Inactive Laptop problems and infected rootkits

L

Lauraneads

Posts: 17   +0
My laptop has been experiencing some problems recently. If I'm on the internet it frequently shuts down and a blue screen appears with some computer scripting then my laptop reboots. It even occured a moment ago when I tried to download the DDS program. My AVG scans revealed some infections including rootkits. I think the problems I'm experiencing are related to virus of some sort.

Please can someone advise. I have pasted the logs below as requested.

Thanks Laura

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.17.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Laura :: A37139D5D976437 [administrator]

10/17/2012 2:20:00 PM
mbam-log-2012-10-17 (14-20-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216799
Time elapsed: 8 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-10-17 14:46:21
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 SAMSUNG_MP0402H rev.UC200-16
Running: idikuhuw.exe; Driver: C:\DOCUME~1\Laura\LOCALS~1\Temp\awqcikoc.sys
---- System - GMER 1.0.15 ----
SSDT sppn.sys ZwEnumerateKey [0xB9ECDDA4]
SSDT sppn.sys ZwEnumerateValueKey [0xB9ECE132]
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdePort0 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\awxxz1db \Device\Scsi\awxxz1db1Port1Path0Target0Lun0 89A631F8
Device \Driver\awxxz1db \Device\Scsi\awxxz1db1 89A631F8
Device \FileSystem\Ntfs \Ntfs 89DDA1F8
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
DDS (Ver_2012-10-14.05) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Laura at 14:55:00 on 2012-10-17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1319 [GMT 1:00]
.
AV: AVG Internet Security 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2013 *Enabled*
FW: AVG Firewall *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Microsoft\BingBar\BBSvc.EXE
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Laura\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Laura\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Laura\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Laura\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Laura\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Laura\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\12.2.5.4\AVG Secure Search_toolbar.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\12.2.5.4\AVG Secure Search_toolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe" -automount
uRun: [Google Update] "c:\documents and settings\laura\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [AdobeBridge] <no file>
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\stsystra.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\laura\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{7FBEC40B-4E40-46D2-BF94-AD17C2F6037E} : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.2.6\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 55008]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-8-9 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 93536]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 35552]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 177504]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 164832]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-6 27496]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2013\avgfws.exe [2012-10-2 1314720]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-10-2 5783672]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-2 193568]
R2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2012-2-24 54760]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\common files\avg secure search\vtoolbarupdater\12.2.6\ToolbarUpdater.exe [2012-9-6 722528]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 250808]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-9-29 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
ShellExec: BitComet.exe: open="c:\program files\bitcomet\BitComet.exe"
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-10-09 18:40:1873656----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 18:40:18696760----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-10-02 02:30:38159712----a-w-c:\windows\system32\drivers\avgldx86.sys
2012-09-21 02:46:06164832----a-w-c:\windows\system32\drivers\avgtdix.sys
2012-09-21 02:46:00177376----a-w-c:\windows\system32\drivers\avglogx.sys
2012-09-21 02:45:5419936----a-w-c:\windows\system32\drivers\avgidsshimx.sys
2012-09-21 02:45:5255008----a-w-c:\windows\system32\drivers\avgidshx.sys
2012-09-14 02:05:2035552----a-w-c:\windows\system32\drivers\avgrkx86.sys
2012-09-13 02:11:20177504----a-w-c:\windows\system32\drivers\avgidsdriverx.sys
2012-09-06 11:39:4427496----a-w-c:\windows\system32\drivers\avgtpx86.sys
2012-08-28 19:24:56477168----a-w-c:\windows\system32\npdeployJava1.dll
2012-08-28 19:24:53473072----a-w-c:\windows\system32\deployJava1.dll
2012-08-28 17:39:2373728----a-w-c:\windows\system32\javacpl.cpl
2012-08-28 15:14:53916992----a-w-c:\windows\system32\wininet.dll
2012-08-28 15:14:5343520----a-w-c:\windows\system32\licmgr10.dll
2012-08-28 15:14:521469440------w-c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15385024----a-w-c:\windows\system32\html.iec
2012-08-24 13:53:22177664----a-w-c:\windows\system32\wintrust.dll
2012-08-21 13:29:192192896----a-w-c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:062069632----a-w-c:\windows\system32\ntkrnlpa.exe
2012-08-21 12:01:2226840----a-w-c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 12:01:22106928----a-w-c:\windows\system32\GEARAspi.dll
.
============= FINISH: 14:56:07.50 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-14.05)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/27/2012 12:19:49 PM
System Uptime: 10/17/2012 2:48:59 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0RJ272
Processor: Intel(R) Celeron(R) M processor 1.60GHz | Microprocessor | 1596/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 37 GiB total, 9.681 GiB free.
D: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP278: 9/10/2012 3:00:22 AM - Software Distribution Service 3.0
RP279: 9/11/2012 12:29:17 PM - Software Distribution Service 3.0
RP280: 9/12/2012 7:08:37 AM - Software Distribution Service 3.0
RP281: 9/13/2012 7:16:56 AM - Software Distribution Service 3.0
RP282: 9/14/2012 7:26:40 AM - Software Distribution Service 3.0
RP283: 9/15/2012 10:13:44 AM - Software Distribution Service 3.0
RP284: 9/17/2012 10:29:48 AM - Software Distribution Service 3.0
RP285: 9/17/2012 7:31:30 PM - Software Distribution Service 3.0
RP286: 9/18/2012 2:53:30 PM - Software Distribution Service 3.0
RP287: 9/19/2012 9:38:05 AM - Software Distribution Service 3.0
RP288: 9/20/2012 11:01:53 AM - Software Distribution Service 3.0
RP289: 9/25/2012 12:46:58 AM - System Checkpoint
RP290: 9/26/2012 12:46:52 PM - System Checkpoint
RP291: 9/26/2012 3:05:50 PM - Software Distribution Service 3.0
RP292: 9/27/2012 8:47:02 PM - Software Distribution Service 3.0
RP293: 9/27/2012 11:23:15 PM - Software Distribution Service 3.0
RP294: 9/28/2012 11:38:46 AM - Software Distribution Service 3.0
RP295: 9/29/2012 3:43:51 PM - Software Distribution Service 3.0
RP296: 9/30/2012 9:34:46 AM - Software Distribution Service 3.0
RP297: 10/1/2012 7:53:31 AM - Software Distribution Service 3.0
RP298: 10/2/2012 1:10:26 PM - Software Distribution Service 3.0
RP299: 10/3/2012 10:23:06 AM - Software Distribution Service 3.0
RP300: 10/4/2012 3:00:20 AM - Software Distribution Service 3.0
RP301: 10/5/2012 9:19:38 AM - Software Distribution Service 3.0
RP302: 10/7/2012 2:04:14 PM - Software Distribution Service 3.0
RP303: 10/9/2012 7:14:12 AM - Software Distribution Service 3.0
RP304: 10/10/2012 5:43:37 PM - Software Distribution Service 3.0
RP305: 10/11/2012 6:07:45 PM - Software Distribution Service 3.0
RP306: 10/12/2012 6:52:11 AM - Software Distribution Service 3.0
RP307: 10/13/2012 3:00:19 AM - Software Distribution Service 3.0
RP308: 10/14/2012 3:00:19 AM - Software Distribution Service 3.0
RP309: 10/15/2012 4:29:46 PM - Software Distribution Service 3.0
RP310: 10/16/2012 3:00:19 AM - Software Distribution Service 3.0
RP311: 10/17/2012 3:00:19 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader X (10.1.4)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.6
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2013
Bing Bar
Bonjour
Conexant HDA D110 MDC V.92 Modem
Connect
Diskeeper Professional Edition
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2756822)
ImgBurn
Intel(R) Graphics Media Accelerator Driver
Intel(R) Graphics Media Accelerator Driver for Mobile
iTunes
Java Auto Updater
Java(TM) 6 Update 35
Junk Mail filter update
kuler
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSXML 6 Service Pack 2 (KB973686)
Nero 7 Ultra Edition
PDF Settings CS4
Photoshop Camera Raw
PowerDVD
PowerDVD Ultra
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2731847)
Segoe UI
Spybot - Search & Destroy
Suite Shared Configuration CS4
swMSM
TeamViewer 7
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
VLC media player 2.0.2
WebFldrs XP
Winamp
Winamp Detector Plug-in
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR 4.10 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
10/12/2012 8:08:38 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVGIDSAgent service to connect.
10/12/2012 8:08:38 PM, error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/12/2012 7:57:14 PM, error: Service Control Manager [7001] - The Windows Search service depends on the Terminal Services service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/12/2012 7:57:14 PM, error: DCOM [10005] - DCOM got error "%1068" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/12/2012 7:55:33 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
10/12/2012 7:55:26 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
10/12/2012 7:02:24 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows XP (KB2686509).
10/12/2012 10:51:30 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
10/10/2012 7:34:45 PM, error: Service Control Manager [7034] - The vToolbarUpdater12.2.6 service terminated unexpectedly. It has done this 1 time(s).
10/10/2012 7:34:45 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
10/10/2012 7:34:45 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
10/10/2012 7:34:45 PM, error: Service Control Manager [7034] - The Diskeeper service terminated unexpectedly. It has done this 1 time(s).
10/10/2012 7:34:45 PM, error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).
10/10/2012 7:34:45 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
10/10/2012 7:34:45 PM, error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 1 time(s).
10/10/2012 7:34:44 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


avast! aswMBR

Please download aswMBR from here
  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Uncheck "Trace disk IO calls".
  • Click the Scan button to start the scan as illustrated below
aswMBR_Scan.jpg

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.
  • Once the scan finishes click Save log to save the log to your Desktop
    aswMBR_SaveLog.png
  • Copy and paste the contents of aswMBR.txt back here for review
  • Please also find MBR.dat on your Desktop, and rename it to MBR.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.
 
