PC freezes and crashes - Possible virus

Solved
By Jackiesp
Feb 22, 2013
Topic Status:
Not open for further replies.
  1. Hi ,

    I wonder if someone can help. My computer has been running very slow and freezing alot especially when on internet. My AVG detected a virus in my drivers which was healed however my computer is still running slow. The other day my computer shut itself down when I was on the internet. When it started back it said there was a blue screen event and a driver malfunctioned. I updated the drivers but still having issues. I have also noticed there is svchost execution file that uses a lot of my memory which someone told me could be a virus. I have posted the logs below.

    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org
    Database version: v2013.02.22.02
    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Max :: MAX [administrator]
    22/02/2013 10:52:35
    mbam-log-2013-02-22 (10-52-35).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 228677
    Time elapsed: 14 minute(s), 5 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/06/2010 15:36:45
    System Uptime: 22/02/2013 08:45:44 (3 hours ago)
    .
    Motherboard: eveshamvale | | MS-7125
    Processor: AMD Athlon(tm) 64 Processor 3200+ | Socket 939 | 2010/201mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 147 GiB total, 8.021 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    G: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP774: 07/11/2012 21:03:41 - System Checkpoint
    RP775: 07/11/2012 21:03:41 - OTL Restore Point - 01/11/2012 16:03:19
    RP776: 07/11/2012 21:03:41 - Installed QuickTime
    RP777: 07/11/2012 21:03:41 - System Checkpoint
    RP778: 07/11/2012 21:03:41 - Removed AVG 2012
    RP779: 07/11/2012 21:03:41 - Removed AVG 2012
    RP780: 07/11/2012 21:03:41 - Installed AVG 2013
    RP781: 07/11/2012 21:03:41 - Installed AVG 2013
    RP782: 07/11/2012 21:03:41 - Installed AVG PC TuneUp
    RP783: 07/11/2012 21:03:41 - Software Distribution Service 3.0
    RP784: 25/11/2012 22:21:21 - System Checkpoint
    RP785: 25/11/2012 22:21:21 - System Checkpoint
    RP786: 25/11/2012 22:21:21 - System Checkpoint
    RP787: 25/11/2012 22:21:21 - System Checkpoint
    RP788: 25/11/2012 22:21:22 - Installed Microsoft Visual C++ 2005 Redistributable
    RP789: 25/11/2012 22:21:22 - Installed Windows XP KB942288-v3.
    RP790: 25/11/2012 22:21:22 - Installed DirectX
    RP791: 25/11/2012 22:21:22 - Installed DirectX
    RP792: 25/11/2012 22:21:22 - System Checkpoint
    RP793: 25/11/2012 22:21:22 - Installed Nero 12.
    RP794: 25/11/2012 22:21:22 - System Checkpoint
    RP795: 25/11/2012 22:21:22 - Software Distribution Service 3.0
    RP796: 25/11/2012 22:21:22 - System Checkpoint
    RP797: 25/11/2012 22:21:22 - System Checkpoint
    RP798: 25/11/2012 22:21:22 - System Checkpoint
    RP799: 25/11/2012 22:21:22 - System Checkpoint
    RP800: 25/11/2012 22:21:22 - System Checkpoint
    RP801: 25/11/2012 22:21:22 - System Checkpoint
    RP802: 28/12/2012 01:02:29 - System Checkpoint
    RP803: 28/12/2012 01:02:29 - System Checkpoint
    RP804: 28/12/2012 01:02:29 - AVG Regisry Defrag - before defragmentation
    RP805: 28/12/2012 01:02:29 - System Checkpoint
    RP806: 28/12/2012 01:02:29 - System Checkpoint
    RP807: 28/12/2012 01:02:29 - System Checkpoint
    RP808: 28/12/2012 01:02:29 - System Checkpoint
    RP809: 28/12/2012 01:02:29 - System Checkpoint
    RP810: 28/12/2012 01:02:29 - System Checkpoint
    RP811: 28/12/2012 01:02:29 - System Checkpoint
    RP812: 28/12/2012 01:02:29 - System Checkpoint
    RP813: 28/12/2012 01:02:29 - System Checkpoint
    RP814: 28/12/2012 01:02:29 - System Checkpoint
    RP815: 28/12/2012 01:02:29 - Software Distribution Service 3.0
    RP816: 28/12/2012 01:02:30 - System Checkpoint
    RP817: 28/12/2012 01:02:30 - System Checkpoint
    RP818: 28/12/2012 01:02:30 - System Checkpoint
    RP819: 14/02/2013 10:08:27 - Software Distribution Service 3.0
    RP820: 14/02/2013 10:08:27 - System Checkpoint
    RP821: 14/02/2013 10:08:27 - System Checkpoint
    RP822: 14/02/2013 10:08:27 - System Checkpoint
    RP823: 14/02/2013 10:08:27 - Software Distribution Service 3.0
    RP824: 14/02/2013 10:08:27 - System Checkpoint
    RP825: 14/02/2013 10:08:27 - Software Distribution Service 3.0
    RP826: 30/01/2013 00:31:00 - Software Distribution Service 3.0
    RP827: 08/02/2013 12:29:01 - System Checkpoint
    RP828: 14/02/2013 09:51:34 - System Checkpoint
    RP829: 14/02/2013 17:03:51 - Software Distribution Service 3.0
    RP830: 14/02/2013 19:18:51 - Removed AVG 2013
    RP831: 14/02/2013 19:20:41 - Removed AVG 2013
    RP832: 14/02/2013 19:24:39 - Removed Adobe Acrobat X Pro - English, Français, Deutsch.
    RP833: 14/02/2013 19:26:33 - Removed Apple Application Support
    RP834: 14/02/2013 19:27:28 - Removed Apple Software Update
    RP835: 14/02/2013 19:33:30 - Installed AVG 2013
    RP836: 14/02/2013 19:44:40 - Installed AVG 2013
    RP837: 16/02/2013 10:10:25 - System Checkpoint
    RP838: 17/02/2013 12:02:12 - System Checkpoint
    RP839: 19/02/2013 13:40:14 - System Checkpoint
    RP840: 20/02/2013 13:28:43 - Installed BlackBerry Device Software Updater.
    RP841: 21/02/2013 23:40:46 - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Media Player
    Adobe Reader XI (11.0.02)
    Agatha Christie - Murder on the Orient Express
    µTorrent
    AVG 2013
    AVG PC TuneUp
    AVG PC Tuneup 2011 10.0.0.24
    AVG PC TuneUp Language Pack (en-US)
    BlackBerry App World Browser Plugin
    BlackBerry Desktop Software 7.1
    BlackBerry Device Software Updater
    Bonjour
    Compatibility Pack for the 2007 Office system
    Free Video to MP3 Converter version 5.0.22.128
    Free YouTube to MP3 Converter version 3.12.0.128
    Freemake Video Converter version 3.1.2
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Java 7 Update 9
    Java(TM) 6 Update 29
    Junk Mail filter update
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Office File Validation Add-In
    Microsoft Office Live Add-in 1.5
    Microsoft Office Outlook Connector
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual J# 2.0 Redistributable Package
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    Nero 12
    Nero Audio Pack 1
    Nero BackItUp
    Nero BackItUp Help (CHM)
    Nero Blu-ray Player
    Nero Blu-ray Player Help (CHM)
    Nero Burning ROM
    Nero Burning ROM Help (CHM)
    Nero ControlCenter
    Nero ControlCenter Help (CHM)
    Nero Core Components
    Nero Disc Menus Basic
    Nero Effects Basic
    Nero Express
    Nero Express Help (CHM)
    Nero Kwik Media
    Nero Kwik Media Help (CHM)
    Nero Kwik Themes Basic
    Nero PiP Effects Basic
    Nero Recode
    Nero Recode Help (CHM)
    Nero RescueAgent
    Nero RescueAgent Help (CHM)
    Nero SharedVideoCodecs
    Nero Update
    Nero Video
    Nero Video Help (CHM)
    NVIDIA ForceWare Network Access Manager
    PowerDVD
    Prerequisite installer
    QuickTime
    Realtek AC'97 Audio
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Internet Explorer 8 (KB2792100)
    Security Update for Windows Internet Explorer 8 (KB2797052)
    Security Update for Windows Internet Explorer 8 (KB2799329)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB982381)
    Segoe UI
    Sky Broadband
    Sky Broadband Browser Branding
    SmartSound Quicktracks Plugin
    Unity Web Player
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows Internet Explorer 8 (KB2598845)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB982632)
    Virtual DJ - Atomix Productions
    VLC media player 2.0.5
    WebFldrs XP
    Welcome App (Start-up experience)
    Winamp
    Winamp Detector Plug-in
    Windows Imaging Component
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format Runtime
    Windows Media Player Firefox Plugin
    Windows XP Service Pack 3
    WinRAR archiver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    22/02/2013 01:23:37, error: System Error [1003] - Error code 100000d1, parameter1 0000002c, parameter2 00000002, parameter3 00000001, parameter4 b7697a8c.
    22/02/2013 01:19:06, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
    22/02/2013 01:19:06, error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    20/02/2013 21:22:29, error: Service Control Manager [7023] - The SharedAccess service terminated with the following error: Access is denied.
    20/02/2013 10:59:28, error: Dhcp [1002] - The IP address lease 192.168.0.6 for the Network Card with network address 0013D36573EC has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    19/02/2013 20:32:59, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    19/02/2013 20:32:59, error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
    19/02/2013 20:32:00, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    18/02/2013 14:15:26, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
    17/02/2013 17:57:40, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    .
    ==== End Of File ===========================
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702
    Run by Max at 11:15:59 on 2013-02-22
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.118 [GMT 0:00]
    .
    AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: AVG Internet Security 2012 *Enabled*
    FW: NVIDIA Firewall *Disabled*
    FW: AVG Firewall *Disabled*
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Nero\Update\NASvc.exe
    C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\svchost.exe -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: DVDVideoSoft WebPageAdjuster Class: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\common files\dvdvideosoft\bin\IEDownloadMenuAndBtns.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Google Update] "c:\documents and settings\max\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
    mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    uPolicies-Explorer: NoDriveAutoRun = dword:67108863
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\program files\common files\dvdvideosoft\plugins\freeytvdownloader.htm
    IE: Free YouTube to MP3 Converter - c:\program files\common files\dvdvideosoft\plugins\freeytmp3downloader.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\common files\dvdvideosoft\bin\IEDownloadMenuAndBtns.dll
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    LSP: %SYSTEMROOT%\system32\nvappfilter.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1351086641375
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{46B03ACA-D47D-4E37-BA15-FA6D2FEBA269} : DHCPNameServer = 192.168.0.1
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
    R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-15 94048]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
    R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2005-2-11 16640]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-12-7 54760]
    R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2012-7-13 769432]
    R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files\avg\avg pc tuneup\TuneUpUtilitiesService32.exe [2012-8-23 1532280]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\avg\avg pc tuneup\TuneUpUtilitiesDriver32.sys [2012-7-4 10088]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-17 398184]
    S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-6-12 682344]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-6-12 21104]
    S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-4-23 83208]
    S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-4-23 15112]
    S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-4-23 108680]
    S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2007-4-23 100488]
    S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2007-4-23 98568]
    S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2010-6-12 223128]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2013-02-08 13:52:08 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-02-08 13:52:03 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-26 03:55:44 552448 ------w- c:\windows\system32\oleaut32.dll
    2013-01-07 01:16:02 2193024 ------w- c:\windows\system32\ntoskrnl.exe
    2013-01-07 00:36:58 2069760 ------w- c:\windows\system32\ntkrnlpa.exe
    2013-01-04 01:20:00 1867264 ------w- c:\windows\system32\win32k.sys
    2013-01-02 06:49:10 148992 ------w- c:\windows\system32\mpg2splt.ax
    2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
    2012-12-26 20:16:29 916480 ----a-w- c:\windows\system32\wininet.dll
    2012-12-26 20:16:28 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-12-26 20:16:28 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-12-24 06:40:59 385024 ------w- c:\windows\system32\html.iec
    2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-14 16:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    ============= FINISH: 11:16:56.73 ===============
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    TDSSKiller Scan

