Laptop problems and infected rootkits

Inactive
By Lauraneads
Oct 17, 2012
  1. My laptop has been experiencing some problems recently. If I'm on the internet it frequently shuts down and a blue screen appears with some computer scripting then my laptop reboots. It even occured a moment ago when I tried to download the DDS program. My AVG scans revealed some infections including rootkits. I think the problems I'm experiencing are related to virus of some sort.

    Please can someone advise. I have pasted the logs below as requested.

    Thanks Laura

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.17.07

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Laura :: A37139D5D976437 [administrator]

    10/17/2012 2:20:00 PM
    mbam-log-2012-10-17 (14-20-00).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 216799
    Time elapsed: 8 minute(s), 37 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-10-17 14:46:21
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 SAMSUNG_MP0402H rev.UC200-16
    Running: idikuhuw.exe; Driver: C:\DOCUME~1\Laura\LOCALS~1\Temp\awqcikoc.sys
    ---- System - GMER 1.0.15 ----
    SSDT sppn.sys ZwEnumerateKey [0xB9ECDDA4]
    SSDT sppn.sys ZwEnumerateValueKey [0xB9ECE132]
    ---- Devices - GMER 1.0.15 ----
    Device \Driver\atapi \Device\Ide\IdePort0 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\awxxz1db \Device\Scsi\awxxz1db1Port1Path0Target0Lun0 89A631F8
    Device \Driver\awxxz1db \Device\Scsi\awxxz1db1 89A631F8
    Device \FileSystem\Ntfs \Ntfs 89DDA1F8
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
    ---- EOF - GMER 1.0.15 ----
    DDS (Ver_2012-10-14.05) - NTFS_x86
    Internet Explorer: 8.0.6001.18702
    Run by Laura at 14:55:00 on 2012-10-17
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1319 [GMT 1:00]
    .
    AV: AVG Internet Security 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: AVG Internet Security 2013 *Enabled*
    FW: AVG Firewall *Disabled*
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\savedump.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Cyberlink\Shared Files\brs.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Microsoft\BingBar\BBSvc.EXE
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Executive Software\Diskeeper\DkService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Laura\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Laura\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Laura\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Laura\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Laura\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Laura\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\12.2.5.4\AVG Secure Search_toolbar.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\12.2.5.4\AVG Secure Search_toolbar.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe" -automount
    uRun: [Google Update] "c:\documents and settings\laura\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [AdobeBridge] <no file>
    mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\stsystra.exe
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
    mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    StartupFolder: c:\docume~1\laura\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{7FBEC40B-4E40-46D2-BF94-AD17C2F6037E} : DHCPNameServer = 192.168.0.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.2.6\ViProtocol.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    Hosts: 127.0.0.1www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 55008]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-8-9 177376]
    R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 93536]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 35552]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 177504]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 19936]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 159712]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 164832]
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-6 27496]
    R2 avgfws;AVG Firewall;c:\program files\avg\avg2013\avgfws.exe [2012-10-2 1314720]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-10-2 5783672]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-2 193568]
    R2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
    R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2012-2-24 54760]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\common files\avg secure search\vtoolbarupdater\12.2.6\ToolbarUpdater.exe [2012-9-6 722528]
    R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 250808]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-9-29 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== File Associations ===============
    .
    ShellExec: BitComet.exe: open="c:\program files\bitcomet\BitComet.exe"
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2012-10-09 18:40:1873656----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-10-09 18:40:18696760----a-w-c:\windows\system32\FlashPlayerApp.exe
    2012-10-02 02:30:38159712----a-w-c:\windows\system32\drivers\avgldx86.sys
    2012-09-21 02:46:06164832----a-w-c:\windows\system32\drivers\avgtdix.sys
    2012-09-21 02:46:00177376----a-w-c:\windows\system32\drivers\avglogx.sys
    2012-09-21 02:45:5419936----a-w-c:\windows\system32\drivers\avgidsshimx.sys
    2012-09-21 02:45:5255008----a-w-c:\windows\system32\drivers\avgidshx.sys
    2012-09-14 02:05:2035552----a-w-c:\windows\system32\drivers\avgrkx86.sys
    2012-09-13 02:11:20177504----a-w-c:\windows\system32\drivers\avgidsdriverx.sys
    2012-09-06 11:39:4427496----a-w-c:\windows\system32\drivers\avgtpx86.sys
    2012-08-28 19:24:56477168----a-w-c:\windows\system32\npdeployJava1.dll
    2012-08-28 19:24:53473072----a-w-c:\windows\system32\deployJava1.dll
    2012-08-28 17:39:2373728----a-w-c:\windows\system32\javacpl.cpl
    2012-08-28 15:14:53916992----a-w-c:\windows\system32\wininet.dll
    2012-08-28 15:14:5343520----a-w-c:\windows\system32\licmgr10.dll
    2012-08-28 15:14:521469440------w-c:\windows\system32\inetcpl.cpl
    2012-08-28 12:07:15385024----a-w-c:\windows\system32\html.iec
    2012-08-24 13:53:22177664----a-w-c:\windows\system32\wintrust.dll
    2012-08-21 13:29:192192896----a-w-c:\windows\system32\ntoskrnl.exe
    2012-08-21 12:58:062069632----a-w-c:\windows\system32\ntkrnlpa.exe
    2012-08-21 12:01:2226840----a-w-c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-08-21 12:01:22106928----a-w-c:\windows\system32\GEARAspi.dll
    .
    ============= FINISH: 14:56:07.50 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-10-14.05)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/27/2012 12:19:49 PM
    System Uptime: 10/17/2012 2:48:59 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0RJ272
    Processor: Intel(R) Celeron(R) M processor 1.60GHz | Microprocessor | 1596/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 37 GiB total, 9.681 GiB free.
    D: is CDROM ()
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP278: 9/10/2012 3:00:22 AM - Software Distribution Service 3.0
    RP279: 9/11/2012 12:29:17 PM - Software Distribution Service 3.0
    RP280: 9/12/2012 7:08:37 AM - Software Distribution Service 3.0
    RP281: 9/13/2012 7:16:56 AM - Software Distribution Service 3.0
    RP282: 9/14/2012 7:26:40 AM - Software Distribution Service 3.0
    RP283: 9/15/2012 10:13:44 AM - Software Distribution Service 3.0
    RP284: 9/17/2012 10:29:48 AM - Software Distribution Service 3.0
    RP285: 9/17/2012 7:31:30 PM - Software Distribution Service 3.0
    RP286: 9/18/2012 2:53:30 PM - Software Distribution Service 3.0
    RP287: 9/19/2012 9:38:05 AM - Software Distribution Service 3.0
    RP288: 9/20/2012 11:01:53 AM - Software Distribution Service 3.0
    RP289: 9/25/2012 12:46:58 AM - System Checkpoint
    RP290: 9/26/2012 12:46:52 PM - System Checkpoint
    RP291: 9/26/2012 3:05:50 PM - Software Distribution Service 3.0
    RP292: 9/27/2012 8:47:02 PM - Software Distribution Service 3.0
    RP293: 9/27/2012 11:23:15 PM - Software Distribution Service 3.0
    RP294: 9/28/2012 11:38:46 AM - Software Distribution Service 3.0
    RP295: 9/29/2012 3:43:51 PM - Software Distribution Service 3.0
    RP296: 9/30/2012 9:34:46 AM - Software Distribution Service 3.0
    RP297: 10/1/2012 7:53:31 AM - Software Distribution Service 3.0
    RP298: 10/2/2012 1:10:26 PM - Software Distribution Service 3.0
    RP299: 10/3/2012 10:23:06 AM - Software Distribution Service 3.0
    RP300: 10/4/2012 3:00:20 AM - Software Distribution Service 3.0
    RP301: 10/5/2012 9:19:38 AM - Software Distribution Service 3.0
    RP302: 10/7/2012 2:04:14 PM - Software Distribution Service 3.0
    RP303: 10/9/2012 7:14:12 AM - Software Distribution Service 3.0
    RP304: 10/10/2012 5:43:37 PM - Software Distribution Service 3.0
    RP305: 10/11/2012 6:07:45 PM - Software Distribution Service 3.0
    RP306: 10/12/2012 6:52:11 AM - Software Distribution Service 3.0
    RP307: 10/13/2012 3:00:19 AM - Software Distribution Service 3.0
    RP308: 10/14/2012 3:00:19 AM - Software Distribution Service 3.0
    RP309: 10/15/2012 4:29:46 PM - Software Distribution Service 3.0
    RP310: 10/16/2012 3:00:19 AM - Software Distribution Service 3.0
    RP311: 10/17/2012 3:00:19 AM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Drive CS4
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Fonts All
    Adobe Linguistics CS4
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Reader X (10.1.4)
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Shockwave Player 11.6
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVG 2013
    Bing Bar
    Bonjour
    Conexant HDA D110 MDC V.92 Modem
    Connect
    Diskeeper Professional Edition
    Google Chrome
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2756822)
    ImgBurn
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Graphics Media Accelerator Driver for Mobile
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 35
    Junk Mail filter update
    kuler
    Malwarebytes Anti-Malware version 1.65.0.1400
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MSVCRT
    MSXML 6 Service Pack 2 (KB973686)
    Nero 7 Ultra Edition
    PDF Settings CS4
    Photoshop Camera Raw
    PowerDVD
    PowerDVD Ultra
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2731847)
    Segoe UI
    Spybot - Search & Destroy
    Suite Shared Configuration CS4
    swMSM
    TeamViewer 7
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Windows Internet Explorer 8 (KB2598845)
    Update for Windows Internet Explorer 8 (KB2632503)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    VLC media player 2.0.2
    WebFldrs XP
    Winamp
    Winamp Detector Plug-in
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR 4.10 (32-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/12/2012 8:08:38 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVGIDSAgent service to connect.
    10/12/2012 8:08:38 PM, error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/12/2012 7:57:14 PM, error: Service Control Manager [7001] - The Windows Search service depends on the Terminal Services service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    10/12/2012 7:57:14 PM, error: DCOM [10005] - DCOM got error "%1068" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    10/12/2012 7:55:33 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
    10/12/2012 7:55:26 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    10/12/2012 7:02:24 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows XP (KB2686509).
    10/12/2012 10:51:30 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    10/10/2012 7:34:45 PM, error: Service Control Manager [7034] - The vToolbarUpdater12.2.6 service terminated unexpectedly. It has done this 1 time(s).
    10/10/2012 7:34:45 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    10/10/2012 7:34:45 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    10/10/2012 7:34:45 PM, error: Service Control Manager [7034] - The Diskeeper service terminated unexpectedly. It has done this 1 time(s).
    10/10/2012 7:34:45 PM, error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).
    10/10/2012 7:34:45 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    10/10/2012 7:34:45 PM, error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 1 time(s).
    10/10/2012 7:34:44 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


    avast! aswMBR

    Please download aswMBR from here
    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Uncheck "Trace disk IO calls".
    • Click the Scan button to start the scan as illustrated below
    [​IMG]
    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.
    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
    • Please also find MBR.dat on your Desktop, and rename it to MBR.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.
  3. Lauraneads

    Lauraneads Newcomer, in training Topic Starter Posts: 17

    # AdwCleaner v2.005 - Logfile created 10/17/2012 at 18:38:26
    # Updated 14/10/2012 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : Laura - A37139D5D976437
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\Laura\Desktop\adwcleaner.exe
    # Option [Delete]

