TechSpot

BSOD on boot and IE very slow

Solved
By swker98
Sep 28, 2012
  1. Hello, I have a computer that was acting strange, started to give me a BSOD on boot in normal mode (ok in safe mode). I ran TFC and was then able to boot into normal mode.
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
    Run by Patricia at 23:49:02 on 2012-09-27
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2303.1575 [GMT -4:00]
    .
    AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
    .
    ============== Running Processes ===============
    .
    C:\Program Files\Common Files\Comodo\launcher_service.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\java.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Common Files\Comodo\tvnserver.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\Program Files\Common Files\Comodo\tvnserver.exe
    C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\COMODO\GeekBuddy\unit_manager.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\COMODO\GeekBuddy\unit.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mStart Page = hxxp://www.msn.com
    uInternet Settings,ProxyOverride = <local>;*.local
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Shop to Win: {8e51683a-ea9d-4127-ae14-a13294ff6f7c} - c:\program files\shop to win 19\Shop to Win 19.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File
    EB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    EB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    EB: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
    mRun: [diagent] "c:\program files\creative\sblive\diagnostics\diagent.exe" startup
    mRun: [BCMSMMSG] BCMSMMSG.exe
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
    mRun: [tvncontrol] "c:\program files\common files\comodo\tvnserver.exe" -controlservice -slave
    c:\windows\temp\nsl1c.tmp\temp00
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\startg~1.lnk - c:\program files\comodo\geekbuddy\launcher.exe
    mPolicies-explorer: <NO NAME> =
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: microsoft.com\oas.support
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
    DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.38.38/ttinst.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} - hxxp://update.hpphoto.com/download/HPSWUpdate.ocx
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{84A02C4F-B5CC-4ED7-8B63-83BC40A4A065} : DhcpNameServer = 192.168.1.1
    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
    AppInit_DLLs: c:\windows\system32\guard32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [2012-8-3 36112]
    R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2012-3-11 18056]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-3-11 494968]
    R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\common files\comodo\launcher_service.exe [2012-8-23 70352]
    R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2012-3-11 1983232]
    R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-26 399432]
    R2 tvnserver;TightVNC Server;c:\program files\common files\comodo\tvnserver.exe [2012-1-27 828944]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
    S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-26 676936]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-12 250288]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-26 22856]
    .
    =============== Created Last 30 ================
    .
    2012-09-28 02:13:19 -------- d-----w- c:\program files\common files\Comodo
    2012-09-28 02:08:47 -------- d-----w- c:\documents and settings\all users\application data\CPA_VA
    2012-09-28 02:06:11 68577 ----a-w- c:\windows\system32\drivers\sfi.dat
    2012-09-28 02:01:42 -------- d-----w- c:\documents and settings\all users\application data\Comodo
    2012-09-28 02:01:31 -------- d-----w- c:\program files\COMODO
    2012-09-27 05:09:41 -------- d-----w- C:\FRST
    2012-09-26 21:28:11 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-09-26 18:31:15 -------- d-----w- c:\documents and settings\patricia\application data\Malwarebytes
    2012-09-26 16:55:39 -------- d-sha-r- C:\cmdcons
    2012-09-26 16:48:13 98816 ----a-w- c:\windows\sed.exe
    2012-09-26 16:48:13 518144 ----a-w- c:\windows\SWREG.exe
    2012-09-26 16:48:13 256000 ----a-w- c:\windows\PEV.exe
    2012-09-26 16:48:13 208896 ----a-w- c:\windows\MBR.exe
    2012-09-26 05:56:49 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-09-26 05:56:47 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-26 05:56:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-09-26 00:32:37 21504 ----a-w- c:\windows\system32\hidserv.dll
    2012-09-23 19:47:41 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2012-09-23 19:47:41 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-09-15 20:51:01 4096000 ----a-w- c:\program files\GUT2928.tmp
    2012-09-15 20:51:01 -------- d-----w- c:\program files\GUM2927.tmp
    2012-09-15 02:44:12 -------- d-----w- c:\documents and settings\patricia\local settings\application data\AOL Toolbar
    2012-09-15 02:43:28 -------- d-----w- c:\program files\common files\Software Update Utility
    2012-09-14 18:33:26 4096000 ----a-w- c:\program files\GUT641C.tmp
    2012-09-14 18:33:26 -------- d-----w- c:\program files\GUM641B.tmp
    2012-09-09 23:47:50 -------- d-----w- c:\documents and settings\patricia\local settings\application data\StartNow
    .
    ==================== Find3M ====================
    .
    2012-09-21 23:04:34 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-09-21 23:04:30 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-08-28 15:14:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec
    2012-08-03 14:23:28 36112 ----a-w- c:\windows\system32\drivers\CFRMD.sys
    2012-08-03 14:23:28 36112 ----a-w- c:\windows\inf\lps-ca\cfrmd.sys
    2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
    2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet(3).dll
    2012-07-02 17:49:33 1212416 ----a-w- c:\windows\system32\urlmon(3).dll
    2012-07-02 17:49:33 105984 ----a-w- c:\windows\system32\url(3).dll
    .
    ============= FINISH: 23:54:13.60 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/15/2007 12:38:42 AM
    System Uptime: 9/27/2012 11:29:12 PM (0 hours ago)
    .
    Motherboard: Dell Computer Corp. | | 0W2562
    Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 74 GiB total, 45.016 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1: 9/27/2012 4:24:50 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    Acrobat.com
    Action Replay DSi Code Manager
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.4.7
    Adobe Shockwave Player 11.5
    AiO_Scan
    AIOMinimal
    AiOSoftware
    AOL Toolbar
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    BCM V.92 56K Modem
    BlackBerry Desktop Software 6.0.1
    Bob the Builder - Bob's Castle Adventure
    Bob the Builder - Bob Builds a Park
    Bonjour
    BufferChm
    Business Cards
    C7200
    C7200_doccd
    c7200_Help
    Cards_Calendar_OrderGift_DoMorePlugout
    Cars - Radiator Springs Adventures
    COMODO Internet Security
    Copy
    CreativeProjects
    CustomerResearchQFolder
    Dell Digital Jukebox Driver
    Dell ResourceCD
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    Disney's Toontown Online
    Disney Toontown Online
    DocProc
    DocProcQFolder
    Download Updater (AOL Inc.)
    eSupportQFolder
    Fax
    GameSpy Arcade
    GeekBuddy
    Google Earth
    Google Update Helper
    GoToAssist 8.0.0.514
    Hex Workshop v6.6
    Hot Wheels Stunt Track Challenge
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Customer Participation Program 9.0
    HP Imaging Device Functions 9.0
    HP OCR Software 9.0
    HP Photo & Imaging 3.1
    HP Photosmart All-In-One Software 9.0
    HP Photosmart Essential 2.5
    HP Photosmart Essential 3.5
    HP PSC & OfficeJet 3.0
    HP Smart Web Printing 4.60
    HP Software Update
    HP Solution Center 9.0
    HP Update
    hpmdtab
    HPPhotoSmartPhotobookWebPack1
    HPProductAssistant
    HPSSupply
    HPSystemDiagnostics
    HxD Hex Editor version 1.7.7.0
    iLivid
    Imaginext(TM) Battle Castle
    InstantShare
    InstantShareAlert
    Intel(R) PRO Network Adapters and Drivers
    iTunes
    Java(TM) 6 Update 26
    Java(TM) 6 Update 3
    JumpStart Learning Games ABC's
    Kool Kart Racers
    Linksys EasyLink Advisor
    Little Bear Rainy Day Activities
    Malwarebytes Anti-Malware version 1.65.0.1400
    MarketResearch
    Memories Disc Creator 2.0
    Mickey Mouse Toddler
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Silverlight
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MobileMe Control Panel
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MUSICMATCH® Jukebox
    NetJet 2.0
    NickToons Racing
    NVIDIA Windows 2000/XP Display Drivers
    OLYMPUS Master 2
    Overland
    PanoStandAlone
    PhotoGallery
    PowerDVD
    PrintScreen
    ProVenture Invoices
    PS_AIO_02_ProductContext
    PS_AIO_02_Software
    PS_AIO_02_Software_min
    PSSWCORE
    Pure Networks Platform
    QuickProjects
    QuickTime
    Readme
    Rescue Heroes Meteor Madness
    Rescue Heroes Mission Select
    Safari
    Scan
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 8 (KB917734)
    Security Update for Windows Media Player 9 (KB911565)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SkinsHP1
    SkinsHP2
    SmartWebPrinting
    SolutionCenter
    Sonic DLA
    Sonic RecordNow!
    Sonic Update Manager
    Sound Blaster Live!
    SoundMAX
    Spider-man
    Spybot - Search & Destroy
    Status
    Stella 2.6.1
    Tonka Construction 2
    Tonka Power Tools
    TONKA Search & Rescue 2
    Tonka® On the Job
    Toolbox
    Transformers Battle Universe
    TrayApp
    Uninstall TONKA Monster Trucks
    Unload
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676-v2)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VideoToolkit01
    WebFldrs XP
    WebReg
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live ID Sign-in Assistant
    Windows Media Format Runtime
    Windows XP Service Pack 3
    WinRAR 4.11 (32-bit)
    Yahoo! Detect
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/27/2012 9:56:56 PM, error: Service Control Manager [7034] - The WMDM PMSP Service service terminated unexpectedly. It has done this 1 time(s).
    9/27/2012 9:31:21 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    9/27/2012 9:31:16 PM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
    9/27/2012 9:31:16 PM, error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).
    9/27/2012 9:31:15 PM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
    9/27/2012 9:31:15 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    9/27/2012 9:31:15 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    9/27/2012 4:28:03 PM, error: Service Control Manager [7034] - The Linksys Updater service terminated unexpectedly. It has done this 1 time(s).
    9/27/2012 11:12:39 AM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    9/27/2012 11:09:44 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    9/26/2012 5:16:15 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 f74ca71d, parameter3 ae645580, parameter4 00000000.
    9/26/2012 2:11:51 PM, error: Service Control Manager [7034] - The Updater Service for AMZN service terminated unexpectedly. It has done this 1 time(s).
    9/26/2012 2:11:35 PM, error: Service Control Manager [7034] - The NVIDIA Driver Helper Service service terminated unexpectedly. It has done this 1 time(s).
    9/26/2012 12:43:32 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm OMCI
    9/26/2012 12:10:50 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    9/26/2012 12:10:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    9/26/2012 12:10:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    9/26/2012 12:07:40 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccHP eeCtrl Fips intelppm OMCI SRTSPX SymIRON SYMTDI
    9/26/2012 12:06:41 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    9/26/2012 12:03:28 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
    9/26/2012 12:03:28 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the wlidsvc service.
    9/26/2012 12:03:27 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
    9/26/2012 11:59:16 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    9/26/2012 10:38:54 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
    9/26/2012 10:38:52 PM, error: SRService [104] - The System Restore initialization process failed.
    9/24/2012 10:12:57 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    9/24/2012 10:12:09 PM, error: Service Control Manager [7034] - The Workstation service terminated unexpectedly. It has done this 1 time(s).
    9/24/2012 10:12:09 PM, error: Service Control Manager [7034] - The Wireless Zero Configuration service terminated unexpectedly. It has done this 1 time(s).
    9/24/2012 10:12:09 PM, error: Service Control Manager [7034] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated unexpectedly. It has done this 1 time(s).
    9/24/2012 10:12:09 PM, error: Service Control Manager [7034] - The System Restore Service service terminated unexpectedly. It has done this 1 time(s).
    9/24/2012 10:12:09 PM, error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 1 time(s).
    9/24/2012 10:12:09 PM, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 1 time(s).
    9/24/2012 10:12:09 PM, error: Service Control Manager [7034] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s).
    9/24/2012 10:12:09 PM, error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s).
    9/24/2012 10:12:09 PM, error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s).
    9/24/2012 10:12:09 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    9/24/2012 10:12:09 PM, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    9/23/2012 4:15:45 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    9/23/2012 4:14:56 PM, error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    9/23/2012 4:13:53 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    9/23/2012 4:13:29 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccHP eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss SRTSPX SymIRON SYMTDI Tcpip
    9/23/2012 4:13:29 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
    9/23/2012 4:13:29 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    9/23/2012 4:13:29 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    9/23/2012 4:13:29 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
    9/23/2012 4:13:29 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    9/23/2012 4:13:29 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    9/23/2012 1:12:55 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
    9/23/2012 1:12:55 PM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/23/2012 1:10:58 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/23/2012 1:10:57 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
    9/23/2012 1:10:40 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    9/22/2012 12:58:23 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
    9/22/2012 12:58:23 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/22/2012 12:57:49 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
    9/22/2012 12:57:49 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/21/2012 10:46:57 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NIS service.
    .
    ==== End Of File ===========================
    Malwarebytes Anti-Malware (Trial) 1.65.0.1400
    www.malwarebytes.org
    Database version: v2012.09.27.04
    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Patricia :: DADS [administrator]
    Protection: Disabled
    9/27/2012 4:45:00 PM
    mbam-log-2012-09-27 (16-45-00).txt
    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 364985
    Time elapsed: 4 hour(s), 36 minute(s), 22 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 1
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:5555 -> Quarantined and deleted successfully.
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    C:\TDSSKiller_Quarantine\26.09.2012_17.25.12\mbr0000\tdlfs0000\tsk0003.dta (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.
    (end)