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

    Sometimes these logs can be very large, in that case please attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  3. Jackiesp

    Jackiesp Newcomer, in training Topic Starter Posts: 48

    Hi, here's the result of the scan

    01:00:19.0343 2948 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
    01:00:19.0546 2948 ============================================================
    01:00:19.0546 2948 Current date / time: 2013/02/23 01:00:19.0546
    01:00:19.0546 2948 SystemInfo:
    01:00:19.0546 2948
    01:00:19.0546 2948 OS Version: 5.1.2600 ServicePack: 3.0
    01:00:19.0546 2948 Product type: Workstation
    01:00:19.0546 2948 ComputerName: MAX
    01:00:19.0546 2948 UserName: Max
    01:00:19.0546 2948 Windows directory: C:\WINDOWS
    01:00:19.0546 2948 System windows directory: C:\WINDOWS
    01:00:19.0546 2948 Processor architecture: Intel x86
    01:00:19.0546 2948 Number of processors: 1
    01:00:19.0546 2948 Page size: 0x1000
    01:00:19.0546 2948 Boot type: Normal boot
    01:00:19.0546 2948 ============================================================
    01:00:21.0156 2948 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    01:00:21.0156 2948 ============================================================
    01:00:21.0156 2948 \Device\Harddisk0\DR0:
    01:00:21.0156 2948 MBR partitions:
    01:00:21.0156 2948 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x125C2B27
    01:00:21.0156 2948 ============================================================
    01:00:21.0171 2948 C: <-> \Device\Harddisk0\DR0\Partition1
    01:00:21.0171 2948 ============================================================
    01:00:21.0171 2948 Initialize success
    01:00:21.0171 2948 ============================================================
    01:01:08.0875 3680 ============================================================
    01:01:08.0875 3680 Scan started
    01:01:08.0875 3680 Mode: Manual; SigCheck; TDLFS;
    01:01:08.0875 3680 ============================================================
    01:01:09.0140 3680 ================ Scan system memory ========================
    01:01:09.0140 3680 System memory - ok
    01:01:09.0140 3680 ================ Scan services =============================
    01:01:09.0234 3680 [ C07D5197410AAB28D0D93F943F59656D ] 6to4 C:\WINDOWS\System32\6to4svc.dll
    01:01:10.0140 3680 6to4 - ok
    01:01:10.0156 3680 Abiosdsk - ok
    01:01:10.0171 3680 abp480n5 - ok
    01:01:10.0218 3680 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    01:01:11.0031 3680 ACPI - ok
    01:01:11.0062 3680 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    01:01:11.0234 3680 ACPIEC - ok
    01:01:11.0250 3680 adfs - ok
    01:01:11.0312 3680 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    01:01:11.0375 3680 AdobeFlashPlayerUpdateSvc - ok
    01:01:11.0375 3680 adpu160m - ok
    01:01:11.0421 3680 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    01:01:11.0609 3680 aec - ok
    01:01:11.0656 3680 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    01:01:11.0750 3680 AFD - ok
    01:01:11.0750 3680 Aha154x - ok
    01:01:11.0765 3680 aic78u2 - ok
    01:01:11.0765 3680 aic78xx - ok
    01:01:11.0921 3680 [ D9026163ED32A13923A2C909897A6B87 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    01:01:12.0203 3680 ALCXWDM - ok
    01:01:12.0234 3680 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    01:01:12.0390 3680 Alerter - ok
    01:01:12.0406 3680 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
    01:01:12.0484 3680 ALG - ok
    01:01:12.0484 3680 AliIde - ok
    01:01:12.0500 3680 amsint - ok
    01:01:12.0500 3680 AppMgmt - ok
    01:01:12.0515 3680 asc - ok
    01:01:12.0515 3680 asc3350p - ok
    01:01:12.0531 3680 asc3550 - ok
    01:01:12.0609 3680 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    01:01:12.0671 3680 aspnet_state - ok
    01:01:12.0703 3680 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    01:01:12.0875 3680 AsyncMac - ok
    01:01:12.0890 3680 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    01:01:13.0031 3680 atapi - ok
    01:01:13.0046 3680 Atdisk - ok
    01:01:13.0062 3680 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    01:01:13.0203 3680 Atmarpc - ok
    01:01:13.0218 3680 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    01:01:13.0359 3680 AudioSrv - ok
    01:01:13.0390 3680 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    01:01:13.0546 3680 audstub - ok
    01:01:13.0812 3680 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
    01:01:14.0156 3680 AVGIDSAgent - ok
    01:01:14.0203 3680 [ 7BB2C605094DBCA536D127B434214862 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
    01:01:14.0500 3680 AVGIDSDriver - ok
    01:01:14.0531 3680 [ 8F50F98686C9A397A19FCBAE284DB1C5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
    01:01:14.0546 3680 AVGIDSHX - ok
    01:01:14.0562 3680 [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
    01:01:14.0578 3680 AVGIDSShim - ok
    01:01:14.0609 3680 [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
    01:01:14.0625 3680 Avgldx86 - ok
    01:01:14.0656 3680 [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys
    01:01:14.0687 3680 Avglogx - ok
    01:01:14.0687 3680 [ AF7AA9BA434CD28833A66E90993E8DFD ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
    01:01:14.0703 3680 Avgmfx86 - ok
    01:01:14.0718 3680 [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
    01:01:14.0734 3680 Avgrkx86 - ok
    01:01:14.0750 3680 [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
    01:01:14.0781 3680 Avgtdix - ok
    01:01:14.0828 3680 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    01:01:14.0843 3680 avgwd - ok
    01:01:14.0890 3680 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    01:01:15.0015 3680 Beep - ok
    01:01:15.0062 3680 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
    01:01:15.0343 3680 BITS - ok
    01:01:15.0421 3680 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    01:01:15.0453 3680 Bonjour Service - ok
    01:01:15.0484 3680 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
    01:01:15.0593 3680 Browser - ok
    01:01:15.0609 3680 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    01:01:15.0781 3680 cbidf2k - ok
    01:01:15.0796 3680 cd20xrnt - ok
    01:01:15.0828 3680 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    01:01:15.0984 3680 Cdaudio - ok
    01:01:16.0015 3680 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    01:01:16.0156 3680 Cdfs - ok
    01:01:16.0187 3680 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    01:01:16.0234 3680 Cdrom - ok
    01:01:16.0250 3680 Changer - ok
    01:01:16.0281 3680 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    01:01:16.0406 3680 CiSvc - ok
    01:01:16.0437 3680 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    01:01:16.0578 3680 ClipSrv - ok
    01:01:16.0609 3680 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    01:01:16.0687 3680 clr_optimization_v2.0.50727_32 - ok
    01:01:16.0750 3680 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    01:01:16.0812 3680 clr_optimization_v4.0.30319_32 - ok
    01:01:16.0812 3680 CmdIde - ok
    01:01:16.0828 3680 COMSysApp - ok
    01:01:16.0843 3680 Cpqarray - ok
    01:01:16.0859 3680 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    01:01:17.0015 3680 CryptSvc - ok
    01:01:17.0015 3680 dac2w2k - ok
    01:01:17.0031 3680 dac960nt - ok
    01:01:17.0078 3680 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    01:01:17.0171 3680 DcomLaunch - ok
    01:01:17.0218 3680 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    01:01:17.0359 3680 Dhcp - ok
    01:01:17.0390 3680 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    01:01:17.0531 3680 Disk - ok
    01:01:17.0531 3680 dmadmin - ok
    01:01:17.0578 3680 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    01:01:17.0781 3680 dmboot - ok
    01:01:17.0812 3680 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    01:01:17.0953 3680 dmio - ok
    01:01:18.0000 3680 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    01:01:18.0140 3680 dmload - ok
    01:01:18.0187 3680 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    01:01:18.0328 3680 dmserver - ok
    01:01:18.0343 3680 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    01:01:18.0500 3680 DMusic - ok
    01:01:18.0546 3680 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    01:01:18.0640 3680 Dnscache - ok
    01:01:18.0671 3680 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    01:01:18.0828 3680 Dot3svc - ok
    01:01:18.0828 3680 dpti2o - ok
    01:01:18.0843 3680 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    01:01:19.0000 3680 drmkaud - ok
    01:01:19.0015 3680 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    01:01:19.0187 3680 EapHost - ok
    01:01:19.0203 3680 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    01:01:19.0343 3680 ERSvc - ok
    01:01:19.0390 3680 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    01:01:19.0406 3680 Eventlog - ok
    01:01:19.0437 3680 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
    01:01:19.0500 3680 EventSystem - ok
    01:01:19.0546 3680 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    01:01:19.0671 3680 Fastfat - ok
    01:01:19.0718 3680 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    01:01:19.0781 3680 FastUserSwitchingCompatibility - ok
    01:01:19.0796 3680 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
    01:01:19.0953 3680 Fdc - ok
