Solved System crashing, strange registry errors

Status
Not open for further replies.
Z

Zenlana

Posts: 6   +0
Hi,

I hope you are able to help me. My computer has been randomly blue-screening, and then it tells me it has a probably with spooldr.sys - not that I can find that file anywhere.

Anyway, I've followed the instructions about getting the logs, and here they are:

Malwarebytes:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.16.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Helen :: HELENXP2 [administrator]

17/11/2012 7:20:37 PM
mbam-log-2012-11-17 (19-20-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205084
Time elapsed: 15 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 18/03/2012 6:51:21 PM
System Uptime: 17/11/2012 7:17:08 PM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | EP41-UD3L
Processor: Intel Pentium III Xeon processor | Socket 775 | 2999/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 281 GiB total, 185.283 GiB free.
D: is FIXED (NTFS) - 200 GiB total, 114.092 GiB free.
G: is FIXED (NTFS) - 10 GiB total, 9.3 GiB free.
H: is FIXED (NTFS) - 100 GiB total, 89.401 GiB free.
K: is CDROM (UDF)
M: is FIXED (NTFS) - 40 GiB total, 23.211 GiB free.
P: is FIXED (NTFS) - 100 GiB total, 72.604 GiB free.
R: is FIXED (NTFS) - 112 GiB total, 98.631 GiB free.
V: is FIXED (NTFS) - 200 GiB total, 137.806 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Video Controller
Device ID: PCI\VEN_14F1&DEV_8800&SUBSYS_665F107D&REV_05\4&BC67B8D&0&00F0
Manufacturer:
Name: Multimedia Video Controller
PNP Device ID: PCI\VEN_14F1&DEV_8800&SUBSYS_665F107D&REV_05\4&BC67B8D&0&00F0
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Controller
Device ID: PCI\VEN_14F1&DEV_8802&SUBSYS_665F107D&REV_05\4&BC67B8D&0&02F0
Manufacturer:
Name: Multimedia Controller
PNP Device ID: PCI\VEN_14F1&DEV_8802&SUBSYS_665F107D&REV_05\4&BC67B8D&0&02F0
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Network Controller
Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_700A1799&REV_01\4&BC67B8D&0&10F0
Manufacturer:
Name: Network Controller
PNP Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_700A1799&REV_01\4&BC67B8D&0&10F0
Service:
.
==== System Restore Points ===================
.
RP172: 19/08/2012 5:26:39 PM - System Checkpoint
RP173: 20/08/2012 5:30:09 PM - System Checkpoint
RP174: 21/08/2012 5:59:37 PM - System Checkpoint
RP175: 23/08/2012 1:40:41 PM - System Checkpoint
RP176: 24/08/2012 1:44:22 PM - System Checkpoint
RP177: 25/08/2012 1:52:11 PM - System Checkpoint
RP178: 26/08/2012 4:09:39 PM - System Checkpoint
RP179: 27/08/2012 4:36:07 PM - System Checkpoint
RP180: 28/08/2012 4:47:37 PM - System Checkpoint
RP181: 29/08/2012 5:29:12 PM - System Checkpoint
RP182: 31/08/2012 11:22:22 AM - System Checkpoint
RP183: 2/09/2012 2:14:23 PM - System Checkpoint
RP184: 3/09/2012 5:05:10 PM - System Checkpoint
RP185: 4/09/2012 5:16:12 PM - System Checkpoint
RP186: 9/09/2012 8:16:46 PM - System Checkpoint
RP187: 10/09/2012 9:15:56 PM - System Checkpoint
RP188: 12/09/2012 12:55:41 PM - System Checkpoint
RP189: 14/09/2012 7:29:37 PM - Software Distribution Service 3.0
RP190: 15/09/2012 7:59:26 PM - System Checkpoint
RP191: 16/09/2012 8:35:31 PM - System Checkpoint
RP192: 18/09/2012 11:33:30 AM - System Checkpoint
RP193: 19/09/2012 8:06:29 PM - System Checkpoint
RP194: 21/09/2012 6:29:00 PM - System Checkpoint
RP195: 22/09/2012 7:15:35 PM - System Checkpoint
RP196: 23/09/2012 12:02:04 PM - Software Distribution Service 3.0
RP197: 24/09/2012 3:56:45 PM - System Checkpoint
RP198: 25/09/2012 4:12:59 PM - System Checkpoint
RP199: 7/10/2012 6:26:59 PM - System Checkpoint
RP200: 8/10/2012 7:02:01 PM - System Checkpoint
RP201: 9/10/2012 7:15:49 PM - System Checkpoint
RP202: 11/10/2012 2:07:26 PM - Software Distribution Service 3.0
RP203: 12/10/2012 3:18:26 PM - System Checkpoint
RP204: 13/10/2012 7:36:30 PM - System Checkpoint
RP205: 14/10/2012 7:45:33 PM - System Checkpoint
RP206: 15/10/2012 7:52:55 PM - System Checkpoint
