Solved PC freezes and crashes - Possible virus

Status
Not open for further replies.
J

Jackiesp

Posts: 48   +0
Hi ,

I wonder if someone can help. My computer has been running very slow and freezing alot especially when on internet. My AVG detected a virus in my drivers which was healed however my computer is still running slow. The other day my computer shut itself down when I was on the internet. When it started back it said there was a blue screen event and a driver malfunctioned. I updated the drivers but still having issues. I have also noticed there is svchost execution file that uses a lot of my memory which someone told me could be a virus. I have posted the logs below.

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.02.22.02
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Max :: MAX [administrator]
22/02/2013 10:52:35
mbam-log-2013-02-22 (10-52-35).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228677
Time elapsed: 14 minute(s), 5 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/06/2010 15:36:45
System Uptime: 22/02/2013 08:45:44 (3 hours ago)
.
Motherboard: eveshamvale | | MS-7125
Processor: AMD Athlon(tm) 64 Processor 3200+ | Socket 939 | 2010/201mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 147 GiB total, 8.021 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP774: 07/11/2012 21:03:41 - System Checkpoint
RP775: 07/11/2012 21:03:41 - OTL Restore Point - 01/11/2012 16:03:19
RP776: 07/11/2012 21:03:41 - Installed QuickTime
RP777: 07/11/2012 21:03:41 - System Checkpoint
RP778: 07/11/2012 21:03:41 - Removed AVG 2012
RP779: 07/11/2012 21:03:41 - Removed AVG 2012
RP780: 07/11/2012 21:03:41 - Installed AVG 2013
RP781: 07/11/2012 21:03:41 - Installed AVG 2013
RP782: 07/11/2012 21:03:41 - Installed AVG PC TuneUp
RP783: 07/11/2012 21:03:41 - Software Distribution Service 3.0
RP784: 25/11/2012 22:21:21 - System Checkpoint
RP785: 25/11/2012 22:21:21 - System Checkpoint
RP786: 25/11/2012 22:21:21 - System Checkpoint
RP787: 25/11/2012 22:21:21 - System Checkpoint
RP788: 25/11/2012 22:21:22 - Installed Microsoft Visual C++ 2005 Redistributable
RP789: 25/11/2012 22:21:22 - Installed Windows XP KB942288-v3.
RP790: 25/11/2012 22:21:22 - Installed DirectX
RP791: 25/11/2012 22:21:22 - Installed DirectX
RP792: 25/11/2012 22:21:22 - System Checkpoint
RP793: 25/11/2012 22:21:22 - Installed Nero 12.
RP794: 25/11/2012 22:21:22 - System Checkpoint
RP795: 25/11/2012 22:21:22 - Software Distribution Service 3.0
RP796: 25/11/2012 22:21:22 - System Checkpoint
RP797: 25/11/2012 22:21:22 - System Checkpoint
RP798: 25/11/2012 22:21:22 - System Checkpoint
RP799: 25/11/2012 22:21:22 - System Checkpoint
RP800: 25/11/2012 22:21:22 - System Checkpoint
RP801: 25/11/2012 22:21:22 - System Checkpoint
RP802: 28/12/2012 01:02:29 - System Checkpoint
RP803: 28/12/2012 01:02:29 - System Checkpoint
RP804: 28/12/2012 01:02:29 - AVG Regisry Defrag - before defragmentation
RP805: 28/12/2012 01:02:29 - System Checkpoint
RP806: 28/12/2012 01:02:29 - System Checkpoint
RP807: 28/12/2012 01:02:29 - System Checkpoint
RP808: 28/12/2012 01:02:29 - System Checkpoint
RP809: 28/12/2012 01:02:29 - System Checkpoint
RP810: 28/12/2012 01:02:29 - System Checkpoint
RP811: 28/12/2012 01:02:29 - System Checkpoint
RP812: 28/12/2012 01:02:29 - System Checkpoint
RP813: 28/12/2012 01:02:29 - System Checkpoint
RP814: 28/12/2012 01:02:29 - System Checkpoint
RP815: 28/12/2012 01:02:29 - Software Distribution Service 3.0
RP816: 28/12/2012 01:02:30 - System Checkpoint
RP817: 28/12/2012 01:02:30 - System Checkpoint
RP818: 28/12/2012 01:02:30 - System Checkpoint
RP819: 14/02/2013 10:08:27 - Software Distribution Service 3.0
RP820: 14/02/2013 10:08:27 - System Checkpoint
RP821: 14/02/2013 10:08:27 - System Checkpoint
RP822: 14/02/2013 10:08:27 - System Checkpoint
RP823: 14/02/2013 10:08:27 - Software Distribution Service 3.0
RP824: 14/02/2013 10:08:27 - System Checkpoint
RP825: 14/02/2013 10:08:27 - Software Distribution Service 3.0
RP826: 30/01/2013 00:31:00 - Software Distribution Service 3.0
RP827: 08/02/2013 12:29:01 - System Checkpoint
RP828: 14/02/2013 09:51:34 - System Checkpoint
RP829: 14/02/2013 17:03:51 - Software Distribution Service 3.0
RP830: 14/02/2013 19:18:51 - Removed AVG 2013
RP831: 14/02/2013 19:20:41 - Removed AVG 2013
RP832: 14/02/2013 19:24:39 - Removed Adobe Acrobat X Pro - English, Français, Deutsch.
RP833: 14/02/2013 19:26:33 - Removed Apple Application Support
RP834: 14/02/2013 19:27:28 - Removed Apple Software Update
RP835: 14/02/2013 19:33:30 - Installed AVG 2013
RP836: 14/02/2013 19:44:40 - Installed AVG 2013
RP837: 16/02/2013 10:10:25 - System Checkpoint
RP838: 17/02/2013 12:02:12 - System Checkpoint
RP839: 19/02/2013 13:40:14 - System Checkpoint
RP840: 20/02/2013 13:28:43 - Installed BlackBerry Device Software Updater.
RP841: 21/02/2013 23:40:46 - System Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Reader XI (11.0.02)
Agatha Christie - Murder on the Orient Express
µTorrent
AVG 2013
AVG PC TuneUp
AVG PC Tuneup 2011 10.0.0.24
AVG PC TuneUp Language Pack (en-US)
BlackBerry App World Browser Plugin
BlackBerry Desktop Software 7.1
BlackBerry Device Software Updater
Bonjour
Compatibility Pack for the 2007 Office system
Free Video to MP3 Converter version 5.0.22.128
Free YouTube to MP3 Converter version 3.12.0.128
Freemake Video Converter version 3.1.2
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java 7 Update 9
Java(TM) 6 Update 29
Junk Mail filter update
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual J# 2.0 Redistributable Package
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nero 12
Nero Audio Pack 1
Nero BackItUp
Nero BackItUp Help (CHM)
Nero Blu-ray Player
Nero Blu-ray Player Help (CHM)
Nero Burning ROM
Nero Burning ROM Help (CHM)
Nero ControlCenter
Nero ControlCenter Help (CHM)
Nero Core Components
Nero Disc Menus Basic
Nero Effects Basic
Nero Express
Nero Express Help (CHM)
Nero Kwik Media
Nero Kwik Media Help (CHM)
Nero Kwik Themes Basic
Nero PiP Effects Basic
Nero Recode
Nero Recode Help (CHM)
Nero RescueAgent
Nero RescueAgent Help (CHM)
Nero SharedVideoCodecs
Nero Update
Nero Video
Nero Video Help (CHM)
NVIDIA ForceWare Network Access Manager
PowerDVD
Prerequisite installer
QuickTime
Realtek AC'97 Audio
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB982381)
Segoe UI
Sky Broadband
Sky Broadband Browser Branding
SmartSound Quicktracks Plugin
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Virtual DJ - Atomix Productions
VLC media player 2.0.5
WebFldrs XP
Welcome App (Start-up experience)
Winamp
Winamp Detector Plug-in
Windows Imaging Component
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format Runtime
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
22/02/2013 01:23:37, error: System Error [1003] - Error code 100000d1, parameter1 0000002c, parameter2 00000002, parameter3 00000001, parameter4 b7697a8c.
22/02/2013 01:19:06, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
22/02/2013 01:19:06, error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
20/02/2013 21:22:29, error: Service Control Manager [7023] - The SharedAccess service terminated with the following error: Access is denied.
20/02/2013 10:59:28, error: Dhcp [1002] - The IP address lease 192.168.0.6 for the Network Card with network address 0013D36573EC has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
19/02/2013 20:32:59, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
19/02/2013 20:32:59, error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
19/02/2013 20:32:00, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
18/02/2013 14:15:26, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
17/02/2013 17:57:40, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Max at 11:15:59 on 2013-02-22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.118 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2012 *Enabled*
FW: NVIDIA Firewall *Disabled*
FW: AVG Firewall *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: DVDVideoSoft WebPageAdjuster Class: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\common files\dvdvideosoft\bin\IEDownloadMenuAndBtns.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\max\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\program files\common files\dvdvideosoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\common files\dvdvideosoft\plugins\freeytmp3downloader.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\common files\dvdvideosoft\bin\IEDownloadMenuAndBtns.dll
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1351086641375
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{46B03ACA-D47D-4E37-BA15-FA6D2FEBA269} : DHCPNameServer = 192.168.0.1
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-15 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2005-2-11 16640]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-12-7 54760]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2012-7-13 769432]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files\avg\avg pc tuneup\TuneUpUtilitiesService32.exe [2012-8-23 1532280]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\avg\avg pc tuneup\TuneUpUtilitiesDriver32.sys [2012-7-4 10088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-17 398184]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-6-12 682344]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-6-12 21104]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-4-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-4-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-4-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2007-4-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2007-4-23 98568]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2010-6-12 223128]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-02-08 13:52:08 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-08 13:52:03 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-26 03:55:44 552448 ------w- c:\windows\system32\oleaut32.dll
2013-01-07 01:16:02 2193024 ------w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36:58 2069760 ------w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00 1867264 ------w- c:\windows\system32\win32k.sys
2013-01-02 06:49:10 148992 ------w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:16:29 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:16:28 43520 ------w- c:\windows\system32\licmgr10.dll
2012-12-26 20:16:28 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:40:59 385024 ------w- c:\windows\system32\html.iec
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 16:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 11:16:56.73 ===============
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg


-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg


------------------------

Click the Start Scan button.

tdss_3.jpg


-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue


tdss_4.jpg


----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


tdss_5.jpg



--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
 
Hi, here's the result of the scan

01:00:19.0343 2948 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
01:00:19.0546 2948 ============================================================
01:00:19.0546 2948 Current date / time: 2013/02/23 01:00:19.0546
01:00:19.0546 2948 SystemInfo:
01:00:19.0546 2948
01:00:19.0546 2948 OS Version: 5.1.2600 ServicePack: 3.0
01:00:19.0546 2948 Product type: Workstation
01:00:19.0546 2948 ComputerName: MAX
01:00:19.0546 2948 UserName: Max
01:00:19.0546 2948 Windows directory: C:\WINDOWS
01:00:19.0546 2948 System windows directory: C:\WINDOWS
01:00:19.0546 2948 Processor architecture: Intel x86
01:00:19.0546 2948 Number of processors: 1
01:00:19.0546 2948 Page size: 0x1000
01:00:19.0546 2948 Boot type: Normal boot
01:00:19.0546 2948 ============================================================
01:00:21.0156 2948 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
01:00:21.0156 2948 ============================================================
01:00:21.0156 2948 \Device\Harddisk0\DR0:
01:00:21.0156 2948 MBR partitions:
01:00:21.0156 2948 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x125C2B27
01:00:21.0156 2948 ============================================================
01:00:21.0171 2948 C: <-> \Device\Harddisk0\DR0\Partition1
01:00:21.0171 2948 ============================================================
01:00:21.0171 2948 Initialize success
01:00:21.0171 2948 ============================================================
01:01:08.0875 3680 ============================================================
01:01:08.0875 3680 Scan started
01:01:08.0875 3680 Mode: Manual; SigCheck; TDLFS;
01:01:08.0875 3680 ============================================================
01:01:09.0140 3680 ================ Scan system memory ========================
01:01:09.0140 3680 System memory - ok
01:01:09.0140 3680 ================ Scan services =============================
01:01:09.0234 3680 [ C07D5197410AAB28D0D93F943F59656D ] 6to4 C:\WINDOWS\System32\6to4svc.dll
01:01:10.0140 3680 6to4 - ok
01:01:10.0156 3680 Abiosdsk - ok
01:01:10.0171 3680 abp480n5 - ok
01:01:10.0218 3680 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
01:01:11.0031 3680 ACPI - ok
01:01:11.0062 3680 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
01:01:11.0234 3680 ACPIEC - ok
01:01:11.0250 3680 adfs - ok
01:01:11.0312 3680 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
01:01:11.0375 3680 AdobeFlashPlayerUpdateSvc - ok
01:01:11.0375 3680 adpu160m - ok
01:01:11.0421 3680 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
01:01:11.0609 3680 aec - ok
01:01:11.0656 3680 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
01:01:11.0750 3680 AFD - ok
01:01:11.0750 3680 Aha154x - ok
01:01:11.0765 3680 aic78u2 - ok
01:01:11.0765 3680 aic78xx - ok
01:01:11.0921 3680 [ D9026163ED32A13923A2C909897A6B87 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
01:01:12.0203 3680 ALCXWDM - ok
01:01:12.0234 3680 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
01:01:12.0390 3680 Alerter - ok
01:01:12.0406 3680 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
01:01:12.0484 3680 ALG - ok
01:01:12.0484 3680 AliIde - ok
01:01:12.0500 3680 amsint - ok
01:01:12.0500 3680 AppMgmt - ok
01:01:12.0515 3680 asc - ok
01:01:12.0515 3680 asc3350p - ok
01:01:12.0531 3680 asc3550 - ok
01:01:12.0609 3680 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
01:01:12.0671 3680 aspnet_state - ok
01:01:12.0703 3680 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
01:01:12.0875 3680 AsyncMac - ok
01:01:12.0890 3680 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
01:01:13.0031 3680 atapi - ok
01:01:13.0046 3680 Atdisk - ok
01:01:13.0062 3680 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
01:01:13.0203 3680 Atmarpc - ok
01:01:13.0218 3680 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
01:01:13.0359 3680 AudioSrv - ok
01:01:13.0390 3680 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
01:01:13.0546 3680 audstub - ok
01:01:13.0812 3680 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
01:01:14.0156 3680 AVGIDSAgent - ok
01:01:14.0203 3680 [ 7BB2C605094DBCA536D127B434214862 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
01:01:14.0500 3680 AVGIDSDriver - ok
01:01:14.0531 3680 [ 8F50F98686C9A397A19FCBAE284DB1C5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
01:01:14.0546 3680 AVGIDSHX - ok
01:01:14.0562 3680 [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
01:01:14.0578 3680 AVGIDSShim - ok
01:01:14.0609 3680 [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
01:01:14.0625 3680 Avgldx86 - ok
01:01:14.0656 3680 [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys
01:01:14.0687 3680 Avglogx - ok
01:01:14.0687 3680 [ AF7AA9BA434CD28833A66E90993E8DFD ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
01:01:14.0703 3680 Avgmfx86 - ok
01:01:14.0718 3680 [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
01:01:14.0734 3680 Avgrkx86 - ok
01:01:14.0750 3680 [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
01:01:14.0781 3680 Avgtdix - ok
01:01:14.0828 3680 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
01:01:14.0843 3680 avgwd - ok
01:01:14.0890 3680 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
01:01:15.0015 3680 Beep - ok
01:01:15.0062 3680 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
01:01:15.0343 3680 BITS - ok
01:01:15.0421 3680 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
01:01:15.0453 3680 Bonjour Service - ok
01:01:15.0484 3680 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
01:01:15.0593 3680 Browser - ok
01:01:15.0609 3680 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
01:01:15.0781 3680 cbidf2k - ok
01:01:15.0796 3680 cd20xrnt - ok
01:01:15.0828 3680 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
01:01:15.0984 3680 Cdaudio - ok
01:01:16.0015 3680 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
01:01:16.0156 3680 Cdfs - ok
01:01:16.0187 3680 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
01:01:16.0234 3680 Cdrom - ok
01:01:16.0250 3680 Changer - ok
01:01:16.0281 3680 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
01:01:16.0406 3680 CiSvc - ok
01:01:16.0437 3680 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
01:01:16.0578 3680 ClipSrv - ok
01:01:16.0609 3680 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:01:16.0687 3680 clr_optimization_v2.0.50727_32 - ok
01:01:16.0750 3680 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:01:16.0812 3680 clr_optimization_v4.0.30319_32 - ok
01:01:16.0812 3680 CmdIde - ok
01:01:16.0828 3680 COMSysApp - ok
01:01:16.0843 3680 Cpqarray - ok
01:01:16.0859 3680 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
01:01:17.0015 3680 CryptSvc - ok
01:01:17.0015 3680 dac2w2k - ok
01:01:17.0031 3680 dac960nt - ok
01:01:17.0078 3680 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
01:01:17.0171 3680 DcomLaunch - ok
