System crashing, strange registry errors

Solved
By Zenlana
Nov 17, 2012
Topic Status:
Not open for further replies.
  1. Hi,

    I hope you are able to help me. My computer has been randomly blue-screening, and then it tells me it has a probably with spooldr.sys - not that I can find that file anywhere.

    Anyway, I've followed the instructions about getting the logs, and here they are:

    Malwarebytes:

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.16.11

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Helen :: HELENXP2 [administrator]

    17/11/2012 7:20:37 PM
    mbam-log-2012-11-17 (19-20-37).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 205084
    Time elapsed: 15 minute(s), 25 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 2
    HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    attach.txt:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-07.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 18/03/2012 6:51:21 PM
    System Uptime: 17/11/2012 7:17:08 PM (0 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | EP41-UD3L
    Processor: Intel Pentium III Xeon processor | Socket 775 | 2999/333mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 281 GiB total, 185.283 GiB free.
    D: is FIXED (NTFS) - 200 GiB total, 114.092 GiB free.
    G: is FIXED (NTFS) - 10 GiB total, 9.3 GiB free.
    H: is FIXED (NTFS) - 100 GiB total, 89.401 GiB free.
    K: is CDROM (UDF)
    M: is FIXED (NTFS) - 40 GiB total, 23.211 GiB free.
    P: is FIXED (NTFS) - 100 GiB total, 72.604 GiB free.
    R: is FIXED (NTFS) - 112 GiB total, 98.631 GiB free.
    V: is FIXED (NTFS) - 200 GiB total, 137.806 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: Multimedia Video Controller
    Device ID: PCI\VEN_14F1&DEV_8800&SUBSYS_665F107D&REV_05\4&BC67B8D&0&00F0
    Manufacturer:
    Name: Multimedia Video Controller
    PNP Device ID: PCI\VEN_14F1&DEV_8800&SUBSYS_665F107D&REV_05\4&BC67B8D&0&00F0
    Service:
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: Multimedia Controller
    Device ID: PCI\VEN_14F1&DEV_8802&SUBSYS_665F107D&REV_05\4&BC67B8D&0&02F0
    Manufacturer:
    Name: Multimedia Controller
    PNP Device ID: PCI\VEN_14F1&DEV_8802&SUBSYS_665F107D&REV_05\4&BC67B8D&0&02F0
    Service:
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: Network Controller
    Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_700A1799&REV_01\4&BC67B8D&0&10F0
    Manufacturer:
    Name: Network Controller
    PNP Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_700A1799&REV_01\4&BC67B8D&0&10F0
    Service:
    .
    ==== System Restore Points ===================
    .
    RP172: 19/08/2012 5:26:39 PM - System Checkpoint
    RP173: 20/08/2012 5:30:09 PM - System Checkpoint
    RP174: 21/08/2012 5:59:37 PM - System Checkpoint
    RP175: 23/08/2012 1:40:41 PM - System Checkpoint
    RP176: 24/08/2012 1:44:22 PM - System Checkpoint
    RP177: 25/08/2012 1:52:11 PM - System Checkpoint
    RP178: 26/08/2012 4:09:39 PM - System Checkpoint
    RP179: 27/08/2012 4:36:07 PM - System Checkpoint
    RP180: 28/08/2012 4:47:37 PM - System Checkpoint
    RP181: 29/08/2012 5:29:12 PM - System Checkpoint
    RP182: 31/08/2012 11:22:22 AM - System Checkpoint
    RP183: 2/09/2012 2:14:23 PM - System Checkpoint
    RP184: 3/09/2012 5:05:10 PM - System Checkpoint
    RP185: 4/09/2012 5:16:12 PM - System Checkpoint
    RP186: 9/09/2012 8:16:46 PM - System Checkpoint
    RP187: 10/09/2012 9:15:56 PM - System Checkpoint
    RP188: 12/09/2012 12:55:41 PM - System Checkpoint
    RP189: 14/09/2012 7:29:37 PM - Software Distribution Service 3.0
    RP190: 15/09/2012 7:59:26 PM - System Checkpoint
    RP191: 16/09/2012 8:35:31 PM - System Checkpoint
    RP192: 18/09/2012 11:33:30 AM - System Checkpoint
    RP193: 19/09/2012 8:06:29 PM - System Checkpoint
    RP194: 21/09/2012 6:29:00 PM - System Checkpoint
    RP195: 22/09/2012 7:15:35 PM - System Checkpoint
    RP196: 23/09/2012 12:02:04 PM - Software Distribution Service 3.0
    RP197: 24/09/2012 3:56:45 PM - System Checkpoint
    RP198: 25/09/2012 4:12:59 PM - System Checkpoint
    RP199: 7/10/2012 6:26:59 PM - System Checkpoint
    RP200: 8/10/2012 7:02:01 PM - System Checkpoint
    RP201: 9/10/2012 7:15:49 PM - System Checkpoint
    RP202: 11/10/2012 2:07:26 PM - Software Distribution Service 3.0
    RP203: 12/10/2012 3:18:26 PM - System Checkpoint
    RP204: 13/10/2012 7:36:30 PM - System Checkpoint
    RP205: 14/10/2012 7:45:33 PM - System Checkpoint
    RP206: 15/10/2012 7:52:55 PM - System Checkpoint
    RP207: 16/10/2012 9:50:32 PM - System Checkpoint
    RP208: 19/10/2012 5:13:27 PM - System Checkpoint
    RP209: 20/10/2012 6:02:31 PM - System Checkpoint
    RP210: 21/10/2012 6:23:11 PM - System Checkpoint
    RP211: 22/10/2012 6:46:45 PM - System Checkpoint
    RP212: 23/10/2012 12:54:49 PM - Installed e-tax 2012
    RP213: 24/10/2012 1:17:03 PM - System Checkpoint
    RP214: 26/10/2012 7:59:19 PM - System Checkpoint
    RP215: 27/10/2012 8:06:58 PM - Installed J2SE Runtime Environment 5.0
    RP216: 28/10/2012 4:39:34 PM - Installed The Sims 3
    RP217: 29/10/2012 7:53:05 PM - System Checkpoint
    RP218: 30/10/2012 8:10:35 PM - System Checkpoint
    RP219: 31/10/2012 9:56:00 PM - System Checkpoint
    RP220: 2/11/2012 10:20:21 AM - System Checkpoint
    RP221: 3/11/2012 10:27:32 AM - System Checkpoint
    RP222: 4/11/2012 1:27:20 PM - System Checkpoint
    RP223: 5/11/2012 3:45:55 PM - System Checkpoint
    RP224: 6/11/2012 5:19:14 PM - System Checkpoint
    RP225: 6/11/2012 8:40:02 PM - Installed Java(TM) 6 Update 37
    RP226: 8/11/2012 9:56:10 AM - System Checkpoint
    RP227: 9/11/2012 9:58:31 AM - System Checkpoint
    RP228: 10/11/2012 11:38:32 AM - System Checkpoint
    RP229: 11/11/2012 12:34:08 PM - System Checkpoint
    RP230: 12/11/2012 12:35:44 PM - System Checkpoint
    RP231: 13/11/2012 2:30:50 PM - System Checkpoint
    RP232: 14/11/2012 3:33:02 PM - System Checkpoint
    RP233: 15/11/2012 2:26:02 PM - Software Distribution Service 3.0
    RP234: 16/11/2012 3:03:48 PM - System Checkpoint
    RP235: 16/11/2012 9:20:58 PM - Installed Windows Media Player 11
    RP236: 16/11/2012 9:22:12 PM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    Adobe Digital Editions
    Adobe Flash Player 11 Plugin
    Adobe Flash Player ActiveX
    Adobe Photoshop 5.5
    Adobe Reader X (10.1.4)
    Amazon Kindle
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft PhotoStudio 5.5
    Belkin 802.11g Wireless PCI Card
    Bonjour
    Browser Configuration Utility
    Canon CanoScan Toolbox 5.0
    CanoScan LiDE 600F
    Codec-TS SDK
    CommonCents 3.0
    De-interlace SDK
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Drive Manager
    Dropbox
    DVDFab 8.1.8.5 (24/05/2012) Qt
    e-tax 2012
    Energy Saver Advance B8.1208.1
    FileZilla Client 3.5.3
    GIMP 2.8.0
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB981793)
    hp officejet 6100 series
    HP Photo and Imaging 2.0 - All-in-One
    HP Photo and Imaging 2.0 - All-in-One Drivers
    HP Photo and Imaging 2.0 - hp officejet 6100 series
    iTunes
    J2SE Runtime Environment 5.0
    Java Auto Updater
    Java(TM) 6 Update 37
    Logitech Audio Echo Cancellation Component
    Logitech QuickCam
    Logitech Video Enumerator
    Logitech® Camera Driver
    Malwarebytes Anti-Malware version 1.65.1.1000
    McAfee AntiVirus Plus
    McAfee Security Scan Plus
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Money
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Student 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Office XP Professional with FrontPage
    Microsoft Software Update for Web Folders (English) 14
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft WSE 3.0 Runtime
    Mozilla Firefox 16.0.2 (x86 en-GB)
    Mozilla Maintenance Service
    Mozilla Thunderbird 16.0.2 (x86 en-GB)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MVision
    NVIDIA Drivers
    Origin
    Paragon Hard Disk Manager 6.0
    Picasa 3
    PlaySAFE
    Presto! PageManager 7.15.14
    PrimoPDF
    PrimoPDF -- brought to you by Nitro PDF Software
    PrimoPDF Redistribution Package
    QFolder
    QuickTime
    Rapid CSS 2007 v8.31
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    Realtek High Definition Audio Driver
    Samsung Kies
    SAMSUNG USB Driver for Mobile Phones
    ScanSoft OmniPage SE 4.0
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544521)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647516)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB2761226)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Skype™ 5.10
    The Sims™ 3
    TT-SB SDK
    UltraEdit-32
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Windows Internet Explorer 8 (KB2598845)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    WebFldrs XP
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinFast PVR2
    .
    ==== Event Viewer Messages From Past Week ========
    .
    17/11/2012 6:53:49 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
    17/11/2012 6:22:21 PM, error: PCTCore [280] -
    15/11/2012 4:08:07 PM, error: System Error [1003] - Error code 10000050, parameter1 bad0b114, parameter2 00000000, parameter3 805bbab6, parameter4 00000002.
    13/11/2012 9:20:57 PM, error: System Error [1003] - Error code 10000050, parameter1 bad0b158, parameter2 00000000, parameter3 805bc245, parameter4 00000002.
    .
    ==== End Of File ===========================