    ***** [Services] *****

    ***** [Files / Folders] *****
    Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
    Folder Deleted : C:\Documents and Settings\Laura\Application Data\AVG Secure Search
    Folder Deleted : C:\Documents and Settings\Laura\Local Settings\Application Data\AVG Secure Search
    Folder Deleted : C:\Program Files\AVG Secure Search
    ***** [Registry] *****
    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\StartSearch
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\S
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v8.0.6001.18702
    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxps://isearch.avg.com/tab?cid={27D6F23B-3FDE-44A5-86FC-F5EFFF030994}&mid=331b58f47f0e47d18c62d15c838ec4ff-8c78293ee2c514c4a9baaf4cf847cde7cfe1dfb4&lang=en&ds=AVG&pr=pr&d=2012-09-06 12:39:50&v=12.2.5.4&sap=nt --> hxxp://www.google.com
    -\\ Google Chrome v22.0.1229.94
    File : C:\Documents and Settings\Laura\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
    Deleted [l.69] : icon_url = "hxxps://isearch.avg.com/favicon.ico",
    Deleted [l.72] : keyword = "isearch.avg.com",
    Deleted [l.75] : search_url = "hxxps://isearch.avg.com/search?cid={27D6F23B-3FDE-44A5-86FC-F5EFFF030994}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}",
    *************************
    AdwCleaner[S1].txt - [5159 octets] - [17/10/2012 18:38:26]
    ########## EOF - C:\AdwCleaner[S1].txt - [5219 octets] ##########
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-17 18:50:57
    -----------------------------
    18:50:57.640 OS Version: Windows 5.1.2600 Service Pack 3
    18:50:57.640 Number of processors: 1 586 0xD08
    18:50:57.640 ComputerName: A37139D5D976437 UserName: Laura
    18:50:58.796 Initialize success
    18:52:38.890 AVAST engine defs: 12101701
    18:53:11.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
    18:53:11.421 Disk 0 Vendor: SAMSUNG_MP0402H UC200-16 Size: 38154MB BusType: 3
    18:53:11.453 Disk 0 MBR read successfully
    18:53:11.453 Disk 0 MBR scan
    18:53:11.484 Disk 0 Windows XP default MBR code
    18:53:11.484 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38146 MB offset 63
    18:53:11.484 Disk 0 scanning sectors +78124095
    18:53:11.578 Disk 0 scanning C:\WINDOWS\system32\drivers
    18:53:29.093 Service scanning
    18:53:49.093 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
    18:53:55.687 Modules scanning
    18:54:02.375 AVAST engine scan C:\WINDOWS
    18:54:09.265 AVAST engine scan C:\WINDOWS\system32
    19:00:09.812 AVAST engine scan C:\WINDOWS\system32\drivers
    19:00:30.890 AVAST engine scan C:\Documents and Settings\Laura
    19:01:28.734 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Laura\Desktop\MBR.dat"
    19:01:28.750 The log file has been saved successfully to "C:\Documents and Settings\Laura\Desktop\aswMBR.txt"

    I renamed the MBR dat file to text but I click on upload a file its not being found on my desktop
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    TDSSKiller Scan

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
    Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  5. Lauraneads