# AdwCleaner v2.005 - Logfile created 10/17/2012 at 18:38:26
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Laura - A37139D5D976437
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Laura\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Laura\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Laura\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Program Files\AVG Secure Search
***** [Registry] *****
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxps://isearch.avg.com/tab?cid={27D6F23B-3FDE-44A5-86FC-F5EFFF030994}&mid=331b58f47f0e47d18c62d15c838ec4ff-8c78293ee2c514c4a9baaf4cf847cde7cfe1dfb4&lang=en&ds=AVG&pr=pr&d=2012-09-06 12:39:50&v=12.2.5.4&sap=nt --> hxxp://www.google.com
-\\ Google Chrome v22.0.1229.94
File : C:\Documents and Settings\Laura\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
Deleted [l.69] : icon_url = "hxxps://isearch.avg.com/favicon.ico",
Deleted [l.72] : keyword = "isearch.avg.com",
Deleted [l.75] : search_url = "hxxps://isearch.avg.com/search?cid={27D6F23B-3FDE-44A5-86FC-F5EFFF030994}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}",
*************************
AdwCleaner[S1].txt - [5159 octets] - [17/10/2012 18:38:26]
########## EOF - C:\AdwCleaner[S1].txt - [5219 octets] ##########
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-17 18:50:57
-----------------------------
18:50:57.640 OS Version: Windows 5.1.2600 Service Pack 3
18:50:57.640 Number of processors: 1 586 0xD08
18:50:57.640 ComputerName: A37139D5D976437 UserName: Laura
18:50:58.796 Initialize success
18:52:38.890 AVAST engine defs: 12101701
18:53:11.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
18:53:11.421 Disk 0 Vendor: SAMSUNG_MP0402H UC200-16 Size: 38154MB BusType: 3
18:53:11.453 Disk 0 MBR read successfully
18:53:11.453 Disk 0 MBR scan
18:53:11.484 Disk 0 Windows XP default MBR code
18:53:11.484 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38146 MB offset 63
18:53:11.484 Disk 0 scanning sectors +78124095
18:53:11.578 Disk 0 scanning C:\WINDOWS\system32\drivers
18:53:29.093 Service scanning
18:53:49.093 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
18:53:55.687 Modules scanning
18:54:02.375 AVAST engine scan C:\WINDOWS
18:54:09.265 AVAST engine scan C:\WINDOWS\system32
19:00:09.812 AVAST engine scan C:\WINDOWS\system32\drivers
19:00:30.890 AVAST engine scan C:\Documents and Settings\Laura
19:01:28.734 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Laura\Desktop\MBR.dat"
19:01:28.750 The log file has been saved successfully to "C:\Documents and Settings\Laura\Desktop\aswMBR.txt"

I renamed the MBR dat file to text but I click on upload a file its not being found on my desktop
 
TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg


-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg


------------------------

Click the Start Scan button.