01:01:17.0218 3680 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
01:01:17.0359 3680 Dhcp - ok
01:01:17.0390 3680 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
01:01:17.0531 3680 Disk - ok
01:01:17.0531 3680 dmadmin - ok
01:01:17.0578 3680 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
01:01:17.0781 3680 dmboot - ok
01:01:17.0812 3680 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
01:01:17.0953 3680 dmio - ok
01:01:18.0000 3680 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
01:01:18.0140 3680 dmload - ok
01:01:18.0187 3680 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
01:01:18.0328 3680 dmserver - ok
01:01:18.0343 3680 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
01:01:18.0500 3680 DMusic - ok
01:01:18.0546 3680 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
01:01:18.0640 3680 Dnscache - ok
01:01:18.0671 3680 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
01:01:18.0828 3680 Dot3svc - ok
01:01:18.0828 3680 dpti2o - ok
01:01:18.0843 3680 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
01:01:19.0000 3680 drmkaud - ok
01:01:19.0015 3680 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
01:01:19.0187 3680 EapHost - ok
01:01:19.0203 3680 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
01:01:19.0343 3680 ERSvc - ok
01:01:19.0390 3680 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
01:01:19.0406 3680 Eventlog - ok
01:01:19.0437 3680 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
01:01:19.0500 3680 EventSystem - ok
01:01:19.0546 3680 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
01:01:19.0671 3680 Fastfat - ok
01:01:19.0718 3680 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
01:01:19.0781 3680 FastUserSwitchingCompatibility - ok
01:01:19.0796 3680 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
01:01:19.0953 3680 Fdc - ok
01:01:19.0968 3680 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
01:01:20.0109 3680 Fips - ok
01:01:20.0140 3680 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
01:01:20.0265 3680 Flpydisk - ok
01:01:20.0296 3680 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
01:01:20.0437 3680 FltMgr - ok
01:01:20.0515 3680 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
01:01:20.0531 3680 FontCache3.0.0.0 - ok
01:01:20.0609 3680 [ 977AD9951D842D9284240226C3907C98 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
01:01:20.0640 3680 ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - warning
01:01:20.0640 3680 ForceWare Intelligent Application Manager (IAM) - detected UnsignedFile.Multi.Generic (1)
01:01:20.0687 3680 [ B81F8778F5BB485F3B75114F0C99A49F ] ForcewareWebInterface C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
01:01:20.0703 3680 ForcewareWebInterface ( UnsignedFile.Multi.Generic ) - warning
01:01:20.0703 3680 ForcewareWebInterface - detected UnsignedFile.Multi.Generic (1)
01:01:20.0750 3680 [ E0087225B137E57239FF40F8AE82059B ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
01:01:20.0765 3680 fssfltr - ok
01:01:20.0906 3680 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
01:01:20.0968 3680 fsssvc - ok
01:01:20.0984 3680 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
01:01:21.0125 3680 Fs_Rec - ok
01:01:21.0140 3680 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
01:01:21.0281 3680 Ftdisk - ok
01:01:21.0296 3680 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
01:01:21.0328 3680 GEARAspiWDM - ok
01:01:21.0359 3680 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
01:01:21.0500 3680 Gpc - ok
01:01:21.0593 3680 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
01:01:21.0640 3680 gupdate - ok
01:01:21.0640 3680 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
01:01:21.0671 3680 gupdatem - ok
01:01:21.0718 3680 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
01:01:21.0750 3680 gusvc - ok
01:01:21.0843 3680 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
01:01:21.0984 3680 helpsvc - ok
01:01:22.0015 3680 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
01:01:22.0171 3680 HidServ - ok
01:01:22.0203 3680 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
01:01:22.0343 3680 HidUsb - ok
01:01:22.0375 3680 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
01:01:22.0531 3680 hkmsvc - ok
01:01:22.0531 3680 hpn - ok
01:01:22.0562 3680 [ 970178E8E003EB1481293830069624B9 ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
01:01:22.0734 3680 HSFHWBS2 - ok
01:01:22.0781 3680 [ EBB354438A4C5A3327FB97306260714A ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
01:01:23.0000 3680 HSF_DP - ok
01:01:23.0046 3680 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
01:01:23.0078 3680 HTTP - ok
01:01:23.0109 3680 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
01:01:23.0250 3680 HTTPFilter - ok
01:01:23.0250 3680 i2omgmt - ok
01:01:23.0265 3680 i2omp - ok
01:01:23.0281 3680 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
01:01:23.0437 3680 i8042prt - ok
01:01:23.0562 3680 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
01:01:23.0593 3680 IDriverT ( UnsignedFile.Multi.Generic ) - warning
01:01:23.0593 3680 IDriverT - detected UnsignedFile.Multi.Generic (1)
01:01:23.0703 3680 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
01:01:23.0781 3680 idsvc - ok
01:01:23.0812 3680 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
01:01:23.0937 3680 Imapi - ok
01:01:23.0984 3680 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
01:01:24.0125 3680 ImapiService - ok
01:01:24.0125 3680 InCDFs - ok
01:01:24.0140 3680 InCDPass - ok
01:01:24.0156 3680 InCDRm - ok
01:01:24.0156 3680 ini910u - ok
01:01:24.0171 3680 IntelIde - ok
01:01:24.0218 3680 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
01:01:24.0359 3680 Ip6Fw - ok
01:01:24.0406 3680 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
01:01:24.0546 3680 IpFilterDriver - ok
01:01:24.0578 3680 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
01:01:24.0718 3680 IpInIp - ok
01:01:24.0750 3680 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
01:01:24.0890 3680 IpNat - ok
01:01:24.0890 3680 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
01:01:25.0046 3680 IPSec - ok
01:01:25.0062 3680 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
01:01:25.0125 3680 IRENUM - ok
01:01:25.0140 3680 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
01:01:25.0265 3680 isapnp - ok
01:01:25.0375 3680 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
01:01:25.0390 3680 JavaQuickStarterService - ok
01:01:25.0421 3680 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
01:01:25.0562 3680 Kbdclass - ok
01:01:25.0609 3680 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
01:01:25.0750 3680 kbdhid - ok
01:01:25.0765 3680 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
01:01:25.0906 3680 kmixer - ok
01:01:25.0937 3680 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
01:01:25.0984 3680 KSecDD - ok
01:01:26.0031 3680 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
01:01:26.0125 3680 lanmanserver - ok
01:01:26.0140 3680 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
01:01:26.0187 3680 lanmanworkstation - ok
01:01:26.0187 3680 lbrtfdc - ok
01:01:26.0234 3680 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
01:01:26.0359 3680 LmHosts - ok