    Lauraneads Newcomer, in training Topic Starter Posts: 17

    23:41:20.0984 0280 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
    23:41:22.0593 0280 ============================================================
    23:41:22.0593 0280 Current date / time: 2012/10/17 23:41:22.0593
    23:41:22.0593 0280 SystemInfo:
    23:41:22.0593 0280
    23:41:22.0593 0280 OS Version: 5.1.2600 ServicePack: 3.0
    23:41:22.0593 0280 Product type: Workstation
    23:41:22.0593 0280 ComputerName: A37139D5D976437
    23:41:22.0593 0280 UserName: Laura
    23:41:22.0593 0280 Windows directory: C:\WINDOWS
    23:41:22.0593 0280 System windows directory: C:\WINDOWS
    23:41:22.0593 0280 Processor architecture: Intel x86
    23:41:22.0593 0280 Number of processors: 1
    23:41:22.0593 0280 Page size: 0x1000
    23:41:22.0593 0280 Boot type: Normal boot
    23:41:22.0593 0280 ============================================================
    23:41:24.0468 0280 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    23:41:24.0468 0280 ============================================================
    23:41:24.0468 0280 \Device\Harddisk0\DR0:
    23:41:24.0468 0280 MBR partitions:
    23:41:24.0468 0280 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A81400
    23:41:24.0468 0280 ============================================================
    23:41:24.0500 0280 C: <-> \Device\Harddisk0\DR0\Partition1
    23:41:24.0500 0280 ============================================================
    23:41:24.0500 0280 Initialize success
    23:41:24.0500 0280 ============================================================
    23:41:53.0156 3996 ============================================================
    23:41:53.0156 3996 Scan started
    23:41:53.0156 3996 Mode: Manual; SigCheck; TDLFS;
    23:41:53.0156 3996 ============================================================
    23:41:53.0781 3996 ================ Scan system memory ========================
    23:41:53.0781 3996 System memory - ok
    23:41:53.0796 3996 ================ Scan services =============================
    23:41:53.0953 3996 Abiosdsk - ok
    23:41:53.0968 3996 abp480n5 - ok
    23:41:54.0031 3996 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    23:41:54.0515 3996 ACPI - ok
    23:41:54.0578 3996 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    23:41:54.0734 3996 ACPIEC - ok
    23:41:54.0796 3996 [ 6D7F09CD92A9FEF3A8EFCE66231FDD79 ] adfs C:\WINDOWS\system32\drivers\adfs.sys
    23:41:54.0812 3996 adfs - ok
    23:41:54.0937 3996 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    23:41:54.0968 3996 AdobeFlashPlayerUpdateSvc - ok
    23:41:54.0984 3996 adpu160m - ok
    23:41:55.0015 3996 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    23:41:55.0171 3996 aec - ok
    23:41:55.0250 3996 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    23:41:55.0328 3996 AFD - ok
    23:41:55.0328 3996 Aha154x - ok
    23:41:55.0343 3996 aic78u2 - ok
    23:41:55.0359 3996 aic78xx - ok
    23:41:55.0406 3996 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    23:41:55.0578 3996 Alerter - ok
    23:41:55.0609 3996 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
    23:41:55.0781 3996 ALG - ok
    23:41:55.0796 3996 AliIde - ok
    23:41:55.0812 3996 amsint - ok
    23:41:55.0984 3996 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    23:41:56.0000 3996 Apple Mobile Device - ok
    23:41:56.0062 3996 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    23:41:56.0203 3996 AppMgmt - ok
    23:41:56.0218 3996 asc - ok
    23:41:56.0218 3996 asc3350p - ok
    23:41:56.0234 3996 asc3550 - ok
    23:41:56.0406 3996 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    23:41:56.0421 3996 aspnet_state - ok
    23:41:56.0484 3996 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    23:41:56.0656 3996 AsyncMac - ok
    23:41:56.0671 3996 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    23:41:56.0843 3996 atapi - ok
    23:41:56.0843 3996 Atdisk - ok
    23:41:56.0890 3996 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    23:41:57.0078 3996 Atmarpc - ok
    23:41:57.0140 3996 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    23:41:57.0296 3996 AudioSrv - ok
    23:41:57.0359 3996 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    23:41:57.0562 3996 audstub - ok
    23:41:57.0609 3996 [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] Avgfwdx C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
    23:41:57.0640 3996 Avgfwdx - ok
    23:41:57.0640 3996 [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] Avgfwfd C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
    23:41:57.0671 3996 Avgfwfd - ok
    23:41:57.0843 3996 [ 2E0DB82F4254FF91E153F331BA9B2D6E ] avgfws C:\Program Files\AVG\AVG2013\avgfws.exe
    23:41:57.0968 3996 avgfws - ok
    23:41:58.0328 3996 [ B41F0E54105801538D56623271A0AE49 ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
    23:41:58.0859 3996 AVGIDSAgent - ok
    23:41:58.0968 3996 [ 2F47851015D8837976E481F6DAA46A67 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
    23:41:59.0000 3996 AVGIDSDriver - ok
    23:41:59.0062 3996 [ 303BDE0DCDC04CE597C6C1CD06C6F186 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
    23:41:59.0093 3996 AVGIDSHX - ok
    23:41:59.0140 3996 [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
    23:41:59.0171 3996 AVGIDSShim - ok
    23:41:59.0234 3996 [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
    23:41:59.0265 3996 Avgldx86 - ok
    23:41:59.0328 3996 [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys
    23:41:59.0359 3996 Avglogx - ok
    23:41:59.0406 3996 [ 6DF7236D3A16C8417FF72F2EB2ADD244 ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
    23:41:59.0421 3996 Avgmfx86 - ok
    23:41:59.0453 3996 [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
    23:41:59.0484 3996 Avgrkx86 - ok
    23:41:59.0546 3996 [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
    23:41:59.0578 3996 Avgtdix - ok
    23:41:59.0609 3996 [ DB22E7062FD88CDD1CC8C99CE59E6B2B ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
    23:41:59.0640 3996 avgtp - ok
    23:41:59.0703 3996 [ 0D2EB149AFF89A307E5D82D0A2B78439 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    23:41:59.0734 3996 avgwd - ok
    23:41:59.0890 3996 [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
    23:41:59.0921 3996 BBSvc - ok
    23:42:00.0000 3996 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    23:42:00.0031 3996 BBUpdate - ok
    23:42:00.0140 3996 [ E9EA635B8432D68F0005B3F6CEBAB837 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    23:42:00.0375 3996 BCM43XX - ok
    23:42:00.0406 3996 [ CD4646067CC7DCBA1907FA0ACF7E3966 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
    23:42:00.0453 3996 bcm4sbxp - ok
    23:42:00.0500 3996 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    23:42:00.0687 3996 Beep - ok
    23:42:00.0765 3996 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
    23:42:00.0937 3996 BITS - ok
    23:42:01.0015 3996 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    23:42:01.0062 3996 Bonjour Service - ok
    23:42:01.0125 3996 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
    23:42:01.0203 3996 Browser - ok
    23:42:01.0250 3996 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    23:42:01.0421 3996 cbidf2k - ok
    23:42:01.0468 3996 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    23:42:01.0640 3996 CCDECODE - ok
    23:42:01.0656 3996 cd20xrnt - ok
    23:42:01.0703 3996 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    23:42:01.0890 3996 Cdaudio - ok
    23:42:01.0937 3996 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    23:42:02.0109 3996 Cdfs - ok
    23:42:02.0125 3996 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    23:42:02.0296 3996 Cdrom - ok
    23:42:02.0343 3996 [ B4DDA22FCBA9AF3EB5F6B58A671A447D ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
    23:42:02.0375 3996 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
    23:42:02.0375 3996 cercsr6 - detected UnsignedFile.Multi.Generic (1)
    23:42:02.0390 3996 Changer - ok
    23:42:02.0453 3996 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    23:42:02.0609 3996 CiSvc - ok
    23:42:02.0671 3996 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    23:42:02.0828 3996 ClipSrv - ok
    23:42:02.0890 3996 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    23:42:02.0921 3996 clr_optimization_v2.0.50727_32 - ok
    23:42:03.0046 3996 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    23:42:03.0078 3996 clr_optimization_v4.0.30319_32 - ok
    23:42:03.0078 3996 CmdIde - ok
    23:42:03.0093 3996 COMSysApp - ok
    23:42:03.0109 3996 Cpqarray - ok
    23:42:03.0171 3996 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    23:42:03.0312 3996 CryptSvc - ok
    23:42:03.0328 3996 dac2w2k - ok
    23:42:03.0343 3996 dac960nt - ok
    23:42:03.0421 3996 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    23:42:03.0546 3996 DcomLaunch - ok
    23:42:03.0609 3996 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    23:42:03.0765 3996 Dhcp - ok
    23:42:03.0828 3996 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    23:42:03.0984 3996 Disk - ok
    23:42:04.0109 3996 [ 35741E47A211C50B9AA52E1423CC8503 ] Diskeeper C:\Program Files\Executive Software\Diskeeper\DkService.exe
    23:42:04.0203 3996 Diskeeper ( UnsignedFile.Multi.Generic ) - warning
    23:42:04.0203 3996 Diskeeper - detected UnsignedFile.Multi.Generic (1)
    23:42:04.0218 3996 dmadmin - ok
    23:42:04.0281 3996 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    23:42:04.0515 3996 dmboot - ok
    23:42:04.0515 3996 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    23:42:04.0687 3996 dmio - ok
    23:42:04.0734 3996 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    23:42:04.0921 3996 dmload - ok
    23:42:04.0968 3996 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    23:42:05.0140 3996 dmserver - ok
    23:42:05.0187 3996 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    23:42:05.0343 3996 DMusic - ok
    23:42:05.0406 3996 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    23:42:05.0500 3996 Dnscache - ok
    23:42:05.0562 3996 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    23:42:05.0718 3996 Dot3svc - ok
    23:42:05.0734 3996 dpti2o - ok
    23:42:05.0796 3996 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    23:42:06.0000 3996 drmkaud - ok
    23:42:06.0046 3996 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    23:42:06.0187 3996 EapHost - ok
    23:42:06.0296 3996 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
    23:42:06.0359 3996 ehRecvr - ok
    23:42:06.0406 3996 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
    23:42:06.0546 3996 ehSched - ok
    23:42:06.0640 3996 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    23:42:06.0843 3996 ERSvc - ok
    23:42:06.0890 3996 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    23:42:06.0968 3996 Eventlog - ok
    23:42:07.0031 3996 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
    23:42:07.0093 3996 EventSystem - ok
    23:42:07.0156 3996 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    23:42:07.0296 3996 Fastfat - ok
    23:42:07.0359 3996 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    23:42:07.0437 3996 FastUserSwitchingCompatibility - ok
    23:42:07.0468 3996 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
    23:42:07.0609 3996 Fdc - ok
    23:42:07.0640 3996 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    23:42:07.0796 3996 Fips - ok
    23:42:07.0890 3996 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    23:42:07.0984 3996 FLEXnet Licensing Service - ok
    23:42:08.0031 3996 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
    23:42:08.0187 3996 Flpydisk - ok
    23:42:08.0250 3996 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
    23:42:08.0406 3996 FltMgr - ok
    23:42:08.0531 3996 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    23:42:08.0546 3996 FontCache3.0.0.0 - ok
    23:42:08.0625 3996 [ E0087225B137E57239FF40F8AE82059B ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
    23:42:08.0640 3996 fssfltr - ok
    23:42:08.0765 3996 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
    23:42:08.0859 3996 fsssvc - ok
    23:42:08.0921 3996 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    23:42:09.0109 3996 Fs_Rec - ok
    23:42:09.0140 3996 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    23:42:09.0343 3996 Ftdisk - ok
    23:42:09.0406 3996 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    23:42:09.0421 3996 GEARAspiWDM - ok
    23:42:09.0437 3996 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    23:42:09.0625 3996 Gpc - ok
    23:42:09.0687 3996 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    23:42:09.0859 3996 HDAudBus - ok
    23:42:10.0015 3996 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    23:42:10.0187 3996 helpsvc - ok
    23:42:10.0234 3996 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
    23:42:10.0375 3996 HidServ - ok
    23:42:10.0437 3996 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    23:42:10.0578 3996 HidUsb - ok
    23:42:10.0640 3996 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    23:42:10.0812 3996 hkmsvc - ok
    23:42:10.0812 3996 hpn - ok
    23:42:10.0890 3996 [ 1C8CAA80E91FB71864E9426F9EED048D ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
    23:42:10.0968 3996 HSFHWAZL - ok
    23:42:11.0062 3996 [ 698204D9C2832E53633E53A30A53FC3D ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
    23:42:11.0218 3996 HSF_DPV - ok
    23:42:11.0281 3996 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    23:42:11.0390 3996 HTTP - ok
    23:42:11.0453 3996 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    23:42:11.0609 3996 HTTPFilter - ok
    23:42:11.0625 3996 i2omgmt - ok
    23:42:11.0640 3996 i2omp - ok
    23:42:11.0703 3996 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    23:42:11.0859 3996 i8042prt - ok
    23:42:11.0984 3996 [ 5A8E05F1D5C36ABD58CFFA111EB325EA ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    23:42:12.0203 3996 ialm - ok
    23:42:12.0359 3996 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    23:42:12.0484 3996 idsvc - ok
    23:42:12.0484 3996 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    23:42:12.0671 3996 Imapi - ok
    23:42:12.0718 3996 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    23:42:12.0875 3996 ImapiService - ok
    23:42:12.0890 3996 ini910u - ok
    23:42:12.0906 3996 IntelIde - ok
    23:42:12.0968 3996 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    23:42:13.0109 3996 intelppm - ok
    23:42:13.0140 3996 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
    23:42:13.0312 3996 Ip6Fw - ok
    23:42:13.0359 3996 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    23:42:13.0546 3996 IpFilterDriver - ok
    23:42:13.0593 3996 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    23:42:13.0765 3996 IpInIp - ok
    23:42:13.0796 3996 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    23:42:13.0953 3996 IpNat - ok
    23:42:14.0109 3996 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    23:42:14.0203 3996 iPod Service - ok
    23:42:14.0265 3996 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    23:42:14.0406 3996 IPSec - ok
    23:42:14.0421 3996 IRENUM - ok
    23:42:14.0484 3996 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    23:42:14.0640 3996 isapnp - ok
    23:42:14.0781 3996 [ 0E410EDC8D0527801B899CF29E60597C ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
    23:42:14.0828 3996 JavaQuickStarterService - ok
    23:42:14.0843 3996 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    23:42:15.0000 3996 Kbdclass - ok
    23:42:15.0031 3996 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    23:42:15.0171 3996 kmixer - ok
    23:42:15.0218 3996 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    23:42:15.0359 3996 KSecDD - ok
    23:42:15.0406 3996 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    23:42:15.0453 3996 lanmanserver - ok
    23:42:15.0484 3996 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    23:42:15.0546 3996 lanmanworkstation - ok
    23:42:15.0562 3996 lbrtfdc - ok
    23:42:15.0625 3996 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    23:42:15.0796 3996 LmHosts - ok
    23:42:15.0859 3996 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
    23:42:15.0937 3996 McrdSvc - ok
    23:42:15.0984 3996 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    23:42:16.0015 3996 mdmxsdk - ok
    23:42:16.0062 3996 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    23:42:16.0234 3996 Messenger - ok
    23:42:16.0296 3996 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
    23:42:16.0328 3996 MHN ( UnsignedFile.Multi.Generic ) - warning
    23:42:16.0328 3996 MHN - detected UnsignedFile.Multi.Generic (1)
    23:42:16.0343 3996 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
    23:42:16.0375 3996 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
    23:42:16.0375 3996 MHNDRV - detected UnsignedFile.Multi.Generic (1)
    23:42:16.0500 3996 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
    23:42:16.0531 3996 Microsoft Office Groove Audit Service - ok
    23:42:16.0578 3996 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    23:42:16.0765 3996 mnmdd - ok
    23:42:16.0828 3996 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    23:42:16.0984 3996 mnmsrvc - ok
    23:42:17.0015 3996 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    23:42:17.0187 3996 Modem - ok
    23:42:17.0218 3996 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    23:42:17.0359 3996 Mouclass - ok
    23:42:17.0406 3996 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    23:42:17.0609 3996 mouhid - ok
    23:42:17.0640 3996 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    23:42:17.0796 3996 MountMgr - ok
    23:42:17.0812 3996 mraid35x - ok
    23:42:17.0843 3996 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    23:42:18.0015 3996 MRxDAV - ok
    23:42:18.0093 3996 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    23:42:18.0171 3996 MRxSmb - ok
