Solved IC8D1A13...infection

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-18 23:40:40
-----------------------------
23:40:40.453 OS Version: Windows 5.1.2600 Service Pack 3
23:40:40.453 Number of processors: 2 586 0xF06
23:40:40.468 ComputerName: RANDY UserName:
23:40:41.593 Initialize success
00:08:42.718 AVAST engine defs: 12071900
00:09:09.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
00:09:09.343 Disk 0 Vendor: TOSHIBA_MK1637GSX DL020M Size: 152627MB BusType: 3
00:09:09.375 Disk 0 MBR read successfully
00:09:09.390 Disk 0 MBR scan
00:09:09.437 Disk 0 Windows XP default MBR code
00:09:09.437 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 142129 MB offset 63
00:09:09.468 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10244 MB offset 291081735
00:09:09.500 Disk 0 Partition 3 00 88 Linux plaintext A Kárò'ó 251 MB offset 312062625
00:09:09.515 Disk 0 scanning sectors +312576705
00:09:09.656 Disk 0 scanning C:\WINDOWS\system32\drivers
00:09:42.578 Service scanning
00:10:11.312 Modules scanning
00:11:23.937 Disk 0 trace - called modules:
00:11:24.296
00:11:24.937 AVAST engine scan C:\WINDOWS
00:12:35.140 AVAST engine scan C:\WINDOWS\system32
00:27:26.250 AVAST engine scan C:\WINDOWS\system32\drivers
00:28:59.468 AVAST engine scan C:\Documents and Settings\Randy Enns
00:29:27.203 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Randy Enns\Desktop\MBR.dat"
00:29:27.203 The log file has been saved successfully to "C:\Documents and Settings\Randy Enns\Desktop\aswMBR.txt"
00:33:11.593 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Randy Enns\Desktop\MBR.dat"
00:33:11.609 The log file has been saved successfully to "C:\Documents and Settings\Randy Enns\Desktop\aswMBR.txt"
 
Please disable "word wrap" in Notepad as some logs are harder to read.