    01:01:19.0968 3680 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    01:01:20.0109 3680 Fips - ok
    01:01:20.0140 3680 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    01:01:20.0265 3680 Flpydisk - ok
    01:01:20.0296 3680 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
    01:01:20.0437 3680 FltMgr - ok
    01:01:20.0515 3680 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    01:01:20.0531 3680 FontCache3.0.0.0 - ok
    01:01:20.0609 3680 [ 977AD9951D842D9284240226C3907C98 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    01:01:20.0640 3680 ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - warning
    01:01:20.0640 3680 ForceWare Intelligent Application Manager (IAM) - detected UnsignedFile.Multi.Generic (1)
    01:01:20.0687 3680 [ B81F8778F5BB485F3B75114F0C99A49F ] ForcewareWebInterface C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    01:01:20.0703 3680 ForcewareWebInterface ( UnsignedFile.Multi.Generic ) - warning
    01:01:20.0703 3680 ForcewareWebInterface - detected UnsignedFile.Multi.Generic (1)
    01:01:20.0750 3680 [ E0087225B137E57239FF40F8AE82059B ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
    01:01:20.0765 3680 fssfltr - ok
    01:01:20.0906 3680 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
    01:01:20.0968 3680 fsssvc - ok
    01:01:20.0984 3680 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    01:01:21.0125 3680 Fs_Rec - ok
    01:01:21.0140 3680 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    01:01:21.0281 3680 Ftdisk - ok
    01:01:21.0296 3680 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    01:01:21.0328 3680 GEARAspiWDM - ok
    01:01:21.0359 3680 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    01:01:21.0500 3680 Gpc - ok
    01:01:21.0593 3680 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    01:01:21.0640 3680 gupdate - ok
    01:01:21.0640 3680 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    01:01:21.0671 3680 gupdatem - ok
    01:01:21.0718 3680 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    01:01:21.0750 3680 gusvc - ok
    01:01:21.0843 3680 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    01:01:21.0984 3680 helpsvc - ok
    01:01:22.0015 3680 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
    01:01:22.0171 3680 HidServ - ok
    01:01:22.0203 3680 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    01:01:22.0343 3680 HidUsb - ok
    01:01:22.0375 3680 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    01:01:22.0531 3680 hkmsvc - ok
    01:01:22.0531 3680 hpn - ok
    01:01:22.0562 3680 [ 970178E8E003EB1481293830069624B9 ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
    01:01:22.0734 3680 HSFHWBS2 - ok
    01:01:22.0781 3680 [ EBB354438A4C5A3327FB97306260714A ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
    01:01:23.0000 3680 HSF_DP - ok
    01:01:23.0046 3680 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    01:01:23.0078 3680 HTTP - ok
    01:01:23.0109 3680 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    01:01:23.0250 3680 HTTPFilter - ok
    01:01:23.0250 3680 i2omgmt - ok
    01:01:23.0265 3680 i2omp - ok
    01:01:23.0281 3680 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    01:01:23.0437 3680 i8042prt - ok
    01:01:23.0562 3680 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    01:01:23.0593 3680 IDriverT ( UnsignedFile.Multi.Generic ) - warning
    01:01:23.0593 3680 IDriverT - detected UnsignedFile.Multi.Generic (1)
    01:01:23.0703 3680 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    01:01:23.0781 3680 idsvc - ok
    01:01:23.0812 3680 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    01:01:23.0937 3680 Imapi - ok
    01:01:23.0984 3680 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    01:01:24.0125 3680 ImapiService - ok
    01:01:24.0125 3680 InCDFs - ok
    01:01:24.0140 3680 InCDPass - ok
    01:01:24.0156 3680 InCDRm - ok
    01:01:24.0156 3680 ini910u - ok
    01:01:24.0171 3680 IntelIde - ok
    01:01:24.0218 3680 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
    01:01:24.0359 3680 Ip6Fw - ok
    01:01:24.0406 3680 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    01:01:24.0546 3680 IpFilterDriver - ok
    01:01:24.0578 3680 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    01:01:24.0718 3680 IpInIp - ok
    01:01:24.0750 3680 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    01:01:24.0890 3680 IpNat - ok
    01:01:24.0890 3680 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    01:01:25.0046 3680 IPSec - ok
    01:01:25.0062 3680 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    01:01:25.0125 3680 IRENUM - ok
    01:01:25.0140 3680 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    01:01:25.0265 3680 isapnp - ok
    01:01:25.0375 3680 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
    01:01:25.0390 3680 JavaQuickStarterService - ok
    01:01:25.0421 3680 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    01:01:25.0562 3680 Kbdclass - ok
    01:01:25.0609 3680 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    01:01:25.0750 3680 kbdhid - ok
    01:01:25.0765 3680 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    01:01:25.0906 3680 kmixer - ok
    01:01:25.0937 3680 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    01:01:25.0984 3680 KSecDD - ok
    01:01:26.0031 3680 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    01:01:26.0125 3680 lanmanserver - ok
    01:01:26.0140 3680 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    01:01:26.0187 3680 lanmanworkstation - ok
    01:01:26.0187 3680 lbrtfdc - ok
    01:01:26.0234 3680 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    01:01:26.0359 3680 LmHosts - ok
    01:01:26.0390 3680 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
    01:01:26.0421 3680 MBAMProtector - ok
    01:01:26.0500 3680 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    01:01:26.0546 3680 MBAMScheduler - ok
    01:01:26.0593 3680 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    01:01:26.0656 3680 MBAMService - ok
    01:01:26.0718 3680 [ 195741AEE20369980796B557358CD774 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    01:01:26.0875 3680 mdmxsdk - ok
    01:01:26.0890 3680 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    01:01:27.0046 3680 Messenger - ok
    01:01:27.0078 3680 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    01:01:27.0234 3680 mnmdd - ok
    01:01:27.0265 3680 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    01:01:27.0421 3680 mnmsrvc - ok
    01:01:27.0453 3680 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    01:01:27.0593 3680 Modem - ok
    01:01:27.0625 3680 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    01:01:27.0765 3680 Mouclass - ok
    01:01:27.0812 3680 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    01:01:27.0953 3680 mouhid - ok
    01:01:27.0968 3680 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    01:01:28.0109 3680 MountMgr - ok
    01:01:28.0109 3680 mraid35x - ok
    01:01:28.0140 3680 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    01:01:28.0265 3680 MRxDAV - ok
    01:01:28.0312 3680 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    01:01:28.0421 3680 MRxSmb - ok
    01:01:28.0453 3680 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    01:01:28.0609 3680 MSDTC - ok
    01:01:28.0625 3680 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    01:01:28.0781 3680 Msfs - ok
    01:01:28.0781 3680 MSIServer - ok
    01:01:28.0812 3680 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    01:01:28.0953 3680 MSKSSRV - ok
    01:01:28.0968 3680 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    01:01:29.0109 3680 MSPCLOCK - ok
    01:01:29.0171 3680 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    01:01:29.0296 3680 MSPQM - ok
    01:01:29.0312 3680 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    01:01:29.0468 3680 mssmbios - ok
    01:01:29.0484 3680 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    01:01:29.0562 3680 Mup - ok
    01:01:29.0593 3680 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    01:01:29.0734 3680 napagent - ok
    01:01:29.0859 3680 [ E0E4A1F81A7D69C595A8A9DDAD084C19 ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe
    01:01:29.0906 3680 NAUpdate - ok
    01:01:29.0937 3680 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    01:01:30.0093 3680 NDIS - ok
    01:01:30.0125 3680 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    01:01:30.0171 3680 NdisTapi - ok
    01:01:30.0203 3680 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    01:01:30.0343 3680 Ndisuio - ok
    01:01:30.0390 3680 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    01:01:30.0546 3680 NdisWan - ok
    01:01:30.0578 3680 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    01:01:30.0656 3680 NDProxy - ok
    01:01:30.0656 3680 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    01:01:30.0796 3680 NetBIOS - ok
    01:01:30.0828 3680 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    01:01:30.0984 3680 NetBT - ok
    01:01:31.0000 3680 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    01:01:31.0156 3680 NetDDE - ok
    01:01:31.0156 3680 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    01:01:31.0312 3680 NetDDEdsdm - ok
    01:01:31.0343 3680 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    01:01:31.0484 3680 Netlogon - ok
    01:01:31.0500 3680 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    01:01:31.0671 3680 Netman - ok
    01:01:31.0718 3680 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    01:01:31.0734 3680 NetTcpPortSharing - ok