    dds.txt:

    DDS (Ver_2012-11-07.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_37
    Run by Helen at 19:57:04 on 2012-11-17
    Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2558.1840 [GMT 11:00]
    .
    AV: PC Tools Spyware Doctor *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Enabled*
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\WINDOWS\system32\mfevtps.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\notepad.exe
    c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.facebook.com/
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: DeviceVM Url Search Hook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - c:\windows\system32\dvmurl.dll
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120627111848.dll
    BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [basicsmssmenu] "c:\program files\seagate\basics\basics status\MaxMenuMgrBasics.exe"
    mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
    mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
    mRun: [LVCOMSX] "c:\program files\common files\logitech\lcommgr\LVComSX.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\helen\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\helen\application data\dropbox\bin\Dropbox.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hp\digital imaging\bin\hpotdd01.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.207\SSScheduler.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\hp\digital imaging\bin\hposol08.exe
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    TCP: NameServer = 10.1.1.1
    TCP: Interfaces\{B3DD3AB3-B38F-49FA-9AD8-7823B0D1BF67} : DHCPNameServer = 10.1.1.1
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\helen\application data\mozilla\firefox\profiles\vtm12p15.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
    FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
    FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    FF - ExtSQL: 2012-09-23 20:45; firefox@zemanta.com; c:\documents and settings\helen\application data\mozilla\firefox\profiles\vtm12p15.default\extensions\firefox@zemanta.com.xpi
    FF - ExtSQL: 2012-11-06 20:40; jqs@sun.com; c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - ExtSQL: 2012-11-06 20:40; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-10-15 464304]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2012-3-18 89792]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-3-18 214904]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-3-18 214904]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-3-18 214904]
    R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-3-18 214904]
    R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-3-18 166288]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-3-18 161632]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-3-18 151880]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-3-18 57600]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-3-18 180848]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-3-18 59456]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-3-18 340920]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2012-3-18 83856]
    S2 GEST Service;GEST Service for program management.;c:\program files\gigabyte\energysaver\GSvr.exe [2012-3-18 68136]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [2011-6-18 237008]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2012-3-18 83856]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-3-18 87656]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-5-18 121192]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-5-18 12776]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-5-18 136680]
    .
    =============== File Associations ===============
    .
    FileExt: .js: UltraEdit.js="c:\program files\idm computer solutions\ultraedit-32\uedit32.exe" "%1"
    .
    =============== Created Last 30 ================
    .
    2012-11-17 08:07:44 -------- d-----w- c:\documents and settings\helen\application data\Malwarebytes
    2012-11-17 07:59:25 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-11-17 07:57:51 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-17 07:57:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-11-17 07:12:30 -------- d-----w- c:\program files\PC Tools
    2012-11-17 07:08:36 202280 ----a-w- c:\windows\system32\drivers\PCTSD.sys
    2012-11-17 07:08:35 -------- d-----w- c:\program files\common files\PC Tools
    2012-11-17 07:03:41 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
    2012-11-17 07:03:39 -------- d-----w- c:\documents and settings\helen\application data\TestApp
    2012-11-16 10:24:26 221184 ----a-w- c:\windows\system32\wmpns.dll
    2012-11-16 10:24:18 -------- d-----w- c:\program files\Windows Media Connect 2
    2012-11-16 08:44:00 -------- d-----w- C:\drive backup
    2012-11-06 09:40:48 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-11-06 09:40:48 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-11-06 09:40:48 473072 ----a-w- c:\windows\system32\deployJava1.dll
    2012-10-31 00:18:56 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
    2012-10-31 00:18:56 21504 ----a-w- c:\windows\system32\hidserv.dll
    2012-10-31 00:18:53 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
    2012-10-31 00:18:53 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
    2012-10-30 10:05:40 -------- d-----w- c:\documents and settings\helen\local settings\application data\etax2012
    2012-10-23 01:54:51 -------- d-----w- c:\program files\etax2012
    .
    ==================== Find3M ====================
    .
    2012-11-17 08:17:46 16608 ----a-w- c:\windows\gdrv.sys
    2012-11-13 10:29:42 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-11-13 10:29:40 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
    2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-08-28 15:14:53 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec
    2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
    2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-08-21 03:01:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-08-21 03:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
    .
    ============= FINISH: 19:57:39.14 ===============
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.


    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  3. Zenlana

    Zenlana Newcomer, in training Topic Starter

    Thanks for your response. I've done as you asked, here are the results:

    ComboFix 12-11-16.02 - Helen 17/11/2012 23:13:06.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2558.1729 [GMT 11:00]
    Running from: c:\documents and settings\Helen\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    AV: PC Tools Spyware Doctor *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
    FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
    c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
    c:\documents and settings\Helen\WINDOWS
    c:\windows\system32\muzapp.exe
    c:\windows\system32\System32\MASetupCleaner.exe
    c:\windows\system32\System32\muzapp.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-10-17 to 2012-11-17 )))))))))))))))))))))))))))))))
    .
    .
    2012-11-17 11:03 . 2012-11-17 11:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Blumentals
    2012-11-17 11:00 . 2012-11-17 11:02 -------- d-----w- c:\program files\Rapid PHP 2011
    2012-11-17 08:07 . 2012-11-17 08:07 -------- d-----w- c:\documents and settings\Helen\Application Data\Malwarebytes
    2012-11-17 07:59 . 2012-11-17 07:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-11-17 07:57 . 2012-09-29 08:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-17 07:57 . 2012-11-17 07:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-11-17 07:12 . 2012-11-17 07:12 -------- d-----w- c:\program files\PC Tools
    2012-11-17 07:08 . 2012-11-01 04:35 202280 ----a-w- c:\windows\system32\drivers\PCTSD.sys
    2012-11-17 07:08 . 2012-11-17 08:17 -------- d-----w- c:\program files\Common Files\PC Tools
    2012-11-17 07:03 . 2012-11-17 08:06 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2012-11-17 07:03 . 2012-11-17 07:03 -------- d-----w- c:\documents and settings\Helen\Application Data\TestApp
    2012-11-16 10:24 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
    2012-11-16 10:24 . 2012-11-16 10:24 -------- d-----w- c:\program files\Windows Media Connect 2
    2012-11-16 08:44 . 2012-11-16 08:44 -------- d-----w- C:\drive backup
    2012-11-11 08:57 . 2012-11-15 03:32 -------- d-----w- c:\program files\Mozilla Thunderbird
    2012-11-06 09:40 . 2012-11-06 09:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-11-06 09:40 . 2012-11-06 09:40 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-10-27 09:06 . 2012-11-06 09:41 -------- d-----w- c:\program files\Common Files\Java
    2012-10-23 01:54 . 2012-10-23 01:55 -------- d-----w- c:\program files\etax2012
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-11-17 12:07 . 2012-03-18 07:59 16608 ----a-w- c:\windows\gdrv.sys
    2012-11-13 10:29 . 2012-03-30 03:20 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-11-13 10:29 . 2012-03-22 02:10 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-11-04 05:26 . 2011-01-24 17:56 1283 ----a-w- c:\windows\Fonts\FONTLOG.txt
    2012-10-22 08:37 . 2012-04-11 13:12 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-10-02 18:04 . 2004-08-04 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
    2012-08-28 15:14 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-08-28 15:14 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-08-28 15:14 . 2012-09-22 03:55 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-08-28 12:07 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
    2012-08-24 13:53 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
    2012-08-21 13:33 . 2012-08-21 13:33 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-08-21 12:58 . 2012-08-21 12:58 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-08-21 03:01 . 2012-04-13 10:44 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-08-21 03:01 . 2012-04-13 10:44 106928 ----a-w- c:\windows\system32\GEARAspi.dll
    2012-11-01 10:21 . 2012-10-12 11:33 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Helen\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Helen\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Helen\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Helen\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18084864]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 8429568]
    "nwiz"="nwiz.exe" [2007-04-19 1626112]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 81920]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1318816]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
    "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-07 488984]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-07 774168]
    "LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2007-02-06 252704]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-18 421888]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\Helen\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\Helen\Application Data\Dropbox\bin\Dropbox.exe [2012-5-25 27112840]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-18 272528]
    officejet 6100.lnk - c:\program files\HP\Digital Imaging\bin\hposol08.exe [2003-4-9 147456]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin 802.11g Wireless PCI Card Configuration Utility.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin 802.11g Wireless PCI Card Configuration Utility.lnk
    backup=c:\windows\pss\Belkin 802.11g Wireless PCI Card Configuration Utility.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2012-08-27 11:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
    2010-10-27 08:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-09-09 13:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
    2012-05-04 05:36 955792 ----a-w- c:\program files\Samsung\Kies\KiesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
    2012-05-04 05:37 21392 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
    2012-05-04 05:37 3521424 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
    2006-10-11 01:45 75304 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2012-04-18 10:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    2006-09-28 02:16 185896 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
    2010-08-11 05:11 2920448 ----a-w- c:\program files\WinFast\WFDTV\WFWIZ.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
    2011-06-08 05:44 101888 ----a-w- c:\program files\WinFast\WFDTV\DTVSchdl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
    "c:\\Documents and Settings\\Helen\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    .
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [18/03/2012 11:36 PM 89792]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [18/03/2012 11:36 PM 214904]
    R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [18/03/2012 11:36 PM 214904]
    R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [18/03/2012 11:36 PM 214904]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [18/03/2012 11:36 PM 161632]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [18/03/2012 11:29 PM 151880]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [18/03/2012 11:36 PM 57600]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [18/03/2012 11:36 PM 340920]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [18/03/2012 11:36 PM 83856]
    S2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [18/03/2012 7:03 PM 68136]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 2:28 PM 160944]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [18/06/2011 4:33 AM 237008]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [18/03/2012 11:36 PM 83856]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [18/03/2012 11:36 PM 87656]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [18/05/2012 1:51 PM 121192]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [18/05/2012 1:51 PM 12776]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [18/05/2012 1:51 PM 136680]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    *Deregistered* - mfeavfk01
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-11-17 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 10:29]
    .
    2012-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 07:57]
    .
    2012-09-15 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p officejet 6100 series272A572217594EBCF1CEE215E352B92AD073FDE4339654388.job
    - c:\program files\HP\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 07:56]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.facebook.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 10.1.1.1
    FF - ProfilePath - c:\documents and settings\Helen\Application Data\Mozilla\Firefox\Profiles\vtm12p15.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
    FF - ExtSQL: 2012-09-23 20:45; firefox@zemanta.com; c:\documents and settings\Helen\Application Data\Mozilla\Firefox\Profiles\vtm12p15.default\extensions\firefox@zemanta.com.xpi
    FF - ExtSQL: 2012-11-06 20:40; jqs@sun.com; c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - ExtSQL: 2012-11-06 20:40; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
    MSConfigStartUp-LogitechSetup - k:\setup\Setup.exe
    AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
    AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
    AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
    AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
    AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
    AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
    AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
    AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
    AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
    AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-11-17 23:20
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Completion time: 2012-11-17 23:21:43
    ComboFix-quarantined-files.txt 2012-11-17 12:21
    .
    Pre-Run: 199,031,590,912 bytes free
    Post-Run: 201,020,952,576 bytes free
    .
    - - End Of File - - 77CB9EA7D417A25728BFEFC5B1D25F91
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Good job!

    TDSSKiller Scan

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
    Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  5. Zenlana

    Zenlana Newcomer, in training Topic Starter

    Hi DMJ,

    I've run this latest script. It didn't have a "cure" option next to the threats found, it had a "copy to quarantine", but I chose "skip" since the instructions didn't say to use anything except "cure".

    Here's the log:

    13:06:35.0375 5456 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    13:06:37.0390 5456 ============================================================
    13:06:37.0390 5456 Current date / time: 2012/11/18 13:06:37.0390
    13:06:37.0390 5456 SystemInfo:
    13:06:37.0390 5456
    13:06:37.0390 5456 OS Version: 5.1.2600 ServicePack: 3.0
    13:06:37.0390 5456 Product type: Workstation
    13:06:37.0390 5456 ComputerName: HELENXP2
    13:06:37.0390 5456 UserName: Helen
    13:06:37.0390 5456 Windows directory: C:\WINDOWS
    13:06:37.0390 5456 System windows directory: C:\WINDOWS
    13:06:37.0390 5456 Processor architecture: Intel x86
    13:06:37.0390 5456 Number of processors: 2
    13:06:37.0390 5456 Page size: 0x1000
    13:06:37.0390 5456 Boot type: Normal boot
    13:06:37.0390 5456 ============================================================
    13:06:39.0640 5456 Drive \Device\Harddisk0\DR0 - Size: 0x1BF286DE00 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    13:06:39.0656 5456 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
    13:06:39.0656 5456 ============================================================
    13:06:39.0656 5456 \Device\Harddisk0\DR0:
    13:06:39.0656 5456 MBR partitions:
    13:06:39.0656 5456 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782
    13:06:39.0656 5456 \Device\Harddisk1\DR1:
    13:06:39.0656 5456 MBR partitions:
    13:06:39.0656 5456 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x19000000
    13:06:39.0656 5456 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x190029BD, BlocksNum 0xC80343F
    13:06:39.0671 5456 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x25805E3B, BlocksNum 0x1900297E
    13:06:39.0687 5456 \Device\Harddisk1\DR1\Partition4: MBR, Type 0x7, StartLBA 0x3E8087F8, BlocksNum 0xC803400
    13:06:39.0703 5456 \Device\Harddisk1\DR1\Partition5: MBR, Type 0x7, StartLBA 0x4B00BC37, BlocksNum 0x140245B
    13:06:39.0718 5456 \Device\Harddisk1\DR1\Partition6: MBR, Type 0x7, StartLBA 0x4C40E0D1, BlocksNum 0x50014A7
    13:06:39.0718 5456 \Device\Harddisk1\DR1\Partition7: MBR, Type 0x7, StartLBA 0x5140F578, BlocksNum 0x232F2588
    13:06:39.0718 5456 ============================================================
    13:06:39.0812 5456 D: <-> \Device\Harddisk1\DR1\Partition1
    13:06:39.0828 5456 G: <-> \Device\Harddisk1\DR1\Partition5
    13:06:39.0843 5456 R: <-> \Device\Harddisk0\DR0\Partition1
    13:06:39.0890 5456 C: <-> \Device\Harddisk1\DR1\Partition7
    13:06:39.0906 5456 P: <-> \Device\Harddisk1\DR1\Partition2
    13:06:40.0000 5456 M: <-> \Device\Harddisk1\DR1\Partition6
    13:06:40.0031 5456 H: <-> \Device\Harddisk1\DR1\Partition4
    13:06:40.0093 5456 V: <-> \Device\Harddisk1\DR1\Partition3
    13:06:40.0093 5456 ============================================================
    13:06:40.0093 5456 Initialize success
    13:06:40.0093 5456 ============================================================
    13:09:38.0468 6076 ============================================================
    13:09:38.0468 6076 Scan started
    13:09:38.0468 6076 Mode: Manual; SigCheck; TDLFS;
    13:09:38.0468 6076 ============================================================
    13:09:39.0078 6076 ================ Scan system memory ========================
    13:09:39.0078 6076 System memory - ok
    13:09:39.0078 6076 ================ Scan services =============================
    13:09:39.0140 6076 Abiosdsk - ok
    13:09:39.0140 6076 abp480n5 - ok
    13:09:39.0234 6076 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    13:09:39.0281 6076 ACDaemon - ok
    13:09:39.0312 6076 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    13:09:39.0406 6076 ACPI - ok
    13:09:39.0437 6076 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    13:09:39.0531 6076 ACPIEC - ok
    13:09:39.0593 6076 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    13:09:39.0609 6076 AdobeFlashPlayerUpdateSvc - ok
    13:09:39.0609 6076 adpu160m - ok
    13:09:39.0625 6076 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    13:09:39.0718 6076 aec - ok
    13:09:39.0734 6076 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    13:09:39.0765 6076 AFD - ok
    13:09:39.0765 6076 Aha154x - ok
    13:09:39.0765 6076 aic78u2 - ok
    13:09:39.0765 6076 aic78xx - ok
    13:09:39.0796 6076 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    13:09:39.0875 6076 Alerter - ok
    13:09:39.0906 6076 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
    13:09:39.0984 6076 ALG - ok
    13:09:39.0984 6076 AliIde - ok
    13:09:39.0984 6076 amsint - ok
    13:09:40.0015 6076 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    13:09:40.0031 6076 Apple Mobile Device - ok
    13:09:40.0046 6076 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    13:09:40.0140 6076 AppMgmt - ok
    13:09:40.0140 6076 asc - ok
    13:09:40.0140 6076 asc3350p - ok
    13:09:40.0140 6076 asc3550 - ok
    13:09:40.0234 6076 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    13:09:40.0250 6076 aspnet_state - ok
    13:09:40.0250 6076 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    13:09:40.0343 6076 AsyncMac - ok
    13:09:40.0343 6076 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    13:09:40.0421 6076 atapi - ok
    13:09:40.0437 6076 Atdisk - ok
    13:09:40.0437 6076 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    13:09:40.0531 6076 Atmarpc - ok
    13:09:40.0546 6076 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    13:09:40.0640 6076 AudioSrv - ok
    13:09:40.0656 6076 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    13:09:40.0750 6076 audstub - ok
    13:09:40.0812 6076 [ 55FED228FE147ECB9C47A1C55388896E ] Basics Service C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
    13:09:40.0828 6076 Basics Service - ok
    13:09:40.0859 6076 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    13:09:40.0953 6076 Beep - ok
    13:09:40.0984 6076 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
    13:09:41.0078 6076 BITS - ok
    13:09:41.0093 6076 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    13:09:41.0125 6076 Bonjour Service - ok
    13:09:41.0156 6076 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
    13:09:41.0171 6076 Browser - ok
    13:09:41.0265 6076 catchme - ok
    13:09:41.0265 6076 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    13:09:41.0359 6076 cbidf2k - ok
    13:09:41.0375 6076 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    13:09:41.0468 6076 CCDECODE - ok
    13:09:41.0468 6076 cd20xrnt - ok
    13:09:41.0468 6076 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    13:09:41.0562 6076 Cdaudio - ok
    13:09:41.0593 6076 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    13:09:41.0671 6076 Cdfs - ok
    13:09:41.0687 6076 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    13:09:41.0765 6076 Cdrom - ok
    13:09:41.0812 6076 [ 1C7B1E36F3CED9E4B0B13385E627FE8B ] cfwids C:\WINDOWS\system32\drivers\cfwids.sys
    13:09:41.0828 6076 cfwids - ok
    13:09:41.0828 6076 Changer - ok
    13:09:41.0843 6076 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    13:09:41.0937 6076 CiSvc - ok
    13:09:41.0937 6076 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    13:09:42.0031 6076 ClipSrv - ok
    13:09:42.0046 6076 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    13:09:42.0062 6076 clr_optimization_v2.0.50727_32 - ok
    13:09:42.0062 6076 CmdIde - ok
    13:09:42.0062 6076 COMSysApp - ok
    13:09:42.0078 6076 Cpqarray - ok
    13:09:42.0078 6076 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    13:09:42.0156 6076 CryptSvc - ok
    13:09:42.0156 6076 dac2w2k - ok
    13:09:42.0171 6076 dac960nt - ok
    13:09:42.0203 6076 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    13:09:42.0250 6076 DcomLaunch - ok
    13:09:42.0265 6076 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    13:09:42.0343 6076 Dhcp - ok
    13:09:42.0343 6076 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    13:09:42.0437 6076 Disk - ok
    13:09:42.0437 6076 dmadmin - ok
    13:09:42.0453 6076 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    13:09:42.0546 6076 dmboot - ok
    13:09:42.0562 6076 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    13:09:42.0640 6076 dmio - ok
    13:09:42.0671 6076 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    13:09:42.0765 6076 dmload - ok
    13:09:42.0765 6076 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    13:09:42.0859 6076 dmserver - ok
    13:09:42.0875 6076 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    13:09:42.0953 6076 DMusic - ok
    13:09:42.0984 6076 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    13:09:43.0015 6076 Dnscache - ok
    13:09:43.0046 6076 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    13:09:43.0140 6076 Dot3svc - ok
    13:09:43.0140 6076 dpti2o - ok
    13:09:43.0140 6076 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    13:09:43.0234 6076 drmkaud - ok
    13:09:43.0250 6076 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    13:09:43.0328 6076 EapHost - ok
    13:09:43.0328 6076 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    13:09:43.0421 6076 ERSvc - ok
    13:09:43.0421 6076 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    13:09:43.0468 6076 Eventlog - ok
    13:09:43.0484 6076 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\Es.dll
    13:09:43.0500 6076 EventSystem - ok
    13:09:43.0500 6076 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    13:09:43.0593 6076 Fastfat - ok
    13:09:43.0609 6076 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    13:09:43.0625 6076 FastUserSwitchingCompatibility - ok
    13:09:43.0625 6076 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
    13:09:43.0718 6076 Fdc - ok
    13:09:43.0718 6076 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    13:09:43.0796 6076 Fips - ok
    13:09:43.0812 6076 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    13:09:43.0906 6076 Flpydisk - ok
    13:09:43.0906 6076 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
    13:09:43.0984 6076 FltMgr - ok
    13:09:44.0031 6076 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    13:09:44.0046 6076 FontCache3.0.0.0 - ok
    13:09:44.0046 6076 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    13:09:44.0156 6076 Fs_Rec - ok
    13:09:44.0156 6076 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    13:09:44.0250 6076 Ftdisk - ok