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
2.0924 4828 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
18:42:03.0486 4828 ============================================================
18:42:03.0486 4828 Current date / time: 2012/07/19 18:42:03.0486
18:42:03.0486 4828 SystemInfo:
18:42:03.0486 4828
18:42:03.0486 4828 OS Version: 5.1.2600 ServicePack: 3.0
18:42:03.0486 4828 Product type: Workstation
18:42:03.0486 4828 ComputerName: RANDY
18:42:03.0486 4828 UserName: Randy Enns
18:42:03.0486 4828 Windows directory: C:\WINDOWS
18:42:03.0486 4828 System windows directory: C:\WINDOWS
18:42:03.0486 4828 Processor architecture: Intel x86
18:42:03.0486 4828 Number of processors: 2
18:42:03.0486 4828 Page size: 0x1000
18:42:03.0486 4828 Boot type: Normal boot
18:42:03.0486 4828 ============================================================
18:42:07.0517 4828 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:42:07.0533 4828 ============================================================
18:42:07.0533 4828 \Device\Harddisk0\DR0:
18:42:07.0533 4828 MBR partitions:
18:42:07.0533 4828 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x11598DC8
18:42:07.0533 4828 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x11598E07, BlocksNum 0x140249A
18:42:07.0533 4828 ============================================================
18:42:07.0986 4828 C: <-> \Device\Harddisk0\DR0\Partition0
18:42:08.0455 4828 D: <-> \Device\Harddisk0\DR0\Partition1
18:42:08.0455 4828 ============================================================
18:42:08.0455 4828 Initialize success
18:42:08.0455 4828 ============================================================
18:42:17.0752 4328 ============================================================
18:42:17.0752 4328 Scan started
18:42:17.0752 4328 Mode: Manual;
18:42:17.0752 4328 ============================================================
18:42:18.0955 4328 aamqdispatcher - ok
18:42:18.0971 4328 Abiosdsk - ok
18:42:18.0986 4328 abp480n5 - ok
18:42:19.0143 4328 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:42:19.0158 4328 ACPI - ok
18:42:19.0158 4328 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
18:42:19.0158 4328 ACPIEC - ok
18:42:19.0174 4328 adfs - ok
18:42:19.0189 4328 adihdaudaddservice - ok
18:42:19.0189 4328 adpu160m - ok
18:42:19.0236 4328 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:42:19.0236 4328 aec - ok
18:42:19.0299 4328 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
18:42:19.0299 4328 AegisP - ok
18:42:19.0393 4328 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:42:19.0393 4328 AFD - ok
18:42:19.0564 4328 AgereSoftModem (c41a5740468d0b9cb46e6390a0e15ce3) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
18:42:19.0580 4328 AgereSoftModem - ok
18:42:19.0596 4328 Aha154x - ok
18:42:19.0596 4328 aic78u2 - ok
18:42:19.0611 4328 aic78xx - ok
18:42:19.0658 4328 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:42:19.0658 4328 Alerter - ok
18:42:19.0689 4328 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:42:19.0705 4328 ALG - ok
18:42:19.0705 4328 AliIde - ok
18:42:19.0705 4328 amfilter - ok
18:42:19.0721 4328 amsint - ok
18:42:19.0939 4328 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:42:19.0939 4328 Apple Mobile Device - ok
18:42:19.0971 4328 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
18:42:19.0986 4328 AppMgmt - ok
18:42:20.0158 4328 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:42:20.0174 4328 Arp1394 - ok
18:42:20.0174 4328 asc - ok
18:42:20.0189 4328 asc3350p - ok
18:42:20.0189 4328 asc3550 - ok
18:42:20.0330 4328 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:42:20.0439 4328 aspnet_state - ok
18:42:20.0471 4328 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:42:20.0471 4328 AsyncMac - ok
18:42:20.0611 4328 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:42:20.0627 4328 atapi - ok
18:42:20.0627 4328 Atdisk - ok
18:42:20.0658 4328 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:42:20.0658 4328 Atmarpc - ok
18:42:20.0658 4328 ATMsrvc - ok
18:42:20.0705 4328 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:42:20.0705 4328 AudioSrv - ok
18:42:20.0768 4328 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:42:20.0768 4328 audstub - ok
18:42:22.0111 4328 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
18:42:22.0424 4328 AVGIDSAgent - ok
18:42:22.0939 4328 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
18:42:22.0939 4328 AVGIDSDriver - ok
18:42:22.0971 4328 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
18:42:22.0971 4328 AVGIDSEH - ok
18:42:23.0002 4328 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
18:42:23.0002 4328 AVGIDSFilter - ok
18:42:23.0018 4328 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
18:42:23.0018 4328 AVGIDSShim - ok
18:42:23.0127 4328 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
18:42:23.0143 4328 Avgldx86 - ok
18:42:23.0174 4328 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
18:42:23.0174 4328 Avgmfx86 - ok
18:42:23.0189 4328 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
18:42:23.0205 4328 Avgrkx86 - ok
18:42:23.0408 4328 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
18:42:23.0408 4328 avgwd - ok
18:42:23.0424 4328 avinitnt - ok
18:42:23.0439 4328 backupexecalertserver - ok
18:42:23.0486 4328 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:42:23.0486 4328 Beep - ok
18:42:23.0689 4328 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:42:23.0689 4328 BITS - ok
18:42:23.0705 4328 BoiHwsetup - ok
18:42:23.0971 4328 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
18:42:23.0986 4328 Bonjour Service - ok
18:42:24.0049 4328 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:42:24.0064 4328 Browser - ok
18:42:24.0064 4328 btfirst - ok
18:42:24.0080 4328 btkrnl - ok
18:42:24.0080 4328 btwdins - ok
18:42:24.0096 4328 captureservice - ok
18:42:24.0143 4328 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:42:24.0143 4328 cbidf2k - ok
18:42:24.0143 4328 ccalib8 - ok
18:42:24.0236 4328 ccEvtMgr - ok
18:42:24.0236 4328 ccSetMgr - ok
18:42:24.0236 4328 cd20xrnt - ok
18:42:24.0283 4328 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:42:24.0283 4328 Cdaudio - ok
18:42:24.0361 4328 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:42:24.0361 4328 Cdfs - ok
18:42:24.0471 4328 CFSvcs (3cb0cc8879956c187e87e18634ee5164) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
18:42:24.0471 4328 CFSvcs - ok
18:42:24.0486 4328 Changer - ok
18:42:24.0518 4328 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:42:24.0518 4328 CiSvc - ok
18:42:24.0549 4328 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:42:24.0549 4328 ClipSrv - ok
18:42:24.0736 4328 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:42:24.0830 4328 clr_optimization_v2.0.50727_32 - ok
18:42:24.0861 4328 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:42:24.0861 4328 CmBatt - ok
18:42:24.0861 4328 CmdIde - ok
18:42:24.0924 4328 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:42:24.0924 4328 Compbatt - ok
18:42:24.0924 4328 COMSysApp - ok
18:42:24.0939 4328 Cpqarray - ok
18:42:24.0939 4328 cpqdfw - ok
18:42:24.0955 4328 cpqfws2e - ok
18:42:25.0033 4328 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:42:25.0049 4328 CryptSvc - ok
18:42:25.0049 4328 cvspydr2 - ok
18:42:25.0049 4328 d-link_st3402 - ok
18:42:25.0064 4328 dac2w2k - ok