    01:01:31.0765 3680 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    01:01:31.0812 3680 Nla - ok
    01:01:31.0828 3680 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    01:01:31.0953 3680 Npfs - ok
    01:01:32.0000 3680 [ C1B237858D0A39A2F0B8675EE3142FD1 ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    01:01:32.0031 3680 nSvcIp ( UnsignedFile.Multi.Generic ) - warning
    01:01:32.0031 3680 nSvcIp - detected UnsignedFile.Multi.Generic (1)
    01:01:32.0046 3680 [ 6B81F3CF33C92DFA3D69B5D355F47570 ] nSvcLog C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    01:01:32.0062 3680 nSvcLog ( UnsignedFile.Multi.Generic ) - warning
    01:01:32.0062 3680 nSvcLog - detected UnsignedFile.Multi.Generic (1)
    01:01:32.0109 3680 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    01:01:32.0312 3680 Ntfs - ok
    01:01:32.0312 3680 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    01:01:32.0453 3680 NtLmSsp - ok
    01:01:32.0500 3680 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    01:01:32.0640 3680 NtmsSvc - ok
    01:01:32.0656 3680 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    01:01:32.0812 3680 Null - ok
    01:01:32.0937 3680 [ 9772E9E8F27E33284C20E3AAD9EAAB9D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    01:01:33.0109 3680 nv ( UnsignedFile.Multi.Generic ) - warning
    01:01:33.0109 3680 nv - detected UnsignedFile.Multi.Generic (1)
    01:01:33.0140 3680 [ 83F0275A21D9772B51CEF57E35AFAE61 ] nvatabus C:\WINDOWS\system32\DRIVERS\nvatabus.sys
    01:01:33.0203 3680 nvatabus - ok
    01:01:33.0218 3680 [ FB7213BC5279C1AF5E4E9CA05D944F2C ] nvcchflt C:\WINDOWS\system32\DRIVERS\nvcchflt.sys
    01:01:33.0250 3680 nvcchflt - ok
    01:01:33.0265 3680 [ 468E839F0F7AFF5C9BAA4717B82CDD11 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
    01:01:33.0296 3680 NVENETFD - ok
    01:01:33.0328 3680 [ 7A6444C5F0D53C7E6E7F500BC4C930F7 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
    01:01:33.0375 3680 nvnetbus - ok
    01:01:33.0421 3680 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    01:01:33.0562 3680 NwlnkFlt - ok
    01:01:33.0562 3680 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    01:01:33.0718 3680 NwlnkFwd - ok
    01:01:33.0781 3680 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    01:01:33.0812 3680 ose - ok
    01:01:33.0843 3680 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
    01:01:33.0984 3680 Parport - ok
    01:01:34.0000 3680 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    01:01:34.0156 3680 PartMgr - ok
    01:01:34.0187 3680 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    01:01:34.0328 3680 ParVdm - ok
    01:01:34.0359 3680 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    01:01:34.0515 3680 PCI - ok
    01:01:34.0515 3680 PCIDump - ok
    01:01:34.0531 3680 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    01:01:34.0671 3680 PCIIde - ok
    01:01:34.0703 3680 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
    01:01:34.0843 3680 Pcmcia - ok
    01:01:34.0843 3680 PDCOMP - ok
    01:01:34.0859 3680 PDFRAME - ok
    01:01:34.0859 3680 PDRELI - ok
    01:01:34.0875 3680 PDRFRAME - ok
    01:01:34.0890 3680 perc2 - ok
    01:01:34.0890 3680 perc2hib - ok
    01:01:34.0921 3680 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    01:01:34.0953 3680 PlugPlay - ok
    01:01:34.0984 3680 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    01:01:35.0109 3680 PolicyAgent - ok
    01:01:35.0125 3680 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    01:01:35.0281 3680 PptpMiniport - ok
    01:01:35.0296 3680 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
    01:01:35.0453 3680 Processor - ok
    01:01:35.0468 3680 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    01:01:35.0593 3680 ProtectedStorage - ok
    01:01:35.0609 3680 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    01:01:35.0750 3680 PSched - ok
    01:01:35.0765 3680 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    01:01:35.0906 3680 Ptilink - ok
    01:01:35.0921 3680 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
    01:01:35.0953 3680 PxHelp20 - ok
    01:01:35.0968 3680 ql1080 - ok
    01:01:35.0968 3680 Ql10wnt - ok
    01:01:35.0984 3680 ql12160 - ok
    01:01:36.0000 3680 ql1240 - ok
    01:01:36.0000 3680 ql1280 - ok
    01:01:36.0031 3680 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    01:01:36.0171 3680 RasAcd - ok
    01:01:36.0203 3680 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    01:01:36.0343 3680 RasAuto - ok
    01:01:36.0375 3680 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    01:01:36.0531 3680 Rasl2tp - ok
    01:01:36.0562 3680 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    01:01:36.0703 3680 RasMan - ok
    01:01:36.0718 3680 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    01:01:36.0875 3680 RasPppoe - ok
    01:01:36.0890 3680 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    01:01:37.0015 3680 Raspti - ok
    01:01:37.0031 3680 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    01:01:37.0156 3680 Rdbss - ok
    01:01:37.0156 3680 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    01:01:37.0296 3680 RDPCDD - ok
    01:01:37.0328 3680 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    01:01:37.0421 3680 RDPWD - ok
    01:01:37.0437 3680 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    01:01:37.0578 3680 RDSessMgr - ok
    01:01:37.0593 3680 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    01:01:37.0750 3680 redbook - ok
    01:01:37.0781 3680 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    01:01:37.0921 3680 RemoteAccess - ok
    01:01:37.0953 3680 [ 4F4A4C09CC5BE58A76CAC1C337E004E6 ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
    01:01:38.0031 3680 RimUsb - ok
    01:01:38.0062 3680 [ 3A5633AD615E2B15291BD0B1B97CCD8A ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
    01:01:38.0109 3680 RimVSerPort - ok
    01:01:38.0140 3680 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
    01:01:38.0281 3680 ROOTMODEM - ok
    01:01:38.0312 3680 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
    01:01:38.0437 3680 RpcLocator - ok
    01:01:38.0468 3680 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
    01:01:38.0500 3680 RpcSs - ok
    01:01:38.0546 3680 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    01:01:38.0703 3680 RSVP - ok
    01:01:38.0718 3680 [ E1AB463B36A7EF31D8A73A97A9B57AFA ] s115bus C:\WINDOWS\system32\DRIVERS\s115bus.sys
    01:01:38.0750 3680 s115bus - ok
    01:01:38.0765 3680 [ E24113FC13B8737C94CF4E3415488C76 ] s115mdfl C:\WINDOWS\system32\DRIVERS\s115mdfl.sys
    01:01:38.0781 3680 s115mdfl - ok
    01:01:38.0796 3680 [ 4029E49E7C673AA0670BD206B0AF1B5B ] s115mdm C:\WINDOWS\system32\DRIVERS\s115mdm.sys
    01:01:38.0828 3680 s115mdm - ok
    01:01:38.0828 3680 [ EB02AB4CA8BCCECFDE236CAD8FC6E135 ] s115mgmt C:\WINDOWS\system32\DRIVERS\s115mgmt.sys
    01:01:38.0875 3680 s115mgmt - ok
    01:01:38.0890 3680 [ 089869DB9FFD2AC807FA87FE82AC7761 ] s115obex C:\WINDOWS\system32\DRIVERS\s115obex.sys
    01:01:38.0921 3680 s115obex - ok
    01:01:38.0953 3680 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    01:01:39.0093 3680 SamSs - ok
    01:01:39.0109 3680 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    01:01:39.0234 3680 SCardSvr - ok
    01:01:39.0281 3680 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    01:01:39.0421 3680 Schedule - ok
    01:01:39.0453 3680 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    01:01:39.0500 3680 Secdrv - ok
    01:01:39.0531 3680 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    01:01:39.0640 3680 seclogon - ok
    01:01:39.0656 3680 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    01:01:39.0796 3680 SENS - ok
    01:01:39.0828 3680 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    01:01:39.0937 3680 serenum - ok
    01:01:39.0953 3680 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
    01:01:40.0093 3680 Serial - ok
    01:01:40.0125 3680 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    01:01:40.0250 3680 Sfloppy - ok
    01:01:40.0312 3680 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    01:01:40.0437 3680 SharedAccess - ok
    01:01:40.0468 3680 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    01:01:40.0500 3680 ShellHWDetection - ok
    01:01:40.0515 3680 Simbad - ok
    01:01:40.0531 3680 Sparrow - ok
    01:01:40.0562 3680 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    01:01:40.0687 3680 splitter - ok
    01:01:40.0734 3680 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    01:01:40.0796 3680 Spooler - ok
    01:01:40.0859 3680 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
    01:01:40.0859 3680 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
    01:01:40.0859 3680 sptd ( LockedFile.Multi.Generic ) - warning
    01:01:40.0859 3680 sptd - detected LockedFile.Multi.Generic (1)
    01:01:40.0875 3680 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    01:01:40.0937 3680 sr - ok
    01:01:40.0968 3680 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    01:01:41.0031 3680 srservice - ok
    01:01:41.0078 3680 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    01:01:41.0156 3680 Srv - ok
    01:01:41.0187 3680 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    01:01:41.0250 3680 SSDPSRV - ok
    01:01:41.0281 3680 [ 306521935042FC0A6988D528643619B3 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
    01:01:41.0312 3680 StarOpen ( UnsignedFile.Multi.Generic ) - warning
    01:01:41.0312 3680 StarOpen - detected UnsignedFile.Multi.Generic (1)