    23:42:18.0171 3996 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    23:42:18.0343 3996 MSDTC - ok
    23:42:18.0375 3996 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    23:42:18.0531 3996 Msfs - ok
    23:42:18.0546 3996 MSIServer - ok
    23:42:18.0578 3996 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    23:42:18.0750 3996 MSKSSRV - ok
    23:42:18.0796 3996 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    23:42:18.0937 3996 MSPCLOCK - ok
    23:42:18.0953 3996 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    23:42:19.0109 3996 MSPQM - ok
    23:42:19.0125 3996 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    23:42:19.0281 3996 mssmbios - ok
    23:42:19.0328 3996 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
    23:42:19.0468 3996 MSTEE - ok
    23:42:19.0531 3996 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    23:42:19.0578 3996 Mup - ok
    23:42:19.0609 3996 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    23:42:19.0781 3996 NABTSFEC - ok
    23:42:19.0859 3996 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    23:42:20.0046 3996 napagent - ok
    23:42:20.0234 3996 [ 87A00FAEDD703D8D2BDCB29CE5EEEA6B ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    23:42:20.0453 3996 NBService ( UnsignedFile.Multi.Generic ) - warning
    23:42:20.0453 3996 NBService - detected UnsignedFile.Multi.Generic (1)
    23:42:20.0687 3996 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    23:42:20.0843 3996 NDIS - ok
    23:42:20.0906 3996 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    23:42:21.0078 3996 NdisIP - ok
    23:42:21.0109 3996 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    23:42:21.0203 3996 NdisTapi - ok
    23:42:21.0250 3996 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    23:42:21.0437 3996 Ndisuio - ok
    23:42:21.0484 3996 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    23:42:21.0625 3996 NdisWan - ok
    23:42:21.0687 3996 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    23:42:21.0750 3996 NDProxy - ok
    23:42:21.0765 3996 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    23:42:21.0921 3996 NetBIOS - ok
    23:42:21.0953 3996 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    23:42:22.0125 3996 NetBT - ok
    23:42:22.0171 3996 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    23:42:22.0328 3996 NetDDE - ok
    23:42:22.0343 3996 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    23:42:22.0484 3996 NetDDEdsdm - ok
    23:42:22.0546 3996 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    23:42:22.0703 3996 Netlogon - ok
    23:42:22.0765 3996 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    23:42:22.0937 3996 Netman - ok
    23:42:22.0953 3996 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    23:42:23.0000 3996 NetTcpPortSharing - ok
    23:42:23.0062 3996 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    23:42:23.0156 3996 Nla - ok
    23:42:23.0171 3996 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    23:42:23.0312 3996 Npfs - ok
    23:42:23.0359 3996 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    23:42:23.0562 3996 Ntfs - ok
    23:42:23.0578 3996 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    23:42:23.0734 3996 NtLmSsp - ok
    23:42:23.0796 3996 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    23:42:23.0984 3996 NtmsSvc - ok
    23:42:24.0046 3996 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    23:42:24.0250 3996 Null - ok
    23:42:24.0281 3996 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    23:42:24.0500 3996 NwlnkFlt - ok
    23:42:24.0515 3996 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    23:42:24.0687 3996 NwlnkFwd - ok
    23:42:24.0828 3996 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    23:42:24.0890 3996 odserv - ok
    23:42:24.0937 3996 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    23:42:24.0984 3996 ose - ok
    23:42:25.0015 3996 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
    23:42:25.0156 3996 Parport - ok
    23:42:25.0187 3996 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    23:42:25.0328 3996 PartMgr - ok
    23:42:25.0375 3996 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    23:42:25.0578 3996 ParVdm - ok
    23:42:25.0609 3996 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    23:42:25.0953 3996 PCI - ok
    23:42:25.0953 3996 PCIDump - ok
    23:42:25.0984 3996 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    23:42:26.0171 3996 PCIIde - ok
    23:42:26.0218 3996 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
    23:42:26.0390 3996 Pcmcia - ok
    23:42:26.0390 3996 PDCOMP - ok
    23:42:26.0406 3996 PDFRAME - ok
    23:42:26.0421 3996 PDRELI - ok
    23:42:26.0437 3996 PDRFRAME - ok
    23:42:26.0453 3996 perc2 - ok
    23:42:26.0468 3996 perc2hib - ok
    23:42:26.0515 3996 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    23:42:26.0578 3996 PlugPlay - ok
    23:42:26.0593 3996 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    23:42:26.0750 3996 PolicyAgent - ok
    23:42:26.0796 3996 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    23:42:26.0968 3996 PptpMiniport - ok
    23:42:26.0968 3996 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    23:42:27.0125 3996 ProtectedStorage - ok
    23:42:27.0171 3996 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    23:42:27.0328 3996 PSched - ok
    23:42:27.0375 3996 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    23:42:27.0562 3996 Ptilink - ok
    23:42:27.0625 3996 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
    23:42:27.0656 3996 PxHelp20 - ok
    23:42:27.0656 3996 ql1080 - ok
    23:42:27.0671 3996 Ql10wnt - ok
    23:42:27.0687 3996 ql12160 - ok
    23:42:27.0703 3996 ql1240 - ok
    23:42:27.0703 3996 ql1280 - ok
    23:42:27.0718 3996 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    23:42:27.0906 3996 RasAcd - ok
    23:42:27.0953 3996 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    23:42:28.0093 3996 RasAuto - ok
    23:42:28.0125 3996 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    23:42:28.0281 3996 Rasl2tp - ok
    23:42:28.0343 3996 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    23:42:28.0500 3996 RasMan - ok
    23:42:28.0515 3996 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    23:42:28.0656 3996 RasPppoe - ok
    23:42:28.0703 3996 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    23:42:28.0890 3996 Raspti - ok
    23:42:28.0921 3996 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    23:42:29.0078 3996 Rdbss - ok
    23:42:29.0093 3996 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    23:42:29.0265 3996 RDPCDD - ok
    23:42:29.0312 3996 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    23:42:29.0468 3996 rdpdr - ok
    23:42:29.0546 3996 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    23:42:29.0609 3996 RDPWD - ok
    23:42:29.0671 3996 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    23:42:29.0843 3996 RDSessMgr - ok
    23:42:29.0906 3996 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    23:42:30.0062 3996 redbook - ok
    23:42:30.0109 3996 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    23:42:30.0281 3996 RemoteAccess - ok
    23:42:30.0328 3996 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    23:42:30.0500 3996 RemoteRegistry - ok
    23:42:30.0609 3996 [ 2D84428075CE90F1B8882D54960C7000 ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
    23:42:30.0640 3996 RichVideo - ok
    23:42:30.0671 3996 [ F17713D108ACA124A139FDE877EEF68A ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
    23:42:30.0765 3996 RimUsb - ok
    23:42:30.0828 3996 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
    23:42:30.0968 3996 RpcLocator - ok
    23:42:31.0015 3996 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
    23:42:31.0093 3996 RpcSs - ok
    23:42:31.0187 3996 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    23:42:31.0406 3996 RSVP - ok
    23:42:31.0437 3996 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    23:42:31.0578 3996 SamSs - ok
    23:42:31.0640 3996 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    23:42:31.0812 3996 SCardSvr - ok
    23:42:31.0875 3996 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    23:42:32.0046 3996 Schedule - ok
    23:42:32.0109 3996 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    23:42:32.0250 3996 Secdrv - ok
    23:42:32.0296 3996 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    23:42:32.0453 3996 seclogon - ok
    23:42:32.0484 3996 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    23:42:32.0656 3996 SENS - ok
    23:42:32.0671 3996 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
    23:42:32.0875 3996 Serial - ok
    23:42:32.0937 3996 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    23:42:33.0093 3996 Sfloppy - ok
    23:42:33.0187 3996 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    23:42:33.0375 3996 SharedAccess - ok
    23:42:33.0406 3996 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    23:42:33.0437 3996 ShellHWDetection - ok
    23:42:33.0453 3996 Simbad - ok
    23:42:33.0515 3996 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
    23:42:33.0687 3996 SLIP - ok
    23:42:33.0703 3996 Sparrow - ok
    23:42:33.0750 3996 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    23:42:33.0921 3996 splitter - ok
    23:42:33.0968 3996 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    23:42:34.0015 3996 Spooler - ok
    23:42:34.0109 3996 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
    23:42:34.0125 3996 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
    23:42:34.0125 3996 sptd ( LockedFile.Multi.Generic ) - warning
    23:42:34.0125 3996 sptd - detected LockedFile.Multi.Generic (1)
    23:42:34.0140 3996 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    23:42:34.0296 3996 sr - ok
    23:42:34.0359 3996 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    23:42:34.0515 3996 srservice - ok
    23:42:34.0578 3996 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    23:42:34.0671 3996 Srv - ok
    23:42:34.0718 3996 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    23:42:34.0906 3996 SSDPSRV - ok
    23:42:35.0062 3996 [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    23:42:35.0156 3996 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
    23:42:35.0156 3996 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
    23:42:35.0296 3996 [ 951801DFB54D86F611F0AF47825476F9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
    23:42:35.0546 3996 STHDA - ok
    23:42:35.0609 3996 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    23:42:35.0781 3996 stisvc - ok
    23:42:35.0859 3996 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    23:42:36.0015 3996 streamip - ok
    23:42:36.0078 3996 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    23:42:36.0234 3996 swenum - ok
    23:42:36.0265 3996 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    23:42:36.0421 3996 swmidi - ok
    23:42:36.0437 3996 SwPrv - ok
    23:42:36.0453 3996 symc810 - ok
    23:42:36.0468 3996 symc8xx - ok
    23:42:36.0484 3996 sym_hi - ok
    23:42:36.0484 3996 sym_u3 - ok
    23:42:36.0546 3996 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    23:42:36.0703 3996 sysaudio - ok
    23:42:36.0734 3996 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    23:42:36.0890 3996 SysmonLog - ok
    23:42:36.0968 3996 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    23:42:37.0140 3996 TapiSrv - ok
    23:42:37.0203 3996 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    23:42:37.0296 3996 Tcpip - ok
    23:42:37.0359 3996 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    23:42:37.0515 3996 TDPIPE - ok
    23:42:37.0562 3996 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    23:42:37.0750 3996 TDTCP - ok
    23:42:37.0765 3996 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    23:42:37.0921 3996 TermDD - ok
    23:42:38.0015 3996 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    23:42:38.0203 3996 TermService - ok
    23:42:38.0250 3996 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    23:42:38.0281 3996 Themes - ok
    23:42:38.0343 3996 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
    23:42:38.0500 3996 TlntSvr - ok
    23:42:38.0515 3996 TosIde - ok
    23:42:38.0578 3996 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    23:42:38.0734 3996 TrkWks - ok
    23:42:38.0796 3996 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    23:42:38.0953 3996 Udfs - ok
    23:42:38.0984 3996 ultra - ok
    23:42:39.0078 3996 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    23:42:39.0234 3996 Update - ok
    23:42:39.0281 3996 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    23:42:39.0453 3996 upnphost - ok
    23:42:39.0468 3996 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    23:42:39.0625 3996 UPS - ok
    23:42:39.0671 3996 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
    23:42:39.0687 3996 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
    23:42:39.0687 3996 USBAAPL - detected UnsignedFile.Multi.Generic (1)
    23:42:39.0734 3996 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
    23:42:39.0890 3996 usbaudio - ok
    23:42:39.0937 3996 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    23:42:40.0109 3996 usbccgp - ok
    23:42:40.0156 3996 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    23:42:40.0312 3996 usbehci - ok
    23:42:40.0375 3996 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    23:42:40.0515 3996 usbhub - ok
    23:42:40.0593 3996 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    23:42:40.0734 3996 usbscan - ok
    23:42:40.0781 3996 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    23:42:40.0937 3996 USBSTOR - ok
    23:42:40.0953 3996 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    23:42:41.0109 3996 usbuhci - ok
    23:42:41.0140 3996 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
    23:42:41.0312 3996 usbvideo - ok
    23:42:41.0343 3996 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    23:42:41.0500 3996 VgaSave - ok
    23:42:41.0500 3996 ViaIde - ok
    23:42:41.0562 3996 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    23:42:41.0703 3996 VolSnap - ok
    23:42:41.0765 3996 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    23:42:41.0953 3996 VSS - ok
    23:42:42.0046 3996 [ 52591834B0FA3293D35FD407FC230F7D ] vToolbarUpdater12.2.6 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
    23:42:42.0156 3996 vToolbarUpdater12.2.6 - ok
    23:42:42.0203 3996 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
    23:42:42.0375 3996 W32Time - ok
    23:42:42.0390 3996 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    23:42:42.0546 3996 Wanarp - ok
    23:42:42.0562 3996 WDICA - ok
    23:42:42.0593 3996 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    23:42:42.0750 3996 wdmaud - ok
    23:42:42.0812 3996 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    23:42:42.0984 3996 WebClient - ok
    23:42:43.0078 3996 [ 74CF3F2E4E40C4A2E18D39D6300A5C24 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    23:42:43.0234 3996 winachsf - ok
    23:42:43.0375 3996 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    23:42:43.0531 3996 winmgmt - ok
    23:42:43.0625 3996 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
    23:42:43.0812 3996 WinRM - ok
    23:42:43.0875 3996 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    23:42:43.0984 3996 WmdmPmSN - ok
    23:42:44.0062 3996 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
    23:42:44.0234 3996 Wmi - ok
    23:42:44.0296 3996 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    23:42:44.0453 3996 WmiApSrv - ok
    23:42:44.0593 3996 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
    23:42:44.0734 3996 WMPNetworkSvc - ok
    23:42:44.0843 3996 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    23:42:44.0937 3996 WPFFontCache_v0400 - ok
    23:42:45.0000 3996 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    23:42:45.0218 3996 wscsvc - ok
    23:42:45.0218 3996 WSearch - ok
    23:42:45.0250 3996 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    23:42:45.0421 3996 WSTCODEC - ok
    23:42:45.0484 3996 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    23:42:45.0656 3996 wuauserv - ok
    23:42:45.0703 3996 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    23:42:45.0781 3996 WudfPf - ok
    23:42:45.0812 3996 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    23:42:45.0890 3996 WudfRd - ok
    23:42:45.0921 3996 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    23:42:45.0984 3996 WudfSvc - ok
    23:42:46.0062 3996 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    23:42:46.0328 3996 WZCSVC - ok
    23:42:46.0375 3996 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    23:42:46.0531 3996 xmlprov - ok
    23:42:46.0609 3996 [ 5867CE254625645345C833510D24F124 ] {95808DC4-FA4A-4C74-92FE-5B863F82066B} C:\Program Files\CyberLink\PowerDVD\000.fcl
    23:42:46.0656 3996 {95808DC4-FA4A-4C74-92FE-5B863F82066B} - ok
    23:42:46.0656 3996 ================ Scan global ===============================
    23:42:46.0718 3996 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    23:42:46.0796 3996 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    23:42:46.0828 3996 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    23:42:46.0843 3996 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    23:42:46.0859 3996 [Global] - ok
    23:42:46.0859 3996 ================ Scan MBR ==================================
    23:42:46.0890 3996 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    23:42:47.0296 3996 \Device\Harddisk0\DR0 - ok
    23:42:47.0296 3996 ================ Scan VBR ==================================
    23:42:47.0312 3996 [ 97CD0BB04885841C1587DF9EFAB3B0F5 ] \Device\Harddisk0\DR0\Partition1
    23:42:47.0312 3996 \Device\Harddisk0\DR0\Partition1 - ok
    23:42:47.0312 3996 ============================================================
    23:42:47.0312 3996 Scan finished
    23:42:47.0312 3996 ============================================================
  6. Lauraneads