01:01:26.0390 3680 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
01:01:26.0421 3680 MBAMProtector - ok
01:01:26.0500 3680 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
01:01:26.0546 3680 MBAMScheduler - ok
01:01:26.0593 3680 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
01:01:26.0656 3680 MBAMService - ok
01:01:26.0718 3680 [ 195741AEE20369980796B557358CD774 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
01:01:26.0875 3680 mdmxsdk - ok
01:01:26.0890 3680 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
01:01:27.0046 3680 Messenger - ok
01:01:27.0078 3680 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
01:01:27.0234 3680 mnmdd - ok
01:01:27.0265 3680 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
01:01:27.0421 3680 mnmsrvc - ok
01:01:27.0453 3680 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
01:01:27.0593 3680 Modem - ok
01:01:27.0625 3680 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
01:01:27.0765 3680 Mouclass - ok
01:01:27.0812 3680 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
01:01:27.0953 3680 mouhid - ok
01:01:27.0968 3680 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
01:01:28.0109 3680 MountMgr - ok
01:01:28.0109 3680 mraid35x - ok
01:01:28.0140 3680 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
01:01:28.0265 3680 MRxDAV - ok
01:01:28.0312 3680 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
01:01:28.0421 3680 MRxSmb - ok
01:01:28.0453 3680 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
01:01:28.0609 3680 MSDTC - ok
01:01:28.0625 3680 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
01:01:28.0781 3680 Msfs - ok
01:01:28.0781 3680 MSIServer - ok
01:01:28.0812 3680 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
01:01:28.0953 3680 MSKSSRV - ok
01:01:28.0968 3680 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
01:01:29.0109 3680 MSPCLOCK - ok
01:01:29.0171 3680 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
01:01:29.0296 3680 MSPQM - ok
01:01:29.0312 3680 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
01:01:29.0468 3680 mssmbios - ok
01:01:29.0484 3680 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
01:01:29.0562 3680 Mup - ok
01:01:29.0593 3680 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
01:01:29.0734 3680 napagent - ok
01:01:29.0859 3680 [ E0E4A1F81A7D69C595A8A9DDAD084C19 ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe
01:01:29.0906 3680 NAUpdate - ok
01:01:29.0937 3680 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
01:01:30.0093 3680 NDIS - ok
01:01:30.0125 3680 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
01:01:30.0171 3680 NdisTapi - ok
01:01:30.0203 3680 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
01:01:30.0343 3680 Ndisuio - ok
01:01:30.0390 3680 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
01:01:30.0546 3680 NdisWan - ok
01:01:30.0578 3680 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
01:01:30.0656 3680 NDProxy - ok
01:01:30.0656 3680 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
01:01:30.0796 3680 NetBIOS - ok
01:01:30.0828 3680 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
01:01:30.0984 3680 NetBT - ok
01:01:31.0000 3680 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
01:01:31.0156 3680 NetDDE - ok
01:01:31.0156 3680 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
01:01:31.0312 3680 NetDDEdsdm - ok
01:01:31.0343 3680 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
01:01:31.0484 3680 Netlogon - ok
01:01:31.0500 3680 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
01:01:31.0671 3680 Netman - ok
01:01:31.0718 3680 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:01:31.0734 3680 NetTcpPortSharing - ok
01:01:31.0765 3680 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
01:01:31.0812 3680 Nla - ok
01:01:31.0828 3680 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
01:01:31.0953 3680 Npfs - ok
01:01:32.0000 3680 [ C1B237858D0A39A2F0B8675EE3142FD1 ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
01:01:32.0031 3680 nSvcIp ( UnsignedFile.Multi.Generic ) - warning
01:01:32.0031 3680 nSvcIp - detected UnsignedFile.Multi.Generic (1)
01:01:32.0046 3680 [ 6B81F3CF33C92DFA3D69B5D355F47570 ] nSvcLog C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
01:01:32.0062 3680 nSvcLog ( UnsignedFile.Multi.Generic ) - warning
01:01:32.0062 3680 nSvcLog - detected UnsignedFile.Multi.Generic (1)
01:01:32.0109 3680 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
01:01:32.0312 3680 Ntfs - ok
01:01:32.0312 3680 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
01:01:32.0453 3680 NtLmSsp - ok
01:01:32.0500 3680 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
01:01:32.0640 3680 NtmsSvc - ok
01:01:32.0656 3680 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
01:01:32.0812 3680 Null - ok
01:01:32.0937 3680 [ 9772E9E8F27E33284C20E3AAD9EAAB9D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
01:01:33.0109 3680 nv ( UnsignedFile.Multi.Generic ) - warning
01:01:33.0109 3680 nv - detected UnsignedFile.Multi.Generic (1)
01:01:33.0140 3680 [ 83F0275A21D9772B51CEF57E35AFAE61 ] nvatabus C:\WINDOWS\system32\DRIVERS\nvatabus.sys
01:01:33.0203 3680 nvatabus - ok
01:01:33.0218 3680 [ FB7213BC5279C1AF5E4E9CA05D944F2C ] nvcchflt C:\WINDOWS\system32\DRIVERS\nvcchflt.sys
01:01:33.0250 3680 nvcchflt - ok
01:01:33.0265 3680 [ 468E839F0F7AFF5C9BAA4717B82CDD11 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
01:01:33.0296 3680 NVENETFD - ok
01:01:33.0328 3680 [ 7A6444C5F0D53C7E6E7F500BC4C930F7 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
01:01:33.0375 3680 nvnetbus - ok
01:01:33.0421 3680 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
01:01:33.0562 3680 NwlnkFlt - ok
01:01:33.0562 3680 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
01:01:33.0718 3680 NwlnkFwd - ok
01:01:33.0781 3680 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:01:33.0812 3680 ose - ok
01:01:33.0843 3680 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
01:01:33.0984 3680 Parport - ok
01:01:34.0000 3680 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
01:01:34.0156 3680 PartMgr - ok
01:01:34.0187 3680 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
01:01:34.0328 3680 ParVdm - ok
01:01:34.0359 3680 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
01:01:34.0515 3680 PCI - ok
01:01:34.0515 3680 PCIDump - ok
01:01:34.0531 3680 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
01:01:34.0671 3680 PCIIde - ok
01:01:34.0703 3680 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
01:01:34.0843 3680 Pcmcia - ok
01:01:34.0843 3680 PDCOMP - ok
01:01:34.0859 3680 PDFRAME - ok
01:01:34.0859 3680 PDRELI - ok
01:01:34.0875 3680 PDRFRAME - ok
01:01:34.0890 3680 perc2 - ok
01:01:34.0890 3680 perc2hib - ok
01:01:34.0921 3680 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
01:01:34.0953 3680 PlugPlay - ok
01:01:34.0984 3680 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
01:01:35.0109 3680 PolicyAgent - ok
01:01:35.0125 3680 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
01:01:35.0281 3680 PptpMiniport - ok
01:01:35.0296 3680 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
01:01:35.0453 3680 Processor - ok
01:01:35.0468 3680 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