    13:09:44.0265 6076 [ C6E3105B8C68C35CC1EB26A00FD1A8C6 ] gdrv C:\WINDOWS\gdrv.sys
    13:09:44.0281 6076 gdrv - ok
    13:09:44.0296 6076 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    13:09:44.0312 6076 GEARAspiWDM - ok
    13:09:44.0328 6076 [ 20438B962021F0EA729020ED5A148D4C ] GEST Service C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
    13:09:44.0343 6076 GEST Service - ok
    13:09:44.0359 6076 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    13:09:44.0437 6076 Gpc - ok
    13:09:44.0468 6076 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    13:09:44.0484 6076 gusvc - ok
    13:09:44.0500 6076 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    13:09:44.0593 6076 HDAudBus - ok
    13:09:44.0625 6076 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    13:09:44.0718 6076 helpsvc - ok
    13:09:44.0718 6076 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
    13:09:44.0812 6076 HidServ - ok
    13:09:44.0828 6076 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    13:09:44.0906 6076 HidUsb - ok
    13:09:44.0921 6076 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    13:09:45.0000 6076 hkmsvc - ok
    13:09:45.0015 6076 hpn - ok
    13:09:45.0031 6076 [ 5FABA4775D4C61E55EC669D643FFC71F ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    13:09:45.0046 6076 HPZid412 - ok
    13:09:45.0046 6076 [ A3C43980EE1F1BEAC778B44EA65DBDD4 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    13:09:45.0062 6076 HPZipr12 - ok
    13:09:45.0078 6076 [ 2906949BD4E206F2BB0DD1896CE9F66F ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    13:09:45.0093 6076 HPZius12 - ok
    13:09:45.0125 6076 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    13:09:45.0140 6076 HTTP - ok
    13:09:45.0140 6076 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    13:09:45.0234 6076 HTTPFilter - ok
    13:09:45.0234 6076 i2omgmt - ok
    13:09:45.0234 6076 i2omp - ok
    13:09:45.0234 6076 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    13:09:45.0328 6076 i8042prt - ok
    13:09:45.0375 6076 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    13:09:45.0421 6076 idsvc - ok
    13:09:45.0421 6076 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    13:09:45.0500 6076 Imapi - ok
    13:09:45.0515 6076 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    13:09:45.0609 6076 ImapiService - ok
    13:09:45.0609 6076 ini910u - ok
    13:09:45.0718 6076 [ DB589671E0C403D65884CF0B50600FCD ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
    13:09:45.0843 6076 IntcAzAudAddService - ok
    13:09:45.0843 6076 IntelIde - ok
    13:09:45.0859 6076 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    13:09:45.0937 6076 intelppm - ok
    13:09:45.0953 6076 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
    13:09:46.0046 6076 Ip6Fw - ok
    13:09:46.0062 6076 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    13:09:46.0156 6076 IpFilterDriver - ok
    13:09:46.0171 6076 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    13:09:46.0265 6076 IpInIp - ok
    13:09:46.0265 6076 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    13:09:46.0359 6076 IpNat - ok
    13:09:46.0390 6076 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    13:09:46.0421 6076 iPod Service - ok
    13:09:46.0421 6076 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    13:09:46.0515 6076 IPSec - ok
    13:09:46.0515 6076 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    13:09:46.0609 6076 IRENUM - ok
    13:09:46.0625 6076 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    13:09:46.0703 6076 isapnp - ok
    13:09:46.0765 6076 [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
    13:09:46.0781 6076 JavaQuickStarterService - ok
    13:09:46.0781 6076 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    13:09:46.0859 6076 Kbdclass - ok
    13:09:46.0875 6076 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    13:09:46.0968 6076 kbdhid - ok
    13:09:46.0984 6076 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    13:09:47.0078 6076 kmixer - ok
    13:09:47.0093 6076 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    13:09:47.0109 6076 KSecDD - ok
    13:09:47.0109 6076 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    13:09:47.0140 6076 lanmanserver - ok
    13:09:47.0156 6076 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    13:09:47.0171 6076 lanmanworkstation - ok
    13:09:47.0171 6076 lbrtfdc - ok
    13:09:47.0187 6076 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    13:09:47.0265 6076 LmHosts - ok
    13:09:47.0453 6076 [ 9A3D4FC6B86E7E36473079AB76AC703D ] LVcKap C:\WINDOWS\system32\DRIVERS\LVcKap.sys
    13:09:47.0500 6076 LVcKap - ok
    13:09:47.0562 6076 [ 0ACBC11F19320AF6C19F2E20013D9095 ] LVMVDrv C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
    13:09:47.0656 6076 LVMVDrv - ok
    13:09:47.0687 6076 [ 12866641284EBB41E627BB53C04DA959 ] LVPr2Mon C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
    13:09:47.0703 6076 LVPr2Mon - ok
    13:09:47.0718 6076 [ 995D0B52870C7A5CAF3EA165FD674A35 ] LVPrcSrv c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    13:09:47.0734 6076 LVPrcSrv - ok
    13:09:47.0750 6076 [ A005CEE9BE199C5E375FAA559CA9A7A9 ] LVSrvLauncher C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    13:09:47.0765 6076 LVSrvLauncher - ok
    13:09:47.0781 6076 [ 64BC29C3A0388BFC580BB8B1346F7659 ] LVUSBSta C:\WINDOWS\system32\drivers\LVUSBSta.sys
    13:09:47.0796 6076 LVUSBSta - ok
    13:09:47.0796 6076 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    13:09:47.0828 6076 McAfee SiteAdvisor Service - ok
    13:09:47.0875 6076 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
    13:09:47.0906 6076 McComponentHostService - ok
    13:09:47.0906 6076 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McMPFSvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    13:09:47.0921 6076 McMPFSvc - ok
    13:09:47.0921 6076 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] mcmscsvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    13:09:47.0953 6076 mcmscsvc - ok
    13:09:47.0953 6076 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McNaiAnn C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    13:09:47.0968 6076 McNaiAnn - ok
    13:09:47.0968 6076 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McNASvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    13:09:47.0984 6076 McNASvc - ok
    13:09:48.0031 6076 [ B3CD9ADE1C2665124CA34125B331B0B4 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
    13:09:48.0062 6076 McODS - ok
    13:09:48.0062 6076 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McProxy C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    13:09:48.0078 6076 McProxy - ok
    13:09:48.0109 6076 [ 593FA4C378818ECE76BA64A11AD56CF2 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    13:09:48.0125 6076 McShield - ok
    13:09:48.0156 6076 [ D7010580BF4E45D5E793A1FE75758C69 ] MDC8021X C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
    13:09:48.0156 6076 MDC8021X ( UnsignedFile.Multi.Generic ) - warning
    13:09:48.0156 6076 MDC8021X - detected UnsignedFile.Multi.Generic (1)
    13:09:48.0187 6076 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    13:09:48.0281 6076 Messenger - ok
    13:09:48.0296 6076 [ 43C31BDF404A6D7A7AC1BFD5EAD2A566 ] mfeapfk C:\WINDOWS\system32\drivers\mfeapfk.sys
    13:09:48.0312 6076 mfeapfk - ok
    13:09:48.0359 6076 [ C1DC5F42D3367F33B6451BE78B38BD46 ] mfeavfk C:\WINDOWS\system32\drivers\mfeavfk.sys
    13:09:48.0375 6076 mfeavfk - ok
    13:09:48.0375 6076 mfeavfk01 - ok
    13:09:48.0390 6076 [ 0435C43F4C2BE01B84868AD2A906397B ] mfebopk C:\WINDOWS\system32\drivers\mfebopk.sys
    13:09:48.0406 6076 mfebopk - ok
    13:09:48.0421 6076 [ 7E1F8B1BDC8240F08BD358B3A466C005 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    13:09:48.0437 6076 mfefire - ok
    13:09:48.0437 6076 [ 4EA6FF90015424517843E931448E00F1 ] mfefirek C:\WINDOWS\system32\drivers\mfefirek.sys
    13:09:48.0453 6076 mfefirek - ok
    13:09:48.0484 6076 [ D1E998748BA24A731106611D535C6BBF ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys
    13:09:48.0515 6076 mfehidk - ok
    13:09:48.0531 6076 [ 26C76D10ED650E6492800D6F081ECFBA ] mfendisk C:\WINDOWS\system32\DRIVERS\mfendisk.sys
    13:09:48.0546 6076 mfendisk - ok
    13:09:48.0562 6076 [ 26C76D10ED650E6492800D6F081ECFBA ] mfendiskmp C:\WINDOWS\system32\DRIVERS\mfendisk.sys
    13:09:48.0578 6076 mfendiskmp - ok
    13:09:48.0593 6076 [ F454A13377F0A006D20A8C14A753C432 ] mferkdet C:\WINDOWS\system32\drivers\mferkdet.sys
    13:09:48.0609 6076 mferkdet - ok
    13:09:48.0640 6076 [ 070D3FAF2EAC417C59D8674A8752F7A6 ] mfetdi2k C:\WINDOWS\system32\drivers\mfetdi2k.sys
    13:09:48.0656 6076 mfetdi2k - ok
    13:09:48.0671 6076 [ B10C4EFD40810C08F4B44DF2EFCB54F7 ] mfevtp C:\WINDOWS\system32\mfevtps.exe
    13:09:48.0687 6076 mfevtp - ok
    13:09:48.0703 6076 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    13:09:48.0812 6076 mnmdd - ok
    13:09:48.0828 6076 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    13:09:48.0921 6076 mnmsrvc - ok
    13:09:48.0937 6076 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    13:09:49.0015 6076 Modem - ok
    13:09:49.0031 6076 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    13:09:49.0125 6076 Mouclass - ok
    13:09:49.0140 6076 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    13:09:49.0234 6076 mouhid - ok
    13:09:49.0234 6076 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    13:09:49.0328 6076 MountMgr - ok
    13:09:49.0359 6076 [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    13:09:49.0375 6076 MozillaMaintenance - ok
    13:09:49.0375 6076 mraid35x - ok
    13:09:49.0375 6076 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    13:09:49.0468 6076 MRxDAV - ok
    13:09:49.0484 6076 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    13:09:49.0500 6076 MRxSmb - ok
    13:09:49.0546 6076 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    13:09:49.0625 6076 MSDTC - ok
    13:09:49.0625 6076 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    13:09:49.0718 6076 Msfs - ok
    13:09:49.0718 6076 MSIServer - ok
    13:09:49.0734 6076 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    13:09:49.0812 6076 MSKSSRV - ok