    01:01:41.0375 3680 [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    01:01:41.0406 3680 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
    01:01:41.0406 3680 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
    01:01:41.0453 3680 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    01:01:41.0578 3680 stisvc - ok
    01:01:41.0625 3680 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    01:01:41.0765 3680 swenum - ok
    01:01:41.0781 3680 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    01:01:41.0890 3680 swmidi - ok
    01:01:41.0906 3680 SwPrv - ok
    01:01:41.0921 3680 symc810 - ok
    01:01:41.0921 3680 symc8xx - ok
    01:01:41.0937 3680 sym_hi - ok
    01:01:41.0953 3680 sym_u3 - ok
    01:01:41.0968 3680 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    01:01:42.0109 3680 sysaudio - ok
    01:01:42.0140 3680 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    01:01:42.0265 3680 SysmonLog - ok
    01:01:42.0296 3680 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    01:01:42.0437 3680 TapiSrv - ok
    01:01:42.0484 3680 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    01:01:42.0515 3680 Tcpip - ok
    01:01:42.0531 3680 [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7 ] Tcpip6 C:\WINDOWS\system32\DRIVERS\tcpip6.sys
    01:01:42.0562 3680 Tcpip6 - ok
    01:01:42.0578 3680 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    01:01:42.0718 3680 TDPIPE - ok
    01:01:42.0750 3680 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    01:01:42.0890 3680 TDTCP - ok
    01:01:42.0906 3680 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    01:01:43.0062 3680 TermDD - ok
    01:01:43.0093 3680 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    01:01:43.0218 3680 TermService - ok
    01:01:43.0250 3680 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    01:01:43.0281 3680 Themes - ok
    01:01:43.0281 3680 TosIde - ok
    01:01:43.0312 3680 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    01:01:43.0437 3680 TrkWks - ok
    01:01:43.0562 3680 [ 9DF6AD6FC51A802808621CBFB2A88453 ] TuneUp.UtilitiesSvc C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
    01:01:43.0671 3680 TuneUp.UtilitiesSvc - ok
    01:01:43.0703 3680 [ 94C4CD2D19B8C4137A46261F229FEC24 ] TuneUpUtilitiesDrv C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys
    01:01:43.0718 3680 TuneUpUtilitiesDrv - ok
    01:01:43.0765 3680 [ 8F861EDA21C05857EB8197300A92501C ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys
    01:01:43.0890 3680 tunmp - ok
    01:01:43.0953 3680 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    01:01:44.0140 3680 Udfs - ok
    01:01:44.0140 3680 ultra - ok
    01:01:44.0187 3680 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
    01:01:44.0234 3680 UMWdf - ok
    01:01:44.0265 3680 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    01:01:44.0406 3680 Update - ok
    01:01:44.0484 3680 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    01:01:44.0546 3680 upnphost - ok
    01:01:44.0562 3680 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    01:01:44.0718 3680 UPS - ok
    01:01:44.0718 3680 USBAAPL - ok
    01:01:44.0765 3680 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
    01:01:44.0890 3680 usbaudio - ok
    01:01:44.0906 3680 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    01:01:45.0062 3680 usbccgp - ok
    01:01:45.0078 3680 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    01:01:45.0203 3680 usbehci - ok
    01:01:45.0218 3680 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    01:01:45.0375 3680 usbhub - ok
    01:01:45.0390 3680 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
    01:01:45.0515 3680 usbohci - ok
    01:01:45.0562 3680 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    01:01:45.0687 3680 usbprint - ok
    01:01:45.0734 3680 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    01:01:45.0843 3680 usbscan - ok
    01:01:45.0890 3680 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    01:01:46.0031 3680 usbstor - ok
    01:01:46.0078 3680 [ 68C0AEABCB33674FB9EF2D52ED57D358 ] UserAccess7 C:\WINDOWS\system32\UAService7.exe
    01:01:46.0109 3680 UserAccess7 ( UnsignedFile.Multi.Generic ) - warning
    01:01:46.0109 3680 UserAccess7 - detected UnsignedFile.Multi.Generic (1)
    01:01:46.0156 3680 [ 92CEBC2BC7BE2C8D49391B365569F306 ] vaxscsi C:\WINDOWS\System32\Drivers\vaxscsi.sys
    01:01:46.0187 3680 vaxscsi - ok
    01:01:46.0218 3680 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    01:01:46.0343 3680 VgaSave - ok
    01:01:46.0359 3680 ViaIde - ok
    01:01:46.0390 3680 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    01:01:46.0546 3680 VolSnap - ok
    01:01:46.0593 3680 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    01:01:46.0671 3680 VSS - ok
    01:01:46.0703 3680 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
    01:01:46.0828 3680 W32Time - ok
    01:01:46.0843 3680 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    01:01:46.0968 3680 Wanarp - ok
    01:01:47.0015 3680 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
    01:01:47.0062 3680 Wdf01000 - ok
    01:01:47.0062 3680 WDICA - ok
    01:01:47.0093 3680 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    01:01:47.0218 3680 wdmaud - ok
    01:01:47.0250 3680 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    01:01:47.0390 3680 WebClient - ok
    01:01:47.0453 3680 [ 1225EBEA76AAC3C84DF6C54FE5E5D8BE ] winachsf C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
    01:01:47.0609 3680 winachsf - ok
    01:01:47.0687 3680 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    01:01:47.0812 3680 winmgmt - ok
    01:01:47.0875 3680 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
    01:01:47.0906 3680 WmdmPmSN - ok
    01:01:47.0937 3680 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    01:01:48.0093 3680 WmiApSrv - ok
    01:01:48.0125 3680 [ 1385E5AA9C9821790D33A9563B8D2DD0 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
    01:01:48.0156 3680 WpdUsb - ok
    01:01:48.0265 3680 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    01:01:48.0343 3680 WPFFontCache_v0400 - ok
    01:01:48.0390 3680 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
    01:01:48.0515 3680 WS2IFSL - ok
    01:01:48.0562 3680 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    01:01:48.0687 3680 wscsvc - ok
    01:01:48.0703 3680 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    01:01:48.0890 3680 wuauserv - ok
    01:01:48.0953 3680 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    01:01:49.0125 3680 WZCSVC - ok
    01:01:49.0156 3680 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    01:01:49.0296 3680 xmlprov - ok
    01:01:49.0296 3680 ================ Scan global ===============================
    01:01:49.0328 3680 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    01:01:49.0406 3680 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    01:01:49.0421 3680 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    01:01:49.0437 3680 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    01:01:49.0437 3680 [Global] - ok
    01:01:49.0453 3680 ================ Scan MBR ==================================
    01:01:49.0468 3680 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    01:01:49.0640 3680 \Device\Harddisk0\DR0 - ok
    01:01:49.0640 3680 ================ Scan VBR ==================================
    01:01:49.0640 3680 [ C317D6F9EACFB1D8BE79F0A25F7D8300 ] \Device\Harddisk0\DR0\Partition1
    01:01:49.0640 3680 \Device\Harddisk0\DR0\Partition1 - ok
    01:01:49.0640 3680 ============================================================
    01:01:49.0640 3680 Scan finished
    01:01:49.0640 3680 ============================================================
    01:01:49.0812 3672 Detected object count: 10
    01:01:49.0812 3672 Actual detected object count: 10
    01:02:49.0203 3672 ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - skipped by user
    01:02:49.0203 3672 ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - User select action: Skip
    01:02:49.0203 3672 ForcewareWebInterface ( UnsignedFile.Multi.Generic ) - skipped by user
    01:02:49.0203 3672 ForcewareWebInterface ( UnsignedFile.Multi.Generic ) - User select action: Skip
    01:02:49.0203 3672 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
    01:02:49.0203 3672 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
    01:02:49.0203 3672 nSvcIp ( UnsignedFile.Multi.Generic ) - skipped by user
    01:02:49.0203 3672 nSvcIp ( UnsignedFile.Multi.Generic ) - User select action: Skip
    01:02:49.0234 3672 nSvcLog ( UnsignedFile.Multi.Generic ) - skipped by user
    01:02:49.0234 3672 nSvcLog ( UnsignedFile.Multi.Generic ) - User select action: Skip
    01:02:49.0234 3672 nv ( UnsignedFile.Multi.Generic ) - skipped by user
    01:02:49.0234 3672 nv ( UnsignedFile.Multi.Generic ) - User select action: Skip
    01:02:49.0234 3672 sptd ( LockedFile.Multi.Generic ) - skipped by user
    01:02:49.0234 3672 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
    01:02:49.0234 3672 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
    01:02:49.0234 3672 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
    01:02:49.0234 3672 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
    01:02:49.0234 3672 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip
    01:02:49.0234 3672 UserAccess7 ( UnsignedFile.Multi.Generic ) - skipped by user
    01:02:49.0234 3672 UserAccess7 ( UnsignedFile.Multi.Generic ) - User select action: Skip
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Looks good so far...