    Lauraneads Newcomer, in training Topic Starter Posts: 17

    23:42:47.0437 1952 Detected object count: 8
    23:42:47.0437 1952 Actual detected object count: 8
    23:43:23.0437 1952 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
    23:43:23.0437 1952 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    23:43:23.0437 1952 Diskeeper ( UnsignedFile.Multi.Generic ) - skipped by user
    23:43:23.0437 1952 Diskeeper ( UnsignedFile.Multi.Generic ) - User select action: Skip
    23:43:23.0437 1952 MHN ( UnsignedFile.Multi.Generic ) - skipped by user
    23:43:23.0437 1952 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
    23:43:23.0437 1952 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
    23:43:23.0437 1952 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
    23:43:23.0437 1952 NBService ( UnsignedFile.Multi.Generic ) - skipped by user
    23:43:23.0437 1952 NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip
    23:43:23.0437 1952 sptd ( LockedFile.Multi.Generic ) - skipped by user
    23:43:23.0437 1952 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
    23:43:23.0453 1952 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
    23:43:23.0453 1952 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip
    23:43:23.0453 1952 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
    23:43:23.0453 1952 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
    23:44:57.0250 3488 ============================================================
    23:44:57.0250 3488 Scan started
    23:44:57.0250 3488 Mode: Manual; SigCheck; TDLFS;
    23:44:57.0250 3488 ============================================================
    23:44:57.0562 3488 ================ Scan system memory ========================
    23:44:57.0562 3488 System memory - ok
    23:44:57.0562 3488 ================ Scan services =============================
    23:44:57.0718 3488 Abiosdsk - ok
    23:44:57.0734 3488 abp480n5 - ok
    23:44:57.0796 3488 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    23:44:58.0250 3488 ACPI - ok
    23:44:58.0312 3488 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    23:44:58.0531 3488 ACPIEC - ok
    23:44:58.0609 3488 [ 6D7F09CD92A9FEF3A8EFCE66231FDD79 ] adfs C:\WINDOWS\system32\drivers\adfs.sys
    23:44:58.0640 3488 adfs - ok
    23:44:58.0750 3488 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    23:44:58.0796 3488 AdobeFlashPlayerUpdateSvc - ok
    23:44:58.0812 3488 adpu160m - ok
    23:44:58.0843 3488 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    23:44:59.0015 3488 aec - ok
    23:44:59.0062 3488 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    23:44:59.0125 3488 AFD - ok
    23:44:59.0125 3488 Aha154x - ok
    23:44:59.0140 3488 aic78u2 - ok
    23:44:59.0140 3488 aic78xx - ok
    23:44:59.0203 3488 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    23:44:59.0375 3488 Alerter - ok
    23:44:59.0421 3488 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
    23:44:59.0609 3488 ALG - ok
    23:44:59.0609 3488 AliIde - ok
    23:44:59.0625 3488 amsint - ok
    23:44:59.0796 3488 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    23:44:59.0828 3488 Apple Mobile Device - ok
    23:44:59.0875 3488 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    23:45:00.0031 3488 AppMgmt - ok
    23:45:00.0031 3488 asc - ok
    23:45:00.0046 3488 asc3350p - ok
    23:45:00.0062 3488 asc3550 - ok
    23:45:00.0218 3488 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    23:45:00.0250 3488 aspnet_state - ok
    23:45:00.0312 3488 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    23:45:00.0484 3488 AsyncMac - ok
    23:45:00.0500 3488 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    23:45:00.0671 3488 atapi - ok
    23:45:00.0687 3488 Atdisk - ok
    23:45:00.0718 3488 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    23:45:00.0890 3488 Atmarpc - ok
    23:45:00.0953 3488 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    23:45:01.0109 3488 AudioSrv - ok
    23:45:01.0156 3488 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    23:45:01.0359 3488 audstub - ok
    23:45:01.0406 3488 [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] Avgfwdx C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
    23:45:01.0453 3488 Avgfwdx - ok
    23:45:01.0453 3488 [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] Avgfwfd C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
    23:45:01.0500 3488 Avgfwfd - ok
    23:45:01.0656 3488 [ 2E0DB82F4254FF91E153F331BA9B2D6E ] avgfws C:\Program Files\AVG\AVG2013\avgfws.exe
    23:45:01.0781 3488 avgfws - ok
    23:45:02.0093 3488 [ B41F0E54105801538D56623271A0AE49 ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
    23:45:02.0468 3488 AVGIDSAgent - ok
    23:45:02.0593 3488 [ 2F47851015D8837976E481F6DAA46A67 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
    23:45:02.0640 3488 AVGIDSDriver - ok
    23:45:02.0687 3488 [ 303BDE0DCDC04CE597C6C1CD06C6F186 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
    23:45:02.0734 3488 AVGIDSHX - ok
    23:45:02.0796 3488 [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
    23:45:02.0828 3488 AVGIDSShim - ok
    23:45:02.0890 3488 [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
    23:45:02.0921 3488 Avgldx86 - ok
    23:45:02.0984 3488 [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys
    23:45:03.0015 3488 Avglogx - ok
    23:45:03.0062 3488 [ 6DF7236D3A16C8417FF72F2EB2ADD244 ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
    23:45:03.0093 3488 Avgmfx86 - ok
    23:45:03.0125 3488 [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
    23:45:03.0171 3488 Avgrkx86 - ok
    23:45:03.0218 3488 [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
    23:45:03.0265 3488 Avgtdix - ok
    23:45:03.0296 3488 [ DB22E7062FD88CDD1CC8C99CE59E6B2B ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
    23:45:03.0328 3488 avgtp - ok
    23:45:03.0390 3488 [ 0D2EB149AFF89A307E5D82D0A2B78439 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    23:45:03.0437 3488 avgwd - ok
    23:45:03.0593 3488 [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
    23:45:03.0656 3488 BBSvc - ok
    23:45:03.0718 3488 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    23:45:03.0765 3488 BBUpdate - ok
    23:45:03.0875 3488 [ E9EA635B8432D68F0005B3F6CEBAB837 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    23:45:04.0046 3488 BCM43XX - ok
    23:45:04.0093 3488 [ CD4646067CC7DCBA1907FA0ACF7E3966 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
    23:45:04.0156 3488 bcm4sbxp - ok
    23:45:04.0203 3488 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    23:45:04.0406 3488 Beep - ok
    23:45:04.0468 3488 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
    23:45:04.0640 3488 BITS - ok
    23:45:04.0750 3488 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    23:45:04.0812 3488 Bonjour Service - ok
    23:45:04.0859 3488 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
    23:45:04.0921 3488 Browser - ok
    23:45:04.0968 3488 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    23:45:05.0156 3488 cbidf2k - ok
    23:45:05.0187 3488 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    23:45:05.0359 3488 CCDECODE - ok
    23:45:05.0375 3488 cd20xrnt - ok
    23:45:05.0421 3488 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    23:45:05.0609 3488 Cdaudio - ok
    23:45:05.0671 3488 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    23:45:05.0843 3488 Cdfs - ok
    23:45:05.0859 3488 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    23:45:06.0031 3488 Cdrom - ok
    23:45:06.0078 3488 [ B4DDA22FCBA9AF3EB5F6B58A671A447D ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
    23:45:06.0140 3488 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
    23:45:06.0140 3488 cercsr6 - detected UnsignedFile.Multi.Generic (1)
    23:45:06.0140 3488 Changer - ok
    23:45:06.0218 3488 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    23:45:06.0375 3488 CiSvc - ok
    23:45:06.0421 3488 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    23:45:06.0609 3488 ClipSrv - ok
    23:45:06.0671 3488 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    23:45:06.0703 3488 clr_optimization_v2.0.50727_32 - ok
    23:45:06.0812 3488 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    23:45:06.0859 3488 clr_optimization_v4.0.30319_32 - ok
    23:45:06.0859 3488 CmdIde - ok
    23:45:06.0875 3488 COMSysApp - ok
    23:45:06.0890 3488 Cpqarray - ok
    23:45:06.0953 3488 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    23:45:07.0109 3488 CryptSvc - ok
    23:45:07.0125 3488 dac2w2k - ok
    23:45:07.0140 3488 dac960nt - ok
    23:45:07.0203 3488 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    23:45:07.0296 3488 DcomLaunch - ok
    23:45:07.0343 3488 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    23:45:07.0515 3488 Dhcp - ok
    23:45:07.0562 3488 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    23:45:07.0734 3488 Disk - ok
    23:45:07.0859 3488 [ 35741E47A211C50B9AA52E1423CC8503 ] Diskeeper C:\Program Files\Executive Software\Diskeeper\DkService.exe
    23:45:07.0921 3488 Diskeeper ( UnsignedFile.Multi.Generic ) - warning
    23:45:07.0921 3488 Diskeeper - detected UnsignedFile.Multi.Generic (1)
    23:45:07.0937 3488 dmadmin - ok
    23:45:08.0015 3488 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    23:45:08.0218 3488 dmboot - ok
    23:45:08.0250 3488 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    23:45:08.0421 3488 dmio - ok
    23:45:08.0468 3488 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    23:45:08.0656 3488 dmload - ok
    23:45:08.0718 3488 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    23:45:08.0890 3488 dmserver - ok
    23:45:08.0937 3488 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    23:45:09.0093 3488 DMusic - ok
    23:45:09.0156 3488 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    23:45:09.0234 3488 Dnscache - ok
    23:45:09.0296 3488 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    23:45:09.0468 3488 Dot3svc - ok
    23:45:09.0468 3488 dpti2o - ok
    23:45:09.0484 3488 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    23:45:09.0656 3488 drmkaud - ok
    23:45:09.0718 3488 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    23:45:09.0875 3488 EapHost - ok
    23:45:09.0984 3488 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
    23:45:10.0046 3488 ehRecvr - ok
    23:45:10.0093 3488 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
    23:45:10.0203 3488 ehSched - ok
    23:45:10.0250 3488 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    23:45:10.0437 3488 ERSvc - ok
    23:45:10.0500 3488 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    23:45:10.0578 3488 Eventlog - ok
    23:45:10.0656 3488 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
    23:45:10.0703 3488 EventSystem - ok
    23:45:10.0765 3488 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    23:45:10.0921 3488 Fastfat - ok
    23:45:10.0984 3488 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    23:45:11.0046 3488 FastUserSwitchingCompatibility - ok
    23:45:11.0093 3488 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
    23:45:11.0234 3488 Fdc - ok
    23:45:11.0281 3488 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    23:45:11.0453 3488 Fips - ok
    23:45:11.0546 3488 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    23:45:11.0609 3488 FLEXnet Licensing Service - ok
    23:45:11.0656 3488 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
    23:45:11.0843 3488 Flpydisk - ok
    23:45:11.0906 3488 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
    23:45:12.0078 3488 FltMgr - ok
    23:45:12.0187 3488 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    23:45:12.0218 3488 FontCache3.0.0.0 - ok
    23:45:12.0281 3488 [ E0087225B137E57239FF40F8AE82059B ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
    23:45:12.0328 3488 fssfltr - ok
    23:45:12.0484 3488 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
    23:45:12.0562 3488 fsssvc - ok
    23:45:12.0609 3488 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    23:45:12.0796 3488 Fs_Rec - ok
    23:45:12.0859 3488 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    23:45:13.0046 3488 Ftdisk - ok
    23:45:13.0093 3488 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    23:45:13.0125 3488 GEARAspiWDM - ok
    23:45:13.0171 3488 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    23:45:13.0328 3488 Gpc - ok
    23:45:13.0406 3488 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    23:45:13.0578 3488 HDAudBus - ok
    23:45:13.0734 3488 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    23:45:13.0906 3488 helpsvc - ok
    23:45:13.0984 3488 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
    23:45:14.0171 3488 HidServ - ok
    23:45:14.0203 3488 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    23:45:14.0359 3488 HidUsb - ok
    23:45:14.0406 3488 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    23:45:14.0578 3488 hkmsvc - ok
    23:45:14.0593 3488 hpn - ok
    23:45:14.0656 3488 [ 1C8CAA80E91FB71864E9426F9EED048D ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
    23:45:14.0703 3488 HSFHWAZL - ok
    23:45:14.0796 3488 [ 698204D9C2832E53633E53A30A53FC3D ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
    23:45:14.0906 3488 HSF_DPV - ok
    23:45:14.0968 3488 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    23:45:15.0031 3488 HTTP - ok
    23:45:15.0078 3488 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    23:45:15.0343 3488 HTTPFilter - ok
    23:45:15.0343 3488 i2omgmt - ok
    23:45:15.0359 3488 i2omp - ok
    23:45:15.0437 3488 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    23:45:15.0609 3488 i8042prt - ok
    23:45:15.0734 3488 [ 5A8E05F1D5C36ABD58CFFA111EB325EA ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    23:45:15.0843 3488 ialm - ok
    23:45:15.0984 3488 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    23:45:16.0062 3488 idsvc - ok
    23:45:16.0078 3488 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    23:45:16.0265 3488 Imapi - ok
    23:45:16.0312 3488 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    23:45:16.0468 3488 ImapiService - ok
    23:45:16.0484 3488 ini910u - ok
    23:45:16.0515 3488 IntelIde - ok
    23:45:16.0578 3488 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    23:45:16.0734 3488 intelppm - ok
    23:45:16.0765 3488 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
    23:45:16.0953 3488 Ip6Fw - ok
    23:45:17.0000 3488 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    23:45:17.0203 3488 IpFilterDriver - ok
    23:45:17.0218 3488 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    23:45:17.0390 3488 IpInIp - ok
    23:45:17.0421 3488 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    23:45:17.0593 3488 IpNat - ok
    23:45:17.0687 3488 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    23:45:17.0765 3488 iPod Service - ok
    23:45:17.0796 3488 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    23:45:17.0953 3488 IPSec - ok
    23:45:17.0968 3488 IRENUM - ok
    23:45:18.0015 3488 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    23:45:18.0171 3488 isapnp - ok
    23:45:18.0312 3488 [ 0E410EDC8D0527801B899CF29E60597C ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
    23:45:18.0359 3488 JavaQuickStarterService - ok
    23:45:18.0375 3488 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    23:45:18.0546 3488 Kbdclass - ok
    23:45:18.0578 3488 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    23:45:18.0750 3488 kmixer - ok
    23:45:18.0781 3488 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    23:45:18.0828 3488 KSecDD - ok
    23:45:18.0875 3488 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    23:45:18.0937 3488 lanmanserver - ok
    23:45:19.0000 3488 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    23:45:19.0046 3488 lanmanworkstation - ok
    23:45:19.0046 3488 lbrtfdc - ok
    23:45:19.0140 3488 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    23:45:19.0312 3488 LmHosts - ok
    23:45:19.0375 3488 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
    23:45:19.0453 3488 McrdSvc - ok
    23:45:19.0500 3488 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    23:45:19.0562 3488 mdmxsdk - ok
    23:45:19.0609 3488 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    23:45:19.0781 3488 Messenger - ok
    23:45:19.0843 3488 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
    23:45:19.0859 3488 MHN ( UnsignedFile.Multi.Generic ) - warning
    23:45:19.0859 3488 MHN - detected UnsignedFile.Multi.Generic (1)
    23:45:19.0875 3488 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
    23:45:19.0921 3488 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
    23:45:19.0921 3488 MHNDRV - detected UnsignedFile.Multi.Generic (1)
    23:45:20.0031 3488 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
    23:45:20.0078 3488 Microsoft Office Groove Audit Service - ok
    23:45:20.0125 3488 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    23:45:20.0359 3488 mnmdd - ok
    23:45:20.0406 3488 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    23:45:20.0718 3488 mnmsrvc - ok
    23:45:20.0765 3488 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    23:45:20.0921 3488 Modem - ok
    23:45:20.0953 3488 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    23:45:21.0109 3488 Mouclass - ok
    23:45:21.0140 3488 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    23:45:21.0343 3488 mouhid - ok
    23:45:21.0390 3488 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    23:45:21.0562 3488 MountMgr - ok
    23:45:21.0578 3488 mraid35x - ok
    23:45:21.0609 3488 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    23:45:21.0781 3488 MRxDAV - ok
    23:45:21.0859 3488 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    23:45:21.0937 3488 MRxSmb - ok
    23:45:21.0953 3488 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    23:45:22.0140 3488 MSDTC - ok
    23:45:22.0171 3488 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    23:45:22.0343 3488 Msfs - ok
    23:45:22.0359 3488 MSIServer - ok
    23:45:22.0406 3488 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    23:45:22.0562 3488 MSKSSRV - ok
    23:45:22.0578 3488 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    23:45:22.0734 3488 MSPCLOCK - ok
    23:45:22.0750 3488 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    23:45:22.0921 3488 MSPQM - ok
    23:45:22.0953 3488 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    23:45:23.0109 3488 mssmbios - ok
    23:45:23.0140 3488 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