18:42:25.0064 4328 dac960nt - ok
18:42:25.0080 4328 datunidr - ok
18:42:25.0174 4328 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:42:25.0174 4328 DcomLaunch - ok
18:42:25.0174 4328 Defrag32b - ok
18:42:25.0283 4328 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:42:25.0299 4328 Dhcp - ok
18:42:25.0346 4328 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:42:25.0361 4328 Disk - ok
18:42:25.0393 4328 dmadmin - ok
18:42:25.0502 4328 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:42:25.0549 4328 dmboot - ok
18:42:25.0611 4328 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:42:25.0658 4328 dmio - ok
18:42:25.0689 4328 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:42:25.0736 4328 dmload - ok
18:42:25.0830 4328 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:42:25.0846 4328 dmserver - ok
18:42:25.0861 4328 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:42:25.0877 4328 DMusic - ok
18:42:25.0939 4328 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
18:42:25.0955 4328 Dnscache - ok
18:42:26.0049 4328 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:42:26.0064 4328 Dot3svc - ok
18:42:26.0064 4328 dot4ufd - ok
18:42:26.0096 4328 dphost - ok
18:42:26.0143 4328 dpti2o - ok
18:42:26.0205 4328 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:42:26.0205 4328 drmkaud - ok
18:42:26.0299 4328 DVD-RAM_Service (c9ffbd6b8edc46cd3d13e3c6db914fb7) C:\WINDOWS\system32\DVDRAMSV.exe
18:42:26.0314 4328 DVD-RAM_Service - ok
18:42:26.0393 4328 E100B (83403675cab29e7a4b885b11e7c855d8) C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:42:26.0393 4328 E100B - ok
18:42:26.0455 4328 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:42:26.0471 4328 EapHost - ok
18:42:26.0689 4328 ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
18:42:26.0689 4328 ehRecvr - ok
18:42:26.0752 4328 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
18:42:26.0752 4328 ehSched - ok
18:42:26.0830 4328 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:42:26.0830 4328 ERSvc - ok
18:42:26.0877 4328 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:42:26.0877 4328 Eventlog - ok
18:42:26.0971 4328 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
18:42:27.0002 4328 EventSystem - ok
18:42:27.0158 4328 EvtEng (6a197698a141ffe7651b962ae3172008) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
18:42:27.0174 4328 EvtEng - ok
18:42:27.0346 4328 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:42:27.0361 4328 Fastfat - ok
18:42:27.0393 4328 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:42:27.0408 4328 FastUserSwitchingCompatibility - ok
18:42:27.0439 4328 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:42:27.0439 4328 Fdc - ok
18:42:27.0455 4328 FINEPIX_PCC - ok
18:42:27.0486 4328 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:42:27.0486 4328 Fips - ok
18:42:27.0486 4328 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:42:27.0486 4328 Flpydisk - ok
18:42:27.0580 4328 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:42:27.0596 4328 FltMgr - ok
18:42:27.0705 4328 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:42:27.0705 4328 FontCache3.0.0.0 - ok
18:42:27.0736 4328 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
18:42:27.0736 4328 fssfltr - ok
18:42:27.0939 4328 fsssvc (206ad9a89bf05dfa1621f1fc7b82592d) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
18:42:27.0955 4328 fsssvc - ok
18:42:28.0033 4328 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:42:28.0033 4328 Fs_Rec - ok
18:42:28.0064 4328 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:42:28.0064 4328 Ftdisk - ok
18:42:28.0080 4328 gdihook5 - ok
18:42:28.0127 4328 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
18:42:28.0127 4328 GEARAspiWDM - ok
18:42:28.0221 4328 GoToAssist Express Customer (0ff39256ae69c2980a36a25843a52ca1) C:\Program Files\Citrix\GoToAssist Express Customer\209\g2ax_service.exe
18:42:28.0221 4328 GoToAssist Express Customer - ok
18:42:28.0299 4328 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:42:28.0299 4328 Gpc - ok
18:42:28.0393 4328 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:42:28.0393 4328 HDAudBus - ok
18:42:28.0439 4328 helpsvc - ok
18:42:28.0533 4328 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
18:42:28.0533 4328 HidServ - ok
18:42:28.0549 4328 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:42:28.0549 4328 HidUsb - ok
18:42:28.0596 4328 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:42:28.0596 4328 hkmsvc - ok
18:42:28.0611 4328 hnmsvc - ok
18:42:28.0611 4328 hpn - ok
18:42:28.0830 4328 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:42:28.0846 4328 HTTP - ok
18:42:28.0861 4328 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:42:28.0877 4328 HTTPFilter - ok
18:42:28.0877 4328 hwpsgt - ok
18:42:28.0893 4328 i2omgmt - ok
18:42:28.0893 4328 i2omp - ok
18:42:28.0908 4328 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:42:28.0924 4328 i8042prt - ok
18:42:28.0924 4328 iaimfp4 - ok
18:42:29.0033 4328 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:42:29.0049 4328 IDriverT - ok
18:42:29.0268 4328 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:42:29.0283 4328 idsvc - ok
18:42:29.0299 4328 igniteservice.exe - ok
18:42:29.0346 4328 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:42:29.0346 4328 Imapi - ok
18:42:29.0393 4328 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
18:42:29.0393 4328 ImapiService - ok
18:42:29.0408 4328 ini910u - ok
18:42:30.0830 4328 IntcAzAudAddService (7c09d605fcae64e3cb11ebf90fb1e3a1) C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:42:30.0861 4328 IntcAzAudAddService - ok
18:42:31.0580 4328 IntelIde - ok
18:42:31.0643 4328 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:42:31.0674 4328 intelppm - ok
18:42:31.0721 4328 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:42:31.0736 4328 Ip6Fw - ok
18:42:31.0752 4328 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:42:31.0768 4328 IpFilterDriver - ok
18:42:31.0799 4328 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:42:31.0799 4328 IpInIp - ok
18:42:31.0971 4328 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:42:32.0002 4328 IpNat - ok
18:42:32.0689 4328 iPod Service (ca1972397b845b2f53f5dc63c22fd98a) C:\Program Files\iPod\bin\iPodService.exe
18:42:32.0768 4328 iPod Service - ok
18:42:32.0814 4328 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:42:32.0846 4328 IPSec - ok
18:42:32.0861 4328 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:42:32.0861 4328 IRENUM - ok
18:42:32.0924 4328 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:42:32.0939 4328 isapnp - ok
18:42:33.0002 4328 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
18:42:33.0002 4328 Iviaspi - ok
18:42:33.0143 4328 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
18:42:33.0158 4328 JavaQuickStarterService - ok
18:42:33.0158 4328 JRAID - ok
18:42:33.0174 4328 k750bus - ok
18:42:33.0205 4328 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:42:33.0205 4328 Kbdclass - ok
18:42:33.0283 4328 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:42:33.0299 4328 kbdhid - ok
18:42:33.0314 4328 kerbkey - ok
18:42:33.0502 4328 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:42:33.0502 4328 kmixer - ok
18:42:33.0502 4328 kodakccs - ok
18:42:33.0518 4328 KR10N - ok
18:42:33.0768 4328 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:42:33.0768 4328 KSecDD - ok