    TDDSKIller was also used to take care of a rootkit
     
  2. swker98

    swker98 TechSpot Paladin Topic Starter Posts: 1,348

    Also forgot. Gmer turned up clean and didnt produce a log
     
  3. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi! Please do the following:

    Please download aswMBR from here
    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Click the Scan button to start the scan as illustrated below

    [​IMG]

    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
     
  4. swker98

    swker98 TechSpot Paladin Topic Starter Posts: 1,348

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-28 16:34:37
    -----------------------------
    16:34:37.343 OS Version: Windows 5.1.2600 Service Pack 3
    16:34:37.343 Number of processors: 1 586 0x209
    16:34:37.343 ComputerName: DADS UserName:
    16:36:38.937 Initialize success
    16:40:41.546 AVAST engine defs: 12092800
    16:41:21.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    16:41:21.343 Disk 0 Vendor: Maxtor_6Y080L0 YAR41BW0 Size: 76293MB BusType: 3
    16:41:21.468 Disk 0 MBR read successfully
    16:41:21.468 Disk 0 MBR scan
    16:41:23.218 Disk 0 Windows XP default MBR code
    16:41:23.281 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76285 MB offset 63
    16:41:23.515 Disk 0 scanning sectors +156232125
    16:41:24.281 Disk 0 scanning C:\WINDOWS\system32\drivers
    16:42:57.906 Service scanning
    16:44:32.906 Modules scanning
    16:45:11.828 Disk 0 trace - called modules:
    16:45:11.859 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
    16:45:11.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a781ab8]
    16:45:12.375 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a74db00]
    16:45:14.125 AVAST engine scan C:\WINDOWS
    16:46:32.328 AVAST engine scan C:\WINDOWS\system32
    17:04:17.875 AVAST engine scan C:\WINDOWS\system32\drivers
    17:05:10.921 AVAST engine scan C:\Documents and Settings\Patricia
    17:20:26.031 AVAST engine scan C:\Documents and Settings\All Users
    17:25:49.312 Scan finished successfully
    19:58:51.265 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Patricia\Desktop\MBR.dat"
    19:58:51.281 The log file has been saved successfully to "C:\Documents and Settings\Patricia\Desktop\aswMBR.txt"
     