tdss_3.jpg


-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue


tdss_4.jpg


----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


tdss_5.jpg



--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
 
23:41:20.0984 0280 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
23:41:22.0593 0280 ============================================================
23:41:22.0593 0280 Current date / time: 2012/10/17 23:41:22.0593
23:41:22.0593 0280 SystemInfo:
23:41:22.0593 0280
23:41:22.0593 0280 OS Version: 5.1.2600 ServicePack: 3.0
23:41:22.0593 0280 Product type: Workstation
23:41:22.0593 0280 ComputerName: A37139D5D976437
23:41:22.0593 0280 UserName: Laura
23:41:22.0593 0280 Windows directory: C:\WINDOWS
23:41:22.0593 0280 System windows directory: C:\WINDOWS
23:41:22.0593 0280 Processor architecture: Intel x86
23:41:22.0593 0280 Number of processors: 1
23:41:22.0593 0280 Page size: 0x1000
23:41:22.0593 0280 Boot type: Normal boot
23:41:22.0593 0280 ============================================================
23:41:24.0468 0280 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:41:24.0468 0280 ============================================================
23:41:24.0468 0280 \Device\Harddisk0\DR0:
23:41:24.0468 0280 MBR partitions:
23:41:24.0468 0280 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A81400
23:41:24.0468 0280 ============================================================
23:41:24.0500 0280 C: <-> \Device\Harddisk0\DR0\Partition1
23:41:24.0500 0280 ============================================================
23:41:24.0500 0280 Initialize success
23:41:24.0500 0280 ============================================================
23:41:53.0156 3996 ============================================================
23:41:53.0156 3996 Scan started
23:41:53.0156 3996 Mode: Manual; SigCheck; TDLFS;
23:41:53.0156 3996 ============================================================
23:41:53.0781 3996 ================ Scan system memory ========================
23:41:53.0781 3996 System memory - ok
23:41:53.0796 3996 ================ Scan services =============================
23:41:53.0953 3996 Abiosdsk - ok
23:41:53.0968 3996 abp480n5 - ok
23:41:54.0031 3996 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:41:54.0515 3996 ACPI - ok
23:41:54.0578 3996 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
23:41:54.0734 3996 ACPIEC - ok
23:41:54.0796 3996 [ 6D7F09CD92A9FEF3A8EFCE66231FDD79 ] adfs C:\WINDOWS\system32\drivers\adfs.sys
23:41:54.0812 3996 adfs - ok
23:41:54.0937 3996 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:41:54.0968 3996 AdobeFlashPlayerUpdateSvc - ok
23:41:54.0984 3996 adpu160m - ok
23:41:55.0015 3996 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
23:41:55.0171 3996 aec - ok
23:41:55.0250 3996 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
23:41:55.0328 3996 AFD - ok
23:41:55.0328 3996 Aha154x - ok
23:41:55.0343 3996 aic78u2 - ok
23:41:55.0359 3996 aic78xx - ok
23:41:55.0406 3996 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
23:41:55.0578 3996 Alerter - ok
23:41:55.0609 3996 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
23:41:55.0781 3996 ALG - ok
23:41:55.0796 3996 AliIde - ok
23:41:55.0812 3996 amsint - ok
23:41:55.0984 3996 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:41:56.0000 3996 Apple Mobile Device - ok
23:41:56.0062 3996 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
23:41:56.0203 3996 AppMgmt - ok
23:41:56.0218 3996 asc - ok
23:41:56.0218 3996 asc3350p - ok
23:41:56.0234 3996 asc3550 - ok
23:41:56.0406 3996 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:41:56.0421 3996 aspnet_state - ok
23:41:56.0484 3996 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:41:56.0656 3996 AsyncMac - ok
23:41:56.0671 3996 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
23:41:56.0843 3996 atapi - ok
23:41:56.0843 3996 Atdisk - ok
23:41:56.0890 3996 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:41:57.0078 3996 Atmarpc - ok
23:41:57.0140 3996 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
23:41:57.0296 3996 AudioSrv - ok
23:41:57.0359 3996 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
23:41:57.0562 3996 audstub - ok
23:41:57.0609 3996 [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] Avgfwdx C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
23:41:57.0640 3996 Avgfwdx - ok
23:41:57.0640 3996 [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] Avgfwfd C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
23:41:57.0671 3996 Avgfwfd - ok
23:41:57.0843 3996 [ 2E0DB82F4254FF91E153F331BA9B2D6E ] avgfws C:\Program Files\AVG\AVG2013\avgfws.exe
23:41:57.0968 3996 avgfws - ok
23:41:58.0328 3996 [ B41F0E54105801538D56623271A0AE49 ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
23:41:58.0859 3996 AVGIDSAgent - ok
23:41:58.0968 3996 [ 2F47851015D8837976E481F6DAA46A67 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
23:41:59.0000 3996 AVGIDSDriver - ok
23:41:59.0062 3996 [ 303BDE0DCDC04CE597C6C1CD06C6F186 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
23:41:59.0093 3996 AVGIDSHX - ok
23:41:59.0140 3996 [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
23:41:59.0171 3996 AVGIDSShim - ok
23:41:59.0234 3996 [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
23:41:59.0265 3996 Avgldx86 - ok
23:41:59.0328 3996 [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys
23:41:59.0359 3996 Avglogx - ok
23:41:59.0406 3996 [ 6DF7236D3A16C8417FF72F2EB2ADD244 ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
23:41:59.0421 3996 Avgmfx86 - ok
23:41:59.0453 3996 [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
23:41:59.0484 3996 Avgrkx86 - ok
23:41:59.0546 3996 [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
23:41:59.0578 3996 Avgtdix - ok
23:41:59.0609 3996 [ DB22E7062FD88CDD1CC8C99CE59E6B2B ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
23:41:59.0640 3996 avgtp - ok
23:41:59.0703 3996 [ 0D2EB149AFF89A307E5D82D0A2B78439 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
23:41:59.0734 3996 avgwd - ok
23:41:59.0890 3996 [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
23:41:59.0921 3996 BBSvc - ok
23:42:00.0000 3996 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files\Microsoft\BingBar\SeaPort.EXE
23:42:00.0031 3996 BBUpdate - ok
23:42:00.0140 3996 [ E9EA635B8432D68F0005B3F6CEBAB837 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
23:42:00.0375 3996 BCM43XX - ok
23:42:00.0406 3996 [ CD4646067CC7DCBA1907FA0ACF7E3966 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
23:42:00.0453 3996 bcm4sbxp - ok
23:42:00.0500 3996 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
23:42:00.0687 3996 Beep - ok
23:42:00.0765 3996 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
23:42:00.0937 3996 BITS - ok
23:42:01.0015 3996 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:42:01.0062 3996 Bonjour Service - ok
23:42:01.0125 3996 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
23:42:01.0203 3996 Browser - ok
23:42:01.0250 3996 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
23:42:01.0421 3996 cbidf2k - ok
23:42:01.0468 3996 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:42:01.0640 3996 CCDECODE - ok
23:42:01.0656 3996 cd20xrnt - ok
23:42:01.0703 3996 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
23:42:01.0890 3996 Cdaudio - ok
23:42:01.0937 3996 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
23:42:02.0109 3996 Cdfs - ok
23:42:02.0125 3996 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:42:02.0296 3996 Cdrom - ok
23:42:02.0343 3996 [ B4DDA22FCBA9AF3EB5F6B58A671A447D ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
23:42:02.0375 3996 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
23:42:02.0375 3996 cercsr6 - detected UnsignedFile.Multi.Generic (1)
23:42:02.0390 3996 Changer - ok
23:42:02.0453 3996 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
23:42:02.0609 3996 CiSvc - ok
23:42:02.0671 3996 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
23:42:02.0828 3996 ClipSrv - ok
23:42:02.0890 3996 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:42:02.0921 3996 clr_optimization_v2.0.50727_32 - ok
23:42:03.0046 3996 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:42:03.0078 3996 clr_optimization_v4.0.30319_32 - ok
23:42:03.0078 3996 CmdIde - ok
23:42:03.0093 3996 COMSysApp - ok
23:42:03.0109 3996 Cpqarray - ok
23:42:03.0171 3996 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
23:42:03.0312 3996 CryptSvc - ok
23:42:03.0328 3996 dac2w2k - ok
23:42:03.0343 3996 dac960nt - ok
23:42:03.0421 3996 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
23:42:03.0546 3996 DcomLaunch - ok
23:42:03.0609 3996 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
23:42:03.0765 3996 Dhcp - ok
23:42:03.0828 3996 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
23:42:03.0984 3996 Disk - ok
23:42:04.0109 3996 [ 35741E47A211C50B9AA52E1423CC8503 ] Diskeeper C:\Program Files\Executive Software\Diskeeper\DkService.exe
23:42:04.0203 3996 Diskeeper ( UnsignedFile.Multi.Generic ) - warning
23:42:04.0203 3996 Diskeeper - detected UnsignedFile.Multi.Generic (1)
23:42:04.0218 3996 dmadmin - ok
23:42:04.0281 3996 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
23:42:04.0515 3996 dmboot - ok
23:42:04.0515 3996 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
23:42:04.0687 3996 dmio - ok
23:42:04.0734 3996 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
23:42:04.0921 3996 dmload - ok
23:42:04.0968 3996 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
23:42:05.0140 3996 dmserver - ok
23:42:05.0187 3996 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
23:42:05.0343 3996 DMusic - ok
23:42:05.0406 3996 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
23:42:05.0500 3996 Dnscache - ok
23:42:05.0562 3996 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
23:42:05.0718 3996 Dot3svc - ok
23:42:05.0734 3996 dpti2o - ok
23:42:05.0796 3996 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
23:42:06.0000 3996 drmkaud - ok
23:42:06.0046 3996 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
23:42:06.0187 3996 EapHost - ok
23:42:06.0296 3996 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
23:42:06.0359 3996 ehRecvr - ok
23:42:06.0406 3996 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
23:42:06.0546 3996 ehSched - ok
23:42:06.0640 3996 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
23:42:06.0843 3996 ERSvc - ok
23:42:06.0890 3996 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
23:42:06.0968 3996 Eventlog - ok
23:42:07.0031 3996 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
23:42:07.0093 3996 EventSystem - ok
23:42:07.0156 3996 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
23:42:07.0296 3996 Fastfat - ok
23:42:07.0359 3996 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:42:07.0437 3996 FastUserSwitchingCompatibility - ok
23:42:07.0468 3996 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
23:42:07.0609 3996 Fdc - ok
23:42:07.0640 3996 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
23:42:07.0796 3996 Fips - ok
23:42:07.0890 3996 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:42:07.0984 3996 FLEXnet Licensing Service - ok
23:42:08.0031 3996 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
23:42:08.0187 3996 Flpydisk - ok
23:42:08.0250 3996 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
23:42:08.0406 3996 FltMgr - ok
23:42:08.0531 3996 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:42:08.0546 3996 FontCache3.0.0.0 - ok
23:42:08.0625 3996 [ E0087225B137E57239FF40F8AE82059B ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
23:42:08.0640 3996 fssfltr - ok
23:42:08.0765 3996 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
23:42:08.0859 3996 fsssvc - ok
23:42:08.0921 3996 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:42:09.0109 3996 Fs_Rec - ok
23:42:09.0140 3996 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:42:09.0343 3996 Ftdisk - ok
23:42:09.0406 3996 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:42:09.0421 3996 GEARAspiWDM - ok
23:42:09.0437 3996 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:42:09.0625 3996 Gpc - ok
23:42:09.0687 3996 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:42:09.0859 3996 HDAudBus - ok
23:42:10.0015 3996 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:42:10.0187 3996 helpsvc - ok
23:42:10.0234 3996 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
23:42:10.0375 3996 HidServ - ok
23:42:10.0437 3996 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:42:10.0578 3996 HidUsb - ok
23:42:10.0640 3996 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
23:42:10.0812 3996 hkmsvc - ok
23:42:10.0812 3996 hpn - ok
23:42:10.0890 3996 [ 1C8CAA80E91FB71864E9426F9EED048D ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
23:42:10.0968 3996 HSFHWAZL - ok
23:42:11.0062 3996 [ 698204D9C2832E53633E53A30A53FC3D ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
23:42:11.0218 3996 HSF_DPV - ok
23:42:11.0281 3996 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
23:42:11.0390 3996 HTTP - ok
23:42:11.0453 3996 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
23:42:11.0609 3996 HTTPFilter - ok
23:42:11.0625 3996 i2omgmt - ok
23:42:11.0640 3996 i2omp - ok
23:42:11.0703 3996 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:42:11.0859 3996 i8042prt - ok
23:42:11.0984 3996 [ 5A8E05F1D5C36ABD58CFFA111EB325EA ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
23:42:12.0203 3996 ialm - ok
23:42:12.0359 3996 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:42:12.0484 3996 idsvc - ok
23:42:12.0484 3996 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
23:42:12.0671 3996 Imapi - ok
23:42:12.0718 3996 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
23:42:12.0875 3996 ImapiService - ok
23:42:12.0890 3996 ini910u - ok
23:42:12.0906 3996 IntelIde - ok
23:42:12.0968 3996 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:42:13.0109 3996 intelppm - ok
23:42:13.0140 3996 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
23:42:13.0312 3996 Ip6Fw - ok
23:42:13.0359 3996 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:42:13.0546 3996 IpFilterDriver - ok
23:42:13.0593 3996 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:42:13.0765 3996 IpInIp - ok
23:42:13.0796 3996 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:42:13.0953 3996 IpNat - ok
23:42:14.0109 3996 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:42:14.0203 3996 iPod Service - ok
23:42:14.0265 3996 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:42:14.0406 3996 IPSec - ok
23:42:14.0421 3996 IRENUM - ok
23:42:14.0484 3996 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:42:14.0640 3996 isapnp - ok
23:42:14.0781 3996 [ 0E410EDC8D0527801B899CF29E60597C ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
23:42:14.0828 3996 JavaQuickStarterService - ok
23:42:14.0843 3996 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:42:15.0000 3996 Kbdclass - ok
23:42:15.0031 3996 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
23:42:15.0171 3996 kmixer - ok
23:42:15.0218 3996 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
23:42:15.0359 3996 KSecDD - ok
23:42:15.0406 3996 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
23:42:15.0453 3996 lanmanserver - ok
23:42:15.0484 3996 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:42:15.0546 3996 lanmanworkstation - ok
23:42:15.0562 3996 lbrtfdc - ok
23:42:15.0625 3996 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
23:42:15.0796 3996 LmHosts - ok
23:42:15.0859 3996 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
23:42:15.0937 3996 McrdSvc - ok
23:42:15.0984 3996 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:42:16.0015 3996 mdmxsdk - ok
23:42:16.0062 3996 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
23:42:16.0234 3996 Messenger - ok
23:42:16.0296 3996 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
23:42:16.0328 3996 MHN ( UnsignedFile.Multi.Generic ) - warning
23:42:16.0328 3996 MHN - detected UnsignedFile.Multi.Generic (1)
23:42:16.0343 3996 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
23:42:16.0375 3996 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
23:42:16.0375 3996 MHNDRV - detected UnsignedFile.Multi.Generic (1)
23:42:16.0500 3996 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
23:42:16.0531 3996 Microsoft Office Groove Audit Service - ok
23:42:16.0578 3996 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
23:42:16.0765 3996 mnmdd - ok
23:42:16.0828 3996 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
23:42:16.0984 3996 mnmsrvc - ok
23:42:17.0015 3996 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
23:42:17.0187 3996 Modem - ok
23:42:17.0218 3996 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:42:17.0359 3996 Mouclass - ok
23:42:17.0406 3996 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:42:17.0609 3996 mouhid - ok
23:42:17.0640 3996 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
23:42:17.0796 3996 MountMgr - ok
23:42:17.0812 3996 mraid35x - ok
23:42:17.0843 3996 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:42:18.0015 3996 MRxDAV - ok