    avast! aswMBR

    Please download aswMBR from here
    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Uncheck "Trace disk IO calls".
    • Click the Scan button to start the scan as illustrated below
    [​IMG]
    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.
    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
    • Please also find MBR.dat on your Desktop, and rename it to MBRscan.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.


    Download Windows Repair (all in one) from this site

    Install the program then run it.

    Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

    [​IMG]



    Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

    [​IMG]


    Go to Step 4 and under "System Restore" click on Create button:

    [​IMG]


    Go to Start Repairs tab and click Start button.

    [​IMG]


    Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

    [​IMG]

    Click on box next to the Restart System when Finished. Then click on Start.


    Let me know if things start speeding up...
  5. Jackiesp

    Jackiesp Newcomer, in training Topic Starter Posts: 48

    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2013-02-23 21:13:08
    -----------------------------
    21:13:08.591 OS Version: Windows 5.1.2600 Service Pack 3
    21:13:08.591 Number of processors: 1 586 0x2F02
    21:13:08.591 ComputerName: MAX UserName: Max
    21:13:08.951 Initialize success
    21:13:49.341 AVAST engine defs: 13022300
    21:13:59.106 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006e
    21:13:59.106 Disk 0 Vendor: WDC_WD1600JB-00GVC0 08.02D08 Size: 152627MB BusType: 3
    21:13:59.137 Disk 0 MBR read successfully
    21:13:59.137 Disk 0 MBR scan
    21:13:59.247 Disk 0 Windows XP default MBR code
    21:13:59.247 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 150405 MB offset 63
    21:13:59.278 Disk 0 Partition 2 00 12 Compaq diag RECOVERY 2219 MB offset 308030310
    21:13:59.293 Disk 0 scanning sectors +312576705
    21:13:59.434 Disk 0 scanning C:\WINDOWS\system32\drivers
    21:14:24.402 Service scanning
    21:14:37.902 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
    21:14:42.980 Modules scanning
    21:15:02.417 AVAST engine scan C:\WINDOWS
    21:15:10.136 AVAST engine scan C:\WINDOWS\system32
    21:19:18.850 AVAST engine scan C:\WINDOWS\system32\drivers
    21:19:41.693 AVAST engine scan C:\Documents and Settings\Max
    21:20:52.864 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Max\Desktop\MBR.dat"
    21:20:52.864 The log file has been saved successfully to "C:\Documents and Settings\Max\Desktop\aswMBR.txt"


    I have tried to upload the MBR file however when I click on the upload file button it cannot find the file on my desktop.
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Can you tell me about the events that led up to how the PC started freezing and crashing?