18:42:33.0877 4328 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
18:42:33.0893 4328 lanmanserver - ok
18:42:33.0986 4328 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
18:42:34.0002 4328 lanmanworkstation - ok
18:42:34.0002 4328 lbrtfdc - ok
18:42:34.0018 4328 lgsnd_filter - ok
18:42:34.0064 4328 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:42:34.0080 4328 LmHosts - ok
18:42:34.0502 4328 LMIGuardianSvc (850cc3ee0507654c40e1971982f4b698) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
18:42:34.0549 4328 LMIGuardianSvc - ok
18:42:34.0549 4328 lmimirr - ok
18:42:34.0564 4328 lxct_device - ok
18:42:34.0627 4328 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys
18:42:34.0627 4328 MBAMProtector - ok
18:42:34.0908 4328 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:42:35.0018 4328 MBAMService - ok
18:42:35.0502 4328 mbr - ok
18:42:35.0549 4328 mcafeeframework - ok
18:42:35.0549 4328 McciCMService - ok
18:42:35.0564 4328 mcdetect.exe - ok
18:42:35.0564 4328 mclogmanagerservice - ok
18:42:35.0721 4328 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
18:42:35.0721 4328 McrdSvc - ok
18:42:35.0814 4328 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys
18:42:35.0830 4328 meiudf - ok
18:42:35.0877 4328 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:42:35.0877 4328 Messenger - ok
18:42:35.0908 4328 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
18:42:35.0908 4328 MHN - ok
18:42:35.0939 4328 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
18:42:35.0939 4328 MHNDRV - ok
18:42:36.0002 4328 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:42:36.0002 4328 mnmdd - ok
18:42:36.0033 4328 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
18:42:36.0033 4328 mnmsrvc - ok
18:42:36.0080 4328 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:42:36.0080 4328 Modem - ok
18:42:36.0127 4328 motmodem (59f513e9a519a5fd6fa6b03d3aa8081b) C:\WINDOWS\system32\DRIVERS\motmodem.sys
18:42:36.0127 4328 motmodem - ok
18:42:36.0158 4328 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:42:36.0158 4328 Mouclass - ok
18:42:36.0190 4328 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:42:36.0190 4328 mouhid - ok
18:42:36.0236 4328 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:42:36.0252 4328 MountMgr - ok
18:42:36.0408 4328 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:42:36.0408 4328 MozillaMaintenance - ok
18:42:36.0424 4328 mozyFilter - ok
18:42:36.0424 4328 mraid35x - ok
18:42:36.0424 4328 mrvw245 - ok
18:42:36.0471 4328 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:42:36.0471 4328 MRxDAV - ok
18:42:36.0611 4328 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:42:36.0611 4328 MRxSmb - ok
18:42:36.0674 4328 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
18:42:36.0674 4328 MSDTC - ok
18:42:36.0721 4328 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:42:36.0736 4328 Msfs - ok
18:42:36.0736 4328 MSICPL - ok
18:42:36.0736 4328 MSIServer - ok
18:42:36.0768 4328 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:42:36.0768 4328 MSKSSRV - ok
18:42:36.0768 4328 MSMQ - ok
18:42:36.0799 4328 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:42:36.0799 4328 MSPCLOCK - ok
18:42:36.0815 4328 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:42:36.0830 4328 MSPQM - ok
18:42:36.0877 4328 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:42:36.0877 4328 mssmbios - ok
18:42:36.0877 4328 mssql$microsoftsmlbiz - ok
18:42:36.0924 4328 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:42:36.0924 4328 Mup - ok
18:42:36.0924 4328 mwssched - ok
18:42:36.0940 4328 mwstick - ok
18:42:37.0033 4328 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:42:37.0049 4328 napagent - ok
18:42:37.0080 4328 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:42:37.0080 4328 NDIS - ok
18:42:37.0143 4328 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:42:37.0143 4328 NdisTapi - ok
18:42:37.0205 4328 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:42:37.0205 4328 Ndisuio - ok
18:42:37.0221 4328 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:42:37.0236 4328 NdisWan - ok
18:42:37.0268 4328 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:42:37.0268 4328 NDProxy - ok
18:42:37.0315 4328 Netaapl (1352e1648213551923a0a822e441553c) C:\WINDOWS\system32\DRIVERS\netaapl.sys
18:42:37.0315 4328 Netaapl - ok
18:42:37.0393 4328 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:42:37.0393 4328 NetBIOS - ok
18:42:37.0611 4328 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:42:37.0627 4328 NetBT - ok
18:42:37.0690 4328 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:42:37.0690 4328 NetDDE - ok
18:42:37.0705 4328 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:42:37.0705 4328 NetDDEdsdm - ok
18:42:37.0768 4328 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
18:42:37.0768 4328 Netdevio - ok
18:42:37.0861 4328 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:42:37.0861 4328 Netlogon - ok
18:42:38.0096 4328 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:42:38.0111 4328 Netman - ok
18:42:38.0268 4328 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:42:38.0268 4328 NetTcpPortSharing - ok
18:42:38.0596 4328 NETw3x32 (50f5de54e1d1646c02078f3eddc15a8e) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
18:42:38.0690 4328 NETw3x32 - ok
18:42:38.0986 4328 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:42:38.0986 4328 NIC1394 - ok
18:42:39.0049 4328 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
18:42:39.0049 4328 Nla - ok
18:42:39.0080 4328 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:42:39.0080 4328 Npfs - ok
18:42:39.0252 4328 NSCService - ok
18:42:39.0330 4328 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:42:39.0346 4328 Ntfs - ok
18:42:39.0393 4328 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:42:39.0393 4328 NtLmSsp - ok
18:42:39.0455 4328 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:42:39.0471 4328 NtmsSvc - ok
18:42:39.0518 4328 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
18:42:39.0518 4328 NuidFltr - ok
18:42:39.0565 4328 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:42:39.0565 4328 Null - ok
18:42:40.0096 4328 nv (ac5267c71f72fb42511ed5790ba0e9f5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:42:40.0283 4328 nv - ok
18:42:40.0486 4328 NVSvc (3ab553f922fc8501bf2ee5407fc28c0f) C:\WINDOWS\system32\nvsvc32.exe
18:42:40.0486 4328 NVSvc - ok
18:42:40.0611 4328 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:42:40.0611 4328 NwlnkFlt - ok
18:42:40.0643 4328 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:42:40.0643 4328 NwlnkFwd - ok
18:42:40.0643 4328 obvious - ok
18:42:40.0705 4328 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:42:40.0721 4328 ohci1394 - ok
18:42:40.0721 4328 oracle_load_balancer_60_client-forms6ip9 - ok
18:42:40.0846 4328 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:42:40.0846 4328 ose - ok
18:42:40.0861 4328 parallel - ok
18:42:40.0924 4328 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
18:42:40.0940 4328 Parport - ok
18:42:40.0986 4328 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:42:40.0986 4328 PartMgr - ok
18:42:41.0065 4328 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:42:41.0065 4328 ParVdm - ok
18:42:41.0080 4328 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:42:41.0111 4328 PCI - ok