23:42:18.0093 3996 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:42:18.0171 3996 MRxSmb - ok
23:42:18.0171 3996 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
23:42:18.0343 3996 MSDTC - ok
23:42:18.0375 3996 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
23:42:18.0531 3996 Msfs - ok
23:42:18.0546 3996 MSIServer - ok
23:42:18.0578 3996 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:42:18.0750 3996 MSKSSRV - ok
23:42:18.0796 3996 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:42:18.0937 3996 MSPCLOCK - ok
23:42:18.0953 3996 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
23:42:19.0109 3996 MSPQM - ok
23:42:19.0125 3996 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:42:19.0281 3996 mssmbios - ok
23:42:19.0328 3996 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
23:42:19.0468 3996 MSTEE - ok
23:42:19.0531 3996 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
23:42:19.0578 3996 Mup - ok
23:42:19.0609 3996 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:42:19.0781 3996 NABTSFEC - ok
23:42:19.0859 3996 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
23:42:20.0046 3996 napagent - ok
23:42:20.0234 3996 [ 87A00FAEDD703D8D2BDCB29CE5EEEA6B ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
23:42:20.0453 3996 NBService ( UnsignedFile.Multi.Generic ) - warning
23:42:20.0453 3996 NBService - detected UnsignedFile.Multi.Generic (1)
23:42:20.0687 3996 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
23:42:20.0843 3996 NDIS - ok
23:42:20.0906 3996 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:42:21.0078 3996 NdisIP - ok
23:42:21.0109 3996 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:42:21.0203 3996 NdisTapi - ok
23:42:21.0250 3996 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:42:21.0437 3996 Ndisuio - ok
23:42:21.0484 3996 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:42:21.0625 3996 NdisWan - ok
23:42:21.0687 3996 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
23:42:21.0750 3996 NDProxy - ok
23:42:21.0765 3996 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
23:42:21.0921 3996 NetBIOS - ok
23:42:21.0953 3996 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
23:42:22.0125 3996 NetBT - ok
23:42:22.0171 3996 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
23:42:22.0328 3996 NetDDE - ok
23:42:22.0343 3996 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
23:42:22.0484 3996 NetDDEdsdm - ok
23:42:22.0546 3996 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
23:42:22.0703 3996 Netlogon - ok
23:42:22.0765 3996 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
23:42:22.0937 3996 Netman - ok
23:42:22.0953 3996 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:42:23.0000 3996 NetTcpPortSharing - ok
23:42:23.0062 3996 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
23:42:23.0156 3996 Nla - ok
23:42:23.0171 3996 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
23:42:23.0312 3996 Npfs - ok
23:42:23.0359 3996 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
23:42:23.0562 3996 Ntfs - ok
23:42:23.0578 3996 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
23:42:23.0734 3996 NtLmSsp - ok
23:42:23.0796 3996 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
23:42:23.0984 3996 NtmsSvc - ok
23:42:24.0046 3996 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
23:42:24.0250 3996 Null - ok
23:42:24.0281 3996 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:42:24.0500 3996 NwlnkFlt - ok
23:42:24.0515 3996 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:42:24.0687 3996 NwlnkFwd - ok
23:42:24.0828 3996 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:42:24.0890 3996 odserv - ok
23:42:24.0937 3996 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:42:24.0984 3996 ose - ok
23:42:25.0015 3996 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
23:42:25.0156 3996 Parport - ok
23:42:25.0187 3996 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
23:42:25.0328 3996 PartMgr - ok
23:42:25.0375 3996 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
23:42:25.0578 3996 ParVdm - ok
23:42:25.0609 3996 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
23:42:25.0953 3996 PCI - ok
23:42:25.0953 3996 PCIDump - ok
23:42:25.0984 3996 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
23:42:26.0171 3996 PCIIde - ok
23:42:26.0218 3996 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
23:42:26.0390 3996 Pcmcia - ok
23:42:26.0390 3996 PDCOMP - ok
23:42:26.0406 3996 PDFRAME - ok
23:42:26.0421 3996 PDRELI - ok
23:42:26.0437 3996 PDRFRAME - ok
23:42:26.0453 3996 perc2 - ok
23:42:26.0468 3996 perc2hib - ok
23:42:26.0515 3996 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
23:42:26.0578 3996 PlugPlay - ok
23:42:26.0593 3996 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
23:42:26.0750 3996 PolicyAgent - ok
23:42:26.0796 3996 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:42:26.0968 3996 PptpMiniport - ok
23:42:26.0968 3996 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:42:27.0125 3996 ProtectedStorage - ok
23:42:27.0171 3996 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
23:42:27.0328 3996 PSched - ok
23:42:27.0375 3996 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:42:27.0562 3996 Ptilink - ok
23:42:27.0625 3996 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:42:27.0656 3996 PxHelp20 - ok
23:42:27.0656 3996 ql1080 - ok
23:42:27.0671 3996 Ql10wnt - ok
23:42:27.0687 3996 ql12160 - ok
23:42:27.0703 3996 ql1240 - ok
23:42:27.0703 3996 ql1280 - ok
23:42:27.0718 3996 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:42:27.0906 3996 RasAcd - ok
23:42:27.0953 3996 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
23:42:28.0093 3996 RasAuto - ok
23:42:28.0125 3996 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:42:28.0281 3996 Rasl2tp - ok
23:42:28.0343 3996 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
23:42:28.0500 3996 RasMan - ok
23:42:28.0515 3996 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:42:28.0656 3996 RasPppoe - ok
23:42:28.0703 3996 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
23:42:28.0890 3996 Raspti - ok
23:42:28.0921 3996 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:42:29.0078 3996 Rdbss - ok
23:42:29.0093 3996 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:42:29.0265 3996 RDPCDD - ok
23:42:29.0312 3996 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:42:29.0468 3996 rdpdr - ok
23:42:29.0546 3996 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
23:42:29.0609 3996 RDPWD - ok
23:42:29.0671 3996 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
23:42:29.0843 3996 RDSessMgr - ok
23:42:29.0906 3996 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
23:42:30.0062 3996 redbook - ok
23:42:30.0109 3996 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
23:42:30.0281 3996 RemoteAccess - ok
23:42:30.0328 3996 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
23:42:30.0500 3996 RemoteRegistry - ok
23:42:30.0609 3996 [ 2D84428075CE90F1B8882D54960C7000 ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
23:42:30.0640 3996 RichVideo - ok
23:42:30.0671 3996 [ F17713D108ACA124A139FDE877EEF68A ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
23:42:30.0765 3996 RimUsb - ok
23:42:30.0828 3996 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
23:42:30.0968 3996 RpcLocator - ok
23:42:31.0015 3996 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
23:42:31.0093 3996 RpcSs - ok
23:42:31.0187 3996 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
23:42:31.0406 3996 RSVP - ok
23:42:31.0437 3996 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
23:42:31.0578 3996 SamSs - ok
23:42:31.0640 3996 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
23:42:31.0812 3996 SCardSvr - ok
23:42:31.0875 3996 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
23:42:32.0046 3996 Schedule - ok
23:42:32.0109 3996 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:42:32.0250 3996 Secdrv - ok
23:42:32.0296 3996 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
23:42:32.0453 3996 seclogon - ok
23:42:32.0484 3996 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
23:42:32.0656 3996 SENS - ok
23:42:32.0671 3996 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
23:42:32.0875 3996 Serial - ok
23:42:32.0937 3996 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
23:42:33.0093 3996 Sfloppy - ok
23:42:33.0187 3996 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
23:42:33.0375 3996 SharedAccess - ok
23:42:33.0406 3996 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:42:33.0437 3996 ShellHWDetection - ok
23:42:33.0453 3996 Simbad - ok
23:42:33.0515 3996 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:42:33.0687 3996 SLIP - ok
23:42:33.0703 3996 Sparrow - ok
23:42:33.0750 3996 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
23:42:33.0921 3996 splitter - ok
23:42:33.0968 3996 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
23:42:34.0015 3996 Spooler - ok
23:42:34.0109 3996 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
23:42:34.0125 3996 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
23:42:34.0125 3996 sptd ( LockedFile.Multi.Generic ) - warning
23:42:34.0125 3996 sptd - detected LockedFile.Multi.Generic (1)
23:42:34.0140 3996 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
23:42:34.0296 3996 sr - ok
23:42:34.0359 3996 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
23:42:34.0515 3996 srservice - ok
23:42:34.0578 3996 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
23:42:34.0671 3996 Srv - ok
23:42:34.0718 3996 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
23:42:34.0906 3996 SSDPSRV - ok
23:42:35.0062 3996 [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
23:42:35.0156 3996 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
23:42:35.0156 3996 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
23:42:35.0296 3996 [ 951801DFB54D86F611F0AF47825476F9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
23:42:35.0546 3996 STHDA - ok
23:42:35.0609 3996 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
23:42:35.0781 3996 stisvc - ok
23:42:35.0859 3996 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:42:36.0015 3996 streamip - ok
23:42:36.0078 3996 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
23:42:36.0234 3996 swenum - ok
23:42:36.0265 3996 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
23:42:36.0421 3996 swmidi - ok
23:42:36.0437 3996 SwPrv - ok
23:42:36.0453 3996 symc810 - ok
23:42:36.0468 3996 symc8xx - ok
23:42:36.0484 3996 sym_hi - ok
23:42:36.0484 3996 sym_u3 - ok
23:42:36.0546 3996 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
23:42:36.0703 3996 sysaudio - ok
23:42:36.0734 3996 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
23:42:36.0890 3996 SysmonLog - ok
23:42:36.0968 3996 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
23:42:37.0140 3996 TapiSrv - ok
23:42:37.0203 3996 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:42:37.0296 3996 Tcpip - ok
23:42:37.0359 3996 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
23:42:37.0515 3996 TDPIPE - ok
23:42:37.0562 3996 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
23:42:37.0750 3996 TDTCP - ok
23:42:37.0765 3996 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
23:42:37.0921 3996 TermDD - ok
23:42:38.0015 3996 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
23:42:38.0203 3996 TermService - ok
23:42:38.0250 3996 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
23:42:38.0281 3996 Themes - ok
23:42:38.0343 3996 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
23:42:38.0500 3996 TlntSvr - ok
23:42:38.0515 3996 TosIde - ok
23:42:38.0578 3996 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
23:42:38.0734 3996 TrkWks - ok
23:42:38.0796 3996 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
23:42:38.0953 3996 Udfs - ok
23:42:38.0984 3996 ultra - ok
23:42:39.0078 3996 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
23:42:39.0234 3996 Update - ok
23:42:39.0281 3996 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
23:42:39.0453 3996 upnphost - ok
23:42:39.0468 3996 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
23:42:39.0625 3996 UPS - ok
23:42:39.0671 3996 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
23:42:39.0687 3996 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
23:42:39.0687 3996 USBAAPL - detected UnsignedFile.Multi.Generic (1)
23:42:39.0734 3996 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
23:42:39.0890 3996 usbaudio - ok
23:42:39.0937 3996 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:42:40.0109 3996 usbccgp - ok
23:42:40.0156 3996 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:42:40.0312 3996 usbehci - ok
23:42:40.0375 3996 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:42:40.0515 3996 usbhub - ok
23:42:40.0593 3996 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:42:40.0734 3996 usbscan - ok
23:42:40.0781 3996 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:42:40.0937 3996 USBSTOR - ok
23:42:40.0953 3996 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:42:41.0109 3996 usbuhci - ok
23:42:41.0140 3996 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
23:42:41.0312 3996 usbvideo - ok
23:42:41.0343 3996 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
23:42:41.0500 3996 VgaSave - ok
23:42:41.0500 3996 ViaIde - ok
23:42:41.0562 3996 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
23:42:41.0703 3996 VolSnap - ok
23:42:41.0765 3996 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
23:42:41.0953 3996 VSS - ok
23:42:42.0046 3996 [ 52591834B0FA3293D35FD407FC230F7D ] vToolbarUpdater12.2.6 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
23:42:42.0156 3996 vToolbarUpdater12.2.6 - ok
23:42:42.0203 3996 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
23:42:42.0375 3996 W32Time - ok
23:42:42.0390 3996 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:42:42.0546 3996 Wanarp - ok
23:42:42.0562 3996 WDICA - ok
23:42:42.0593 3996 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
23:42:42.0750 3996 wdmaud - ok
23:42:42.0812 3996 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
23:42:42.0984 3996 WebClient - ok
23:42:43.0078 3996 [ 74CF3F2E4E40C4A2E18D39D6300A5C24 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
23:42:43.0234 3996 winachsf - ok
23:42:43.0375 3996 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
23:42:43.0531 3996 winmgmt - ok
23:42:43.0625 3996 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
23:42:43.0812 3996 WinRM - ok
23:42:43.0875 3996 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
23:42:43.0984 3996 WmdmPmSN - ok
23:42:44.0062 3996 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
23:42:44.0234 3996 Wmi - ok
23:42:44.0296 3996 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:42:44.0453 3996 WmiApSrv - ok
23:42:44.0593 3996 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
23:42:44.0734 3996 WMPNetworkSvc - ok
23:42:44.0843 3996 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:42:44.0937 3996 WPFFontCache_v0400 - ok
23:42:45.0000 3996 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
23:42:45.0218 3996 wscsvc - ok
23:42:45.0218 3996 WSearch - ok
23:42:45.0250 3996 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:42:45.0421 3996 WSTCODEC - ok
23:42:45.0484 3996 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
23:42:45.0656 3996 wuauserv - ok
23:42:45.0703 3996 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:42:45.0781 3996 WudfPf - ok
23:42:45.0812 3996 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:42:45.0890 3996 WudfRd - ok
23:42:45.0921 3996 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
23:42:45.0984 3996 WudfSvc - ok
23:42:46.0062 3996 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
23:42:46.0328 3996 WZCSVC - ok
23:42:46.0375 3996 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
23:42:46.0531 3996 xmlprov - ok
23:42:46.0609 3996 [ 5867CE254625645345C833510D24F124 ] {95808DC4-FA4A-4C74-92FE-5B863F82066B} C:\Program Files\CyberLink\PowerDVD\000.fcl
23:42:46.0656 3996 {95808DC4-FA4A-4C74-92FE-5B863F82066B} - ok
23:42:46.0656 3996 ================ Scan global ===============================
23:42:46.0718 3996 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
23:42:46.0796 3996 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
23:42:46.0828 3996 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
23:42:46.0843 3996 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
23:42:46.0859 3996 [Global] - ok
23:42:46.0859 3996 ================ Scan MBR ==================================
23:42:46.0890 3996 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
23:42:47.0296 3996 \Device\Harddisk0\DR0 - ok
23:42:47.0296 3996 ================ Scan VBR ==================================
23:42:47.0312 3996 [ 97CD0BB04885841C1587DF9EFAB3B0F5 ] \Device\Harddisk0\DR0\Partition1
23:42:47.0312 3996 \Device\Harddisk0\DR0\Partition1 - ok
23:42:47.0312 3996 ============================================================
23:42:47.0312 3996 Scan finished
23:42:47.0312 3996 ============================================================
 