    13:09:49.0812 6076 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    13:09:49.0906 6076 MSPCLOCK - ok
    13:09:49.0921 6076 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    13:09:50.0000 6076 MSPQM - ok
    13:09:50.0000 6076 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    13:09:50.0093 6076 mssmbios - ok
    13:09:50.0109 6076 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
    13:09:50.0203 6076 MSTEE - ok
    13:09:50.0218 6076 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    13:09:50.0234 6076 Mup - ok
    13:09:50.0234 6076 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    13:09:50.0328 6076 NABTSFEC - ok
    13:09:50.0343 6076 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    13:09:50.0437 6076 napagent - ok
    13:09:50.0437 6076 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    13:09:50.0531 6076 NDIS - ok
    13:09:50.0531 6076 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    13:09:50.0625 6076 NdisIP - ok
    13:09:50.0625 6076 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    13:09:50.0640 6076 NdisTapi - ok
    13:09:50.0656 6076 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    13:09:50.0734 6076 Ndisuio - ok
    13:09:50.0734 6076 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    13:09:50.0828 6076 NdisWan - ok
    13:09:50.0828 6076 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    13:09:50.0843 6076 NDProxy - ok
    13:09:50.0843 6076 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    13:09:50.0921 6076 NetBIOS - ok
    13:09:50.0937 6076 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    13:09:51.0031 6076 NetBT - ok
    13:09:51.0046 6076 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    13:09:51.0125 6076 NetDDE - ok
    13:09:51.0125 6076 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    13:09:51.0218 6076 NetDDEdsdm - ok
    13:09:51.0234 6076 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    13:09:51.0312 6076 Netlogon - ok
    13:09:51.0328 6076 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    13:09:51.0406 6076 Netman - ok
    13:09:51.0468 6076 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    13:09:51.0484 6076 NetTcpPortSharing - ok
    13:09:51.0500 6076 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    13:09:51.0531 6076 Nla - ok
    13:09:51.0531 6076 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    13:09:51.0625 6076 Npfs - ok
    13:09:51.0640 6076 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    13:09:51.0734 6076 Ntfs - ok
    13:09:51.0734 6076 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    13:09:51.0812 6076 NtLmSsp - ok
    13:09:51.0828 6076 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    13:09:51.0921 6076 NtmsSvc - ok
    13:09:51.0921 6076 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    13:09:52.0031 6076 Null - ok
    13:09:52.0156 6076 [ 1D5268CA4DDA44D8B835225B04DCC78A ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    13:09:52.0359 6076 nv - ok
    13:09:52.0359 6076 [ 048AE835A4300A1ABD3B87EACD5DBAC7 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
    13:09:52.0375 6076 NVSvc - ok
    13:09:52.0406 6076 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    13:09:52.0500 6076 NwlnkFlt - ok
    13:09:52.0500 6076 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    13:09:52.0593 6076 NwlnkFwd - ok
    13:09:52.0640 6076 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    13:09:52.0656 6076 ose - ok
    13:09:52.0781 6076 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    13:09:52.0968 6076 osppsvc - ok
    13:09:52.0968 6076 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
    13:09:53.0046 6076 Parport - ok
    13:09:53.0078 6076 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    13:09:53.0156 6076 PartMgr - ok
    13:09:53.0171 6076 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    13:09:53.0265 6076 ParVdm - ok
    13:09:53.0265 6076 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    13:09:53.0343 6076 PCI - ok
    13:09:53.0359 6076 PCIDump - ok
    13:09:53.0359 6076 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    13:09:53.0453 6076 PCIIde - ok
    13:09:53.0468 6076 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
    13:09:53.0562 6076 Pcmcia - ok
    13:09:53.0562 6076 PDCOMP - ok
    13:09:53.0562 6076 PDFRAME - ok
    13:09:53.0562 6076 PDRELI - ok
    13:09:53.0562 6076 PDRFRAME - ok
    13:09:53.0562 6076 perc2 - ok
    13:09:53.0562 6076 perc2hib - ok
    13:09:53.0609 6076 [ 8A2D1F929D4FD287543663B1BEB7023F ] PID_0928 C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
    13:09:53.0640 6076 PID_0928 - ok
    13:09:53.0640 6076 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    13:09:53.0671 6076 PlugPlay - ok
    13:09:53.0703 6076 [ 901C43516504CBE582E4C4193E00876A ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
    13:09:53.0703 6076 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
    13:09:53.0703 6076 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
    13:09:53.0703 6076 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    13:09:53.0796 6076 PolicyAgent - ok
    13:09:53.0812 6076 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    13:09:53.0906 6076 PptpMiniport - ok
    13:09:53.0906 6076 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    13:09:53.0984 6076 ProtectedStorage - ok
    13:09:53.0984 6076 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    13:09:54.0078 6076 PSched - ok
    13:09:54.0078 6076 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    13:09:54.0156 6076 Ptilink - ok
    13:09:54.0171 6076 ql1080 - ok
    13:09:54.0171 6076 Ql10wnt - ok
    13:09:54.0171 6076 ql12160 - ok
    13:09:54.0171 6076 ql1240 - ok
    13:09:54.0171 6076 ql1280 - ok
    13:09:54.0187 6076 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    13:09:54.0281 6076 RasAcd - ok
    13:09:54.0296 6076 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    13:09:54.0375 6076 RasAuto - ok
    13:09:54.0390 6076 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    13:09:54.0468 6076 Rasl2tp - ok
    13:09:54.0484 6076 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    13:09:54.0562 6076 RasMan - ok
    13:09:54.0578 6076 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    13:09:54.0656 6076 RasPppoe - ok
    13:09:54.0656 6076 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    13:09:54.0750 6076 Raspti - ok
    13:09:54.0750 6076 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    13:09:54.0843 6076 Rdbss - ok
    13:09:54.0843 6076 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    13:09:54.0937 6076 RDPCDD - ok
    13:09:54.0937 6076 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    13:09:55.0031 6076 rdpdr - ok
    13:09:55.0078 6076 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    13:09:55.0093 6076 RDPWD - ok
    13:09:55.0109 6076 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    13:09:55.0187 6076 RDSessMgr - ok
    13:09:55.0234 6076 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    13:09:55.0312 6076 redbook - ok
    13:09:55.0328 6076 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    13:09:55.0406 6076 RemoteAccess - ok
    13:09:55.0421 6076 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    13:09:55.0515 6076 RemoteRegistry - ok
    13:09:55.0531 6076 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
    13:09:55.0609 6076 RpcLocator - ok
    13:09:55.0640 6076 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
    13:09:55.0687 6076 RpcSs - ok
    13:09:55.0734 6076 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    13:09:55.0828 6076 RSVP - ok
    13:09:55.0843 6076 [ 839141088AD7EE90F5B441B2D1AFD22C ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    13:09:55.0875 6076 RTLE8023xp - ok
    13:09:55.0875 6076 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    13:09:55.0953 6076 SamSs - ok
    13:09:55.0984 6076 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    13:09:56.0078 6076 SCardSvr - ok
    13:09:56.0093 6076 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    13:09:56.0187 6076 Schedule - ok
    13:09:56.0187 6076 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    13:09:56.0281 6076 Secdrv - ok
    13:09:56.0296 6076 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    13:09:56.0375 6076 seclogon - ok
    13:09:56.0375 6076 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    13:09:56.0468 6076 SENS - ok
    13:09:56.0468 6076 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    13:09:56.0546 6076 serenum - ok
    13:09:56.0562 6076 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
    13:09:56.0640 6076 Serial - ok
    13:09:56.0640 6076 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    13:09:56.0734 6076 Sfloppy - ok
    13:09:56.0765 6076 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    13:09:56.0859 6076 SharedAccess - ok
    13:09:56.0875 6076 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    13:09:56.0890 6076 ShellHWDetection - ok
    13:09:56.0890 6076 Simbad - ok
    13:09:56.0906 6076 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
    13:09:56.0921 6076 SkypeUpdate - ok
    13:09:56.0937 6076 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
    13:09:57.0015 6076 SLIP - ok
    13:09:57.0015 6076 Sparrow - ok
    13:09:57.0031 6076 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    13:09:57.0125 6076 splitter - ok
    13:09:57.0156 6076 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    13:09:57.0171 6076 Spooler - ok
    13:09:57.0203 6076 [ 03D7AD16AC204C48640CBE6ED8281A65 ] spupdsvc C:\WINDOWS\system32\spupdsvc.exe
    13:09:57.0218 6076 spupdsvc - ok
    13:09:57.0234 6076 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    13:09:57.0312 6076 sr - ok
    13:09:57.0328 6076 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    13:09:57.0406 6076 srservice - ok
    13:09:57.0421 6076 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    13:09:57.0437 6076 Srv - ok
    13:09:57.0500 6076 [ 48F44A1BE434830B7C90FB730745F65A ] ssadbus C:\WINDOWS\system32\DRIVERS\ssadbus.sys
    13:09:57.0515 6076 ssadbus - ok
    13:09:57.0515 6076 [ 9630B486B62CC0ADB0A89152ED0218D7 ] ssadmdfl C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
    13:09:57.0531 6076 ssadmdfl - ok
    13:09:57.0546 6076 [ 9AFAA23421622C392B55508FA9613949 ] ssadmdm C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