18:42:41.0111 4328 PCIDump - ok
18:42:41.0127 4328 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:42:41.0127 4328 PCIIde - ok
18:42:41.0236 4328 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
18:42:41.0268 4328 Pcmcia - ok
18:42:41.0268 4328 PDCOMP - ok
18:42:41.0283 4328 PDFRAME - ok
18:42:41.0283 4328 pdlncfwk - ok
18:42:41.0299 4328 pdlnemap - ok
18:42:41.0299 4328 PDRELI - ok
18:42:41.0315 4328 PDRFRAME - ok
18:42:41.0315 4328 perc2 - ok
18:42:41.0330 4328 perc2hib - ok
18:42:41.0377 4328 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
18:42:41.0377 4328 Pfc - ok
18:42:41.0377 4328 PID_08A0 - ok
18:42:41.0549 4328 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:42:41.0549 4328 PlugPlay - ok
18:42:41.0596 4328 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:42:41.0611 4328 PolicyAgent - ok
18:42:41.0674 4328 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:42:41.0690 4328 PptpMiniport - ok
18:42:41.0690 4328 procdd - ok
18:42:41.0705 4328 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:42:41.0705 4328 ProtectedStorage - ok
18:42:41.0721 4328 ps2 - ok
18:42:41.0736 4328 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:42:41.0752 4328 PSched - ok
18:42:41.0830 4328 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:42:41.0830 4328 Ptilink - ok
18:42:41.0908 4328 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:42:41.0908 4328 PxHelp20 - ok
18:42:41.0924 4328 qbposdbservices - ok
18:42:41.0940 4328 ql1080 - ok
18:42:41.0940 4328 Ql10wnt - ok
18:42:41.0955 4328 ql12160 - ok
18:42:41.0955 4328 ql1240 - ok
18:42:41.0971 4328 ql1280 - ok
18:42:41.0971 4328 RapiMgr - ok
18:42:42.0002 4328 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:42:42.0033 4328 RasAcd - ok
18:42:42.0111 4328 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:42:42.0127 4328 RasAuto - ok
18:42:42.0268 4328 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:42:42.0268 4328 Rasl2tp - ok
18:42:42.0471 4328 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:42:42.0518 4328 RasMan - ok
18:42:42.0611 4328 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:42:42.0627 4328 RasPppoe - ok
18:42:42.0690 4328 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:42:42.0690 4328 Raspti - ok
18:42:42.0705 4328 raysatxsi5_0server - ok
18:42:43.0002 4328 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:42:43.0018 4328 Rdbss - ok
18:42:43.0049 4328 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:42:43.0049 4328 RDPCDD - ok
18:42:43.0143 4328 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:42:43.0158 4328 rdpdr - ok
18:42:43.0268 4328 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
18:42:43.0268 4328 RDPWD - ok
18:42:43.0315 4328 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:42:43.0330 4328 RDSessMgr - ok
18:42:43.0377 4328 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:42:43.0377 4328 redbook - ok
18:42:43.0768 4328 RegSrvc (d8f61aaae73a1fbde6f538becc891f2f) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
18:42:43.0768 4328 RegSrvc - ok
18:42:43.0815 4328 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:42:43.0815 4328 RemoteAccess - ok
18:42:43.0846 4328 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
18:42:43.0846 4328 RemoteRegistry - ok
18:42:43.0861 4328 retroexplauncher - ok
18:42:43.0861 4328 REVO - ok
18:42:43.0877 4328 REVOSENS - ok
18:42:43.0877 4328 rnadirectory - ok
18:42:43.0908 4328 Roxio UPnP Renderer 11 - ok
18:42:43.0908 4328 roxupnprenderer - ok
18:42:43.0955 4328 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
18:42:43.0955 4328 RpcLocator - ok
18:42:44.0018 4328 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
18:42:44.0033 4328 RpcSs - ok
18:42:44.0174 4328 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
18:42:44.0190 4328 RSVP - ok
18:42:44.0190 4328 s116bus - ok
18:42:44.0471 4328 S24EventMonitor (25f697e3afa7b337bbcaddbce38e6934) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
18:42:44.0518 4328 S24EventMonitor - ok
18:42:44.0565 4328 s24trans (2862adb14481ac28f98105ff33a99eb0) C:\WINDOWS\system32\DRIVERS\s24trans.sys
18:42:44.0565 4328 s24trans - ok
18:42:44.0596 4328 s616mdfl - ok
18:42:44.0627 4328 s616obex - ok
18:42:44.0690 4328 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:42:44.0690 4328 SamSs - ok
18:42:44.0736 4328 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:42:44.0736 4328 SCardSvr - ok
18:42:44.0783 4328 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:42:44.0799 4328 Schedule - ok
18:42:44.0893 4328 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
18:42:44.0908 4328 sdbus - ok
18:42:44.0924 4328 sdhelper - ok
18:42:44.0955 4328 se44bus - ok
18:42:44.0955 4328 se44mdfl - ok
18:42:44.0971 4328 se58bus - ok
18:42:44.0971 4328 se58mdfl - ok
18:42:45.0018 4328 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:42:45.0018 4328 Secdrv - ok
18:42:45.0049 4328 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:42:45.0049 4328 seclogon - ok
18:42:45.0065 4328 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\System32\sens.dll
18:42:45.0065 4328 SENS - ok
18:42:45.0174 4328 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
18:42:45.0221 4328 Serial - ok
18:42:45.0299 4328 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:42:45.0299 4328 Sfloppy - ok
18:42:45.0502 4328 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
18:42:45.0533 4328 SharedAccess - ok
18:42:45.0596 4328 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:42:45.0596 4328 ShellHWDetection - ok
18:42:45.0611 4328 Simbad - ok
18:42:45.0611 4328 SiSRaid2 - ok
18:42:45.0627 4328 SNTIE - ok
18:42:45.0627 4328 Sparrow - ok
18:42:45.0674 4328 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:42:45.0674 4328 splitter - ok
18:42:45.0736 4328 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:42:45.0736 4328 Spooler - ok
18:42:45.0783 4328 sqlagent$sony_mediamgr - ok
18:42:45.0783 4328 sqlagent$soshome22 - ok
18:42:45.0846 4328 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:42:45.0861 4328 sr - ok
18:42:45.0955 4328 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
18:42:45.0955 4328 srservice - ok
18:42:45.0971 4328 srtspx - ok
18:42:46.0080 4328 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:42:46.0111 4328 Srv - ok
18:42:46.0143 4328 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:42:46.0158 4328 SSDPSRV - ok
18:42:46.0158 4328 ssmdrv - ok
18:42:46.0174 4328 ssm_mdfl - ok
18:42:46.0174 4328 ss_bus - ok
18:42:46.0315 4328 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:42:46.0393 4328 stisvc - ok
18:42:46.0393 4328 superproserver - ok
18:42:46.0486 4328 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:42:46.0486 4328 swenum - ok
18:42:46.0611 4328 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:42:46.0627 4328 swmidi - ok
18:42:46.0643 4328 SwPrv - ok
18:42:46.0643 4328 symc810 - ok
18:42:46.0658 4328 symc8xx - ok
18:42:46.0752 4328 SymEvent (403bd24fa5c55fc648abdd039629a954) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
18:42:46.0768 4328 SymEvent - ok
18:42:46.0783 4328 symidsco - ok
18:42:46.0846 4328 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
18:42:46.0846 4328 symlcbrd - ok
18:42:46.0861 4328 symndis - ok
18:42:46.0861 4328 sym_hi - ok
18:42:46.0877 4328 sym_u3 - ok