23:42:47.0437 1952 Detected object count: 8
23:42:47.0437 1952 Actual detected object count: 8
23:43:23.0437 1952 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
23:43:23.0437 1952 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:43:23.0437 1952 Diskeeper ( UnsignedFile.Multi.Generic ) - skipped by user
23:43:23.0437 1952 Diskeeper ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:43:23.0437 1952 MHN ( UnsignedFile.Multi.Generic ) - skipped by user
23:43:23.0437 1952 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:43:23.0437 1952 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
23:43:23.0437 1952 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:43:23.0437 1952 NBService ( UnsignedFile.Multi.Generic ) - skipped by user
23:43:23.0437 1952 NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:43:23.0437 1952 sptd ( LockedFile.Multi.Generic ) - skipped by user
23:43:23.0437 1952 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
23:43:23.0453 1952 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
23:43:23.0453 1952 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:43:23.0453 1952 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
23:43:23.0453 1952 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:44:57.0250 3488 ============================================================
23:44:57.0250 3488 Scan started
23:44:57.0250 3488 Mode: Manual; SigCheck; TDLFS;
23:44:57.0250 3488 ============================================================
23:44:57.0562 3488 ================ Scan system memory ========================
23:44:57.0562 3488 System memory - ok
23:44:57.0562 3488 ================ Scan services =============================
23:44:57.0718 3488 Abiosdsk - ok
23:44:57.0734 3488 abp480n5 - ok
23:44:57.0796 3488 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:44:58.0250 3488 ACPI - ok
23:44:58.0312 3488 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
23:44:58.0531 3488 ACPIEC - ok
23:44:58.0609 3488 [ 6D7F09CD92A9FEF3A8EFCE66231FDD79 ] adfs C:\WINDOWS\system32\drivers\adfs.sys
23:44:58.0640 3488 adfs - ok
23:44:58.0750 3488 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:44:58.0796 3488 AdobeFlashPlayerUpdateSvc - ok
23:44:58.0812 3488 adpu160m - ok
23:44:58.0843 3488 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
23:44:59.0015 3488 aec - ok
23:44:59.0062 3488 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
23:44:59.0125 3488 AFD - ok
23:44:59.0125 3488 Aha154x - ok
23:44:59.0140 3488 aic78u2 - ok
23:44:59.0140 3488 aic78xx - ok
23:44:59.0203 3488 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
23:44:59.0375 3488 Alerter - ok
23:44:59.0421 3488 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
23:44:59.0609 3488 ALG - ok
23:44:59.0609 3488 AliIde - ok
23:44:59.0625 3488 amsint - ok
23:44:59.0796 3488 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:44:59.0828 3488 Apple Mobile Device - ok
23:44:59.0875 3488 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
23:45:00.0031 3488 AppMgmt - ok
23:45:00.0031 3488 asc - ok
23:45:00.0046 3488 asc3350p - ok
23:45:00.0062 3488 asc3550 - ok
23:45:00.0218 3488 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:45:00.0250 3488 aspnet_state - ok
23:45:00.0312 3488 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:45:00.0484 3488 AsyncMac - ok
23:45:00.0500 3488 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
23:45:00.0671 3488 atapi - ok
23:45:00.0687 3488 Atdisk - ok
23:45:00.0718 3488 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:45:00.0890 3488 Atmarpc - ok
23:45:00.0953 3488 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
23:45:01.0109 3488 AudioSrv - ok
23:45:01.0156 3488 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
23:45:01.0359 3488 audstub - ok
23:45:01.0406 3488 [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] Avgfwdx C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
23:45:01.0453 3488 Avgfwdx - ok
23:45:01.0453 3488 [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] Avgfwfd C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
23:45:01.0500 3488 Avgfwfd - ok
23:45:01.0656 3488 [ 2E0DB82F4254FF91E153F331BA9B2D6E ] avgfws C:\Program Files\AVG\AVG2013\avgfws.exe
23:45:01.0781 3488 avgfws - ok
23:45:02.0093 3488 [ B41F0E54105801538D56623271A0AE49 ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
23:45:02.0468 3488 AVGIDSAgent - ok
23:45:02.0593 3488 [ 2F47851015D8837976E481F6DAA46A67 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
23:45:02.0640 3488 AVGIDSDriver - ok
23:45:02.0687 3488 [ 303BDE0DCDC04CE597C6C1CD06C6F186 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
23:45:02.0734 3488 AVGIDSHX - ok
23:45:02.0796 3488 [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
23:45:02.0828 3488 AVGIDSShim - ok
23:45:02.0890 3488 [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
23:45:02.0921 3488 Avgldx86 - ok
23:45:02.0984 3488 [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys
23:45:03.0015 3488 Avglogx - ok
23:45:03.0062 3488 [ 6DF7236D3A16C8417FF72F2EB2ADD244 ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
23:45:03.0093 3488 Avgmfx86 - ok
23:45:03.0125 3488 [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
23:45:03.0171 3488 Avgrkx86 - ok
23:45:03.0218 3488 [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
23:45:03.0265 3488 Avgtdix - ok
23:45:03.0296 3488 [ DB22E7062FD88CDD1CC8C99CE59E6B2B ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
23:45:03.0328 3488 avgtp - ok
23:45:03.0390 3488 [ 0D2EB149AFF89A307E5D82D0A2B78439 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
23:45:03.0437 3488 avgwd - ok
23:45:03.0593 3488 [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
23:45:03.0656 3488 BBSvc - ok
23:45:03.0718 3488 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files\Microsoft\BingBar\SeaPort.EXE
23:45:03.0765 3488 BBUpdate - ok
23:45:03.0875 3488 [ E9EA635B8432D68F0005B3F6CEBAB837 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
23:45:04.0046 3488 BCM43XX - ok
23:45:04.0093 3488 [ CD4646067CC7DCBA1907FA0ACF7E3966 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
23:45:04.0156 3488 bcm4sbxp - ok
23:45:04.0203 3488 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
23:45:04.0406 3488 Beep - ok
23:45:04.0468 3488 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
23:45:04.0640 3488 BITS - ok
23:45:04.0750 3488 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:45:04.0812 3488 Bonjour Service - ok
23:45:04.0859 3488 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
23:45:04.0921 3488 Browser - ok
23:45:04.0968 3488 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
23:45:05.0156 3488 cbidf2k - ok
23:45:05.0187 3488 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:45:05.0359 3488 CCDECODE - ok
23:45:05.0375 3488 cd20xrnt - ok
23:45:05.0421 3488 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
23:45:05.0609 3488 Cdaudio - ok
23:45:05.0671 3488 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
23:45:05.0843 3488 Cdfs - ok
23:45:05.0859 3488 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:45:06.0031 3488 Cdrom - ok
23:45:06.0078 3488 [ B4DDA22FCBA9AF3EB5F6B58A671A447D ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
23:45:06.0140 3488 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
23:45:06.0140 3488 cercsr6 - detected UnsignedFile.Multi.Generic (1)
23:45:06.0140 3488 Changer - ok
23:45:06.0218 3488 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
23:45:06.0375 3488 CiSvc - ok
23:45:06.0421 3488 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
23:45:06.0609 3488 ClipSrv - ok
23:45:06.0671 3488 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:45:06.0703 3488 clr_optimization_v2.0.50727_32 - ok
23:45:06.0812 3488 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:45:06.0859 3488 clr_optimization_v4.0.30319_32 - ok
23:45:06.0859 3488 CmdIde - ok
23:45:06.0875 3488 COMSysApp - ok
23:45:06.0890 3488 Cpqarray - ok
23:45:06.0953 3488 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
23:45:07.0109 3488 CryptSvc - ok
23:45:07.0125 3488 dac2w2k - ok
23:45:07.0140 3488 dac960nt - ok
23:45:07.0203 3488 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
23:45:07.0296 3488 DcomLaunch - ok
23:45:07.0343 3488 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
23:45:07.0515 3488 Dhcp - ok
23:45:07.0562 3488 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
23:45:07.0734 3488 Disk - ok
23:45:07.0859 3488 [ 35741E47A211C50B9AA52E1423CC8503 ] Diskeeper C:\Program Files\Executive Software\Diskeeper\DkService.exe
23:45:07.0921 3488 Diskeeper ( UnsignedFile.Multi.Generic ) - warning
23:45:07.0921 3488 Diskeeper - detected UnsignedFile.Multi.Generic (1)
23:45:07.0937 3488 dmadmin - ok
23:45:08.0015 3488 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
23:45:08.0218 3488 dmboot - ok
23:45:08.0250 3488 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
23:45:08.0421 3488 dmio - ok
23:45:08.0468 3488 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
23:45:08.0656 3488 dmload - ok
23:45:08.0718 3488 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
23:45:08.0890 3488 dmserver - ok
23:45:08.0937 3488 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
23:45:09.0093 3488 DMusic - ok
23:45:09.0156 3488 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
23:45:09.0234 3488 Dnscache - ok
23:45:09.0296 3488 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
23:45:09.0468 3488 Dot3svc - ok
23:45:09.0468 3488 dpti2o - ok
23:45:09.0484 3488 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
23:45:09.0656 3488 drmkaud - ok
23:45:09.0718 3488 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
23:45:09.0875 3488 EapHost - ok
23:45:09.0984 3488 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
23:45:10.0046 3488 ehRecvr - ok
23:45:10.0093 3488 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
23:45:10.0203 3488 ehSched - ok
23:45:10.0250 3488 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
23:45:10.0437 3488 ERSvc - ok
23:45:10.0500 3488 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
23:45:10.0578 3488 Eventlog - ok
23:45:10.0656 3488 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
23:45:10.0703 3488 EventSystem - ok
23:45:10.0765 3488 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
23:45:10.0921 3488 Fastfat - ok
23:45:10.0984 3488 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:45:11.0046 3488 FastUserSwitchingCompatibility - ok
23:45:11.0093 3488 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
23:45:11.0234 3488 Fdc - ok
23:45:11.0281 3488 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
23:45:11.0453 3488 Fips - ok
23:45:11.0546 3488 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:45:11.0609 3488 FLEXnet Licensing Service - ok
23:45:11.0656 3488 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
23:45:11.0843 3488 Flpydisk - ok
23:45:11.0906 3488 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
23:45:12.0078 3488 FltMgr - ok
23:45:12.0187 3488 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:45:12.0218 3488 FontCache3.0.0.0 - ok
23:45:12.0281 3488 [ E0087225B137E57239FF40F8AE82059B ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
23:45:12.0328 3488 fssfltr - ok
23:45:12.0484 3488 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
23:45:12.0562 3488 fsssvc - ok
23:45:12.0609 3488 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:45:12.0796 3488 Fs_Rec - ok
23:45:12.0859 3488 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:45:13.0046 3488 Ftdisk - ok
23:45:13.0093 3488 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:45:13.0125 3488 GEARAspiWDM - ok
23:45:13.0171 3488 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:45:13.0328 3488 Gpc - ok