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
     
  6. swker98

    swker98 TechSpot Paladin Topic Starter Posts: 1,348

    ComboFix 12-09-27.03 - Patricia 09/29/2012 13:44:48.3.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2303.1863 [GMT -4:00]
    Running from: c:\documents and settings\Patricia\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-29 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-29 00:55 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-09-29 00:55 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-09-29 00:54 . 2012-08-21 09:13 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2012-09-29 00:54 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-09-29 00:54 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-09-29 00:54 . 2012-08-21 09:13 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2012-09-29 00:54 . 2012-08-21 09:13 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2012-09-29 00:54 . 2012-08-21 09:13 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2012-09-29 00:53 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
    2012-09-29 00:52 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe
    2012-09-29 00:51 . 2012-09-29 00:51 -------- d-----w- c:\program files\AVAST Software
    2012-09-29 00:51 . 2012-09-29 00:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
    2012-09-28 04:30 . 2012-09-28 04:30 -------- d-----w- C:\_OTL
    2012-09-28 02:14 . 2012-09-28 02:14 -------- d-----w- c:\documents and settings\LocalService\Application Data\TightVNC
    2012-09-28 02:13 . 2012-09-28 02:13 -------- d-----w- c:\program files\Common Files\Comodo
    2012-09-28 02:08 . 2012-09-28 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\CPA_VA
    2012-09-28 02:06 . 2012-09-29 00:34 969920 ----a-w- c:\windows\system32\drivers\sfi.dat
    2012-09-28 02:01 . 2012-09-29 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
    2012-09-28 02:01 . 2012-09-29 00:36 -------- d-----w- c:\program files\COMODO
    2012-09-27 05:09 . 2012-09-27 05:09 -------- d-----w- C:\FRST
    2012-09-26 18:31 . 2012-09-26 18:31 -------- d-----w- c:\documents and settings\Patricia\Application Data\Malwarebytes
    2012-09-26 05:56 . 2012-09-26 05:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-09-26 00:32 . 2008-04-13 23:11 21504 ----a-w- c:\windows\system32\hidserv.dll
    2012-09-23 19:47 . 2012-09-23 19:47 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-09-23 19:34 . 2012-09-23 19:34 -------- d-s---w- c:\documents and settings\NetworkService\IECompatCache
    2012-09-23 19:33 . 2012-09-23 19:43 -------- d-s---w- c:\documents and settings\Administrator
    2012-09-15 20:51 . 2012-09-15 20:51 -------- d-----w- c:\program files\GUM2927.tmp
    2012-09-15 20:51 . 2012-09-15 20:51 4096000 ----a-w- c:\program files\GUT2928.tmp
    2012-09-15 02:44 . 2012-09-15 02:44 -------- d-----w- c:\documents and settings\Patricia\Local Settings\Application Data\AOL Toolbar
    2012-09-15 02:43 . 2012-09-15 02:43 -------- d-----w- c:\program files\Common Files\Software Update Utility
    2012-09-14 18:33 . 2012-09-14 18:33 -------- d-----w- c:\program files\GUM641B.tmp
    2012-09-14 18:33 . 2012-09-14 18:33 4096000 ----a-w- c:\program files\GUT641C.tmp
    2012-09-09 23:47 . 2012-09-09 23:47 -------- d-----w- c:\documents and settings\Patricia\Local Settings\Application Data\StartNow
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-21 23:04 . 2012-05-13 03:03 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-09-21 23:04 . 2011-05-19 22:01 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-28 15:14 . 2006-06-23 16:33 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-08-28 15:14 . 2003-07-16 20:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-08-28 15:14 . 2003-07-16 20:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-08-28 12:07 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
    2012-08-03 14:23 . 2012-08-03 14:23 36112 ----a-w- c:\windows\system32\drivers\CFRMD.sys
    2012-08-03 14:23 . 2012-08-03 14:23 36112 ----a-w- c:\windows\inf\lps-ca\cfrmd.sys
    2012-07-06 13:58 . 2003-07-16 20:24 78336 ----a-w- c:\windows\system32\browser.dll
    2012-07-04 14:05 . 2007-12-15 05:29 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-07-03 13:40 . 2003-07-16 20:51 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-07-02 17:49 . 2006-08-31 01:42 1212416 ----a-w- c:\windows\system32\urlmon(3).dll
    2012-07-02 17:49 . 2006-06-23 16:33 916992 ----a-w- c:\windows\system32\wininet(3).dll
    2012-07-02 17:49 . 2003-07-16 20:49 105984 ----a-w- c:\windows\system32\url(3).dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E51683A-EA9D-4127-AE14-A13294FF6F7C}]
    2010-12-29 18:20 14432 ----a-w- c:\program files\Shop to Win 19\Shop to Win 19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2008-11-07 00:17 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\12589446.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\64050940.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Start GeekBuddy.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Start GeekBuddy.lnk
    backup=c:\windows\pss\Start GeekBuddy.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2011-10-06 05:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2012-05-31 00:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
    2003-08-29 09:59 122880 ----a-w- c:\windows\BCMSMMSG.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
    2002-04-03 06:01 135264 ----a-w- c:\program files\Creative\SBLive\Diagnostics\diagent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
    2003-08-06 06:04 114741 ----a-w- c:\windows\system32\dla\tfswctrl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    2003-06-26 22:50 212992 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-03-12 02:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-06-07 23:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
    2008-12-12 22:06 642856 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2003-10-17 17:52 4800512 ----a-w- c:\windows\system32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 20:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
    2003-02-13 06:01 155648 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tvncontrol]
    2012-01-27 13:47 828944 ----a-w- c:\program files\Common Files\Comodo\tvnserver.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
    "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Common Files\\Comodo\\tvnserver.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "67:UDP"= 67:UDP:DHCP Discovery Service
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [9/28/2012 8:54 PM 729752]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/28/2012 8:55 PM 355632]
    R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [8/3/2012 10:23 AM 36112]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/28/2012 8:55 PM 21256]
    R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\Common Files\Comodo\launcher_service.exe [8/23/2012 10:17 AM 70352]
    R2 tvnserver;TightVNC Server;c:\program files\Common Files\Comodo\tvnserver.exe [1/27/2012 9:47 AM 828944]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 5:26 PM 135664]
    S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 3:43 PM 204800]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/12/2012 11:03 PM 250288]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 5:26 PM 135664]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ASWSNX
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    svcboot_udhxlh REG_MULTI_SZ svcboot_udhxlh
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-29 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 23:05]
    .
    2012-09-12 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
    .
    2012-09-29 c:\windows\Tasks\avast! Emergency Update.job
    - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-09-29 09:12]
    .
    2012-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 21:25]
    .
    2012-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 21:25]
    .
    2012-09-29 c:\windows\Tasks\User_Feed_Synchronization-{7263C149-AE38-4CA5-AC4A-A9D4A550AAC8}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://www.msn.com
    mStart Page = hxxp://www.msn.com
    uInternet Settings,ProxyOverride = <local>;*.local
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    Trusted Zone: microsoft.com\oas.support
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    MSConfigStartUp-COMODO Internet Security - c:\program files\COMODO\COMODO Internet Security\cfp.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-09-29 13:58
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,74,e9,a2,5c,cd,38,20,43,a2,b8,3b,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,74,e9,a2,5c,cd,38,20,43,a2,b8,3b,\
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e0,bd,73,fa,01,39,8f,4b,84,e5,c1,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(712)
    c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
    .
    - - - - - - - > 'explorer.exe'(2032)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    Completion time: 2012-09-29 14:03:39
    ComboFix-quarantined-files.txt 2012-09-29 18:03
    ComboFix2.txt 2012-09-27 20:43
    .
    Pre-Run: 48,798,461,952 bytes free
    Post-Run: 48,818,380,800 bytes free
    .
    - - End Of File - - 50FEF50766589BEED3FC2578142427CC
     
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    AdwCleaner

    Download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.
     