18:42:46.0986 4328 SynTP (a6cc8c28d5aad4179ef32f05bed55e91) C:\WINDOWS\system32\DRIVERS\SynTP.sys
18:42:47.0002 4328 SynTP - ok
18:42:47.0143 4328 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:42:47.0143 4328 sysaudio - ok
18:42:47.0221 4328 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:42:47.0236 4328 SysmonLog - ok
18:42:47.0455 4328 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:42:47.0471 4328 TapiSrv - ok
18:42:47.0721 4328 TAPPSRV (36772b5eaaaf42db5c5ee6eeb0ec0af7) C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
18:42:47.0721 4328 TAPPSRV - ok
18:42:47.0736 4328 tb2launch - ok
18:42:47.0768 4328 TBiosDrv (1f26d86828039c0b594399f7f2ffef09) C:\WINDOWS\system32\Drivers\Tbiosdrv.sys
18:42:47.0783 4328 TBiosDrv - ok
18:42:48.0065 4328 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:42:48.0096 4328 Tcpip - ok
18:42:48.0143 4328 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:42:48.0143 4328 TDPIPE - ok
18:42:48.0158 4328 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:42:48.0158 4328 TDTCP - ok
18:42:48.0205 4328 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:42:48.0205 4328 TermDD - ok
18:42:48.0330 4328 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
18:42:48.0361 4328 TermService - ok
18:42:48.0518 4328 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:42:48.0518 4328 Themes - ok
18:42:48.0627 4328 tifm21 (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys
18:42:48.0643 4328 tifm21 - ok
18:42:48.0690 4328 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
18:42:48.0705 4328 TlntSvr - ok
18:42:48.0705 4328 tomcatcws3 - ok
18:42:48.0705 4328 TosIde - ok
18:42:48.0736 4328 tosrfec (cc069342ee0eae55b32a0ae99cf6185c) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
18:42:48.0736 4328 tosrfec - ok
18:42:48.0752 4328 TPECioCtl - ok
18:42:48.0861 4328 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:42:48.0861 4328 TrkWks - ok
18:42:48.0877 4328 tunnelguardservice - ok
18:42:48.0924 4328 TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\WINDOWS\system32\DRIVERS\NBSMI.sys
18:42:48.0924 4328 TVALD - ok
18:42:48.0940 4328 Tvs (546dfba6486569120d33f7ad6e94efdd) C:\WINDOWS\system32\DRIVERS\Tvs.sys
18:42:48.0955 4328 Tvs - ok
18:42:49.0018 4328 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:42:49.0033 4328 Udfs - ok
18:42:49.0049 4328 ufad-ws60 - ok
18:42:49.0049 4328 ultra - ok
18:42:49.0143 4328 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:42:49.0174 4328 Update - ok
18:42:49.0330 4328 uploadmgr (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:42:49.0330 4328 uploadmgr - ok
18:42:49.0393 4328 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:42:49.0408 4328 upnphost - ok
18:42:49.0455 4328 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:42:49.0471 4328 UPS - ok
18:42:49.0518 4328 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:42:49.0518 4328 USBAAPL - ok
18:42:49.0565 4328 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
18:42:49.0580 4328 usbaudio - ok
18:42:49.0611 4328 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:42:49.0627 4328 usbccgp - ok
18:42:49.0627 4328 usbcm - ok
18:42:49.0674 4328 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:42:49.0721 4328 usbehci - ok
18:42:49.0783 4328 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:42:49.0783 4328 usbhub - ok
18:42:49.0830 4328 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:42:49.0830 4328 usbscan - ok
18:42:49.0861 4328 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:42:49.0877 4328 USBSTOR - ok
18:42:49.0924 4328 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:42:49.0940 4328 usbuhci - ok
18:42:49.0940 4328 UVCFTR - ok
18:42:49.0955 4328 UxTuneUp - ok
18:42:49.0986 4328 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:42:49.0986 4328 VgaSave - ok
18:42:50.0002 4328 ViaIde - ok
18:42:50.0033 4328 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:42:50.0049 4328 VolSnap - ok
18:42:50.0096 4328 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:42:50.0111 4328 VSS - ok
18:42:50.0752 4328 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
18:42:50.0908 4328 vToolbarUpdater11.2.0 - ok
18:42:50.0908 4328 vxsvc - ok
18:42:50.0924 4328 w300mdm - ok
18:42:51.0002 4328 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
18:42:51.0018 4328 W32Time - ok
18:42:51.0049 4328 w810bus - ok
18:42:51.0190 4328 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:42:51.0190 4328 Wanarp - ok
18:42:51.0190 4328 wcontrol - ok
18:42:51.0361 4328 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
18:42:51.0377 4328 Wdf01000 - ok
18:42:51.0393 4328 WDICA - ok
18:42:51.0440 4328 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:42:51.0486 4328 wdmaud - ok
18:42:51.0580 4328 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:42:51.0596 4328 WebClient - ok
18:42:51.0596 4328 websenseclientdeployservice - ok
18:42:51.0768 4328 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:42:51.0799 4328 winmgmt - ok
18:42:51.0815 4328 winpower - ok
18:42:52.0049 4328 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
18:42:52.0080 4328 WLSetupSvc - ok
18:42:52.0111 4328 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
18:42:52.0111 4328 WmdmPmSN - ok
18:42:52.0502 4328 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
18:42:52.0518 4328 Wmi - ok
18:42:52.0596 4328 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:42:52.0596 4328 WmiApSrv - ok
18:42:52.0893 4328 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
18:42:52.0908 4328 WMPNetworkSvc - ok
18:42:52.0924 4328 WmXlCore - ok
18:42:53.0002 4328 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:42:53.0002 4328 WS2IFSL - ok
18:42:53.0033 4328 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
18:42:53.0033 4328 wuauserv - ok
18:42:53.0096 4328 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:42:53.0096 4328 WudfPf - ok
18:42:53.0111 4328 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:42:53.0143 4328 WudfRd - ok
18:42:53.0174 4328 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
18:42:53.0174 4328 WudfSvc - ok
18:42:53.0440 4328 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:42:53.0455 4328 WZCSVC - ok
18:42:53.0471 4328 X10UIF - ok
18:42:53.0533 4328 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:42:53.0533 4328 xmlprov - ok
18:42:53.0549 4328 YahooAUService - ok
18:42:53.0549 4328 ZDCNDIS5 - ok
18:42:53.0580 4328 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0
18:42:54.0236 4328 \Device\Harddisk0\DR0 - ok
18:42:54.0268 4328 Boot (0x1200) (5873cdebd4162c7aa0143fc0177e18e0) \Device\Harddisk0\DR0\Partition0
18:42:54.0268 4328 \Device\Harddisk0\DR0\Partition0 - ok
18:42:54.0299 4328 Boot (0x1200) (431159caab94db8ad800b6ed5ac8e146) \Device\Harddisk0\DR0\Partition1
18:42:54.0299 4328 \Device\Harddisk0\DR0\Partition1 - ok
18:42:54.0315 4328 ============================================================
18:42:54.0315 4328 Scan finished
18:42:54.0315 4328 ============================================================
18:42:54.0315 4320 Detected object count: 0
18:42:54.0315 4320 Actual detected object count: 0
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
looks like Norton internet security 2006 is running. but I cant locate where it is. I did a search and it says there is an error and it says report or dont send..? combofix is warning I continue at my own risk..what now?
 