23:45:13.0406 3488 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:45:13.0578 3488 HDAudBus - ok
23:45:13.0734 3488 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:45:13.0906 3488 helpsvc - ok
23:45:13.0984 3488 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
23:45:14.0171 3488 HidServ - ok
23:45:14.0203 3488 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:45:14.0359 3488 HidUsb - ok
23:45:14.0406 3488 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
23:45:14.0578 3488 hkmsvc - ok
23:45:14.0593 3488 hpn - ok
23:45:14.0656 3488 [ 1C8CAA80E91FB71864E9426F9EED048D ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
23:45:14.0703 3488 HSFHWAZL - ok
23:45:14.0796 3488 [ 698204D9C2832E53633E53A30A53FC3D ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
23:45:14.0906 3488 HSF_DPV - ok
23:45:14.0968 3488 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
23:45:15.0031 3488 HTTP - ok
23:45:15.0078 3488 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
23:45:15.0343 3488 HTTPFilter - ok
23:45:15.0343 3488 i2omgmt - ok
23:45:15.0359 3488 i2omp - ok
23:45:15.0437 3488 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:45:15.0609 3488 i8042prt - ok
23:45:15.0734 3488 [ 5A8E05F1D5C36ABD58CFFA111EB325EA ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
23:45:15.0843 3488 ialm - ok
23:45:15.0984 3488 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:45:16.0062 3488 idsvc - ok
23:45:16.0078 3488 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
23:45:16.0265 3488 Imapi - ok
23:45:16.0312 3488 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
23:45:16.0468 3488 ImapiService - ok
23:45:16.0484 3488 ini910u - ok
23:45:16.0515 3488 IntelIde - ok
23:45:16.0578 3488 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:45:16.0734 3488 intelppm - ok
23:45:16.0765 3488 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
23:45:16.0953 3488 Ip6Fw - ok
23:45:17.0000 3488 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:45:17.0203 3488 IpFilterDriver - ok
23:45:17.0218 3488 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:45:17.0390 3488 IpInIp - ok
23:45:17.0421 3488 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:45:17.0593 3488 IpNat - ok
23:45:17.0687 3488 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:45:17.0765 3488 iPod Service - ok
23:45:17.0796 3488 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:45:17.0953 3488 IPSec - ok
23:45:17.0968 3488 IRENUM - ok
23:45:18.0015 3488 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:45:18.0171 3488 isapnp - ok
23:45:18.0312 3488 [ 0E410EDC8D0527801B899CF29E60597C ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
23:45:18.0359 3488 JavaQuickStarterService - ok
23:45:18.0375 3488 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:45:18.0546 3488 Kbdclass - ok
23:45:18.0578 3488 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
23:45:18.0750 3488 kmixer - ok
23:45:18.0781 3488 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
23:45:18.0828 3488 KSecDD - ok
23:45:18.0875 3488 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
23:45:18.0937 3488 lanmanserver - ok
23:45:19.0000 3488 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:45:19.0046 3488 lanmanworkstation - ok
23:45:19.0046 3488 lbrtfdc - ok
23:45:19.0140 3488 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
23:45:19.0312 3488 LmHosts - ok
23:45:19.0375 3488 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
23:45:19.0453 3488 McrdSvc - ok
23:45:19.0500 3488 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:45:19.0562 3488 mdmxsdk - ok
23:45:19.0609 3488 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
23:45:19.0781 3488 Messenger - ok
23:45:19.0843 3488 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
23:45:19.0859 3488 MHN ( UnsignedFile.Multi.Generic ) - warning
23:45:19.0859 3488 MHN - detected UnsignedFile.Multi.Generic (1)
23:45:19.0875 3488 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
23:45:19.0921 3488 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
23:45:19.0921 3488 MHNDRV - detected UnsignedFile.Multi.Generic (1)
23:45:20.0031 3488 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
23:45:20.0078 3488 Microsoft Office Groove Audit Service - ok
23:45:20.0125 3488 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
23:45:20.0359 3488 mnmdd - ok
23:45:20.0406 3488 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
23:45:20.0718 3488 mnmsrvc - ok
23:45:20.0765 3488 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
23:45:20.0921 3488 Modem - ok
23:45:20.0953 3488 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:45:21.0109 3488 Mouclass - ok
23:45:21.0140 3488 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:45:21.0343 3488 mouhid - ok
23:45:21.0390 3488 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
23:45:21.0562 3488 MountMgr - ok
23:45:21.0578 3488 mraid35x - ok
23:45:21.0609 3488 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:45:21.0781 3488 MRxDAV - ok
23:45:21.0859 3488 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:45:21.0937 3488 MRxSmb - ok
23:45:21.0953 3488 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
23:45:22.0140 3488 MSDTC - ok
23:45:22.0171 3488 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
23:45:22.0343 3488 Msfs - ok
23:45:22.0359 3488 MSIServer - ok
23:45:22.0406 3488 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:45:22.0562 3488 MSKSSRV - ok
23:45:22.0578 3488 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:45:22.0734 3488 MSPCLOCK - ok
23:45:22.0750 3488 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
23:45:22.0921 3488 MSPQM - ok
23:45:22.0953 3488 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:45:23.0109 3488 mssmbios - ok
23:45:23.0140 3488 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
23:45:23.0296 3488 MSTEE - ok
23:45:23.0375 3488 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
23:45:23.0421 3488 Mup - ok
23:45:23.0453 3488 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:45:23.0640 3488 NABTSFEC - ok
23:45:23.0718 3488 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
23:45:23.0906 3488 napagent - ok
23:45:24.0093 3488 [ 87A00FAEDD703D8D2BDCB29CE5EEEA6B ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
23:45:24.0203 3488 NBService ( UnsignedFile.Multi.Generic ) - warning
23:45:24.0203 3488 NBService - detected UnsignedFile.Multi.Generic (1)
23:45:24.0265 3488 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
23:45:24.0437 3488 NDIS - ok
23:45:24.0484 3488 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:45:24.0656 3488 NdisIP - ok
23:45:24.0703 3488 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:45:24.0750 3488 NdisTapi - ok
23:45:24.0781 3488 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:45:24.0953 3488 Ndisuio - ok
23:45:25.0000 3488 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:45:25.0156 3488 NdisWan - ok
23:45:25.0218 3488 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
23:45:25.0265 3488 NDProxy - ok
23:45:25.0281 3488 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
23:45:25.0453 3488 NetBIOS - ok
23:45:25.0484 3488 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
23:45:25.0656 3488 NetBT - ok
23:45:25.0718 3488 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
23:45:25.0890 3488 NetDDE - ok
23:45:25.0906 3488 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
23:45:26.0062 3488 NetDDEdsdm - ok
23:45:26.0125 3488 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
23:45:26.0281 3488 Netlogon - ok
23:45:26.0343 3488 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
23:45:26.0515 3488 Netman - ok
23:45:26.0546 3488 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:45:26.0593 3488 NetTcpPortSharing - ok
23:45:26.0640 3488 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
23:45:26.0718 3488 Nla - ok
23:45:26.0718 3488 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
23:45:26.0890 3488 Npfs - ok
23:45:26.0953 3488 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
23:45:27.0140 3488 Ntfs - ok
23:45:27.0156 3488 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
23:45:27.0312 3488 NtLmSsp - ok
23:45:27.0375 3488 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
23:45:27.0546 3488 NtmsSvc - ok
23:45:27.0609 3488 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
23:45:27.0796 3488 Null - ok
23:45:27.0843 3488 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:45:28.0046 3488 NwlnkFlt - ok
23:45:28.0062 3488 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:45:28.0234 3488 NwlnkFwd - ok
23:45:28.0328 3488 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:45:28.0390 3488 odserv - ok
23:45:28.0453 3488 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:45:28.0500 3488 ose - ok
23:45:28.0531 3488 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
23:45:28.0687 3488 Parport - ok
23:45:28.0718 3488 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
23:45:28.0890 3488 PartMgr - ok
23:45:28.0937 3488 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
23:45:29.0109 3488 ParVdm - ok
23:45:29.0125 3488 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
23:45:29.0281 3488 PCI - ok
23:45:29.0296 3488 PCIDump - ok
23:45:29.0328 3488 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
23:45:29.0515 3488 PCIIde - ok
23:45:29.0562 3488 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
23:45:29.0750 3488 Pcmcia - ok
23:45:29.0750 3488 PDCOMP - ok
23:45:29.0765 3488 PDFRAME - ok
23:45:29.0781 3488 PDRELI - ok
23:45:29.0796 3488 PDRFRAME - ok
23:45:29.0796 3488 perc2 - ok
23:45:29.0812 3488 perc2hib - ok
23:45:29.0875 3488 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
23:45:29.0953 3488 PlugPlay - ok
23:45:29.0968 3488 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
23:45:30.0125 3488 PolicyAgent - ok
23:45:30.0171 3488 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:45:30.0343 3488 PptpMiniport - ok
23:45:30.0343 3488 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:45:30.0515 3488 ProtectedStorage - ok
23:45:30.0531 3488 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
23:45:30.0687 3488 PSched - ok
23:45:30.0750 3488 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:45:30.0937 3488 Ptilink - ok
23:45:30.0968 3488 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:45:31.0015 3488 PxHelp20 - ok
23:45:31.0031 3488 ql1080 - ok
23:45:31.0046 3488 Ql10wnt - ok
23:45:31.0062 3488 ql12160 - ok
23:45:31.0078 3488 ql1240 - ok
23:45:31.0093 3488 ql1280 - ok
23:45:31.0093 3488 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:45:31.0281 3488 RasAcd - ok
23:45:31.0312 3488 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
23:45:31.0500 3488 RasAuto - ok
23:45:31.0531 3488 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:45:31.0687 3488 Rasl2tp - ok
23:45:31.0750 3488 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
23:45:31.0906 3488 RasMan - ok
23:45:31.0921 3488 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:45:32.0093 3488 RasPppoe - ok
23:45:32.0140 3488 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
23:45:32.0312 3488 Raspti - ok
23:45:32.0343 3488 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:45:32.0515 3488 Rdbss - ok
23:45:32.0515 3488 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:45:32.0703 3488 RDPCDD - ok
23:45:32.0750 3488 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:45:32.0921 3488 rdpdr - ok
23:45:32.0984 3488 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
23:45:33.0031 3488 RDPWD - ok
23:45:33.0093 3488 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
23:45:33.0296 3488 RDSessMgr - ok
23:45:33.0312 3488 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