  8. swker98

    swker98 TechSpot Paladin Topic Starter Posts: 1,348

    # AdwCleaner v2.003 - Logfile created 09/30/2012 at 17:28:52
    # Updated 23/09/2012 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : Patricia - DADS
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\Patricia\Desktop\adwcleaner.exe
    # Option [Delete]

    ***** [Services] *****

    ***** [Files / Folders] *****
    File Deleted : C:\Documents and Settings\Patricia\My Documents\Uninstall.exe
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Premium
    Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\TheBflix
    Folder Deleted : C:\Documents and Settings\Louis James\Application Data\searchquband
    Folder Deleted : C:\Documents and Settings\Louis James\Application Data\Searchqutoolbar
    Folder Deleted : C:\Documents and Settings\Louis\Local Settings\Application Data\AskToolbar
    Folder Deleted : C:\Documents and Settings\Patricia\Application Data\searchquband
    Folder Deleted : C:\Documents and Settings\Patricia\Application Data\Searchqutoolbar
    Folder Deleted : C:\Program Files\Common Files\Software Update Utility
    Folder Deleted : C:\Program Files\Ilivid
    ***** [Registry] *****
    Key Deleted : HKCU\Software\DataMngr_Toolbar
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
    Key Deleted : HKCU\Software\ilivid
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
    Key Deleted : HKCU\Software\searchqutoolbar
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Key Deleted : HKLM\Software\ilivid
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{83AA2913-C123-4146-85BD-AD8F93971D39}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
    Key Deleted : HKLM\Software\Viewpoint
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v8.0.6001.18702
    Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    -\\ Mozilla Firefox v [Unable to get version]
    *************************
    AdwCleaner[R1].txt - [7993 octets] - [30/09/2012 17:28:10]
    AdwCleaner[S1].txt - [8439 octets] - [30/09/2012 17:28:52]
    ########## EOF - C:\AdwCleaner[S1].txt - [8499 octets] ##########

    Everything is runnig ok....however iE8 is still very choppy, even as I am typing this is lags behind about 4 words before they appear.
     
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    What about the ESET scan?

    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
     
  10. swker98

    swker98 TechSpot Paladin Topic Starter Posts: 1,348

    Eset was clear. The biggest issue is occasionally ie will use over 250mb ram and operate very slowly. I did a "master" reset for IE but the problem occasionally occurs.
     
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Download new copy of TDSSKiller and post log please.
     