01:01:35.0593 3680 ProtectedStorage - ok
01:01:35.0609 3680 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
01:01:35.0750 3680 PSched - ok
01:01:35.0765 3680 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
01:01:35.0906 3680 Ptilink - ok
01:01:35.0921 3680 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
01:01:35.0953 3680 PxHelp20 - ok
01:01:35.0968 3680 ql1080 - ok
01:01:35.0968 3680 Ql10wnt - ok
01:01:35.0984 3680 ql12160 - ok
01:01:36.0000 3680 ql1240 - ok
01:01:36.0000 3680 ql1280 - ok
01:01:36.0031 3680 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
01:01:36.0171 3680 RasAcd - ok
01:01:36.0203 3680 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
01:01:36.0343 3680 RasAuto - ok
01:01:36.0375 3680 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
01:01:36.0531 3680 Rasl2tp - ok
01:01:36.0562 3680 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
01:01:36.0703 3680 RasMan - ok
01:01:36.0718 3680 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
01:01:36.0875 3680 RasPppoe - ok
01:01:36.0890 3680 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
01:01:37.0015 3680 Raspti - ok
01:01:37.0031 3680 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
01:01:37.0156 3680 Rdbss - ok
01:01:37.0156 3680 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
01:01:37.0296 3680 RDPCDD - ok
01:01:37.0328 3680 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
01:01:37.0421 3680 RDPWD - ok
01:01:37.0437 3680 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
01:01:37.0578 3680 RDSessMgr - ok
01:01:37.0593 3680 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
01:01:37.0750 3680 redbook - ok
01:01:37.0781 3680 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
01:01:37.0921 3680 RemoteAccess - ok
01:01:37.0953 3680 [ 4F4A4C09CC5BE58A76CAC1C337E004E6 ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
01:01:38.0031 3680 RimUsb - ok
01:01:38.0062 3680 [ 3A5633AD615E2B15291BD0B1B97CCD8A ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
01:01:38.0109 3680 RimVSerPort - ok
01:01:38.0140 3680 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
01:01:38.0281 3680 ROOTMODEM - ok
01:01:38.0312 3680 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
01:01:38.0437 3680 RpcLocator - ok
01:01:38.0468 3680 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
01:01:38.0500 3680 RpcSs - ok
01:01:38.0546 3680 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
01:01:38.0703 3680 RSVP - ok
01:01:38.0718 3680 [ E1AB463B36A7EF31D8A73A97A9B57AFA ] s115bus C:\WINDOWS\system32\DRIVERS\s115bus.sys
01:01:38.0750 3680 s115bus - ok
01:01:38.0765 3680 [ E24113FC13B8737C94CF4E3415488C76 ] s115mdfl C:\WINDOWS\system32\DRIVERS\s115mdfl.sys
01:01:38.0781 3680 s115mdfl - ok
01:01:38.0796 3680 [ 4029E49E7C673AA0670BD206B0AF1B5B ] s115mdm C:\WINDOWS\system32\DRIVERS\s115mdm.sys
01:01:38.0828 3680 s115mdm - ok
01:01:38.0828 3680 [ EB02AB4CA8BCCECFDE236CAD8FC6E135 ] s115mgmt C:\WINDOWS\system32\DRIVERS\s115mgmt.sys
01:01:38.0875 3680 s115mgmt - ok
01:01:38.0890 3680 [ 089869DB9FFD2AC807FA87FE82AC7761 ] s115obex C:\WINDOWS\system32\DRIVERS\s115obex.sys
01:01:38.0921 3680 s115obex - ok
01:01:38.0953 3680 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
01:01:39.0093 3680 SamSs - ok
01:01:39.0109 3680 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
01:01:39.0234 3680 SCardSvr - ok
01:01:39.0281 3680 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
01:01:39.0421 3680 Schedule - ok
01:01:39.0453 3680 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
01:01:39.0500 3680 Secdrv - ok
01:01:39.0531 3680 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
01:01:39.0640 3680 seclogon - ok
01:01:39.0656 3680 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
01:01:39.0796 3680 SENS - ok
01:01:39.0828 3680 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
01:01:39.0937 3680 serenum - ok
01:01:39.0953 3680 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
01:01:40.0093 3680 Serial - ok
01:01:40.0125 3680 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
01:01:40.0250 3680 Sfloppy - ok
01:01:40.0312 3680 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
01:01:40.0437 3680 SharedAccess - ok
01:01:40.0468 3680 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
01:01:40.0500 3680 ShellHWDetection - ok
01:01:40.0515 3680 Simbad - ok
01:01:40.0531 3680 Sparrow - ok
01:01:40.0562 3680 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
01:01:40.0687 3680 splitter - ok
01:01:40.0734 3680 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
01:01:40.0796 3680 Spooler - ok
01:01:40.0859 3680 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
01:01:40.0859 3680 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
01:01:40.0859 3680 sptd ( LockedFile.Multi.Generic ) - warning
01:01:40.0859 3680 sptd - detected LockedFile.Multi.Generic (1)
01:01:40.0875 3680 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
01:01:40.0937 3680 sr - ok
01:01:40.0968 3680 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
01:01:41.0031 3680 srservice - ok
01:01:41.0078 3680 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
01:01:41.0156 3680 Srv - ok
01:01:41.0187 3680 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
01:01:41.0250 3680 SSDPSRV - ok
01:01:41.0281 3680 [ 306521935042FC0A6988D528643619B3 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
01:01:41.0312 3680 StarOpen ( UnsignedFile.Multi.Generic ) - warning
01:01:41.0312 3680 StarOpen - detected UnsignedFile.Multi.Generic (1)
01:01:41.0375 3680 [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
01:01:41.0406 3680 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
01:01:41.0406 3680 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
01:01:41.0453 3680 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
01:01:41.0578 3680 stisvc - ok
01:01:41.0625 3680 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
01:01:41.0765 3680 swenum - ok
01:01:41.0781 3680 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
01:01:41.0890 3680 swmidi - ok
01:01:41.0906 3680 SwPrv - ok
01:01:41.0921 3680 symc810 - ok
01:01:41.0921 3680 symc8xx - ok
01:01:41.0937 3680 sym_hi - ok
01:01:41.0953 3680 sym_u3 - ok
01:01:41.0968 3680 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
01:01:42.0109 3680 sysaudio - ok
01:01:42.0140 3680 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
01:01:42.0265 3680 SysmonLog - ok
01:01:42.0296 3680 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
01:01:42.0437 3680 TapiSrv - ok
01:01:42.0484 3680 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
01:01:42.0515 3680 Tcpip - ok
01:01:42.0531 3680 [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7 ] Tcpip6 C:\WINDOWS\system32\DRIVERS\tcpip6.sys
01:01:42.0562 3680 Tcpip6 - ok
01:01:42.0578 3680 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
01:01:42.0718 3680 TDPIPE - ok
01:01:42.0750 3680 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
01:01:42.0890 3680 TDTCP - ok
01:01:42.0906 3680 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
01:01:43.0062 3680 TermDD - ok
01:01:43.0093 3680 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
01:01:43.0218 3680 TermService - ok
01:01:43.0250 3680 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