23:45:33.0484 3488 redbook - ok
23:45:33.0531 3488 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
23:45:33.0703 3488 RemoteAccess - ok
23:45:33.0734 3488 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
23:45:33.0921 3488 RemoteRegistry - ok
23:45:34.0000 3488 [ 2D84428075CE90F1B8882D54960C7000 ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
23:45:34.0062 3488 RichVideo - ok
23:45:34.0109 3488 [ F17713D108ACA124A139FDE877EEF68A ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
23:45:34.0187 3488 RimUsb - ok
23:45:34.0203 3488 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
23:45:34.0375 3488 RpcLocator - ok
23:45:34.0421 3488 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
23:45:34.0500 3488 RpcSs - ok
23:45:34.0562 3488 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
23:45:34.0734 3488 RSVP - ok
23:45:34.0765 3488 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
23:45:34.0937 3488 SamSs - ok
23:45:34.0968 3488 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
23:45:35.0140 3488 SCardSvr - ok
23:45:35.0203 3488 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
23:45:35.0375 3488 Schedule - ok
23:45:35.0421 3488 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:45:35.0578 3488 Secdrv - ok
23:45:35.0625 3488 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
23:45:35.0781 3488 seclogon - ok
23:45:35.0828 3488 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
23:45:36.0000 3488 SENS - ok
23:45:36.0046 3488 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
23:45:36.0218 3488 Serial - ok
23:45:36.0296 3488 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
23:45:36.0468 3488 Sfloppy - ok
23:45:36.0546 3488 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
23:45:36.0734 3488 SharedAccess - ok
23:45:36.0765 3488 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:45:36.0812 3488 ShellHWDetection - ok
23:45:36.0828 3488 Simbad - ok
23:45:36.0890 3488 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:45:37.0062 3488 SLIP - ok
23:45:37.0093 3488 Sparrow - ok
23:45:37.0125 3488 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
23:45:37.0296 3488 splitter - ok
23:45:37.0359 3488 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
23:45:37.0406 3488 Spooler - ok
23:45:37.0500 3488 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
23:45:37.0500 3488 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
23:45:37.0515 3488 sptd ( LockedFile.Multi.Generic ) - warning
23:45:37.0515 3488 sptd - detected LockedFile.Multi.Generic (1)
23:45:37.0531 3488 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
23:45:37.0687 3488 sr - ok
23:45:37.0750 3488 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
23:45:37.0921 3488 srservice - ok
23:45:37.0984 3488 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
23:45:38.0093 3488 Srv - ok
23:45:38.0140 3488 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
23:45:38.0296 3488 SSDPSRV - ok
23:45:38.0375 3488 [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
23:45:38.0421 3488 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
23:45:38.0421 3488 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
23:45:38.0546 3488 [ 951801DFB54D86F611F0AF47825476F9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
23:45:38.0640 3488 STHDA - ok
23:45:38.0734 3488 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
23:45:38.0906 3488 stisvc - ok
23:45:38.0953 3488 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:45:39.0125 3488 streamip - ok
23:45:39.0171 3488 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
23:45:39.0328 3488 swenum - ok
23:45:39.0359 3488 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
23:45:39.0531 3488 swmidi - ok
23:45:39.0546 3488 SwPrv - ok
23:45:39.0562 3488 symc810 - ok
23:45:39.0578 3488 symc8xx - ok
23:45:39.0593 3488 sym_hi - ok
23:45:39.0609 3488 sym_u3 - ok
23:45:39.0656 3488 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
23:45:39.0828 3488 sysaudio - ok
23:45:39.0859 3488 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
23:45:40.0031 3488 SysmonLog - ok
23:45:40.0109 3488 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
23:45:40.0312 3488 TapiSrv - ok
23:45:40.0375 3488 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:45:40.0515 3488 Tcpip - ok
23:45:40.0578 3488 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
23:45:40.0750 3488 TDPIPE - ok
23:45:40.0796 3488 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
23:45:40.0984 3488 TDTCP - ok
23:45:41.0015 3488 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
23:45:41.0187 3488 TermDD - ok
23:45:41.0250 3488 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
23:45:41.0453 3488 TermService - ok
23:45:41.0484 3488 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
23:45:41.0546 3488 Themes - ok
23:45:41.0593 3488 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
23:45:41.0765 3488 TlntSvr - ok
23:45:41.0781 3488 TosIde - ok
23:45:41.0859 3488 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
23:45:42.0031 3488 TrkWks - ok
23:45:42.0078 3488 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
23:45:42.0265 3488 Udfs - ok
23:45:42.0296 3488 ultra - ok
23:45:42.0359 3488 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
23:45:42.0531 3488 Update - ok
23:45:42.0593 3488 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
23:45:42.0781 3488 upnphost - ok
23:45:42.0796 3488 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
23:45:42.0968 3488 UPS - ok
23:45:43.0015 3488 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
23:45:43.0046 3488 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
23:45:43.0046 3488 USBAAPL - detected UnsignedFile.Multi.Generic (1)
23:45:43.0109 3488 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
23:45:43.0281 3488 usbaudio - ok
23:45:43.0328 3488 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:45:43.0500 3488 usbccgp - ok
23:45:43.0546 3488 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:45:43.0718 3488 usbehci - ok
23:45:43.0781 3488 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:45:43.0953 3488 usbhub - ok
23:45:44.0000 3488 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:45:44.0156 3488 usbscan - ok
23:45:44.0203 3488 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:45:44.0375 3488 USBSTOR - ok
23:45:44.0406 3488 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:45:44.0562 3488 usbuhci - ok
23:45:44.0609 3488 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
23:45:44.0796 3488 usbvideo - ok
23:45:44.0828 3488 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
23:45:44.0984 3488 VgaSave - ok
23:45:45.0000 3488 ViaIde - ok
23:45:45.0062 3488 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
23:45:45.0218 3488 VolSnap - ok
23:45:45.0281 3488 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
23:45:45.0468 3488 VSS - ok
23:45:45.0562 3488 [ 52591834B0FA3293D35FD407FC230F7D ] vToolbarUpdater12.2.6 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
23:45:45.0625 3488 vToolbarUpdater12.2.6 - ok
23:45:45.0656 3488 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
23:45:45.0828 3488 W32Time - ok
23:45:45.0859 3488 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:45:46.0015 3488 Wanarp - ok
23:45:46.0031 3488 WDICA - ok
23:45:46.0062 3488 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
23:45:46.0234 3488 wdmaud - ok
23:45:46.0296 3488 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
23:45:46.0468 3488 WebClient - ok
23:45:46.0578 3488 [ 74CF3F2E4E40C4A2E18D39D6300A5C24 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
23:45:46.0671 3488 winachsf - ok
23:45:46.0812 3488 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
23:45:46.0968 3488 winmgmt - ok
23:45:47.0062 3488 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
23:45:47.0218 3488 WinRM - ok
23:45:47.0281 3488 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
23:45:47.0328 3488 WmdmPmSN - ok
23:45:47.0406 3488 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
23:45:47.0546 3488 Wmi - ok
23:45:47.0625 3488 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:45:47.0796 3488 WmiApSrv - ok
23:45:47.0921 3488 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
23:45:48.0062 3488 WMPNetworkSvc - ok
23:45:48.0171 3488 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:45:48.0234 3488 WPFFontCache_v0400 - ok
23:45:48.0296 3488 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
23:45:48.0468 3488 wscsvc - ok
23:45:48.0484 3488 WSearch - ok
23:45:48.0531 3488 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:45:48.0718 3488 WSTCODEC - ok
23:45:48.0734 3488 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
23:45:48.0937 3488 wuauserv - ok
23:45:48.0984 3488 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:45:49.0046 3488 WudfPf - ok
23:45:49.0078 3488 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:45:49.0156 3488 WudfRd - ok
23:45:49.0203 3488 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
23:45:49.0281 3488 WudfSvc - ok
23:45:49.0359 3488 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
23:45:49.0546 3488 WZCSVC - ok
23:45:49.0593 3488 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
23:45:49.0750 3488 xmlprov - ok
23:45:49.0843 3488 [ 5867CE254625645345C833510D24F124 ] {95808DC4-FA4A-4C74-92FE-5B863F82066B} C:\Program Files\CyberLink\PowerDVD\000.fcl
23:45:49.0906 3488 {95808DC4-FA4A-4C74-92FE-5B863F82066B} - ok
23:45:49.0906 3488 ================ Scan global ===============================
23:45:49.0968 3488 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
23:45:50.0031 3488 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
23:45:50.0062 3488 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
23:45:50.0093 3488 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
23:45:50.0093 3488 [Global] - ok
23:45:50.0109 3488 ================ Scan MBR ==================================
23:45:50.0125 3488 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
23:45:50.0546 3488 \Device\Harddisk0\DR0 - ok
23:45:50.0546 3488 ================ Scan VBR ==================================
23:45:50.0546 3488 [ 97CD0BB04885841C1587DF9EFAB3B0F5 ] \Device\Harddisk0\DR0\Partition1
23:45:50.0546 3488 \Device\Harddisk0\DR0\Partition1 - ok
23:45:50.0562 3488 ============================================================
23:45:50.0562 3488 Scan finished
23:45:50.0562 3488 ============================================================
23:45:50.0562 1712 Detected object count: 8
23:45:50.0562 1712 Actual detected object count: 8
23:45:59.0828 1712 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
23:45:59.0828 1712 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:45:59.0828 1712 Diskeeper ( UnsignedFile.Multi.Generic ) - skipped by user
23:45:59.0828 1712 Diskeeper ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:45:59.0828 1712 MHN ( UnsignedFile.Multi.Generic ) - skipped by user
23:45:59.0828 1712 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:45:59.0828 1712 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
23:45:59.0828 1712 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:45:59.0828 1712 NBService ( UnsignedFile.Multi.Generic ) - skipped by user
23:45:59.0828 1712 NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:45:59.0828 1712 sptd ( LockedFile.Multi.Generic ) - skipped by user
23:45:59.0828 1712 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
23:45:59.0828 1712 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
23:45:59.0828 1712 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:45:59.0828 1712 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
23:45:59.0828 1712 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
 