    13:09:57.0562 6076 ssadmdm - ok
    13:09:57.0609 6076 [ 069351A1D7D291013177A90AE6EDCCBC ] sscdbus C:\WINDOWS\system32\DRIVERS\sscdbus.sys
    13:09:57.0625 6076 sscdbus - ok
    13:09:57.0671 6076 [ 1C925BE223A5C0F9F469252292A48DF6 ] sscdmdfl C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
    13:09:57.0687 6076 sscdmdfl - ok
    13:09:57.0703 6076 [ AE3E77AE0FBDB07EB1AC3FED74A0695E ] sscdmdm C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
    13:09:57.0718 6076 sscdmdm - ok
    13:09:57.0734 6076 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    13:09:57.0812 6076 SSDPSRV - ok
    13:09:57.0828 6076 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    13:09:57.0921 6076 stisvc - ok
    13:09:57.0953 6076 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    13:09:58.0031 6076 streamip - ok
    13:09:58.0046 6076 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    13:09:58.0140 6076 swenum - ok
    13:09:58.0140 6076 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    13:09:58.0218 6076 swmidi - ok
    13:09:58.0218 6076 SwPrv - ok
    13:09:58.0234 6076 symc810 - ok
    13:09:58.0234 6076 symc8xx - ok
    13:09:58.0234 6076 sym_hi - ok
    13:09:58.0234 6076 sym_u3 - ok
    13:09:58.0250 6076 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    13:09:58.0328 6076 sysaudio - ok
    13:09:58.0343 6076 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    13:09:58.0437 6076 SysmonLog - ok
    13:09:58.0453 6076 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    13:09:58.0531 6076 TapiSrv - ok
    13:09:58.0562 6076 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    13:09:58.0609 6076 Tcpip - ok
    13:09:58.0609 6076 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    13:09:58.0703 6076 TDPIPE - ok
    13:09:58.0703 6076 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    13:09:58.0781 6076 TDTCP - ok
    13:09:58.0781 6076 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    13:09:58.0875 6076 TermDD - ok
    13:09:58.0906 6076 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    13:09:59.0000 6076 TermService - ok
    13:09:59.0031 6076 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    13:09:59.0046 6076 Themes - ok
    13:09:59.0093 6076 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
    13:09:59.0171 6076 TlntSvr - ok
    13:09:59.0171 6076 TosIde - ok
    13:09:59.0187 6076 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    13:09:59.0265 6076 TrkWks - ok
    13:09:59.0281 6076 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    13:09:59.0375 6076 Udfs - ok
    13:09:59.0375 6076 [ 3C8E44C4FED100F4EA0DD2404775160E ] UimBus C:\WINDOWS\system32\DRIVERS\UimBus.sys
    13:09:59.0390 6076 UimBus ( UnsignedFile.Multi.Generic ) - warning
    13:09:59.0390 6076 UimBus - detected UnsignedFile.Multi.Generic (1)
    13:09:59.0390 6076 [ 2C4578AB991D6E9446FFABEAD86ECA14 ] Uim_IM C:\WINDOWS\system32\Drivers\Uim_IM.sys
    13:09:59.0390 6076 Uim_IM ( UnsignedFile.Multi.Generic ) - warning
    13:09:59.0390 6076 Uim_IM - detected UnsignedFile.Multi.Generic (1)
    13:09:59.0406 6076 [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    13:09:59.0406 6076 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
    13:09:59.0406 6076 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
    13:09:59.0406 6076 ultra - ok
    13:09:59.0421 6076 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    13:09:59.0500 6076 Update - ok
    13:09:59.0515 6076 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    13:09:59.0609 6076 upnphost - ok
    13:09:59.0609 6076 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    13:09:59.0703 6076 UPS - ok
    13:09:59.0718 6076 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
    13:09:59.0750 6076 USBAAPL - ok
    13:09:59.0765 6076 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    13:09:59.0843 6076 usbccgp - ok
    13:09:59.0890 6076 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    13:09:59.0984 6076 usbehci - ok
    13:10:00.0031 6076 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    13:10:00.0125 6076 usbhub - ok
    13:10:00.0140 6076 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    13:10:00.0218 6076 usbprint - ok
    13:10:00.0218 6076 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    13:10:00.0312 6076 usbscan - ok
    13:10:00.0328 6076 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    13:10:00.0421 6076 USBSTOR - ok
    13:10:00.0421 6076 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    13:10:00.0515 6076 usbuhci - ok
    13:10:00.0515 6076 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    13:10:00.0593 6076 VgaSave - ok
    13:10:00.0593 6076 ViaIde - ok
    13:10:00.0609 6076 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    13:10:00.0687 6076 VolSnap - ok
    13:10:00.0703 6076 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    13:10:00.0781 6076 VSS - ok
    13:10:00.0796 6076 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
    13:10:00.0890 6076 W32Time - ok
    13:10:00.0906 6076 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    13:10:01.0000 6076 Wanarp - ok
    13:10:01.0000 6076 WDICA - ok
    13:10:01.0000 6076 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    13:10:01.0078 6076 wdmaud - ok
    13:10:01.0093 6076 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    13:10:01.0187 6076 WebClient - ok
    13:10:01.0234 6076 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    13:10:01.0312 6076 winmgmt - ok
    13:10:01.0328 6076 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    13:10:01.0343 6076 WmdmPmSN - ok
    13:10:01.0375 6076 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
    13:10:01.0421 6076 Wmi - ok
    13:10:01.0421 6076 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    13:10:01.0515 6076 WmiApSrv - ok
    13:10:01.0562 6076 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
    13:10:01.0593 6076 WMPNetworkSvc - ok
    13:10:01.0609 6076 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    13:10:01.0625 6076 WpdUsb - ok
    13:10:01.0640 6076 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
    13:10:01.0734 6076 WS2IFSL - ok
    13:10:01.0765 6076 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    13:10:01.0859 6076 wscsvc - ok
    13:10:01.0906 6076 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    13:10:01.0984 6076 WSTCODEC - ok
    13:10:02.0000 6076 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    13:10:02.0078 6076 wuauserv - ok
    13:10:02.0093 6076 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    13:10:02.0109 6076 WudfPf - ok
    13:10:02.0109 6076 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    13:10:02.0125 6076 WudfRd - ok
    13:10:02.0140 6076 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    13:10:02.0171 6076 WudfSvc - ok
    13:10:02.0187 6076 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    13:10:02.0281 6076 WZCSVC - ok
    13:10:02.0281 6076 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    13:10:02.0375 6076 xmlprov - ok
    13:10:02.0375 6076 ================ Scan global ===============================
    13:10:02.0406 6076 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    13:10:02.0421 6076 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    13:10:02.0453 6076 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    13:10:02.0453 6076 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    13:10:02.0453 6076 [Global] - ok
    13:10:02.0453 6076 ================ Scan MBR ==================================
    13:10:02.0468 6076 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    13:10:02.0656 6076 \Device\Harddisk0\DR0 - ok
    13:10:02.0671 6076 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
    13:10:02.0890 6076 \Device\Harddisk1\DR1 - ok
    13:10:02.0890 6076 ================ Scan VBR ==================================
    13:10:02.0890 6076 [ C3F2CA37C7A394D9A8AA40ED2F396C88 ] \Device\Harddisk0\DR0\Partition1
    13:10:02.0890 6076 \Device\Harddisk0\DR0\Partition1 - ok
    13:10:02.0890 6076 [ 7340D3CCEA48A05F639C151829A5223A ] \Device\Harddisk1\DR1\Partition1
    13:10:02.0890 6076 \Device\Harddisk1\DR1\Partition1 - ok
    13:10:02.0906 6076 [ 2997F8551EC13DBEE4527CCD267DFB5B ] \Device\Harddisk1\DR1\Partition2
    13:10:02.0906 6076 \Device\Harddisk1\DR1\Partition2 - ok
    13:10:02.0906 6076 [ 0BAAFBE73AB0858BFB96287FF3DAB6F5 ] \Device\Harddisk1\DR1\Partition3
    13:10:02.0906 6076 \Device\Harddisk1\DR1\Partition3 - ok
    13:10:02.0921 6076 [ F0EAABB6664E702B672ABB8BC348E30D ] \Device\Harddisk1\DR1\Partition4
    13:10:02.0921 6076 \Device\Harddisk1\DR1\Partition4 - ok
    13:10:02.0937 6076 [ E05FFBF84889BAF80178D6DFB4BA0BBC ] \Device\Harddisk1\DR1\Partition5
    13:10:02.0937 6076 \Device\Harddisk1\DR1\Partition5 - ok
    13:10:02.0937 6076 [ 665CD6EB6EF182DBB70AEF8EBE6639EA ] \Device\Harddisk1\DR1\Partition6
    13:10:02.0937 6076 \Device\Harddisk1\DR1\Partition6 - ok
    13:10:02.0953 6076 [ B8C5208EC4C0C74172F4EC1443624940 ] \Device\Harddisk1\DR1\Partition7
    13:10:02.0953 6076 \Device\Harddisk1\DR1\Partition7 - ok
    13:10:02.0953 6076 ============================================================
    13:10:02.0953 6076 Scan finished
    13:10:02.0953 6076 ============================================================
    13:10:02.0953 3040 Detected object count: 5
    13:10:02.0953 3040 Actual detected object count: 5
    13:10:25.0203 3040 MDC8021X ( UnsignedFile.Multi.Generic ) - skipped by user
    13:10:25.0203 3040 MDC8021X ( UnsignedFile.Multi.Generic ) - User select action: Skip
    13:10:25.0203 3040 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
    13:10:25.0203 3040 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    13:10:25.0203 3040 UimBus ( UnsignedFile.Multi.Generic ) - skipped by user
    13:10:25.0203 3040 UimBus ( UnsignedFile.Multi.Generic ) - User select action: Skip
    13:10:25.0203 3040 Uim_IM ( UnsignedFile.Multi.Generic ) - skipped by user
    13:10:25.0203 3040 Uim_IM ( UnsignedFile.Multi.Generic ) - User select action: Skip
    13:10:25.0203 3040 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
    13:10:25.0203 3040 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
    13:10:36.0171 4112 Deinitialize success
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.