    23:45:23.0296 3488 MSTEE - ok
    23:45:23.0375 3488 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    23:45:23.0421 3488 Mup - ok
    23:45:23.0453 3488 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    23:45:23.0640 3488 NABTSFEC - ok
    23:45:23.0718 3488 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    23:45:23.0906 3488 napagent - ok
    23:45:24.0093 3488 [ 87A00FAEDD703D8D2BDCB29CE5EEEA6B ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    23:45:24.0203 3488 NBService ( UnsignedFile.Multi.Generic ) - warning
    23:45:24.0203 3488 NBService - detected UnsignedFile.Multi.Generic (1)
    23:45:24.0265 3488 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    23:45:24.0437 3488 NDIS - ok
    23:45:24.0484 3488 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    23:45:24.0656 3488 NdisIP - ok
    23:45:24.0703 3488 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    23:45:24.0750 3488 NdisTapi - ok
    23:45:24.0781 3488 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    23:45:24.0953 3488 Ndisuio - ok
    23:45:25.0000 3488 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    23:45:25.0156 3488 NdisWan - ok
    23:45:25.0218 3488 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    23:45:25.0265 3488 NDProxy - ok
    23:45:25.0281 3488 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    23:45:25.0453 3488 NetBIOS - ok
    23:45:25.0484 3488 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    23:45:25.0656 3488 NetBT - ok
    23:45:25.0718 3488 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    23:45:25.0890 3488 NetDDE - ok
    23:45:25.0906 3488 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    23:45:26.0062 3488 NetDDEdsdm - ok
    23:45:26.0125 3488 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    23:45:26.0281 3488 Netlogon - ok
    23:45:26.0343 3488 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    23:45:26.0515 3488 Netman - ok
    23:45:26.0546 3488 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    23:45:26.0593 3488 NetTcpPortSharing - ok
    23:45:26.0640 3488 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    23:45:26.0718 3488 Nla - ok
    23:45:26.0718 3488 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    23:45:26.0890 3488 Npfs - ok
    23:45:26.0953 3488 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    23:45:27.0140 3488 Ntfs - ok
    23:45:27.0156 3488 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    23:45:27.0312 3488 NtLmSsp - ok
    23:45:27.0375 3488 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    23:45:27.0546 3488 NtmsSvc - ok
    23:45:27.0609 3488 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    23:45:27.0796 3488 Null - ok
    23:45:27.0843 3488 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    23:45:28.0046 3488 NwlnkFlt - ok
    23:45:28.0062 3488 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    23:45:28.0234 3488 NwlnkFwd - ok
    23:45:28.0328 3488 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    23:45:28.0390 3488 odserv - ok
    23:45:28.0453 3488 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    23:45:28.0500 3488 ose - ok
    23:45:28.0531 3488 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
    23:45:28.0687 3488 Parport - ok
    23:45:28.0718 3488 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    23:45:28.0890 3488 PartMgr - ok
    23:45:28.0937 3488 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    23:45:29.0109 3488 ParVdm - ok
    23:45:29.0125 3488 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    23:45:29.0281 3488 PCI - ok
    23:45:29.0296 3488 PCIDump - ok
    23:45:29.0328 3488 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    23:45:29.0515 3488 PCIIde - ok
    23:45:29.0562 3488 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
    23:45:29.0750 3488 Pcmcia - ok
    23:45:29.0750 3488 PDCOMP - ok
    23:45:29.0765 3488 PDFRAME - ok
    23:45:29.0781 3488 PDRELI - ok
    23:45:29.0796 3488 PDRFRAME - ok
    23:45:29.0796 3488 perc2 - ok
    23:45:29.0812 3488 perc2hib - ok
    23:45:29.0875 3488 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    23:45:29.0953 3488 PlugPlay - ok
    23:45:29.0968 3488 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    23:45:30.0125 3488 PolicyAgent - ok
    23:45:30.0171 3488 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    23:45:30.0343 3488 PptpMiniport - ok
    23:45:30.0343 3488 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    23:45:30.0515 3488 ProtectedStorage - ok
    23:45:30.0531 3488 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    23:45:30.0687 3488 PSched - ok
    23:45:30.0750 3488 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    23:45:30.0937 3488 Ptilink - ok
    23:45:30.0968 3488 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
    23:45:31.0015 3488 PxHelp20 - ok
    23:45:31.0031 3488 ql1080 - ok
    23:45:31.0046 3488 Ql10wnt - ok
    23:45:31.0062 3488 ql12160 - ok
    23:45:31.0078 3488 ql1240 - ok
    23:45:31.0093 3488 ql1280 - ok
    23:45:31.0093 3488 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    23:45:31.0281 3488 RasAcd - ok
    23:45:31.0312 3488 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    23:45:31.0500 3488 RasAuto - ok
    23:45:31.0531 3488 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    23:45:31.0687 3488 Rasl2tp - ok
    23:45:31.0750 3488 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    23:45:31.0906 3488 RasMan - ok
    23:45:31.0921 3488 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    23:45:32.0093 3488 RasPppoe - ok
    23:45:32.0140 3488 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    23:45:32.0312 3488 Raspti - ok
    23:45:32.0343 3488 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    23:45:32.0515 3488 Rdbss - ok
    23:45:32.0515 3488 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    23:45:32.0703 3488 RDPCDD - ok
    23:45:32.0750 3488 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    23:45:32.0921 3488 rdpdr - ok
    23:45:32.0984 3488 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    23:45:33.0031 3488 RDPWD - ok
    23:45:33.0093 3488 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    23:45:33.0296 3488 RDSessMgr - ok
    23:45:33.0312 3488 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    23:45:33.0484 3488 redbook - ok
    23:45:33.0531 3488 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    23:45:33.0703 3488 RemoteAccess - ok
    23:45:33.0734 3488 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    23:45:33.0921 3488 RemoteRegistry - ok
    23:45:34.0000 3488 [ 2D84428075CE90F1B8882D54960C7000 ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
    23:45:34.0062 3488 RichVideo - ok
    23:45:34.0109 3488 [ F17713D108ACA124A139FDE877EEF68A ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
    23:45:34.0187 3488 RimUsb - ok
    23:45:34.0203 3488 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
    23:45:34.0375 3488 RpcLocator - ok
    23:45:34.0421 3488 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
    23:45:34.0500 3488 RpcSs - ok
    23:45:34.0562 3488 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    23:45:34.0734 3488 RSVP - ok
    23:45:34.0765 3488 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    23:45:34.0937 3488 SamSs - ok
    23:45:34.0968 3488 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    23:45:35.0140 3488 SCardSvr - ok
    23:45:35.0203 3488 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    23:45:35.0375 3488 Schedule - ok
    23:45:35.0421 3488 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    23:45:35.0578 3488 Secdrv - ok
    23:45:35.0625 3488 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    23:45:35.0781 3488 seclogon - ok
    23:45:35.0828 3488 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    23:45:36.0000 3488 SENS - ok
    23:45:36.0046 3488 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
    23:45:36.0218 3488 Serial - ok
    23:45:36.0296 3488 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    23:45:36.0468 3488 Sfloppy - ok
    23:45:36.0546 3488 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    23:45:36.0734 3488 SharedAccess - ok
    23:45:36.0765 3488 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    23:45:36.0812 3488 ShellHWDetection - ok
    23:45:36.0828 3488 Simbad - ok
    23:45:36.0890 3488 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
    23:45:37.0062 3488 SLIP - ok
    23:45:37.0093 3488 Sparrow - ok
    23:45:37.0125 3488 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    23:45:37.0296 3488 splitter - ok
    23:45:37.0359 3488 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    23:45:37.0406 3488 Spooler - ok
    23:45:37.0500 3488 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
    23:45:37.0500 3488 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
    23:45:37.0515 3488 sptd ( LockedFile.Multi.Generic ) - warning
    23:45:37.0515 3488 sptd - detected LockedFile.Multi.Generic (1)
    23:45:37.0531 3488 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    23:45:37.0687 3488 sr - ok
    23:45:37.0750 3488 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    23:45:37.0921 3488 srservice - ok
    23:45:37.0984 3488 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    23:45:38.0093 3488 Srv - ok
    23:45:38.0140 3488 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    23:45:38.0296 3488 SSDPSRV - ok
    23:45:38.0375 3488 [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    23:45:38.0421 3488 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
    23:45:38.0421 3488 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
    23:45:38.0546 3488 [ 951801DFB54D86F611F0AF47825476F9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
    23:45:38.0640 3488 STHDA - ok
    23:45:38.0734 3488 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    23:45:38.0906 3488 stisvc - ok
    23:45:38.0953 3488 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    23:45:39.0125 3488 streamip - ok
    23:45:39.0171 3488 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    23:45:39.0328 3488 swenum - ok
    23:45:39.0359 3488 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    23:45:39.0531 3488 swmidi - ok
    23:45:39.0546 3488 SwPrv - ok
    23:45:39.0562 3488 symc810 - ok
    23:45:39.0578 3488 symc8xx - ok
    23:45:39.0593 3488 sym_hi - ok
    23:45:39.0609 3488 sym_u3 - ok
    23:45:39.0656 3488 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    23:45:39.0828 3488 sysaudio - ok
    23:45:39.0859 3488 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    23:45:40.0031 3488 SysmonLog - ok
    23:45:40.0109 3488 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    23:45:40.0312 3488 TapiSrv - ok
    23:45:40.0375 3488 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    23:45:40.0515 3488 Tcpip - ok
    23:45:40.0578 3488 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    23:45:40.0750 3488 TDPIPE - ok
    23:45:40.0796 3488 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    23:45:40.0984 3488 TDTCP - ok
    23:45:41.0015 3488 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    23:45:41.0187 3488 TermDD - ok
    23:45:41.0250 3488 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    23:45:41.0453 3488 TermService - ok
    23:45:41.0484 3488 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    23:45:41.0546 3488 Themes - ok
    23:45:41.0593 3488 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
    23:45:41.0765 3488 TlntSvr - ok
    23:45:41.0781 3488 TosIde - ok
    23:45:41.0859 3488 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    23:45:42.0031 3488 TrkWks - ok
    23:45:42.0078 3488 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    23:45:42.0265 3488 Udfs - ok
    23:45:42.0296 3488 ultra - ok
    23:45:42.0359 3488 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    23:45:42.0531 3488 Update - ok
    23:45:42.0593 3488 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    23:45:42.0781 3488 upnphost - ok
    23:45:42.0796 3488 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    23:45:42.0968 3488 UPS - ok
    23:45:43.0015 3488 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
    23:45:43.0046 3488 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
    23:45:43.0046 3488 USBAAPL - detected UnsignedFile.Multi.Generic (1)
    23:45:43.0109 3488 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
    23:45:43.0281 3488 usbaudio - ok
    23:45:43.0328 3488 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    23:45:43.0500 3488 usbccgp - ok
    23:45:43.0546 3488 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    23:45:43.0718 3488 usbehci - ok
    23:45:43.0781 3488 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    23:45:43.0953 3488 usbhub - ok
    23:45:44.0000 3488 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    23:45:44.0156 3488 usbscan - ok
    23:45:44.0203 3488 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    23:45:44.0375 3488 USBSTOR - ok
    23:45:44.0406 3488 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    23:45:44.0562 3488 usbuhci - ok
    23:45:44.0609 3488 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
    23:45:44.0796 3488 usbvideo - ok
    23:45:44.0828 3488 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    23:45:44.0984 3488 VgaSave - ok
    23:45:45.0000 3488 ViaIde - ok
    23:45:45.0062 3488 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    23:45:45.0218 3488 VolSnap - ok
    23:45:45.0281 3488 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    23:45:45.0468 3488 VSS - ok
    23:45:45.0562 3488 [ 52591834B0FA3293D35FD407FC230F7D ] vToolbarUpdater12.2.6 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
    23:45:45.0625 3488 vToolbarUpdater12.2.6 - ok
    23:45:45.0656 3488 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
    23:45:45.0828 3488 W32Time - ok
    23:45:45.0859 3488 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    23:45:46.0015 3488 Wanarp - ok
    23:45:46.0031 3488 WDICA - ok
    23:45:46.0062 3488 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    23:45:46.0234 3488 wdmaud - ok
    23:45:46.0296 3488 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    23:45:46.0468 3488 WebClient - ok
    23:45:46.0578 3488 [ 74CF3F2E4E40C4A2E18D39D6300A5C24 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    23:45:46.0671 3488 winachsf - ok
    23:45:46.0812 3488 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    23:45:46.0968 3488 winmgmt - ok
    23:45:47.0062 3488 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
    23:45:47.0218 3488 WinRM - ok
    23:45:47.0281 3488 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    23:45:47.0328 3488 WmdmPmSN - ok
    23:45:47.0406 3488 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
    23:45:47.0546 3488 Wmi - ok
    23:45:47.0625 3488 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    23:45:47.0796 3488 WmiApSrv - ok
    23:45:47.0921 3488 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
    23:45:48.0062 3488 WMPNetworkSvc - ok
    23:45:48.0171 3488 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    23:45:48.0234 3488 WPFFontCache_v0400 - ok
    23:45:48.0296 3488 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    23:45:48.0468 3488 wscsvc - ok
    23:45:48.0484 3488 WSearch - ok
    23:45:48.0531 3488 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    23:45:48.0718 3488 WSTCODEC - ok
    23:45:48.0734 3488 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    23:45:48.0937 3488 wuauserv - ok
    23:45:48.0984 3488 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    23:45:49.0046 3488 WudfPf - ok
    23:45:49.0078 3488 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    23:45:49.0156 3488 WudfRd - ok
    23:45:49.0203 3488 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    23:45:49.0281 3488 WudfSvc - ok
    23:45:49.0359 3488 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    23:45:49.0546 3488 WZCSVC - ok
    23:45:49.0593 3488 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    23:45:49.0750 3488 xmlprov - ok
    23:45:49.0843 3488 [ 5867CE254625645345C833510D24F124 ] {95808DC4-FA4A-4C74-92FE-5B863F82066B} C:\Program Files\CyberLink\PowerDVD\000.fcl
    23:45:49.0906 3488 {95808DC4-FA4A-4C74-92FE-5B863F82066B} - ok
    23:45:49.0906 3488 ================ Scan global ===============================
    23:45:49.0968 3488 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    23:45:50.0031 3488 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    23:45:50.0062 3488 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    23:45:50.0093 3488 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    23:45:50.0093 3488 [Global] - ok
    23:45:50.0109 3488 ================ Scan MBR ==================================
    23:45:50.0125 3488 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    23:45:50.0546 3488 \Device\Harddisk0\DR0 - ok
    23:45:50.0546 3488 ================ Scan VBR ==================================
    23:45:50.0546 3488 [ 97CD0BB04885841C1587DF9EFAB3B0F5 ] \Device\Harddisk0\DR0\Partition1
    23:45:50.0546 3488 \Device\Harddisk0\DR0\Partition1 - ok
    23:45:50.0562 3488 ============================================================
    23:45:50.0562 3488 Scan finished
    23:45:50.0562 3488 ============================================================
    23:45:50.0562 1712 Detected object count: 8
    23:45:50.0562 1712 Actual detected object count: 8
    23:45:59.0828 1712 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
    23:45:59.0828 1712 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    23:45:59.0828 1712 Diskeeper ( UnsignedFile.Multi.Generic ) - skipped by user
    23:45:59.0828 1712 Diskeeper ( UnsignedFile.Multi.Generic ) - User select action: Skip
    23:45:59.0828 1712 MHN ( UnsignedFile.Multi.Generic ) - skipped by user
    23:45:59.0828 1712 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
    23:45:59.0828 1712 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
    23:45:59.0828 1712 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
    23:45:59.0828 1712 NBService ( UnsignedFile.Multi.Generic ) - skipped by user
    23:45:59.0828 1712 NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip
    23:45:59.0828 1712 sptd ( LockedFile.Multi.Generic ) - skipped by user
    23:45:59.0828 1712 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
    23:45:59.0828 1712 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
    23:45:59.0828 1712 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip
    23:45:59.0828 1712 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
    23:45:59.0828 1712 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  8. Lauraneads