Combofix seems stuck. Deleting folders: has 5 folders listed. Been a while just sitting there, I am on my Androidms stuck, although
 
Restart computer and keep tapping F8 key until menu appears.
It'll look like this:

p3657524.gif
 
I know but I tried ..before I got the tapping instructions...I will try to be clearer in future
 
ComboFix 12-07-19.02 - Randy Enns 07/19/2012 21:37:39.2.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1652 [GMT -5:00]
Running from: c:\documents and settings\Randy Enns\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Internet Security 2006 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB21703$\2587071871
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\documents and settings\Randy Enns\g2ax_customer_downloadhelper_win32_x86.exe
c:\documents and settings\Randy Enns\WINDOWS
c:\program files\Blinkx
c:\program files\Blinkx\blinkx.ico
c:\program files\Blinkx\blinkxss.exe
c:\program files\Blinkx\blinkxstop.exe
c:\program files\Blinkx\lang.dll
c:\program files\Blinkx\templates\beat.ico
c:\program files\Blinkx\templates\index.html
c:\program files\Blinkx\templates\noflash.html
c:\program files\Blinkx\templates\offline.html
c:\program files\Blinkx\templates\offline.swf
c:\program files\Blinkx\templates\uninstall.exe
c:\windows\$NtUninstallKB21703$
c:\windows\$NtUninstallKB21703$\2332286916\@
c:\windows\$NtUninstallKB21703$\2332286916\bckfg.tmp
c:\windows\$NtUninstallKB21703$\2332286916\cfg.ini
c:\windows\$NtUninstallKB21703$\2332286916\Desktop.ini
c:\windows\$NtUninstallKB21703$\2332286916\keywords
c:\windows\$NtUninstallKB21703$\2332286916\kwrd.dll
c:\windows\$NtUninstallKB21703$\2332286916\L\00000004.@
c:\windows\$NtUninstallKB21703$\2332286916\L\1afb2d56
c:\windows\$NtUninstallKB21703$\2332286916\L\201d3dde
c:\windows\$NtUninstallKB21703$\2332286916\L\ebeoiplt
c:\windows\$NtUninstallKB21703$\2332286916\U\00000001.@
c:\windows\$NtUninstallKB21703$\2332286916\U\00000002.@
c:\windows\$NtUninstallKB21703$\2332286916\U\00000004.@
c:\windows\$NtUninstallKB21703$\2332286916\U\80000000.@
c:\windows\$NtUninstallKB21703$\2332286916\U\80000004.@
c:\windows\$NtUninstallKB21703$\2332286916\U\80000032.@
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\38884d6f22a9186c.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\SET478.tmp
c:\windows\system32\SET479.tmp
c:\windows\system32\SET4AE.tmp
c:\windows\system32\SET4B3.tmp
.
-- Previous Run --
.
c:\windows\system32\drivers\cdrom.sys was missing
Restored copy from - c:\windows\system32\dllcache\cdrom.sys
.
--------
.
.
((((((((((((((((((((((((( Files Created from 2012-06-20 to 2012-07-20 )))))))))))))))))))))))))))))))
.
.
2012-07-20 01:53 . 2008-04-13 15:40 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2012-07-20 01:53 . 2008-04-13 15:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-07-19 01:16 . 2012-07-19 01:16 -------- d-----w- c:\documents and settings\Randy Enns\Application Data\Malwarebytes
2012-07-19 01:15 . 2012-07-19 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-19 01:15 . 2012-07-19 01:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-19 01:15 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-11 20:16 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-07-11 19:07 . 2012-07-11 19:07 -------- d-----w- C:\3359bb307089d46d58a69cb8
2012-07-11 18:29 . 2012-07-11 18:29 -------- d-----w- c:\documents and settings\Randy Enns\Local Settings\Application Data\AVG Secure Search
2012-07-10 18:17 . 2012-07-10 18:17 -------- d-----w- c:\documents and settings\Tana Lynn\Local Settings\Application Data\AVG Secure Search
2012-07-07 16:38 . 2012-07-07 16:38 -------- d-----w- c:\documents and settings\Randy Enns\Application Data\AVG Secure Search
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 13:19 . 2006-01-29 21:54 1866112 ------w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-09-22 02:08 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2006-01-29 21:54 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2006-01-29 21:54 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2007-06-23 15:02 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2007-06-23 15:02 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2006-01-29 23:08 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2006-01-29 23:08 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2006-01-29 23:08 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2007-06-23 15:02 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2006-01-29 23:08 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2006-01-29 23:08 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2006-01-29 21:54 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2005-05-26 12:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2007-06-23 15:02 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2006-01-29 23:08 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2006-01-29 23:08 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2007-10-15 15:19 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2007-10-15 15:19 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18 . 2007-10-15 15:19 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2006-01-29 21:54 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2006-01-29 21:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2006-01-29 21:54 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2006-01-29 21:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2006-01-29 21:54 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2006-01-29 21:54 2148352 ------w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-03 22:59 2026496 ------w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2006-01-29 23:05 139656 ------w- c:\windows\system32\drivers\rdpwd.sys
2012-07-17 22:35 . 2012-07-12 21:00 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2011-06-01 18:28 1236400 ----a-w- c:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-10 18:04 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
 