    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
  7. Zenlana

    Zenlana Newcomer, in training Topic Starter

    Hi DMJ,

    I've run the scan, here are the results:

    D:\Documents and Settings\Helen\Local Settings\Temp\ICReinstall\cnet_gbooks_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
    D:\Documents and Settings\Helen\My Documents\Downloads\cnet_gbooks_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

    Since the first set of scans I ran, my computer is no longer crashing or having the blue screen of death. It seems to be functioning normally at the moment - though I have 10 svchost.exe running, is that normal? (none running at 100%).

    Thank you for all your help!!
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."
    • Select Start > All Programs > Accessories > System tools > System Restore.
    • On the dialogue box that appears select Create a Restore Point
    • Click NEXT
    • Enter a name e.g. Clean
    • Click CREATE
    You now have a clean restore point, to get rid of the bad ones:
    • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
    • In the Drop down box that appears select your main drive e.g. C
    • Click OK
    • The System will do some calculation and the display a dialogue box with TABS
    • Select the More Options Tab.
    • At the bottom will be a system restore box with a CLEANUP button click this
    • Accept the Warning and select OK again, the program will close and you are done

    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    NOTE: If you already have this installed, you don't have to reinstall it.

    Please download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    • Double-click the CCleaner shortcut on the desktop to start the program.
    • A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
    • On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
    • Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

    Caution: Only use the Registry feature if you are very familiar with the registry.
    Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  9. Zenlana

    Zenlana Newcomer, in training Topic Starter

    Here are the results you've asked for:

    Results of screen317's Security Check version 0.99.54
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    PC Tools Spyware Doctor
    McAfee Anti-Virus and Anti-Spyware
    Antivirus up to date! (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.1.1000
    CCleaner
    Java(TM) 6 Update 37
    Java version out of Date!
    Adobe Flash Player 11.5.502.110
    Adobe Reader X (10.1.4)
    Mozilla Firefox (16.0.2)
    Mozilla Thunderbird (16.0.2)
    ````````Process Check: objlist.exe by Laurent````````
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````

    Am I all clear then? My computer definitely seems to be back to normal. I can't thank you enough!!!!! I didn't know how I was going to deal with this at all.
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Glad I could help. :D

    Java Update!

    Please download the newest version of Java from Java.com.

    Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

    Once old versions are gone, please install the newest version.

    Read more about Java exploit problems


    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.


    Any other questions before I mark this topic solved?
  11. Zenlana

    Zenlana Newcomer, in training Topic Starter

    No other questions! Thank you again for your help!!
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    You're welcome. Topic marked solved!
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.