriver6 - ok
    21:28:29.0037 6188 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    21:28:29.0039 6188 WmiAcpi - ok
    21:28:29.0144 6188 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    21:28:29.0147 6188 WpdUsb - ok
    21:28:29.0217 6188 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    21:28:29.0219 6188 ws2ifsl - ok
    21:28:29.0369 6188 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    21:28:29.0373 6188 WUDFRd - ok
    21:28:29.0398 6188 XDva309 - ok
    21:28:29.0452 6188 XilinxPC4Driver (6104f397127feeccce16bd16cd3843a6) C:\Windows\System32\drivers\xpc4drvr.sys
    21:28:29.0455 6188 XilinxPC4Driver - ok
    21:28:29.0539 6188 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
    21:28:29.0607 6188 \Device\Harddisk0\DR0 - ok
    21:28:29.0611 6188 Boot (0x1200) (034dc566075f964dc73202f23aeb1eb2) \Device\Harddisk0\DR0\Partition0
    21:28:29.0613 6188 \Device\Harddisk0\DR0\Partition0 - ok
    21:28:29.0620 6188 Boot (0x1200) (6cd54b645026f2b5b54e6bf5a07c6e3c) \Device\Harddisk0\DR0\Partition1
    21:28:29.0622 6188 \Device\Harddisk0\DR0\Partition1 - ok
    21:28:29.0624 6188 ============================================================
    21:28:29.0624 6188 Scan finished
    21:28:29.0624 6188 ============================================================
    21:28:29.0639 5812 Detected object count: 1
    21:28:29.0640 5812 Actual detected object count: 1
    21:28:37.0165 5812 C:\Windows\system32\drivers\afd.sys - copied to quarantine
    21:28:37.0184 5812 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\afd.sys) error 1813
    21:28:47.0592 5812 Backup copy not found, trying to cure infected file..
    21:28:47.0631 5812 Cure success, using it..
    21:28:47.0649 5812 C:\Windows\system32\drivers\afd.sys - will be cured on reboot
    21:29:00.0410 5812 AFD ( Virus.Win32.ZAccess.k ) - User select action: Cure
    21:29:05.0514 7948 Deinitialize success
  8. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Good :)

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =============================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  9. kvcummins

    kvcummins Newcomer, in training Topic Starter

    aswMBR log::

    aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-14 16:23:15
    -----------------------------
    16:23:15.173 OS Version: Windows 6.0.6002 Service Pack 2
    16:23:15.173 Number of processors: 2 586 0xF0D
    16:23:15.173 ComputerName: CUMMINS-VISTA UserName: Jamie
    16:23:16.249 Initialize success
    16:23:17.248 AVAST engine defs: 12031401
    16:23:25.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    16:23:25.984 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
    16:23:26.000 Disk 0 MBR read successfully
    16:23:26.015 Disk 0 MBR scan
    16:23:26.608 Disk 0 Windows VISTA default MBR code
    16:23:26.639 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 11350 MB offset 63
    16:23:27.170 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 227122 MB offset 23246055
    16:23:27.201 Disk 0 scanning sectors +488392065
    16:23:27.638 Disk 0 scanning C:\Windows\system32\drivers
    16:23:47.403 Service scanning
    16:23:49.493 Service .avgldx86 \? **LOCKED** 123
    16:24:19.149 Modules scanning
    16:24:23.080 Disk 0 trace - called modules:
    16:24:23.111 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
    16:24:23.111 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x858a3a50]
    16:24:23.127 3 CLASSPNP.SYS[8aba58b3] -> nt!IofCallDriver -> [0x84f74760]
    16:24:23.143 5 acpi.sys[8309d6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84f76030]
    16:24:24.110 AVAST engine scan C:\Windows
    16:24:29.024 AVAST engine scan C:\Windows\system32
    16:28:08.143 AVAST engine scan C:\Windows\system32\drivers
    16:28:21.840 AVAST engine scan C:\Users\Jamie
    17:46:58.858 AVAST engine scan C:\ProgramData
    17:58:44.294 Scan finished successfully
    19:13:33.582 Disk 0 MBR has been saved successfully to "C:\Users\Jamie\Desktop\MBR.dat"
    19:13:33.629 The log file has been saved successfully to "C:\Users\Jamie\Desktop\aswMBR.txt"


    boot_cleaner output::


    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
    002), 32-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`c569ce00
    Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
  10. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Looks good.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.