    Lauraneads Newcomer, in training Topic Starter Posts: 17

    ComboFix 12-10-18.03 - Laura 10/18/2012 17:16:20.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1385 [GMT 1:00]
    Running from: c:\documents and settings\Laura\Desktop\ComboFix.exe
    AV: AVG Internet Security 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
    FW: AVG Internet Security 2013 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\fusion.dll
    c:\windows\system32\URTTemp\mscoree.dll
    c:\windows\system32\URTTemp\mscoree.dll.local
    c:\windows\system32\URTTemp\mscorsn.dll
    c:\windows\system32\URTTemp\mscorwks.dll
    c:\windows\system32\URTTemp\msvcr71.dll
    c:\windows\system32\URTTemp\regtlib.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-18 to 2012-10-18 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-17 13:18 . 2012-10-17 13:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-10-17 13:18 . 2012-09-07 16:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-09 18:40 . 2012-10-09 18:40 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    2012-09-28 17:19 . 2012-09-28 17:19 -------- d-----w- c:\program files\iPod
    2012-09-28 17:19 . 2012-09-28 17:21 -------- d-----w- c:\program files\iTunes
    2012-09-28 17:19 . 2012-09-28 17:21 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2012-09-27 19:46 . 2001-08-17 12:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
    2012-09-27 19:46 . 2001-08-17 12:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
    2012-09-26 13:45 . 2012-09-26 13:45 -------- d-----w- c:\documents and settings\Default User\Application Data\TuneUp Software
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-09 18:40 . 2012-04-04 20:46 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-10-09 18:40 . 2012-01-27 13:57 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-10-05 02:26 . 2011-08-08 05:08 93536 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2012-10-02 02:30 . 2011-10-07 05:23 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2012-09-21 02:46 . 2011-07-11 00:14 164832 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2012-09-21 02:46 . 2012-08-09 12:56 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys
    2012-09-21 02:45 . 2011-12-23 12:32 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
    2012-09-21 02:45 . 2012-04-19 03:50 55008 ----a-w- c:\windows\system32\drivers\avgidshx.sys
    2012-09-14 02:05 . 2011-09-13 05:30 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2012-09-13 02:11 . 2011-12-23 12:32 177504 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
    2012-09-06 11:39 . 2012-09-06 11:39 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2012-08-28 19:24 . 2012-06-24 18:57 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-08-28 19:24 . 2012-01-27 14:07 473072 ----a-w- c:\windows\system32\deployJava1.dll
    2012-08-28 17:39 . 2012-06-24 18:57 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-08-28 15:14 . 2008-09-29 17:27 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-08-28 15:14 . 2008-09-29 17:26 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-08-28 15:14 . 2008-09-29 17:25 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-08-28 12:07 . 2008-09-29 17:25 385024 ----a-w- c:\windows\system32\html.iec
    2012-08-24 13:53 . 2008-09-29 17:27 177664 ----a-w- c:\windows\system32\wintrust.dll
    2012-08-21 13:29 . 2008-09-29 17:26 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-08-21 12:58 . 2008-09-29 17:26 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-08-21 12:01 . 2012-01-27 14:21 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-08-21 12:01 . 2012-01-27 14:21 106928 ----a-w- c:\windows\system32\GEARAspi.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-09-28 91432]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 72736]
    "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-10-10 3116152]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
    .
    c:\documents and settings\Laura\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
    "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
    "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Winamp\\winamp.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    "18435:TCP"= 18435:TCP:BitComet 18435 TCP
    "18435:UDP"= 18435:UDP:BitComet 18435 UDP
    "5353:TCP"= 5353:TCP:Adobe CSI CS4
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 55008]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [8/9/2012 1:56 PM 177376]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 35552]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/12/2012 5:46 PM 691696]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 177504]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 19936]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 159712]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 164832]
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/6/2012 12:39 PM 27496]
    R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2013\avgfws.exe [10/2/2012 3:32 AM 1314720]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [10/2/2012 3:32 AM 193568]
    R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 6:21 PM 249648]
    R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [9/6/2012 12:39 PM 722528]
    R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [5/23/2011 1:03 AM 30944]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [10/2/2012 3:32 AM 5783672]
    S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [10/21/2011 4:23 PM 196176]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/4/2012 9:46 PM 250808]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [5/23/2011 1:03 AM 30944]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-18 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 18:40]
    .
    2012-10-05 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
    .
    2012-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-842925246-725345543-1004Core.job
    - c:\documents and settings\Laura\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-05 23:11]
    .
    2012-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-842925246-725345543-1004UA.job
    - c:\documents and settings\Laura\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-05 23:11]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.0.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-AdobeBridge - (no file)
    HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-10-18 17:23
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
    "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(556)
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    Completion time: 2012-10-18 17:26:10
    ComboFix-quarantined-files.txt 2012-10-18 16:25
    .
    Pre-Run: 10,199,359,488 bytes free
    Post-Run: 10,250,248,192 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 304F07491268C6B10095AA05497ABBC8
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe
      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.