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
2011-05-30 13:48 87480 ----a-w- c:\progra~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-07 01:33 1519304 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}"= "c:\progra~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll" [2011-05-30 87480]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-10 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-04 16206848]
"NDSTray.exe"="NDSTray.exe" [BU]
"TFncKy"="TFncKy.exe" [BU]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-01 7557120]
"NVRotateSysTray"="c:\windows\system32\nvsysrot.dll" [2006-05-01 49152]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-07 1564872]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-10 1107552]
"HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Tana Lynn\Start Menu\Programs\Startup\
FrostWire On Startup.lnk - c:\program files\FrostWire\FrostWire.exe [N/A]
.
c:\documents and settings\Randy Enns\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Device Monitor 3.lnk - c:\program files\PIXELA\Everio MediaBrowser 3\MBCameraMonitor.exe [2011-10-22 542064]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-1-29 155648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer]
2010-02-23 18:55 147832 ----a-w- c:\program files\Citrix\GoToAssist Express Customer\209\g2ax_winlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\RhinoSoft.com\\FTP Voyager\\FTPVoyager.exe"=
"c:\\Program Files\\RhinoSoft.com\\FTP Voyager\\FVScheduler.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\BearShare Applications\\MediaBar\\Datamngr\\ToolBar\\dtUser.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 5:27 PM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 5:48 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 6:12 AM 230608]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 9:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 9:09 AM 192776]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/18/2012 8:15 PM 655944]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [7/10/2012 1:04 PM 935008]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/3/2010 5:23 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/3/2010 5:23 PM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/3/2010 5:23 PM 16720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/18/2012 8:15 PM 22344]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2/5/2011 5:42 PM 374152]
S3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\Citrix\GoToAssist Express Customer\209\g2ax_service.exe [2/23/2010 1:56 PM 161144]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [7/12/2012 4:00 PM 113120]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [11/4/2011 12:26 PM 18432]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;"c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe" --> c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
usbcm
btfirst
kerbkey
ssm_mdfl
s116bus
lgsnd_filter
captureservice
d-link_st3402
ss_bus
symidsco
procdd
UxTuneUp
JRAID
mclogmanagerservice
btwdins
sqlagent$sony_mediamgr
X10UIF
raysatxsi5_0server
dphost
McciCMService
mcdetect.exe
REVO
backupexecalertserver
ps2
UVCFTR
REVOSENS
igniteservice.exe
tunnelguardservice
mozyFilter
avinitnt
tomcatcws3
FINEPIX_PCC
sqlagent$soshome22
hwpsgt
gdihook5
se58mdfl
mrvw245
mwssched
ssmdrv
srtspx
ccalib8
cpqfws2e
qbposdbservices
hnmsvc
oracle_load_balancer_60_client-forms6ip9
winpower
cpqdfw
wcontrol
WmXlCore
obvious
se44mdfl
superproserver
adfs
MSMQ
TPECioCtl
pdlncfwk
roxupnprenderer
aamqdispatcher
vxsvc
mbr
iaimfp4
se44bus
sdhelper
s616obex
k750bus
symndis
RapiMgr
pdlnemap
ufad-ws60
uploadmgr
Defrag32b
BoiHwsetup
YahooAUService
SNTIE
SiSRaid2
ATMsrvc
retroexplauncher
parallel
w810bus
btkrnl
mcafeeframework
websenseclientdeployservice
mwstick
s616mdfl
mssql$microsoftsmlbiz
adihdaudaddservice
se58bus
MSICPL
lxct_device
PID_08A0
cvspydr2
datunidr
dot4ufd
w300mdm
KR10N
tb2launch
ZDCNDIS5
rnadirectory
amfilter
kodakccs
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
MHN
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
napagent
hkmsvc
.
Rebuilding ... You need to reboot your machine for this to take effect.
.
TermService
ip6fwhlp
sacsvr
trksvr
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 20:34]
.
2012-07-20 c:\windows\Tasks\DriverScanner.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2011-07-25 18:22]
.
2012-07-20 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-06-07 01:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.bearshare.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Randy Enns\Application Data\Mozilla\Firefox\Profiles\fjj6xe7h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://canuckscorner.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-19 21:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1116)
c:\program files\Citrix\GoToAssist Express Customer\209\g2ax_winlogon.dll
.
- - - - - - - > 'explorer.exe'(2904)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\RhinoSoft.com\FTP Voyager\ftpshext.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\RTHDCPL.EXE
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\TPSMain.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\progra~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
c:\windows\system32\TPSBattM.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-07-19 22:02:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-20 03:02
.
Pre-Run: 115,512,733,696 bytes free
Post-Run: 113,203,269,632 bytes free
.
- - End Of File - - E085CA572BEA57EA3E38F434B532C1BB
 
That looks good :)

Restart in normal mode.

How is computer doing overall?

====================================

Reinstall AVG.

Run Norton removal tool to remove Norton's leftovers: http://majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

====================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=======================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.20.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Randy Enns :: RANDY [administrator]

Protection: Enabled

7/19/2012 10:33:16 PM
mbam-log-2012-07-19 (22-33-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 303045
Time elapsed: 8 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
You must log in or register to reply here.

Similar threads

O
Android wont open downloaded file
Replies
0
Views
208
oysterkissez
O
Hodsocks
Aligning pages across 3 monitors
Replies
0
Views
592
Hodsocks
Hodsocks
M
Virus warning popup
Replies
1
Views
527
Mark Fuller
M

Latest posts

Back