     
  12. swker98

    swker98 TechSpot Paladin Topic Starter Posts: 1,348

    No threats were found...
    17:04:10.0281 3952 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    17:04:10.0546 3952 ============================================================
    17:04:10.0546 3952 Current date / time: 2012/10/01 17:04:10.0546
    17:04:10.0546 3952 SystemInfo:
    17:04:10.0546 3952
    17:04:10.0546 3952 OS Version: 5.1.2600 ServicePack: 3.0
    17:04:10.0546 3952 Product type: Workstation
    17:04:10.0546 3952 ComputerName: DADS
    17:04:10.0546 3952 UserName: Patricia
    17:04:10.0546 3952 Windows directory: C:\WINDOWS
    17:04:10.0546 3952 System windows directory: C:\WINDOWS
    17:04:10.0546 3952 Processor architecture: Intel x86
    17:04:10.0546 3952 Number of processors: 1
    17:04:10.0546 3952 Page size: 0x1000
    17:04:10.0546 3952 Boot type: Normal boot
    17:04:10.0546 3952 ============================================================
    17:04:16.0390 3952 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    17:04:16.0406 3952 ============================================================
    17:04:16.0406 3952 \Device\Harddisk0\DR0:
    17:04:16.0437 3952 MBR partitions:
    17:04:16.0437 3952 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94FE97E
    17:04:16.0437 3952 ============================================================
    17:04:16.0687 3952 C: <-> \Device\Harddisk0\DR0\Partition1
    17:04:16.0703 3952 ============================================================
    17:04:16.0703 3952 Initialize success
    17:04:16.0703 3952 ============================================================
    17:04:29.0390 0904 ============================================================
    17:04:29.0390 0904 Scan started
    17:04:29.0390 0904 Mode: Manual;
    17:04:29.0390 0904 ============================================================
    17:04:30.0203 0904 ================ Scan system memory ========================
    17:04:30.0203 0904 System memory - ok
    17:04:30.0203 0904 ================ Scan services =============================
    17:04:31.0734 0904 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
    17:04:31.0750 0904 Aavmker4 - ok
    17:04:31.0750 0904 Abiosdsk - ok
    17:04:31.0765 0904 abp480n5 - ok
    17:04:31.0968 0904 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    17:04:32.0031 0904 ACPI - ok
    17:04:32.0218 0904 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    17:04:32.0250 0904 ACPIEC - ok
    17:04:32.0500 0904 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    17:04:32.0625 0904 AdobeFlashPlayerUpdateSvc - ok
    17:04:32.0640 0904 adpu160m - ok
    17:04:32.0750 0904 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
    17:04:32.0750 0904 aeaudio - ok
    17:04:32.0843 0904 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    17:04:32.0890 0904 aec - ok
    17:04:33.0015 0904 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    17:04:33.0046 0904 AFD - ok
    17:04:33.0203 0904 [ 0EBB674888CBDEFD5773341C16DD6A07 ] AFS2K C:\WINDOWS\system32\drivers\AFS2K.sys
    17:04:33.0203 0904 AFS2K - ok
    17:04:33.0281 0904 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
    17:04:33.0296 0904 agp440 - ok
    17:04:33.0312 0904 Aha154x - ok
    17:04:33.0328 0904 aic78u2 - ok
    17:04:33.0343 0904 aic78xx - ok
    17:04:33.0406 0904 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    17:04:33.0406 0904 Alerter - ok
    17:04:33.0468 0904 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
    17:04:33.0484 0904 ALG - ok
    17:04:33.0500 0904 AliIde - ok
    17:04:33.0515 0904 amsint - ok
    17:04:33.0703 0904 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    17:04:33.0703 0904 Apple Mobile Device - ok
    17:04:33.0718 0904 AppMgmt - ok
    17:04:33.0734 0904 asc - ok
    17:04:33.0750 0904 asc3350p - ok
    17:04:33.0750 0904 asc3550 - ok
    17:04:34.0156 0904 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    17:04:34.0343 0904 aspnet_state - ok
    17:04:34.0468 0904 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
    17:04:34.0468 0904 aswFsBlk - ok
    17:04:34.0500 0904 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
    17:04:34.0500 0904 aswMon2 - ok
    17:04:34.0546 0904 [ B7D5E4486BA658ED08624D8084ABB830 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
    17:04:34.0546 0904 AswRdr - ok
    17:04:34.0796 0904 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
    17:04:34.0796 0904 aswSnx - ok
    17:04:34.0937 0904 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
    17:04:34.0937 0904 aswSP - ok
    17:04:34.0984 0904 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
    17:04:34.0984 0904 aswTdi - ok
    17:04:35.0078 0904 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    17:04:35.0093 0904 AsyncMac - ok
    17:04:35.0171 0904 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    17:04:35.0171 0904 atapi - ok
    17:04:35.0203 0904 Atdisk - ok
    17:04:35.0250 0904 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    17:04:35.0265 0904 Atmarpc - ok
    17:04:35.0359 0904 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    17:04:35.0359 0904 AudioSrv - ok
    17:04:35.0437 0904 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    17:04:35.0437 0904 audstub - ok
    17:04:35.0593 0904 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    17:04:35.0593 0904 avast! Antivirus - ok
    17:04:35.0953 0904 [ 41347688046D49CDE0F6D138A534F73D ] BCMModem C:\WINDOWS\system32\DRIVERS\BCMSM.sys
    17:04:36.0406 0904 BCMModem - ok
    17:04:36.0484 0904 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    17:04:36.0484 0904 Beep - ok
    17:04:36.0656 0904 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
    17:04:36.0796 0904 BITS - ok
    17:04:37.0000 0904 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    17:04:37.0171 0904 Bonjour Service - ok
    17:04:37.0281 0904 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
    17:04:37.0328 0904 Browser - ok
    17:04:37.0390 0904 catchme - ok
    17:04:37.0453 0904 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    17:04:37.0453 0904 cbidf2k - ok
    17:04:37.0468 0904 cd20xrnt - ok
    17:04:37.0531 0904 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    17:04:37.0562 0904 Cdaudio - ok
    17:04:37.0640 0904 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    17:04:37.0656 0904 Cdfs - ok
    17:04:37.0687 0904 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    17:04:37.0703 0904 Cdrom - ok
    17:04:37.0718 0904 Changer - ok
    17:04:37.0781 0904 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    17:04:37.0812 0904 CiSvc - ok
    17:04:37.0890 0904 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    17:04:37.0906 0904 ClipSrv - ok
    17:04:38.0000 0904 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    17:04:38.0078 0904 clr_optimization_v2.0.50727_32 - ok
    17:04:38.0093 0904 CmdIde - ok
    17:04:38.0109 0904 COMSysApp - ok
    17:04:38.0140 0904 Cpqarray - ok
    17:04:38.0234 0904 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.exe
    17:04:38.0281 0904 Creative Service for CDROM Access - ok
    17:04:38.0359 0904 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    17:04:38.0375 0904 CryptSvc - ok
    17:04:38.0468 0904 [ B459AE4AFCA570088ADDDBE55EABBC92 ] ctsfm2k C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
    17:04:38.0515 0904 ctsfm2k - ok
    17:04:38.0531 0904 dac2w2k - ok
    17:04:38.0531 0904 dac960nt - ok
    17:04:38.0703 0904 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    17:04:38.0812 0904 DcomLaunch - ok
    17:04:38.0921 0904 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    17:04:38.0953 0904 Dhcp - ok
    17:04:39.0031 0904 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    17:04:39.0031 0904 Disk - ok
    17:04:39.0046 0904 dmadmin - ok
    17:04:39.0328 0904 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    17:04:39.0562 0904 dmboot - ok
    17:04:39.0656 0904 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    17:04:39.0703 0904 dmio - ok
    17:04:39.0765 0904 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    17:04:39.0765 0904 dmload - ok
    17:04:39.0828 0904 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    17:04:39.0828 0904 dmserver - ok
    17:04:39.0906 0904 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    17:04:39.0921 0904 DMusic - ok
    17:04:40.0000 0904 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    17:04:40.0015 0904 Dnscache - ok
    17:04:40.0125 0904 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    17:04:40.0171 0904 Dot3svc - ok
    17:04:40.0171 0904 dpti2o - ok
    17:04:40.0218 0904 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    17:04:40.0218 0904 drmkaud - ok
    17:04:40.0312 0904 [ 7F056A52BCBA3102D2D37A4A2646C807 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
    17:04:40.0343 0904 drvmcdb - ok
    17:04:40.0375 0904 [ D3C1E501ED42E77574B3095309DD4075 ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys
    17:04:40.0390 0904 drvnddm - ok
    17:04:41.0625 0904 [ 98B46B331404A951CABAD8B4877E1276 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
    17:04:41.0640 0904 E100B - ok
    17:04:41.0718 0904 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    17:04:41.0734 0904 EapHost - ok
    17:04:41.0796 0904 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    17:04:41.0796 0904 ERSvc - ok
    17:04:41.0890 0904 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    17:04:41.0953 0904 Eventlog - ok
    17:04:42.0062 0904 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
    17:04:42.0187 0904 EventSystem - ok
    17:04:42.0281 0904 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    17:04:42.0312 0904 Fastfat - ok
    17:04:42.0406 0904 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    17:04:42.0437 0904 FastUserSwitchingCompatibility - ok
    17:04:42.0500 0904 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
    17:04:42.0500 0904 Fdc - ok
    17:04:42.0578 0904 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    17:04:42.0593 0904 Fips - ok
    17:04:42.0625 0904 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    17:04:42.0625 0904 Flpydisk - ok
    17:04:42.0718 0904 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
    17:04:42.0765 0904 FltMgr - ok
    17:04:42.0859 0904 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    17:04:42.0875 0904 FontCache3.0.0.0 - ok
    17:04:42.0921 0904 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    17:04:42.0921 0904 Fs_Rec - ok
    17:04:42.0968 0904 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    17:04:43.0015 0904 Ftdisk - ok
    17:04:43.0078 0904 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
    17:04:43.0078 0904 gameenum - ok
    17:04:43.0156 0904 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    17:04:43.0156 0904 GEARAspiWDM - ok
    17:04:43.0296 0904 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
    17:04:43.0296 0904 GoToAssist - ok
    17:04:43.0375 0904 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    17:04:43.0390 0904 Gpc - ok
    17:04:43.0390 0904 gupdate - ok
    17:04:43.0406 0904 gupdatem - ok
    17:04:43.0531 0904 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    17:04:43.0546 0904 helpsvc - ok
    17:04:43.0593 0904 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
    17:04:43.0609 0904 HidServ - ok
    17:04:43.0703 0904 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    17:04:43.0703 0904 HidUsb - ok
    17:04:43.0796 0904 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    17:04:43.0812 0904 hkmsvc - ok
    17:04:43.0828 0904 hpn - ok
    17:04:44.0078 0904 [ CE0FCEC4D4D860F36D972759B11EAF0F ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
    17:04:44.0109 0904 hpqcxs08 - ok
    17:04:44.0218 0904 [ 99ED733F614660EB32199BF889DFB7E2 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