    What about blue screens? Black screens with blinking cursor?
  7. Jackiesp

    Jackiesp Newcomer, in training Topic Starter Posts: 48

    I was on internet explorer. I needed to update my software on my blackberry. I plugged the USB lead to one of theports on my computer. My computer started to freeze and an error message popped up from AVG stating that ineternet explorer was using too much memeory and suggested closing and re-opening to improve performance. I clicked to close internet and my computer froze. After about 3 minutes I clicked alt-ctrl and delete to try and close it that way. nothing happened and then my computer restarted itself. Upon boot up it said that my computer had blue screen event and that windows closed down my PC.

    I have noticed that even when I have one application open for a small while my computer starts to freeze. I have a set of headphones which connects via USB. They dont always work and then no sound comes from my PC even when I disconnect them. When I try to play music it says that no sound driver can be deteceted. I then have to restart my computer for the sound to come back. I only have the free edition of AVG but when it updates my computer freezes until its finished. The same thing happens with windows update. I have tried cleaning registry using PC clean up but it doesn't seemt to speed up. I knwo that I have a small amount of memory but over the course of a couple of weeks it has slowed down considerably and applications just freeze and I have to restart my PC to continue working.

    I have finished running windows repair. I couldn't complete step 3 as I cant find the Windows CD,
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Download a 32-bit AVG removal tool for your version of AVG from this page: http://www.avg.com/us-en/utilities

    Run the removal tool. Then, download and install avast! Free, www.avast.com -- or Avira Free, www.free-av.com

    Once done, let me know if the same issues continue. :)

    I'm thinking AVG does not like your system, and is taking it over (not good). I've known AVG software to do this for years, and 90% of the time (in my opinion) the problem with freezing (if it isn't anything else), it is probably AVG issue.

    Let me know how it works. :)
  9. Jackiesp

    Jackiesp Newcomer, in training Topic Starter Posts: 48

    I ran the removal tool - some dos script came up and a dialogue box saying that the tool will remove AVG. I clicked on OK, then the dialogue box and DOS closed but nothing happened AVG is still on my compter
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

  11. Jackiesp

    Jackiesp Newcomer, in training Topic Starter Posts: 48

    I ran the remover tool. Some dos script came up and then restarted but AVG is still on my computer. Am I doing something wrong?
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Try uninstalling it, then... Start > Control Panel > Add or Remove Programs.
  13. Jackiesp

    Jackiesp Newcomer, in training Topic Starter Posts: 48

    I have managed to uninstall AVG and I have downloaded Avira. During the first scan it detected a virus adn quarantined it. Please see below details of the Avira log.


    Avira Free Antivirus
    Report file date: 24 February 2013 13:50

    The program is running as an unrestricted full version.
    Online services are available.
    Licensee : Avira Free Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Microsoft Windows XP
    Windows version : (Service Pack 3) [5.1.2600]
    Boot mode : Normally booted
    Username : Max
    Computer name : MAX
    Version information:
    BUILD.DAT : 13.0.0.3185 47702 Bytes 30/01/2013 10:13:00
    AVSCAN.EXE : 13.6.0.584 640224 Bytes 24/02/2013 13:39:05
    AVSCANRC.DLL : 13.4.0.360 54560 Bytes 24/02/2013 13:39:06
    LUKE.DLL : 13.6.0.602 67808 Bytes 24/02/2013 13:39:34
    AVSCPLR.DLL : 13.6.0.628 94432 Bytes 24/02/2013 13:40:26
    AVREG.DLL : 13.6.0.600 250592 Bytes 24/02/2013 13:40:25
    avlode.dll : 13.6.2.624 434912 Bytes 24/02/2013 13:40:26
    avlode.rdf : 13.0.0.38 15231 Bytes 24/02/2013 13:40:26
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 13:35:24
    VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 13:36:02
    VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 13:36:43
    VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 13:36:56
    VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 13:37:08
    VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 13:37:20
    VBASE006.VDF : 7.11.41.250 4902400 Bytes 06/09/2012 13:37:34
    VBASE007.VDF : 7.11.50.230 3904512 Bytes 22/11/2012 13:37:45
    VBASE008.VDF : 7.11.60.10 6627328 Bytes 07/02/2013 13:38:04
    VBASE009.VDF : 7.11.60.11 2048 Bytes 07/02/2013 13:38:04
    VBASE010.VDF : 7.11.60.12 2048 Bytes 07/02/2013 13:38:04
    VBASE011.VDF : 7.11.60.13 2048 Bytes 07/02/2013 13:38:04
    VBASE012.VDF : 7.11.60.14 2048 Bytes 07/02/2013 13:38:04
    VBASE013.VDF : 7.11.60.62 351232 Bytes 08/02/2013 13:38:05
    VBASE014.VDF : 7.11.60.115 190976 Bytes 09/02/2013 13:38:06
    VBASE015.VDF : 7.11.60.177 282624 Bytes 11/02/2013 13:38:07
    VBASE016.VDF : 7.11.60.249 215552 Bytes 13/02/2013 13:38:07
    VBASE017.VDF : 7.11.61.65 151040 Bytes 15/02/2013 13:38:08
    VBASE018.VDF : 7.11.61.135 159232 Bytes 18/02/2013 13:38:08
    VBASE019.VDF : 7.11.61.163 152064 Bytes 18/02/2013 13:38:09
    VBASE020.VDF : 7.11.61.207 164352 Bytes 19/02/2013 13:38:09
    VBASE021.VDF : 7.11.62.43 206336 Bytes 21/02/2013 13:38:10
    VBASE022.VDF : 7.11.62.111 136192 Bytes 23/02/2013 13:38:10
    VBASE023.VDF : 7.11.62.112 2048 Bytes 23/02/2013 13:38:10
    VBASE024.VDF : 7.11.62.113 2048 Bytes 23/02/2013 13:38:11
    VBASE025.VDF : 7.11.62.114 2048 Bytes 23/02/2013 13:38:11
    VBASE026.VDF : 7.11.62.115 2048 Bytes 23/02/2013 13:38:11
    VBASE027.VDF : 7.11.62.116 2048 Bytes 23/02/2013 13:38:11
    VBASE028.VDF : 7.11.62.117 2048 Bytes 23/02/2013 13:38:11
    VBASE029.VDF : 7.11.62.118 2048 Bytes 23/02/2013 13:38:11
    VBASE030.VDF : 7.11.62.119 2048 Bytes 23/02/2013 13:38:11
    VBASE031.VDF : 7.11.62.138 68096 Bytes 24/02/2013 13:38:11
    Engine version : 8.2.12.8
    AEVDF.DLL : 8.1.2.10 102772 Bytes 24/02/2013 13:38:25
    AESCRIPT.DLL : 8.1.4.94 467324 Bytes 24/02/2013 13:38:24
    AESCN.DLL : 8.1.10.0 131445 Bytes 24/02/2013 13:38:24
    AESBX.DLL : 8.2.5.12 606578 Bytes 24/02/2013 13:38:25
    AERDL.DLL : 8.2.0.88 643444 Bytes 24/02/2013 13:38:24
    AEPACK.DLL : 8.3.1.10 815480 Bytes 24/02/2013 13:38:23
    AEOFFICE.DLL : 8.1.2.50 201084 Bytes 24/02/2013 13:38:21
    AEHEUR.DLL : 8.1.4.218 5792121 Bytes 24/02/2013 13:38:21
    AEHELP.DLL : 8.1.25.2 258423 Bytes 24/02/2013 13:38:14
    AEGEN.DLL : 8.1.6.16 434549 Bytes 24/02/2013 13:38:14
    AEEXP.DLL : 8.4.0.4 188789 Bytes 24/02/2013 13:38:26
    AEEMU.DLL : 8.1.3.2 393587 Bytes 24/02/2013 13:38:13
    AECORE.DLL : 8.1.31.2 201080 Bytes 24/02/2013 13:38:12
    AEBB.DLL : 8.1.1.4 53619 Bytes 24/02/2013 13:38:12
    AVWINLL.DLL : 13.6.0.480 26480 Bytes 24/02/2013 13:34:21
    AVPREF.DLL : 13.6.0.480 51056 Bytes 24/02/2013 13:39:04
    AVREP.DLL : 13.6.0.480 178544 Bytes 24/02/2013 13:40:25
    AVARKT.DLL : 13.6.0.624 260832 Bytes 24/02/2013 13:38:57
    AVEVTLOG.DLL : 13.6.0.600 167648 Bytes 24/02/2013 13:39:01
    SQLITE3.DLL : 3.7.0.1 397704 Bytes 24/02/2013 13:39:59
    AVSMTP.DLL : 13.6.0.480 62832 Bytes 24/02/2013 13:39:07
    NETNT.DLL : 13.6.0.480 16240 Bytes 24/02/2013 13:39:46
    RCIMAGE.DLL : 13.4.0.360 4782880 Bytes 24/02/2013 13:34:23
    RCTEXT.DLL : 13.6.0.480 66928 Bytes 24/02/2013 13:34:23
    Configuration settings for the scan:
    Jobname.............................: Quick system scan
    Configuration file..................: c:\program files\avira\antivir desktop\quicksysscan.avp
    Reporting...........................: default
    Primary action......................: Interactive
    Secondary action....................: Ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Process scan........................: on
    Scan registry.......................: on
    Search for rootkits.................: off
    Integrity checking of system files..: off
    Scan all files......................: Intelligent file selection
    Scan archives.......................: on
    Limit recursion depth...............: 20
    Smart extensions....................: on
    Macrovirus heuristic................: on
    File heuristic......................: extended
    Start of the scan: 24 February 2013 13:50
    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Start scanning boot sectors:
    The scan of running processes will be started:
    Scan process 'wmiprvse.exe' - '49' Module(s) have been scanned
    Scan process 'avscan.exe' - '95' Module(s) have been scanned
    Scan process 'avcenter.exe' - '53' Module(s) have been scanned
    Scan process 'avconfig.exe' - '60' Module(s) have been scanned
    Scan process 'avgnt.exe' - '75' Module(s) have been scanned
    Scan process 'AVWEBGRD.EXE' - '53' Module(s) have been scanned
    Scan process 'sched.exe' - '43' Module(s) have been scanned
    Scan process 'avshadow.exe' - '22' Module(s) have been scanned
    Scan process 'avguard.exe' - '93' Module(s) have been scanned
    Scan process 'Updater.exe' - '67' Module(s) have been scanned
    Scan process 'msiexec.exe' - '35' Module(s) have been scanned
    Scan process 'svchost.exe' - '88' Module(s) have been scanned
    Scan process 'setup.exe' - '79' Module(s) have been scanned
    Scan process 'presetup.exe' - '56' Module(s) have been scanned
    Scan process 'avwebloader.exe' - '74' Module(s) have been scanned
    Scan process 'avira_free_antivirus[1].exe' - '37' Module(s) have been scanned
    Scan process 'svchost.exe' - '36' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '27' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '57' Module(s) have been scanned
    Scan process 'RIMBBLaunchAgent.exe' - '34' Module(s) have been scanned
    Scan process 'alg.exe' - '35' Module(s) have been scanned
    Scan process 'wscntfy.exe' - '22' Module(s) have been scanned
    Scan process 'wdfmgr.exe' - '17' Module(s) have been scanned
    Scan process 'svchost.exe' - '40' Module(s) have been scanned
    Scan process 'jqs.exe' - '35' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '31' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '60' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '96' Module(s) have been scanned
    Scan process 'svchost.exe' - '44' Module(s) have been scanned
    Scan process 'svchost.exe' - '35' Module(s) have been scanned
    Scan process 'svchost.exe' - '165' Module(s) have been scanned
    Scan process 'svchost.exe' - '42' Module(s) have been scanned
    Scan process 'svchost.exe' - '55' Module(s) have been scanned
    Scan process 'lsass.exe' - '60' Module(s) have been scanned
    Scan process 'services.exe' - '29' Module(s) have been scanned
    Scan process 'winlogon.exe' - '73' Module(s) have been scanned
    Scan process 'csrss.exe' - '14' Module(s) have been scanned
    Scan process 'smss.exe' - '2' Module(s) have been scanned
    Starting to scan executable files (registry):
    C:\Program Files\Alcohol Soft\Alcohol 120\AxLaUn.exe
    [DETECTION] Is the TR/Spy.386560.23 Trojan
    The registry was scanned ( '1989' files ).