ComboFix scan

Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix


After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 
ComboFix 12-10-18.03 - Laura 10/18/2012 17:16:20.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1385 [GMT 1:00]
Running from: c:\documents and settings\Laura\Desktop\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: AVG Internet Security 2013 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-18 to 2012-10-18 )))))))))))))))))))))))))))))))
.
.
2012-10-17 13:18 . 2012-10-17 13:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-17 13:18 . 2012-09-07 16:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-09 18:40 . 2012-10-09 18:40 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-09-28 17:19 . 2012-09-28 17:19 -------- d-----w- c:\program files\iPod
2012-09-28 17:19 . 2012-09-28 17:21 -------- d-----w- c:\program files\iTunes
2012-09-28 17:19 . 2012-09-28 17:21 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-27 19:46 . 2001-08-17 12:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2012-09-27 19:46 . 2001-08-17 12:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2012-09-26 13:45 . 2012-09-26 13:45 -------- d-----w- c:\documents and settings\Default User\Application Data\TuneUp Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 18:40 . 2012-04-04 20:46 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 18:40 . 2012-01-27 13:57 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-05 02:26 . 2011-08-08 05:08 93536 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-10-02 02:30 . 2011-10-07 05:23 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-09-21 02:46 . 2011-07-11 00:14 164832 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-21 02:46 . 2012-08-09 12:56 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys
2012-09-21 02:45 . 2011-12-23 12:32 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-09-21 02:45 . 2012-04-19 03:50 55008 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-09-14 02:05 . 2011-09-13 05:30 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-09-13 02:11 . 2011-12-23 12:32 177504 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-09-06 11:39 . 2012-09-06 11:39 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-28 19:24 . 2012-06-24 18:57 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-28 19:24 . 2012-01-27 14:07 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 17:39 . 2012-06-24 18:57 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-28 15:14 . 2008-09-29 17:27 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2008-09-29 17:26 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2008-09-29 17:25 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-09-29 17:25 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2008-09-29 17:27 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29 . 2008-09-29 17:26 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2008-09-29 17:26 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-21 12:01 . 2012-01-27 14:21 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 12:01 . 2012-01-27 14:21 106928 ----a-w- c:\windows\system32\GEARAspi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-09-28 91432]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 72736]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-10-10 3116152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
c:\documents and settings\Laura\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"18435:TCP"= 18435:TCP:BitComet 18435 TCP
"18435:UDP"= 18435:UDP:BitComet 18435 UDP
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 55008]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [8/9/2012 1:56 PM 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 35552]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/12/2012 5:46 PM 691696]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 177504]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 164832]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/6/2012 12:39 PM 27496]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2013\avgfws.exe [10/2/2012 3:32 AM 1314720]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [10/2/2012 3:32 AM 193568]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 6:21 PM 249648]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [9/6/2012 12:39 PM 722528]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [5/23/2011 1:03 AM 30944]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [10/2/2012 3:32 AM 5783672]
S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [10/21/2011 4:23 PM 196176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/4/2012 9:46 PM 250808]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [5/23/2011 1:03 AM 30944]
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 18:40]
.
2012-10-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
.
2012-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-842925246-725345543-1004Core.job
- c:\documents and settings\Laura\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-05 23:11]
.
2012-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-842925246-725345543-1004UA.job
- c:\documents and settings\Laura\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-05 23:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-18 17:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(556)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2012-10-18 17:26:10
ComboFix-quarantined-files.txt 2012-10-18 16:25
.
Pre-Run: 10,199,359,488 bytes free
Post-Run: 10,250,248,192 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 304F07491268C6B10095AA05497ABBC8
 
ComboFix Script

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the codebox below into it:
    ClearJavaCache::
    Click to expand...
  • Save this as CFScript.txt, in the same location as ComboFix.exe
    CFScriptB-4.gif
  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.

RogueKiller Scan

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
RGKRScan.png


  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
RGKRDelete.png


  • The report has been created on the desktop.
  • Next click on the ShortcutsFix

    RGKRShortcutsFix.png
  • The report has been created on the desktop.
Please post:

All RKreport.txt text files located on your desktop.
 
ComboFix 12-10-18.03 - Laura 10/18/2012 18:44:14.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1469 [GMT 1:00]
Running from: c:\documents and settings\Laura\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Laura\Desktop\CFScript.txt
AV: AVG Internet Security 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: AVG Internet Security 2013 *Disabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-18 to 2012-10-18 )))))))))))))))))))))))))))))))
.
.
2012-10-17 13:18 . 2012-10-17 13:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-17 13:18 . 2012-09-07 16:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-09 18:40 . 2012-10-09 18:40 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-09-28 17:19 . 2012-09-28 17:19 -------- d-----w- c:\program files\iPod
2012-09-28 17:19 . 2012-09-28 17:21 -------- d-----w- c:\program files\iTunes
2012-09-28 17:19 . 2012-09-28 17:21 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-27 19:46 . 2001-08-17 12:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2012-09-27 19:46 . 2001-08-17 12:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2012-09-26 13:45 . 2012-09-26 13:45 -------- d-----w- c:\documents and settings\Default User\Application Data\TuneUp Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 18:40 . 2012-04-04 20:46 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 18:40 . 2012-01-27 13:57 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-05 02:26 . 2011-08-08 05:08 93536 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-10-02 02:30 . 2011-10-07 05:23 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-09-21 02:46 . 2011-07-11 00:14 164832 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-21 02:46 . 2012-08-09 12:56 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys
2012-09-21 02:45 . 2011-12-23 12:32 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-09-21 02:45 . 2012-04-19 03:50 55008 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-09-14 02:05 . 2011-09-13 05:30 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-09-13 02:11 . 2011-12-23 12:32 177504 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-09-06 11:39 . 2012-09-06 11:39 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-28 19:24 . 2012-06-24 18:57 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-28 19:24 . 2012-01-27 14:07 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 17:39 . 2012-06-24 18:57 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-28 15:14 . 2008-09-29 17:27 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2008-09-29 17:26 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2008-09-29 17:25 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-09-29 17:25 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2008-09-29 17:27 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29 . 2008-09-29 17:26 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2008-09-29 17:26 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-21 12:01 . 2012-01-27 14:21 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 12:01 . 2012-01-27 14:21 106928 ----a-w- c:\windows\system32\GEARAspi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-09-28 91432]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 72736]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-10-10 3116152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
c:\documents and settings\Laura\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"18435:TCP"= 18435:TCP:BitComet 18435 TCP
"18435:UDP"= 18435:UDP:BitComet 18435 UDP
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 55008]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [8/9/2012 1:56 PM 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 35552]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/12/2012 5:46 PM 691696]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 177504]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 164832]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/6/2012 12:39 PM 27496]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [10/2/2012 3:32 AM 193568]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 6:21 PM 249648]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [9/6/2012 12:39 PM 722528]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [5/23/2011 1:03 AM 30944]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2013\avgfws.exe [10/2/2012 3:32 AM 1314720]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [10/2/2012 3:32 AM 5783672]
S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [10/21/2011 4:23 PM 196176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/4/2012 9:46 PM 250808]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [5/23/2011 1:03 AM 30944]
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 18:40]
.
2012-10-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
.
2012-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-842925246-725345543-1004Core.job
- c:\documents and settings\Laura\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-05 23:11]
.
2012-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-842925246-725345543-1004UA.job
- c:\documents and settings\Laura\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-05 23:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-18 18:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(556)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(1976)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2012-10-18 18:52:43
ComboFix-quarantined-files.txt 2012-10-18 17:52
ComboFix2.txt 2012-10-18 16:26
.
Pre-Run: 10,258,268,160 bytes free
Post-Run: 10,252,787,712 bytes free
.
- - End Of File - - 9C84B967F1FF7E88529F44929080FEDB
 
RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Laura [Admin rights]
Mode : Scan -- Date : 10/18/2012 18:59:28
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B} (\??\C:\Program Files\CyberLink\PowerDVD\000.fcl) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet003\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B} (\??\C:\Program Files\CyberLink\PowerDVD\000.fcl) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[177] : NtQueryValueKey @ 0x80618FAA -> HOOKED (\??\C:\WINDOWS\system32\drivers\avgtpx86.sys @ 0xBA1C9258)
IRP[IRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
IRP[IRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
IRP[IRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
IRP[IRP_MJ_POWER] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
IRP[IRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
IRP[IRP_MJ_PNP] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
IRP[DriverStartIo] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E07864)
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: SAMSUNG MP0402H +++++
--- User ---
[MBR] cf3935091b9c1b9a91d76d7e6f65b2de
[BSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38146 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
 
RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Laura [Admin rights]
Mode : Remove -- Date : 10/18/2012 18:59:55
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B} (\??\C:\Program Files\CyberLink\PowerDVD\000.fcl) -> DELETED
[Services][ROGUE ST] HKLM\[...]\ControlSet003\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B} (\??\C:\Program Files\CyberLink\PowerDVD\000.fcl) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[177] : NtQueryValueKey @ 0x80618FAA -> HOOKED (\??\C:\WINDOWS\system32\drivers\avgtpx86.sys @ 0xBA1C9258)
IRP[IRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
IRP[IRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
IRP[IRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
IRP[IRP_MJ_POWER] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
IRP[IRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
IRP[IRP_MJ_PNP] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
IRP[DriverStartIo] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E07864)
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: SAMSUNG MP0402H +++++
--- User ---
[MBR] cf3935091b9c1b9a91d76d7e6f65b2de
[BSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38146 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
 
RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Laura [Admin rights]
Mode : Shortcuts HJfix -- Date : 10/18/2012 19:00:13
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 14 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 51 / Fail 0
My documents: Success 155 / Fail 155
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 166 / Fail 0
Backup: [NOT FOUND]
Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\CdRom1 -- 0x5 --> Skipped
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
 
ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.


Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death
 
C:\System Volume Information\_restore{14268A9D-41FC-42DA-B976-A77BB9D33DCE}\RP304\A0228854.exe Win32/TopMedia.A application cleaned by deleting - quarantined
 
The issues that I was experiencing were:-
  • Microsoft update symbol appearing in system tray. When I tried to install the update (security update for windows) it kept saying it was unsuccessful.
  • Web browser crashing. When I am on youtube for example or a webpage with media player internet explorer would keep saying error page has to close and then tab recovered
  • Laptop would suddenly go blue with error computer script and then re-boot
 
Upload Dump Files:
Please go to C:\Windows\Minidump and zip up the contents of the folder. Then upload/attach the .zip file with your next post.
Left click on the first minidump file.
Hold down the "Shift" key and left click on the last minidump file.
Right click on the blue highlighted area and select "Send to"
Select "Compressed (zipped) folder" and note where the folder is saved.
Upload that .zip file with your next post.

If you have issues with "Access Denied" errors, try copying the files to your desktop and zipping them up from there. If it still won't let you zip them up, post back for further advice.

If you don't have anything in that folder, please check in C:\Windows for a file named MEMORY.DMP. If you find it, zip it up and upload it to a free file hosting service . I recommend Windows Live SkyDrive - http://skydrive.live.com or another free, file-hosting service. Then post the link to it in your topic so that we can download it.

Then, follow the directions here to set your system for Minidumps (much smaller than the MEMORY.DMP file): http://www.carrona.org/setmini.html
 
Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

p22001645.gif




Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22001646.gif



Go to Step 4 and under "System Restore" click on Create button:

p22001644.gif



Go to Start Repairs tab and click Start button.

p22001166.gif



Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

p22001647.gif


Click on box next to the Restart System when Finished. Then click on Start.
 
Hello! Are you still with us? Your topic is now marked inactive, because you have lacked to reply.

However, we'd like to still help. Please update us on the state of your PC.
 
Sorry for not replying earlier but I haven't been able to access the internet. Since running the previous step my laptop crashed with a blue screen with computer script. When I went to go back onto the internet I repeatedly get an error message saying that the system has been recovered serious error and an error reporting box comes up. Whatever I do the message keeps popping up. When I submitted the error report it took me to the microsoft update page but the messgae keeps popping up and wouldn't let me access anything else. I can only access internet from my phone
 
Press start, then run and enter cmd - then hit OK.

In the command prompt window, press in the following code exactly:


netsh winsock reset catalog

Then, exit out.
==

Do you have Internet after performing the above process?
 
I have been able to access the internet know however the error box keeps popping up informing me that the system hass recoverd from a serious error. A logof this error created. It gives me the option to send error report or dont send. When I click to send error report it sends me to windows update website and asks me to download drivers. if I dont send keeps popping up and restricts what I can do on m laptop
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
775
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back