    17:04:44.0218 0904 hpqddsvc - ok
    17:04:44.0312 0904 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    17:04:44.0328 0904 HPZid412 - ok
    17:04:44.0390 0904 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    17:04:44.0406 0904 HPZipr12 - ok
    17:04:44.0515 0904 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    17:04:44.0515 0904 HPZius12 - ok
    17:04:44.0656 0904 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    17:04:44.0656 0904 HTTP - ok
    17:04:44.0750 0904 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    17:04:44.0796 0904 HTTPFilter - ok
    17:04:44.0812 0904 i2omgmt - ok
    17:04:44.0812 0904 i2omp - ok
    17:04:44.0906 0904 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    17:04:44.0921 0904 i8042prt - ok
    17:04:45.0421 0904 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    17:04:45.0640 0904 IDriverT - ok
    17:04:46.0390 0904 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    17:04:46.0859 0904 idsvc - ok
    17:04:46.0921 0904 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    17:04:46.0937 0904 Imapi - ok
    17:04:47.0062 0904 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    17:04:47.0125 0904 ImapiService - ok
    17:04:47.0140 0904 ini910u - ok
    17:04:47.0156 0904 IntelIde - ok
    17:04:47.0406 0904 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    17:04:47.0437 0904 intelppm - ok
    17:04:47.0625 0904 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
    17:04:47.0687 0904 ip6fw - ok
    17:04:47.0781 0904 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    17:04:47.0796 0904 IpFilterDriver - ok
    17:04:47.0875 0904 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    17:04:47.0906 0904 IpInIp - ok
    17:04:48.0187 0904 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    17:04:48.0265 0904 IpNat - ok
    17:04:48.0843 0904 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    17:04:49.0265 0904 iPod Service - ok
    17:04:49.0921 0904 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    17:04:50.0046 0904 IPSec - ok
    17:04:50.0359 0904 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    17:04:50.0359 0904 IRENUM - ok
    17:04:50.0671 0904 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    17:04:50.0718 0904 isapnp - ok
    17:04:50.0921 0904 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    17:04:50.0968 0904 Kbdclass - ok
    17:04:51.0234 0904 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    17:04:51.0265 0904 kbdhid - ok
    17:04:51.0812 0904 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    17:04:51.0859 0904 kmixer - ok
    17:04:52.0140 0904 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    17:04:52.0234 0904 KSecDD - ok
    17:04:52.0359 0904 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    17:04:52.0406 0904 lanmanserver - ok
    17:04:52.0562 0904 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    17:04:52.0609 0904 lanmanworkstation - ok
    17:04:52.0625 0904 lbrtfdc - ok
    17:04:52.0937 0904 [ 06DC2FDC6282F0D68910417B1150C848 ] LinksysUpdater C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    17:04:52.0984 0904 LinksysUpdater - ok
    17:04:53.0062 0904 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    17:04:53.0093 0904 LmHosts - ok
    17:04:53.0484 0904 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    17:04:53.0531 0904 Messenger - ok
    17:04:53.0609 0904 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    17:04:53.0640 0904 mnmdd - ok
    17:04:54.0250 0904 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
    17:04:54.0281 0904 mnmsrvc - ok
    17:04:54.0359 0904 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    17:04:54.0390 0904 Modem - ok
    17:04:54.0546 0904 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
    17:04:54.0578 0904 MODEMCSA - ok
    17:04:54.0625 0904 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    17:04:54.0656 0904 Mouclass - ok
    17:04:54.0765 0904 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    17:04:54.0812 0904 mouhid - ok
    17:04:54.0859 0904 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    17:04:54.0906 0904 MountMgr - ok
    17:04:54.0906 0904 mraid35x - ok
    17:04:55.0187 0904 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    17:04:55.0265 0904 MRxDAV - ok
    17:04:56.0046 0904 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    17:04:56.0359 0904 MRxSmb - ok
    17:04:56.0453 0904 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
    17:04:56.0484 0904 MSDTC - ok
    17:04:56.0765 0904 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    17:04:56.0765 0904 Msfs - ok
    17:04:56.0781 0904 MSIServer - ok
    17:04:57.0250 0904 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    17:04:57.0265 0904 MSKSSRV - ok
    17:04:57.0468 0904 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    17:04:57.0484 0904 MSPCLOCK - ok
    17:04:57.0515 0904 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    17:04:57.0515 0904 MSPQM - ok
    17:04:57.0593 0904 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    17:04:57.0609 0904 mssmbios - ok
    17:04:57.0718 0904 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    17:04:57.0765 0904 Mup - ok
    17:04:57.0906 0904 [ E91FC8B52D21E38317DC61A3C7CCFA4B ] MxlW2k C:\WINDOWS\system32\drivers\MxlW2k.sys
    17:04:57.0937 0904 MxlW2k - ok
    17:04:58.0109 0904 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    17:04:58.0234 0904 napagent - ok
    17:04:58.0375 0904 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    17:04:58.0421 0904 NDIS - ok
    17:04:58.0515 0904 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    17:04:58.0515 0904 NdisTapi - ok
    17:04:58.0609 0904 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    17:04:58.0625 0904 Ndisuio - ok
    17:04:58.0671 0904 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    17:04:58.0718 0904 NdisWan - ok
    17:04:58.0781 0904 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    17:04:58.0796 0904 NDProxy - ok
    17:04:58.0875 0904 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\System32\HPZinw12.dll
    17:04:58.0906 0904 Net Driver HPZ12 - ok
    17:04:59.0015 0904 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    17:04:59.0015 0904 NetBIOS - ok
    17:04:59.0140 0904 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    17:04:59.0187 0904 NetBT - ok
    17:04:59.0328 0904 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    17:04:59.0421 0904 NetDDE - ok
    17:04:59.0468 0904 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    17:04:59.0468 0904 NetDDEdsdm - ok
    17:04:59.0609 0904 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    17:04:59.0625 0904 Netlogon - ok
    17:04:59.0781 0904 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    17:04:59.0859 0904 Netman - ok
    17:05:00.0062 0904 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    17:05:00.0250 0904 NetTcpPortSharing - ok
    17:05:00.0390 0904 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    17:05:00.0406 0904 Nla - ok
    17:05:00.0781 0904 [ CD2FE9C33CFD0FE0AF124E05907E5C3D ] nmservice C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    17:05:00.0953 0904 nmservice - ok
    17:05:01.0062 0904 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    17:05:01.0078 0904 Npfs - ok
    17:05:01.0328 0904 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    17:05:01.0531 0904 Ntfs - ok
    17:05:01.0546 0904 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
    17:05:01.0546 0904 NtLmSsp - ok
    17:05:01.0796 0904 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    17:05:01.0968 0904 NtmsSvc - ok
    17:05:02.0093 0904 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    17:05:02.0125 0904 Null - ok
    17:05:02.0812 0904 [ 1AA2270491A46E90E454E143EA8AC775 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    17:05:02.0828 0904 nv - ok
    17:05:02.0890 0904 [ 85A2A4AD01B86098317F8140B22C58B7 ] NVSvc C:\WINDOWS\System32\nvsvc32.exe
    17:05:02.0921 0904 NVSvc - ok
    17:05:03.0140 0904 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    17:05:03.0171 0904 NwlnkFlt - ok
    17:05:03.0250 0904 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    17:05:03.0328 0904 NwlnkFwd - ok
    17:05:03.0484 0904 [ CEC7E2C6C1FA00C7AB2F5434F848AE51 ] OMCI C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
    17:05:03.0515 0904 OMCI - ok
    17:05:03.0687 0904 [ C720C25B2D0C93DC425155F5B6A707F3 ] ossrv C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
    17:05:03.0734 0904 ossrv - ok
    17:05:04.0250 0904 [ 13026E137486D916A0677D276144EA7F ] P16X C:\WINDOWS\system32\drivers\P16X.sys
    17:05:04.0687 0904 P16X - ok
    17:05:04.0781 0904 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
    17:05:04.0859 0904 Parport - ok
    17:05:04.0906 0904 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    17:05:04.0921 0904 PartMgr - ok
    17:05:05.0046 0904 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    17:05:05.0078 0904 ParVdm - ok
    17:05:05.0171 0904 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    17:05:05.0265 0904 PCI - ok
    17:05:05.0281 0904 PCIDump - ok
    17:05:05.0406 0904 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    17:05:05.0421 0904 PCIIde - ok
    17:05:05.0546 0904 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
    17:05:05.0609 0904 Pcmcia - ok
    17:05:05.0609 0904 PDCOMP - ok
    17:05:05.0625 0904 PDFRAME - ok
    17:05:05.0640 0904 PDRELI - ok
    17:05:05.0656 0904 PDRFRAME - ok
    17:05:05.0671 0904 perc2 - ok
    17:05:05.0687 0904 perc2hib - ok
    17:05:05.0781 0904 [ C8A2D6FF660AC601B7BB9A9B16A5C25E ] PfModNT C:\WINDOWS\system32\drivers\PfModNT.sys
    17:05:05.0796 0904 PfModNT - ok
    17:05:05.0859 0904 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    17:05:05.0859 0904 PlugPlay - ok
    17:05:05.0968 0904 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\System32\HPZipm12.dll
    17:05:06.0015 0904 Pml Driver HPZ12 - ok
    17:05:06.0093 0904 [ CE27FC8BDC54B3AC63D53E2D5F6CC929 ] pnarp C:\WINDOWS\system32\DRIVERS\pnarp.sys
    17:05:06.0109 0904 pnarp - ok
    17:05:06.0125 0904 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    17:05:06.0156 0904 PolicyAgent - ok
    17:05:06.0281 0904 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    17:05:06.0328 0904 PptpMiniport - ok
    17:05:06.0375 0904 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
    17:05:06.0406 0904 Processor - ok
    17:05:06.0484 0904 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    17:05:06.0515 0904 ProtectedStorage - ok
    17:05:06.0578 0904 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    17:05:06.0640 0904 PSched - ok
    17:05:06.0734 0904 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    17:05:06.0734 0904 Ptilink - ok
    17:05:06.0843 0904 [ F4FD591E86ECB6B5D000C7D6C987416B ] purendis C:\WINDOWS\system32\DRIVERS\purendis.sys
    17:05:06.0843 0904 purendis - ok
    17:05:06.0953 0904 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
    17:05:06.0984 0904 PxHelp20 - ok
    17:05:07.0000 0904 ql1080 - ok
    17:05:07.0031 0904 Ql10wnt - ok
    17:05:07.0046 0904 ql12160 - ok
    17:05:07.0046 0904 ql1240 - ok
    17:05:07.0062 0904 ql1280 - ok
    17:05:07.0156 0904 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    17:05:07.0187 0904 RasAcd - ok
    17:05:07.0281 0904 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    17:05:07.0343 0904 RasAuto - ok
    17:05:07.0406 0904 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    17:05:07.0437 0904 Rasl2tp - ok
    17:05:07.0609 0904 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    17:05:07.0671 0904 RasMan - ok
    17:05:07.0687 0904 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    17:05:07.0703 0904 RasPppoe - ok
    17:05:07.0765 0904 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    17:05:07.0781 0904 Raspti - ok