    RogueKiller Scan

    • Download RogueKiller and save it on your desktop.
    • Quit all programs
    • Start RogueKiller.exe.
    • Wait until Prescan has finished ...
    • Click on Scan
    [​IMG]

    • Wait for the end of the scan.
    • The report has been created on the desktop.
    • Click on the Delete button.
    [​IMG]

    • The report has been created on the desktop.
    • Next click on the ShortcutsFix

      [​IMG]
    • The report has been created on the desktop.
    Please post:

    All RKreport.txt text files located on your desktop.
  10. Lauraneads

    Lauraneads Newcomer, in training Topic Starter Posts: 17

    ComboFix 12-10-18.03 - Laura 10/18/2012 18:44:14.2.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1469 [GMT 1:00]
    Running from: c:\documents and settings\Laura\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Laura\Desktop\CFScript.txt
    AV: AVG Internet Security 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
    FW: AVG Internet Security 2013 *Disabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-18 to 2012-10-18 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-17 13:18 . 2012-10-17 13:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-10-17 13:18 . 2012-09-07 16:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-09 18:40 . 2012-10-09 18:40 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    2012-09-28 17:19 . 2012-09-28 17:19 -------- d-----w- c:\program files\iPod
    2012-09-28 17:19 . 2012-09-28 17:21 -------- d-----w- c:\program files\iTunes
    2012-09-28 17:19 . 2012-09-28 17:21 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2012-09-27 19:46 . 2001-08-17 12:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
    2012-09-27 19:46 . 2001-08-17 12:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
    2012-09-26 13:45 . 2012-09-26 13:45 -------- d-----w- c:\documents and settings\Default User\Application Data\TuneUp Software
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-09 18:40 . 2012-04-04 20:46 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-10-09 18:40 . 2012-01-27 13:57 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-10-05 02:26 . 2011-08-08 05:08 93536 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2012-10-02 02:30 . 2011-10-07 05:23 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2012-09-21 02:46 . 2011-07-11 00:14 164832 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2012-09-21 02:46 . 2012-08-09 12:56 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys
    2012-09-21 02:45 . 2011-12-23 12:32 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
    2012-09-21 02:45 . 2012-04-19 03:50 55008 ----a-w- c:\windows\system32\drivers\avgidshx.sys
    2012-09-14 02:05 . 2011-09-13 05:30 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2012-09-13 02:11 . 2011-12-23 12:32 177504 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
    2012-09-06 11:39 . 2012-09-06 11:39 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2012-08-28 19:24 . 2012-06-24 18:57 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-08-28 19:24 . 2012-01-27 14:07 473072 ----a-w- c:\windows\system32\deployJava1.dll
    2012-08-28 17:39 . 2012-06-24 18:57 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-08-28 15:14 . 2008-09-29 17:27 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-08-28 15:14 . 2008-09-29 17:26 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-08-28 15:14 . 2008-09-29 17:25 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-08-28 12:07 . 2008-09-29 17:25 385024 ----a-w- c:\windows\system32\html.iec
    2012-08-24 13:53 . 2008-09-29 17:27 177664 ----a-w- c:\windows\system32\wintrust.dll
    2012-08-21 13:29 . 2008-09-29 17:26 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-08-21 12:58 . 2008-09-29 17:26 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-08-21 12:01 . 2012-01-27 14:21 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-08-21 12:01 . 2012-01-27 14:21 106928 ----a-w- c:\windows\system32\GEARAspi.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-09-28 91432]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 72736]
    "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-10-10 3116152]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
    .
    c:\documents and settings\Laura\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
    "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
    "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Winamp\\winamp.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    "18435:TCP"= 18435:TCP:BitComet 18435 TCP
    "18435:UDP"= 18435:UDP:BitComet 18435 UDP
    "5353:TCP"= 5353:TCP:Adobe CSI CS4
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 55008]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [8/9/2012 1:56 PM 177376]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 35552]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/12/2012 5:46 PM 691696]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 177504]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 19936]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 159712]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 164832]
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/6/2012 12:39 PM 27496]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [10/2/2012 3:32 AM 193568]
    R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 6:21 PM 249648]
    R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [9/6/2012 12:39 PM 722528]
    R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [5/23/2011 1:03 AM 30944]
    S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2013\avgfws.exe [10/2/2012 3:32 AM 1314720]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [10/2/2012 3:32 AM 5783672]
    S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [10/21/2011 4:23 PM 196176]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/4/2012 9:46 PM 250808]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [5/23/2011 1:03 AM 30944]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-18 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 18:40]
    .
    2012-10-05 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
    .
    2012-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-842925246-725345543-1004Core.job
    - c:\documents and settings\Laura\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-05 23:11]
    .
    2012-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-842925246-725345543-1004UA.job
    - c:\documents and settings\Laura\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-05 23:11]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.0.1
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-10-18 18:50
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
    "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(556)
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    - - - - - - - > 'explorer.exe'(1976)
    c:\windows\system32\WININET.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
    c:\program files\Windows Desktop Search\deskbar.dll
    c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
    c:\program files\Windows Desktop Search\dbres.dll
    c:\program files\Windows Desktop Search\wordwheel.dll
    c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
    c:\program files\Windows Desktop Search\msnlExtRes.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    Completion time: 2012-10-18 18:52:43
    ComboFix-quarantined-files.txt 2012-10-18 17:52
    ComboFix2.txt 2012-10-18 16:26
    .
    Pre-Run: 10,258,268,160 bytes free
    Post-Run: 10,252,787,712 bytes free
    .
    - - End Of File - - 9C84B967F1FF7E88529F44929080FEDB
  11. Lauraneads

    Lauraneads Newcomer, in training Topic Starter Posts: 17

    RogueKiller V8.1.1 [10/01/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Laura [Admin rights]
    Mode : Scan -- Date : 10/18/2012 18:59:28
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 4 ¤¤¤
    [Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B} (\??\C:\Program Files\CyberLink\PowerDVD\000.fcl) -> FOUND
    [Services][ROGUE ST] HKLM\[...]\ControlSet003\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B} (\??\C:\Program Files\CyberLink\PowerDVD\000.fcl) -> FOUND
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [LOADED] ¤¤¤
    SSDT[177] : NtQueryValueKey @ 0x80618FAA -> HOOKED (\??\C:\WINDOWS\system32\drivers\avgtpx86.sys @ 0xBA1C9258)
    IRP[IRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
    IRP[IRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
    IRP[IRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
    IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
    IRP[IRP_MJ_POWER] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
    IRP[IRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
    IRP[IRP_MJ_PNP] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
    IRP[DriverStartIo] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E07864)
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts
    127.0.0.1 localhost

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: SAMSUNG MP0402H +++++
    --- User ---
    [MBR] cf3935091b9c1b9a91d76d7e6f65b2de
    [BSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38146 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[1].txt >>
    RKreport[1].txt
     
  12. Lauraneads

    Lauraneads Newcomer, in training Topic Starter Posts: 17

    RogueKiller V8.1.1 [10/01/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Laura [Admin rights]
    Mode : Remove -- Date : 10/18/2012 18:59:55
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 4 ¤¤¤
    [Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B} (\??\C:\Program Files\CyberLink\PowerDVD\000.fcl) -> DELETED
    [Services][ROGUE ST] HKLM\[...]\ControlSet003\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B} (\??\C:\Program Files\CyberLink\PowerDVD\000.fcl) -> DELETED
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [LOADED] ¤¤¤
    SSDT[177] : NtQueryValueKey @ 0x80618FAA -> HOOKED (\??\C:\WINDOWS\system32\drivers\avgtpx86.sys @ 0xBA1C9258)
    IRP[IRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
    IRP[IRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
    IRP[IRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
    IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
    IRP[IRP_MJ_POWER] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
    IRP[IRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
    IRP[IRP_MJ_PNP] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
    IRP[DriverStartIo] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E07864)
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts
    127.0.0.1 localhost

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: SAMSUNG MP0402H +++++
    --- User ---
    [MBR] cf3935091b9c1b9a91d76d7e6f65b2de
    [BSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38146 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
  13. Lauraneads

    Lauraneads Newcomer, in training Topic Starter Posts: 17

    RogueKiller V8.1.1 [10/01/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Laura [Admin rights]
    Mode : Shortcuts HJfix -- Date : 10/18/2012 19:00:13
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Driver : [LOADED] ¤¤¤
    ¤¤¤ File attributes restored: ¤¤¤
    Desktop: Success 0 / Fail 0
    Quick launch: Success 0 / Fail 0
    Programs: Success 14 / Fail 0
    Start menu: Success 0 / Fail 0
    User folder: Success 51 / Fail 0
    My documents: Success 155 / Fail 155
    My favorites: Success 0 / Fail 0
    My pictures: Success 0 / Fail 0
    My music: Success 0 / Fail 0
    My videos: Success 0 / Fail 0
    Local drives: Success 166 / Fail 0
    Backup: [NOT FOUND]
    Drives:
    [C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
    [D:] \Device\CdRom0 -- 0x5 --> Skipped
    [F:] \Device\CdRom1 -- 0x5 --> Skipped
    Finished : << RKreport[3].txt >>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.


    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
  15. Lauraneads

    Lauraneads Newcomer, in training Topic Starter Posts: 17

    C:\System Volume Information\_restore{14268A9D-41FC-42DA-B976-A77BB9D33DCE}\RP304\A0228854.exe Win32/TopMedia.A application cleaned by deleting - quarantined
  16. Lauraneads

    Lauraneads Newcomer, in training Topic Starter Posts: 17

    The issues that I was experiencing were:-
    • Microsoft update symbol appearing in system tray. When I tried to install the update (security update for windows) it kept saying it was unsuccessful.
    • Web browser crashing. When I am on youtube for example or a webpage with media player internet explorer would keep saying error page has to close and then tab recovered
    • Laptop would suddenly go blue with error computer script and then re-boot
  17. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Upload Dump Files:
    Please go to C:\Windows\Minidump and zip up the contents of the folder. Then upload/attach the .zip file with your next post.
    Left click on the first minidump file.
    Hold down the "Shift" key and left click on the last minidump file.
    Right click on the blue highlighted area and select "Send to"
    Select "Compressed (zipped) folder" and note where the folder is saved.
    Upload that .zip file with your next post.

    If you have issues with "Access Denied" errors, try copying the files to your desktop and zipping them up from there. If it still won't let you zip them up, post back for further advice.

    If you don't have anything in that folder, please check in C:\Windows for a file named MEMORY.DMP. If you find it, zip it up and upload it to a free file hosting service . I recommend Windows Live SkyDrive - http://skydrive.live.com or another free, file-hosting service. Then post the link to it in your topic so that we can download it.

    Then, follow the directions here to set your system for Minidumps (much smaller than the MEMORY.DMP file): http://www.carrona.org/setmini.html
  18. Lauraneads

    Lauraneads Newcomer, in training Topic Starter Posts: 17

    I'm tring to upload the zip file but it says it is too large to upload
     
  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

  20. Lauraneads

    Lauraneads Newcomer, in training Topic Starter Posts: 17

  21. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Download Windows Repair (all in one) from this site

    Install the program then run it.

    Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

    [​IMG]



    Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

    [​IMG]


    Go to Step 4 and under "System Restore" click on Create button:

    [​IMG]


    Go to Start Repairs tab and click Start button.

    [​IMG]


    Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

    [​IMG]

    Click on box next to the Restart System when Finished. Then click on Start.
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello! Are you still with us? Your topic is now marked inactive, because you have lacked to reply.

    However, we'd like to still help. Please update us on the state of your PC.
  23. Lauraneads

    Lauraneads Newcomer, in training Topic Starter Posts: 17

    Sorry for not replying earlier but I haven't been able to access the internet. Since running the previous step my laptop crashed with a blue screen with computer script. When I went to go back onto the internet I repeatedly get an error message saying that the system has been recovered serious error and an error reporting box comes up. Whatever I do the message keeps popping up. When I submitted the error report it took me to the microsoft update page but the messgae keeps popping up and wouldn't let me access anything else. I can only access internet from my phone
  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Press start, then run and enter cmd - then hit OK.

    In the command prompt window, press in the following code exactly:


    netsh winsock reset catalog

    Then, exit out.
    ==

    Do you have Internet after performing the above process?
  25. Lauraneads

    Lauraneads Newcomer, in training Topic Starter Posts: 17

    I have been able to access the internet know however the error box keeps popping up informing me that the system hass recoverd from a serious error. A logof this error created. It gives me the option to send error report or dont send. When I click to send error report it sends me to windows update website and asks me to download drivers. if I dont send keeps popping up and restricts what I can do on m laptop


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.