01:01:43.0281 3680 Themes - ok
01:01:43.0281 3680 TosIde - ok
01:01:43.0312 3680 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
01:01:43.0437 3680 TrkWks - ok
01:01:43.0562 3680 [ 9DF6AD6FC51A802808621CBFB2A88453 ] TuneUp.UtilitiesSvc C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
01:01:43.0671 3680 TuneUp.UtilitiesSvc - ok
01:01:43.0703 3680 [ 94C4CD2D19B8C4137A46261F229FEC24 ] TuneUpUtilitiesDrv C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys
01:01:43.0718 3680 TuneUpUtilitiesDrv - ok
01:01:43.0765 3680 [ 8F861EDA21C05857EB8197300A92501C ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys
01:01:43.0890 3680 tunmp - ok
01:01:43.0953 3680 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
01:01:44.0140 3680 Udfs - ok
01:01:44.0140 3680 ultra - ok
01:01:44.0187 3680 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
01:01:44.0234 3680 UMWdf - ok
01:01:44.0265 3680 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
01:01:44.0406 3680 Update - ok
01:01:44.0484 3680 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
01:01:44.0546 3680 upnphost - ok
01:01:44.0562 3680 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
01:01:44.0718 3680 UPS - ok
01:01:44.0718 3680 USBAAPL - ok
01:01:44.0765 3680 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
01:01:44.0890 3680 usbaudio - ok
01:01:44.0906 3680 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
01:01:45.0062 3680 usbccgp - ok
01:01:45.0078 3680 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
01:01:45.0203 3680 usbehci - ok
01:01:45.0218 3680 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
01:01:45.0375 3680 usbhub - ok
01:01:45.0390 3680 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
01:01:45.0515 3680 usbohci - ok
01:01:45.0562 3680 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
01:01:45.0687 3680 usbprint - ok
01:01:45.0734 3680 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
01:01:45.0843 3680 usbscan - ok
01:01:45.0890 3680 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
01:01:46.0031 3680 usbstor - ok
01:01:46.0078 3680 [ 68C0AEABCB33674FB9EF2D52ED57D358 ] UserAccess7 C:\WINDOWS\system32\UAService7.exe
01:01:46.0109 3680 UserAccess7 ( UnsignedFile.Multi.Generic ) - warning
01:01:46.0109 3680 UserAccess7 - detected UnsignedFile.Multi.Generic (1)
01:01:46.0156 3680 [ 92CEBC2BC7BE2C8D49391B365569F306 ] vaxscsi C:\WINDOWS\System32\Drivers\vaxscsi.sys
01:01:46.0187 3680 vaxscsi - ok
01:01:46.0218 3680 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
01:01:46.0343 3680 VgaSave - ok
01:01:46.0359 3680 ViaIde - ok
01:01:46.0390 3680 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
01:01:46.0546 3680 VolSnap - ok
01:01:46.0593 3680 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
01:01:46.0671 3680 VSS - ok
01:01:46.0703 3680 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
01:01:46.0828 3680 W32Time - ok
01:01:46.0843 3680 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
01:01:46.0968 3680 Wanarp - ok
01:01:47.0015 3680 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
01:01:47.0062 3680 Wdf01000 - ok
01:01:47.0062 3680 WDICA - ok
01:01:47.0093 3680 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
01:01:47.0218 3680 wdmaud - ok
01:01:47.0250 3680 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
01:01:47.0390 3680 WebClient - ok
01:01:47.0453 3680 [ 1225EBEA76AAC3C84DF6C54FE5E5D8BE ] winachsf C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
01:01:47.0609 3680 winachsf - ok
01:01:47.0687 3680 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
01:01:47.0812 3680 winmgmt - ok
01:01:47.0875 3680 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
01:01:47.0906 3680 WmdmPmSN - ok
01:01:47.0937 3680 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
01:01:48.0093 3680 WmiApSrv - ok
01:01:48.0125 3680 [ 1385E5AA9C9821790D33A9563B8D2DD0 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
01:01:48.0156 3680 WpdUsb - ok
01:01:48.0265 3680 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
01:01:48.0343 3680 WPFFontCache_v0400 - ok
01:01:48.0390 3680 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
01:01:48.0515 3680 WS2IFSL - ok
01:01:48.0562 3680 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
01:01:48.0687 3680 wscsvc - ok
01:01:48.0703 3680 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
01:01:48.0890 3680 wuauserv - ok
01:01:48.0953 3680 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
01:01:49.0125 3680 WZCSVC - ok
01:01:49.0156 3680 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
01:01:49.0296 3680 xmlprov - ok
01:01:49.0296 3680 ================ Scan global ===============================
01:01:49.0328 3680 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
01:01:49.0406 3680 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
01:01:49.0421 3680 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
01:01:49.0437 3680 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
01:01:49.0437 3680 [Global] - ok
01:01:49.0453 3680 ================ Scan MBR ==================================
01:01:49.0468 3680 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
01:01:49.0640 3680 \Device\Harddisk0\DR0 - ok
01:01:49.0640 3680 ================ Scan VBR ==================================
01:01:49.0640 3680 [ C317D6F9EACFB1D8BE79F0A25F7D8300 ] \Device\Harddisk0\DR0\Partition1
01:01:49.0640 3680 \Device\Harddisk0\DR0\Partition1 - ok
01:01:49.0640 3680 ============================================================
01:01:49.0640 3680 Scan finished
01:01:49.0640 3680 ============================================================
01:01:49.0812 3672 Detected object count: 10
01:01:49.0812 3672 Actual detected object count: 10
01:02:49.0203 3672 ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - skipped by user
01:02:49.0203 3672 ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:02:49.0203 3672 ForcewareWebInterface ( UnsignedFile.Multi.Generic ) - skipped by user
01:02:49.0203 3672 ForcewareWebInterface ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:02:49.0203 3672 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
01:02:49.0203 3672 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:02:49.0203 3672 nSvcIp ( UnsignedFile.Multi.Generic ) - skipped by user
01:02:49.0203 3672 nSvcIp ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:02:49.0234 3672 nSvcLog ( UnsignedFile.Multi.Generic ) - skipped by user
01:02:49.0234 3672 nSvcLog ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:02:49.0234 3672 nv ( UnsignedFile.Multi.Generic ) - skipped by user
01:02:49.0234 3672 nv ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:02:49.0234 3672 sptd ( LockedFile.Multi.Generic ) - skipped by user
01:02:49.0234 3672 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
01:02:49.0234 3672 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
01:02:49.0234 3672 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:02:49.0234 3672 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
01:02:49.0234 3672 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:02:49.0234 3672 UserAccess7 ( UnsignedFile.Multi.Generic ) - skipped by user
01:02:49.0234 3672 UserAccess7 ( UnsignedFile.Multi.Generic ) - User select action: Skip
 