    Beginning disinfection:
    The file '\\?\C:\Documents and Settings\Max\Start Menu\Programs\Alcohol 120%\Alcohol 120%.lnk' was moved to the quarantine folder.
    C:\Program Files\Alcohol Soft\Alcohol 120\AxLaUn.exe
    [DETECTION] Is the TR/Spy.386560.23 Trojan
    [NOTE] The file was moved to the quarantine directory under the name '48969067.qua'!

    End of the scan: 24 February 2013 13:53
    Used time: 01:26 Minute(s)
    The scan has been done completely.
    0 Scanned directories
    2411 Files were scanned
    1 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 Files were deleted
    0 Viruses and unwanted programs were repaired
    1 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    2410 Files not concerned
    29 Archives were scanned
    0 Warnings
    1 Notes
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    That wasn't a bad file it quarantined. :p

    Anyway, how is the computer running?
  15. Jackiesp

    Jackiesp Newcomer, in training Topic Starter Posts: 48

    Thre computer is running ok. Still a little slow but that is probably down to the lack of memory.

    Thanks for your help.

    Is my computer clean now?
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."
    • Select Start > All Programs > Accessories > System tools > System Restore.
    • On the dialogue box that appears select Create a Restore Point
    • Click NEXT
    • Enter a name e.g. Clean
    • Click CREATE

    Remove tools, temp files, old Restore Points

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL sometimes hides your Desktop and Start menu so the cleanup can be completed. Do not be alerted, as this is normal.
    • It may open a log for you, but I don't need that.

    To remove all of the tools we used and the files and folders they created do the following:
    Double click OTL.exe.
    • Click the CleanUp button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  17. Jackiesp

    Jackiesp Newcomer, in training Topic Starter Posts: 48

    Results of screen317's Security Check version 0.99.59
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Avira Free Antivirus
    Avira successfully updated!
    `````````Anti-malware/Other Utilities Check:`````````
    Java(TM) 6 Update 29
    Java 7 Update 9
    Java version out of Date!
    Adobe Flash Player 11.5.502.149
    Adobe Reader XI
    Google Chrome 25.0.1364.97
    ````````Process Check: objlist.exe by Laurent````````
    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 8%
    ````````````````````End of Log``````````````````````
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Java Update!

    Please download the newest version of Java from Java.com.

    Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

    Once old versions are gone, please install the newest version.

    Read more about Java exploit problems


    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.


    Any other questions before I mark this topic solved?
     
  19. Jackiesp

    Jackiesp Newcomer, in training Topic Starter Posts: 48

    I have 2 JAVA entries 1.Java(TM) 6 update 29 and 2. Java 7 update 9. When I tried to remove them following the steps above I received an error message saying "Fatal error in installation" on both occasions.

    Is there another way to remove them?
  20. Jackiesp

    Jackiesp Newcomer, in training Topic Starter Posts: 48

    Also when I tried to delete the first Java entry another dialogue box came up saying Java(TM) 6 Update 20 - Internal error 2753. regutils.dll
  21. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Use the CCleaner uninstall list and try again.

    Open CCleaner > Tools > Uninstall
  22. Jackiesp

    Jackiesp Newcomer, in training Topic Starter Posts: 48

    I managed to remove Java 7 update 9 however the same error message "Internal error 2753. regutils.dll " appeared when I tried to remove Java(TM) 6 update 29. It has a setup icon next to it in the control panel so maybe I don't need to uninstall it. I tried to download a newer version but said installation failed
  23. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Download JavaRa: http://singularlabs.com/software/javara/

    When using the program, work right-to-left. Update first the definitions for JavaRa, Remove JRE, and then Update Java Runtime.

    Let me know if this works out. :)
  24. Jackiesp

    Jackiesp Newcomer, in training Topic Starter Posts: 48

    I downloaded the JavaRA and follow your instructions above however when I tried to remove JRE 6 the same error message came up "Internal error 2753. regutils.dll" and when it tried to see what Java was runing on my computer it could not detect it. it was able to download a latest version (7 version 15) however it failed on installation.

    Any ideas?
  25. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Let me see a log from the following tool please:

    OTL Quick Scan

    Please download OTL by OldTimer to your Desktop.
    • Close all windows and double click OTL.exe.
    • Click Quick Scan button and let the program run uninterrupted.
    • It will produce a log for you called OTL.txt, please post it in your next reply.
    • You may need to use two posts to get it all.

    Quick question...do you need Java? (Do you use it at all?)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.