    17:05:07.0937 0904 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    17:05:08.0000 0904 Rdbss - ok
    17:05:08.0078 0904 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    17:05:08.0125 0904 RDPCDD - ok
    17:05:08.0265 0904 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    17:05:08.0312 0904 RDPWD - ok
    17:05:08.0437 0904 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    17:05:08.0500 0904 RDSessMgr - ok
    17:05:08.0546 0904 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    17:05:08.0609 0904 redbook - ok
    17:05:08.0734 0904 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    17:05:08.0765 0904 RemoteAccess - ok
    17:05:08.0859 0904 [ 92D33F76769A028DDC54A863EB7DE4A2 ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
    17:05:08.0890 0904 RimUsb - ok
    17:05:08.0953 0904 [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
    17:05:08.0984 0904 RimVSerPort - ok
    17:05:09.0125 0904 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
    17:05:09.0140 0904 ROOTMODEM - ok
    17:05:09.0234 0904 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
    17:05:09.0265 0904 RpcLocator - ok
    17:05:09.0453 0904 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
    17:05:09.0484 0904 RpcSs - ok
    17:05:09.0593 0904 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
    17:05:09.0656 0904 RSVP - ok
    17:05:09.0718 0904 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    17:05:09.0718 0904 SamSs - ok
    17:05:09.0812 0904 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    17:05:09.0859 0904 SCardSvr - ok
    17:05:10.0062 0904 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    17:05:10.0156 0904 Schedule - ok
    17:05:10.0281 0904 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    17:05:10.0343 0904 Secdrv - ok
    17:05:10.0453 0904 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    17:05:10.0484 0904 seclogon - ok
    17:05:10.0562 0904 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    17:05:10.0578 0904 SENS - ok
    17:05:10.0656 0904 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    17:05:10.0703 0904 serenum - ok
    17:05:10.0734 0904 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
    17:05:10.0750 0904 Serial - ok
    17:05:10.0828 0904 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    17:05:10.0828 0904 Sfloppy - ok
    17:05:11.0046 0904 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    17:05:11.0203 0904 SharedAccess - ok
    17:05:11.0343 0904 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    17:05:11.0343 0904 ShellHWDetection - ok
    17:05:11.0359 0904 Simbad - ok
    17:05:11.0687 0904 [ 31FD0707C7DBE715234F2823B27214FE ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
    17:05:11.0906 0904 smwdm - ok
    17:05:11.0921 0904 Sparrow - ok
    17:05:12.0000 0904 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    17:05:12.0031 0904 splitter - ok
    17:05:12.0171 0904 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    17:05:12.0218 0904 Spooler - ok
    17:05:12.0328 0904 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    17:05:12.0343 0904 sr - ok
    17:05:12.0484 0904 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    17:05:12.0578 0904 srservice - ok
    17:05:12.0750 0904 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    17:05:12.0875 0904 Srv - ok
    17:05:12.0921 0904 [ 328E8BB94EC58480F60458FB4B8437A7 ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys
    17:05:12.0937 0904 sscdbhk5 - ok
    17:05:13.0015 0904 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    17:05:13.0062 0904 SSDPSRV - ok
    17:05:13.0156 0904 [ 7EC8B427CEE5C0CDAC066320B93F1355 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys
    17:05:13.0203 0904 ssrtln - ok
    17:05:13.0500 0904 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    17:05:13.0703 0904 stisvc - ok
    17:05:13.0765 0904 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    17:05:13.0812 0904 swenum - ok
    17:05:13.0875 0904 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    17:05:13.0921 0904 swmidi - ok
    17:05:13.0937 0904 SwPrv - ok
    17:05:13.0968 0904 symc810 - ok
    17:05:13.0968 0904 symc8xx - ok
    17:05:13.0984 0904 sym_hi - ok
    17:05:14.0000 0904 sym_u3 - ok
    17:05:14.0156 0904 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    17:05:14.0218 0904 sysaudio - ok
    17:05:14.0312 0904 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    17:05:14.0375 0904 SysmonLog - ok
    17:05:14.0515 0904 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    17:05:14.0609 0904 TapiSrv - ok
    17:05:14.0796 0904 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    17:05:14.0906 0904 Tcpip - ok
    17:05:14.0984 0904 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    17:05:14.0984 0904 TDPIPE - ok
    17:05:15.0015 0904 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    17:05:15.0015 0904 TDTCP - ok
    17:05:15.0109 0904 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    17:05:15.0187 0904 TermDD - ok
    17:05:15.0421 0904 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    17:05:15.0562 0904 TermService - ok
    17:05:15.0703 0904 [ C229BF90443BE8D3BD2B65D7F3AC0F35 ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys
    17:05:15.0734 0904 tfsnboio - ok
    17:05:15.0750 0904 [ 79EE9FCD7728E54AB8FBC30962F0416F ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys
    17:05:15.0765 0904 tfsncofs - ok
    17:05:15.0781 0904 [ 9EFB37E7DE17D783A059B653F7E8AFAD ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys
    17:05:15.0781 0904 tfsndrct - ok
    17:05:15.0796 0904 [ 130254995EBEDCB34D62E8D78EC9DBD0 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys
    17:05:15.0812 0904 tfsndres - ok
    17:05:15.0859 0904 [ 9B40E1E4AEED849812A2E43A388A7E77 ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys
    17:05:15.0890 0904 tfsnifs - ok
    17:05:15.0906 0904 [ 818047AD850B312705AA17CA96B9427D ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys
    17:05:15.0921 0904 tfsnopio - ok
    17:05:15.0937 0904 [ 4603E813BCC6DD465CD8D2AFD37FA90D ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys
    17:05:15.0937 0904 tfsnpool - ok
    17:05:15.0968 0904 [ 6FC2CD904A9A55ACFDFC780A611A75ED ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys
    17:05:16.0000 0904 tfsnudf - ok
    17:05:16.0062 0904 [ D4AFA4D00F8DB3FD1C15B3FE49C3A96C ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys
    17:05:16.0078 0904 tfsnudfa - ok
    17:05:16.0187 0904 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    17:05:16.0187 0904 Themes - ok
    17:05:16.0203 0904 TosIde - ok
    17:05:16.0328 0904 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    17:05:16.0406 0904 TrkWks - ok
    17:05:16.0531 0904 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    17:05:16.0562 0904 Udfs - ok
    17:05:16.0578 0904 ultra - ok
    17:05:16.0656 0904 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
    17:05:16.0718 0904 UMWdf - ok
    17:05:17.0015 0904 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    17:05:17.0281 0904 Update - ok
    17:05:17.0437 0904 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    17:05:17.0515 0904 upnphost - ok
    17:05:17.0609 0904 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    17:05:17.0656 0904 UPS - ok
    17:05:17.0781 0904 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
    17:05:17.0812 0904 USBAAPL - ok
    17:05:17.0968 0904 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    17:05:17.0968 0904 usbccgp - ok
    17:05:18.0062 0904 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    17:05:18.0156 0904 usbehci - ok
    17:05:18.0265 0904 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    17:05:18.0296 0904 usbhub - ok
    17:05:18.0359 0904 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    17:05:18.0375 0904 usbprint - ok
    17:05:18.0390 0904 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    17:05:18.0421 0904 usbscan - ok
    17:05:18.0468 0904 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    17:05:18.0484 0904 USBSTOR - ok
    17:05:18.0531 0904 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    17:05:18.0578 0904 usbuhci - ok
    17:05:18.0640 0904 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    17:05:18.0671 0904 VgaSave - ok
    17:05:18.0687 0904 ViaIde - ok
    17:05:18.0781 0904 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    17:05:18.0843 0904 VolSnap - ok
    17:05:19.0031 0904 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    17:05:19.0125 0904 VSS - ok
    17:05:19.0328 0904 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
    17:05:19.0406 0904 W32Time - ok
    17:05:19.0531 0904 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    17:05:19.0578 0904 Wanarp - ok
    17:05:19.0593 0904 wanatw - ok
    17:05:19.0812 0904 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
    17:05:20.0015 0904 Wdf01000 - ok
    17:05:20.0015 0904 WDICA - ok
    17:05:20.0093 0904 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    17:05:20.0156 0904 wdmaud - ok
    17:05:20.0265 0904 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    17:05:20.0296 0904 WebClient - ok
    17:05:20.0546 0904 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    17:05:20.0593 0904 winmgmt - ok
    17:05:21.0312 0904 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    17:05:21.0937 0904 wlidsvc - ok
    17:05:22.0046 0904 [ 581176F60885AEF8F78C6E38DCC3CDF9 ] WMDM PMSP Service C:\WINDOWS\System32\MsPMSPSv.exe
    17:05:22.0093 0904 WMDM PMSP Service - ok
    17:05:22.0171 0904 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    17:05:22.0234 0904 WmdmPmSN - ok
    17:05:22.0359 0904 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
    17:05:22.0421 0904 WmiApSrv - ok
    17:05:22.0453 0904 [ 1385E5AA9C9821790D33A9563B8D2DD0 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
    17:05:22.0468 0904 WpdUsb - ok
    17:05:22.0562 0904 [ 6B579993E3C456B1D1043E58B5069663 ] Wpsnuio C:\WINDOWS\system32\DRIVERS\wpsnuio.sys
    17:05:22.0578 0904 Wpsnuio - ok
    17:05:22.0687 0904 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
    17:05:22.0718 0904 WS2IFSL - ok
    17:05:22.0875 0904 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    17:05:22.0906 0904 wscsvc - ok
    17:05:23.0015 0904 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    17:05:23.0093 0904 wuauserv - ok
    17:05:23.0375 0904 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    17:05:23.0609 0904 WZCSVC - ok
    17:05:23.0687 0904 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    17:05:23.0765 0904 xmlprov - ok
    17:05:23.0765 0904 ================ Scan global ===============================
    17:05:23.0812 0904 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    17:05:23.0984 0904 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    17:05:24.0281 0904 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    17:05:24.0375 0904 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    17:05:24.0390 0904 [Global] - ok
    17:05:24.0390 0904 ================ Scan MBR ==================================
    17:05:24.0437 0904 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    17:05:25.0578 0904 \Device\Harddisk0\DR0 - ok
    17:05:25.0578 0904 ================ Scan VBR ==================================
    17:05:25.0609 0904 [ EB52BBC5ECC08B1BC1AAC233FD35DF28 ] \Device\Harddisk0\DR0\Partition1
    17:05:25.0640 0904 \Device\Harddisk0\DR0\Partition1 - ok
    17:05:25.0640 0904 ============================================================
    17:05:25.0640 0904 Scan finished
    17:05:25.0640 0904 ============================================================
    17:05:25.0656 1284 Detected object count: 0
    17:05:25.0656 1284 Actual detected object count: 0
    17:05:37.0390 0228 Deinitialize success
     