Looks good so far...

avast! aswMBR

Please download aswMBR from here
  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Uncheck "Trace disk IO calls".
  • Click the Scan button to start the scan as illustrated below
aswMBR_Scan.jpg

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.
  • Once the scan finishes click Save log to save the log to your Desktop
    aswMBR_SaveLog.png
  • Copy and paste the contents of aswMBR.txt back here for review
  • Please also find MBR.dat on your Desktop, and rename it to MBRscan.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.


Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

p22001645.gif




Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22001646.gif



Go to Step 4 and under "System Restore" click on Create button:

p22001644.gif



Go to Start Repairs tab and click Start button.

p22001166.gif



Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

p22001647.gif


Click on box next to the Restart System when Finished. Then click on Start.


Let me know if things start speeding up...
 
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-23 21:13:08
-----------------------------
21:13:08.591 OS Version: Windows 5.1.2600 Service Pack 3
21:13:08.591 Number of processors: 1 586 0x2F02
21:13:08.591 ComputerName: MAX UserName: Max
21:13:08.951 Initialize success
21:13:49.341 AVAST engine defs: 13022300
21:13:59.106 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006e
21:13:59.106 Disk 0 Vendor: WDC_WD1600JB-00GVC0 08.02D08 Size: 152627MB BusType: 3
21:13:59.137 Disk 0 MBR read successfully
21:13:59.137 Disk 0 MBR scan
21:13:59.247 Disk 0 Windows XP default MBR code
21:13:59.247 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 150405 MB offset 63
21:13:59.278 Disk 0 Partition 2 00 12 Compaq diag RECOVERY 2219 MB offset 308030310
21:13:59.293 Disk 0 scanning sectors +312576705
21:13:59.434 Disk 0 scanning C:\WINDOWS\system32\drivers
21:14:24.402 Service scanning
21:14:37.902 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
21:14:42.980 Modules scanning
21:15:02.417 AVAST engine scan C:\WINDOWS
21:15:10.136 AVAST engine scan C:\WINDOWS\system32
21:19:18.850 AVAST engine scan C:\WINDOWS\system32\drivers
21:19:41.693 AVAST engine scan C:\Documents and Settings\Max
21:20:52.864 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Max\Desktop\MBR.dat"
21:20:52.864 The log file has been saved successfully to "C:\Documents and Settings\Max\Desktop\aswMBR.txt"


I have tried to upload the MBR file however when I click on the upload file button it cannot find the file on my desktop.
 
Can you tell me about the events that led up to how the PC started freezing and crashing?

What about blue screens? Black screens with blinking cursor?
 
I was on internet explorer. I needed to update my software on my blackberry. I plugged the USB lead to one of theports on my computer. My computer started to freeze and an error message popped up from AVG stating that ineternet explorer was using too much memeory and suggested closing and re-opening to improve performance. I clicked to close internet and my computer froze. After about 3 minutes I clicked alt-ctrl and delete to try and close it that way. nothing happened and then my computer restarted itself. Upon boot up it said that my computer had blue screen event and that windows closed down my PC.

I have noticed that even when I have one application open for a small while my computer starts to freeze. I have a set of headphones which connects via USB. They dont always work and then no sound comes from my PC even when I disconnect them. When I try to play music it says that no sound driver can be deteceted. I then have to restart my computer for the sound to come back. I only have the free edition of AVG but when it updates my computer freezes until its finished. The same thing happens with windows update. I have tried cleaning registry using PC clean up but it doesn't seemt to speed up. I knwo that I have a small amount of memory but over the course of a couple of weeks it has slowed down considerably and applications just freeze and I have to restart my PC to continue working.

I have finished running windows repair. I couldn't complete step 3 as I cant find the Windows CD,
 
Download a 32-bit AVG removal tool for your version of AVG from this page: http://www.avg.com/us-en/utilities

Run the removal tool. Then, download and install avast! Free, www.avast.com -- or Avira Free, www.free-av.com

Once done, let me know if the same issues continue. :)

I'm thinking AVG does not like your system, and is taking it over (not good). I've known AVG software to do this for years, and 90% of the time (in my opinion) the problem with freezing (if it isn't anything else), it is probably AVG issue.

Let me know how it works. :)
 
I ran the removal tool - some dos script came up and a dialogue box saying that the tool will remove AVG. I clicked on OK, then the dialogue box and DOS closed but nothing happened AVG is still on my compter
 
I ran the remover tool. Some dos script came up and then restarted but AVG is still on my computer. Am I doing something wrong?
 
I have managed to uninstall AVG and I have downloaded Avira. During the first scan it detected a virus adn quarantined it. Please see below details of the Avira log.


Avira Free Antivirus
Report file date: 24 February 2013 13:50

The program is running as an unrestricted full version.
Online services are available.
Licensee : Avira Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Microsoft Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : Max
Computer name : MAX
Version information:
BUILD.DAT : 13.0.0.3185 47702 Bytes 30/01/2013 10:13:00
AVSCAN.EXE : 13.6.0.584 640224 Bytes 24/02/2013 13:39:05
AVSCANRC.DLL : 13.4.0.360 54560 Bytes 24/02/2013 13:39:06
LUKE.DLL : 13.6.0.602 67808 Bytes 24/02/2013 13:39:34
AVSCPLR.DLL : 13.6.0.628 94432 Bytes 24/02/2013 13:40:26
AVREG.DLL : 13.6.0.600 250592 Bytes 24/02/2013 13:40:25
avlode.dll : 13.6.2.624 434912 Bytes 24/02/2013 13:40:26
avlode.rdf : 13.0.0.38 15231 Bytes 24/02/2013 13:40:26
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 13:35:24
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 13:36:02
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 13:36:43
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 13:36:56
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 13:37:08
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 13:37:20
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06/09/2012 13:37:34
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22/11/2012 13:37:45
VBASE008.VDF : 7.11.60.10 6627328 Bytes 07/02/2013 13:38:04
VBASE009.VDF : 7.11.60.11 2048 Bytes 07/02/2013 13:38:04
VBASE010.VDF : 7.11.60.12 2048 Bytes 07/02/2013 13:38:04
VBASE011.VDF : 7.11.60.13 2048 Bytes 07/02/2013 13:38:04
VBASE012.VDF : 7.11.60.14 2048 Bytes 07/02/2013 13:38:04
VBASE013.VDF : 7.11.60.62 351232 Bytes 08/02/2013 13:38:05
VBASE014.VDF : 7.11.60.115 190976 Bytes 09/02/2013 13:38:06
VBASE015.VDF : 7.11.60.177 282624 Bytes 11/02/2013 13:38:07
VBASE016.VDF : 7.11.60.249 215552 Bytes 13/02/2013 13:38:07
VBASE017.VDF : 7.11.61.65 151040 Bytes 15/02/2013 13:38:08
VBASE018.VDF : 7.11.61.135 159232 Bytes 18/02/2013 13:38:08
VBASE019.VDF : 7.11.61.163 152064 Bytes 18/02/2013 13:38:09
VBASE020.VDF : 7.11.61.207 164352 Bytes 19/02/2013 13:38:09
VBASE021.VDF : 7.11.62.43 206336 Bytes 21/02/2013 13:38:10
VBASE022.VDF : 7.11.62.111 136192 Bytes 23/02/2013 13:38:10
VBASE023.VDF : 7.11.62.112 2048 Bytes 23/02/2013 13:38:10
VBASE024.VDF : 7.11.62.113 2048 Bytes 23/02/2013 13:38:11
VBASE025.VDF : 7.11.62.114 2048 Bytes 23/02/2013 13:38:11
VBASE026.VDF : 7.11.62.115 2048 Bytes 23/02/2013 13:38:11
VBASE027.VDF : 7.11.62.116 2048 Bytes 23/02/2013 13:38:11
VBASE028.VDF : 7.11.62.117 2048 Bytes 23/02/2013 13:38:11
VBASE029.VDF : 7.11.62.118 2048 Bytes 23/02/2013 13:38:11
VBASE030.VDF : 7.11.62.119 2048 Bytes 23/02/2013 13:38:11
VBASE031.VDF : 7.11.62.138 68096 Bytes 24/02/2013 13:38:11
Engine version : 8.2.12.8
AEVDF.DLL : 8.1.2.10 102772 Bytes 24/02/2013 13:38:25
AESCRIPT.DLL : 8.1.4.94 467324 Bytes 24/02/2013 13:38:24
AESCN.DLL : 8.1.10.0 131445 Bytes 24/02/2013 13:38:24
AESBX.DLL : 8.2.5.12 606578 Bytes 24/02/2013 13:38:25
AERDL.DLL : 8.2.0.88 643444 Bytes 24/02/2013 13:38:24
AEPACK.DLL : 8.3.1.10 815480 Bytes 24/02/2013 13:38:23
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 24/02/2013 13:38:21
AEHEUR.DLL : 8.1.4.218 5792121 Bytes 24/02/2013 13:38:21
AEHELP.DLL : 8.1.25.2 258423 Bytes 24/02/2013 13:38:14
AEGEN.DLL : 8.1.6.16 434549 Bytes 24/02/2013 13:38:14
AEEXP.DLL : 8.4.0.4 188789 Bytes 24/02/2013 13:38:26
AEEMU.DLL : 8.1.3.2 393587 Bytes 24/02/2013 13:38:13
AECORE.DLL : 8.1.31.2 201080 Bytes 24/02/2013 13:38:12
AEBB.DLL : 8.1.1.4 53619 Bytes 24/02/2013 13:38:12
AVWINLL.DLL : 13.6.0.480 26480 Bytes 24/02/2013 13:34:21
AVPREF.DLL : 13.6.0.480 51056 Bytes 24/02/2013 13:39:04
AVREP.DLL : 13.6.0.480 178544 Bytes 24/02/2013 13:40:25
AVARKT.DLL : 13.6.0.624 260832 Bytes 24/02/2013 13:38:57
AVEVTLOG.DLL : 13.6.0.600 167648 Bytes 24/02/2013 13:39:01
SQLITE3.DLL : 3.7.0.1 397704 Bytes 24/02/2013 13:39:59
AVSMTP.DLL : 13.6.0.480 62832 Bytes 24/02/2013 13:39:07
NETNT.DLL : 13.6.0.480 16240 Bytes 24/02/2013 13:39:46
RCIMAGE.DLL : 13.4.0.360 4782880 Bytes 24/02/2013 13:34:23
RCTEXT.DLL : 13.6.0.480 66928 Bytes 24/02/2013 13:34:23
Configuration settings for the scan:
Jobname.............................: Quick system scan
Configuration file..................: c:\program files\avira\antivir desktop\quicksysscan.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended
Start of the scan: 24 February 2013 13:50
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
The scan of running processes will be started:
Scan process 'wmiprvse.exe' - '49' Module(s) have been scanned
Scan process 'avscan.exe' - '95' Module(s) have been scanned
Scan process 'avcenter.exe' - '53' Module(s) have been scanned
Scan process 'avconfig.exe' - '60' Module(s) have been scanned
Scan process 'avgnt.exe' - '75' Module(s) have been scanned
Scan process 'AVWEBGRD.EXE' - '53' Module(s) have been scanned
Scan process 'sched.exe' - '43' Module(s) have been scanned
Scan process 'avshadow.exe' - '22' Module(s) have been scanned
Scan process 'avguard.exe' - '93' Module(s) have been scanned
Scan process 'Updater.exe' - '67' Module(s) have been scanned
Scan process 'msiexec.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '88' Module(s) have been scanned
Scan process 'setup.exe' - '79' Module(s) have been scanned
Scan process 'presetup.exe' - '56' Module(s) have been scanned
Scan process 'avwebloader.exe' - '74' Module(s) have been scanned
Scan process 'avira_free_antivirus[1].exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'ctfmon.exe' - '27' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '57' Module(s) have been scanned
Scan process 'RIMBBLaunchAgent.exe' - '34' Module(s) have been scanned
Scan process 'alg.exe' - '35' Module(s) have been scanned
Scan process 'wscntfy.exe' - '22' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '17' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'jqs.exe' - '35' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '31' Module(s) have been scanned
Scan process 'spoolsv.exe' - '60' Module(s) have been scanned
Scan process 'Explorer.EXE' - '96' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '165' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'svchost.exe' - '55' Module(s) have been scanned
Scan process 'lsass.exe' - '60' Module(s) have been scanned
Scan process 'services.exe' - '29' Module(s) have been scanned
Scan process 'winlogon.exe' - '73' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Starting to scan executable files (registry):
C:\Program Files\Alcohol Soft\Alcohol 120\AxLaUn.exe
[DETECTION] Is the TR/Spy.386560.23 Trojan
The registry was scanned ( '1989' files ).

Beginning disinfection:
The file '\\?\C:\Documents and Settings\Max\Start Menu\Programs\Alcohol 120%\Alcohol 120%.lnk' was moved to the quarantine folder.
C:\Program Files\Alcohol Soft\Alcohol 120\AxLaUn.exe
[DETECTION] Is the TR/Spy.386560.23 Trojan
[NOTE] The file was moved to the quarantine directory under the name '48969067.qua'!

End of the scan: 24 February 2013 13:53
Used time: 01:26 Minute(s)
The scan has been done completely.
0 Scanned directories
2411 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
2410 Files not concerned
29 Archives were scanned
0 Warnings
1 Notes
 
Thre computer is running ok. Still a little slow but that is probably down to the lack of memory.

Thanks for your help.

Is my computer clean now?
 
Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE

Remove tools, temp files, old Restore Points

Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :files
    ipconfig /flushdns /c

    :commands
    [CREATERESTOREPOINT]
    [CLEARALLRESTOREPOINTS]
    [emptyflash]
    [emptytemp]
    [emptyjava]
    [reboot]
    Click to expand...
  • Then click the Run Fix button at the top.
  • Note: The fix for OTL sometimes hides your Desktop and Start menu so the cleanup can be completed. Do not be alerted, as this is normal.
  • It may open a log for you, but I don't need that.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
 
Results of screen317's Security Check version 0.99.59
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Free Antivirus
Avira successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 29
Java 7 Update 9
Java version out of Date!
Adobe Flash Player 11.5.502.149
Adobe Reader XI
Google Chrome 25.0.1364.97
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 8%
````````````````````End of Log``````````````````````
 
Java Update!

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

Read more about Java exploit problems


Personal Tips on Preventing Malware

See this page for more info about malware and prevention.


Any other questions before I mark this topic solved?
 
I have 2 JAVA entries 1.Java(TM) 6 update 29 and 2. Java 7 update 9. When I tried to remove them following the steps above I received an error message saying "Fatal error in installation" on both occasions.

Is there another way to remove them?
 
Also when I tried to delete the first Java entry another dialogue box came up saying Java(TM) 6 Update 20 - Internal error 2753. regutils.dll
 
I managed to remove Java 7 update 9 however the same error message "Internal error 2753. regutils.dll " appeared when I tried to remove Java(TM) 6 update 29. It has a setup icon next to it in the control panel so maybe I don't need to uninstall it. I tried to download a newer version but said installation failed
 
I downloaded the JavaRA and follow your instructions above however when I tried to remove JRE 6 the same error message came up "Internal error 2753. regutils.dll" and when it tried to see what Java was runing on my computer it could not detect it. it was able to download a latest version (7 version 15) however it failed on installation.

Any ideas?
 
Let me see a log from the following tool please:

OTL Quick Scan

Please download OTL by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • Click Quick Scan button and let the program run uninterrupted.
  • It will produce a log for you called OTL.txt, please post it in your next reply.
  • You may need to use two posts to get it all.

Quick question...do you need Java? (Do you use it at all?)
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
785
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Microsoft breaks users' PCs again with latest Windows 11 update
Replies
19
Views
379
trparky
T

Latest posts

Back