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Your logs are clean. Let's finish up at this time, please...

    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    Download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    * Double-click the CCleaner shortcut on the desktop to start the program.
    * Click on the Options block on the left, then choose Cookies.
    * Under Cookies to Delete, highlight any cookies you would like to retain permanently
    * Click the right arrow > to move them to the Cookies to Keep window.
    * Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
    * Click Cleaner on the left then Run Cleaner on the right to run the program.
    * Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

    Caution: Only use the Registry feature if you are very familiar with the registry.
    Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
     
  14. swker98

    swker98 TechSpot Paladin Topic Starter Posts: 1,348

    Thanks Again for the help.....heres the secutiy check, you can mark this thread solved.
    Results of screen317's Security Check version 0.99.51
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Free Antivirus
    `````````Anti-malware/Other Utilities Check:`````````
    Spybot - Search & Destroy
    Java 7 Update 7
    Adobe Reader 9 Adobe Reader out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast avastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 1%
    ````````````````````End of Log``````````````````````
     
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Adobe Reader Update!

    Please download the newest version of Adobe Acrobat Reader from Adobe.com

    Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.

    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.

    Any other questions before I mark this topic solved?
     
  16. swker98

    swker98 TechSpot Paladin Topic Starter Posts: 1,348

    Nope All Good. Thank You :)
     
  17. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Great. Good job.

    Topic closed and marked solved. :)
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.