RP207: 16/10/2012 9:50:32 PM - System Checkpoint
RP208: 19/10/2012 5:13:27 PM - System Checkpoint
RP209: 20/10/2012 6:02:31 PM - System Checkpoint
RP210: 21/10/2012 6:23:11 PM - System Checkpoint
RP211: 22/10/2012 6:46:45 PM - System Checkpoint
RP212: 23/10/2012 12:54:49 PM - Installed e-tax 2012
RP213: 24/10/2012 1:17:03 PM - System Checkpoint
RP214: 26/10/2012 7:59:19 PM - System Checkpoint
RP215: 27/10/2012 8:06:58 PM - Installed J2SE Runtime Environment 5.0
RP216: 28/10/2012 4:39:34 PM - Installed The Sims 3
RP217: 29/10/2012 7:53:05 PM - System Checkpoint
RP218: 30/10/2012 8:10:35 PM - System Checkpoint
RP219: 31/10/2012 9:56:00 PM - System Checkpoint
RP220: 2/11/2012 10:20:21 AM - System Checkpoint
RP221: 3/11/2012 10:27:32 AM - System Checkpoint
RP222: 4/11/2012 1:27:20 PM - System Checkpoint
RP223: 5/11/2012 3:45:55 PM - System Checkpoint
RP224: 6/11/2012 5:19:14 PM - System Checkpoint
RP225: 6/11/2012 8:40:02 PM - Installed Java(TM) 6 Update 37
RP226: 8/11/2012 9:56:10 AM - System Checkpoint
RP227: 9/11/2012 9:58:31 AM - System Checkpoint
RP228: 10/11/2012 11:38:32 AM - System Checkpoint
RP229: 11/11/2012 12:34:08 PM - System Checkpoint
RP230: 12/11/2012 12:35:44 PM - System Checkpoint
RP231: 13/11/2012 2:30:50 PM - System Checkpoint
RP232: 14/11/2012 3:33:02 PM - System Checkpoint
RP233: 15/11/2012 2:26:02 PM - Software Distribution Service 3.0
RP234: 16/11/2012 3:03:48 PM - System Checkpoint
RP235: 16/11/2012 9:20:58 PM - Installed Windows Media Player 11
RP236: 16/11/2012 9:22:12 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Digital Editions
Adobe Flash Player 11 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop 5.5
Adobe Reader X (10.1.4)
Amazon Kindle
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
Belkin 802.11g Wireless PCI Card
Bonjour
Browser Configuration Utility
Canon CanoScan Toolbox 5.0
CanoScan LiDE 600F
Codec-TS SDK
CommonCents 3.0
De-interlace SDK
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Drive Manager
Dropbox
DVDFab 8.1.8.5 (24/05/2012) Qt
e-tax 2012
Energy Saver Advance B8.1208.1
FileZilla Client 3.5.3
GIMP 2.8.0
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
hp officejet 6100 series
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp officejet 6100 series
iTunes
J2SE Runtime Environment 5.0
Java Auto Updater
Java(TM) 6 Update 37
Logitech Audio Echo Cancellation Component
Logitech QuickCam
Logitech Video Enumerator
Logitech® Camera Driver
Malwarebytes Anti-Malware version 1.65.1.1000
McAfee AntiVirus Plus
McAfee Security Scan Plus
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Money
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office XP Professional with FrontPage
Microsoft Software Update for Web Folders (English) 14
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Mozilla Firefox 16.0.2 (x86 en-GB)
Mozilla Maintenance Service
Mozilla Thunderbird 16.0.2 (x86 en-GB)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MVision
NVIDIA Drivers
Origin
Paragon Hard Disk Manager 6.0
Picasa 3
PlaySAFE
Presto! PageManager 7.15.14
PrimoPDF
PrimoPDF -- brought to you by Nitro PDF Software
PrimoPDF Redistribution Package
QFolder
QuickTime
Rapid CSS 2007 v8.31
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
ScanSoft OmniPage SE 4.0
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647516)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Skype™ 5.10
The Sims™ 3
TT-SB SDK
UltraEdit-32
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinFast PVR2
.
==== Event Viewer Messages From Past Week ========
.
17/11/2012 6:53:49 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
17/11/2012 6:22:21 PM, error: PCTCore [280] -
15/11/2012 4:08:07 PM, error: System Error [1003] - Error code 10000050, parameter1 bad0b114, parameter2 00000000, parameter3 805bbab6, parameter4 00000002.
13/11/2012 9:20:57 PM, error: System Error [1003] - Error code 10000050, parameter1 bad0b158, parameter2 00000000, parameter3 805bc245, parameter4 00000002.
.
==== End Of File ===========================

dds.txt:

DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_37
Run by Helen at 19:57:04 on 2012-11-17
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2558.1840 [GMT 11:00]
.
AV: PC Tools Spyware Doctor *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\notepad.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.facebook.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: DeviceVM Url Search Hook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - c:\windows\system32\dvmurl.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120627111848.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [basicsmssmenu] "c:\program files\seagate\basics\basics status\MaxMenuMgrBasics.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [LVCOMSX] "c:\program files\common files\logitech\lcommgr\LVComSX.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\helen\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\helen\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hp\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.207\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\hp\digital imaging\bin\hposol08.exe
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 10.1.1.1
TCP: Interfaces\{B3DD3AB3-B38F-49FA-9AD8-7823B0D1BF67} : DHCPNameServer = 10.1.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\helen\application data\mozilla\firefox\profiles\vtm12p15.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2012-09-23 20:45; firefox@zemanta.com; c:\documents and settings\helen\application data\mozilla\firefox\profiles\vtm12p15.default\extensions\firefox@zemanta.com.xpi
FF - ExtSQL: 2012-11-06 20:40; jqs@sun.com; c:\program files\java\jre6\lib\deploy\jqs\ff
FF - ExtSQL: 2012-11-06 20:40; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-10-15 464304]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2012-3-18 89792]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-3-18 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-3-18 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-3-18 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-3-18 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-3-18 166288]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-3-18 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-3-18 151880]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-3-18 57600]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-3-18 180848]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-3-18 59456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-3-18 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2012-3-18 83856]
S2 GEST Service;GEST Service for program management.;c:\program files\gigabyte\energysaver\GSvr.exe [2012-3-18 68136]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [2011-6-18 237008]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2012-3-18 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-3-18 87656]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-5-18 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-5-18 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-5-18 136680]
.
=============== File Associations ===============
.
FileExt: .js: UltraEdit.js="c:\program files\idm computer solutions\ultraedit-32\uedit32.exe" "%1"
.
=============== Created Last 30 ================
.
2012-11-17 08:07:44 -------- d-----w- c:\documents and settings\helen\application data\Malwarebytes
2012-11-17 07:59:25 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-11-17 07:57:51 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-17 07:57:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-17 07:12:30 -------- d-----w- c:\program files\PC Tools
2012-11-17 07:08:36 202280 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-11-17 07:08:35 -------- d-----w- c:\program files\common files\PC Tools
2012-11-17 07:03:41 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2012-11-17 07:03:39 -------- d-----w- c:\documents and settings\helen\application data\TestApp
2012-11-16 10:24:26 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-11-16 10:24:18 -------- d-----w- c:\program files\Windows Media Connect 2
2012-11-16 08:44:00 -------- d-----w- C:\drive backup
2012-11-06 09:40:48 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-06 09:40:48 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-11-06 09:40:48 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-31 00:18:56 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2012-10-31 00:18:56 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-10-31 00:18:53 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2012-10-31 00:18:53 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-10-30 10:05:40 -------- d-----w- c:\documents and settings\helen\local settings\application data\etax2012
2012-10-23 01:54:51 -------- d-----w- c:\program files\etax2012
.
==================== Find3M ====================
.
2012-11-17 08:17:46 16608 ----a-w- c:\windows\gdrv.sys
2012-11-13 10:29:42 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-13 10:29:40 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-21 03:01:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 03:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
.
============= FINISH: 19:57:39.14 ===============
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.


ComboFix scan

Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix


After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 
Thanks for your response. I've done as you asked, here are the results:

ComboFix 12-11-16.02 - Helen 17/11/2012 23:13:06.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2558.1729 [GMT 11:00]
Running from: c:\documents and settings\Helen\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: PC Tools Spyware Doctor *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
c:\documents and settings\Helen\WINDOWS
c:\windows\system32\muzapp.exe
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-17 to 2012-11-17 )))))))))))))))))))))))))))))))
.
.
2012-11-17 11:03 . 2012-11-17 11:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Blumentals
2012-11-17 11:00 . 2012-11-17 11:02 -------- d-----w- c:\program files\Rapid PHP 2011
2012-11-17 08:07 . 2012-11-17 08:07 -------- d-----w- c:\documents and settings\Helen\Application Data\Malwarebytes
2012-11-17 07:59 . 2012-11-17 07:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-11-17 07:57 . 2012-09-29 08:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-17 07:57 . 2012-11-17 07:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-17 07:12 . 2012-11-17 07:12 -------- d-----w- c:\program files\PC Tools
2012-11-17 07:08 . 2012-11-01 04:35 202280 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-11-17 07:08 . 2012-11-17 08:17 -------- d-----w- c:\program files\Common Files\PC Tools
2012-11-17 07:03 . 2012-11-17 08:06 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-11-17 07:03 . 2012-11-17 07:03 -------- d-----w- c:\documents and settings\Helen\Application Data\TestApp
2012-11-16 10:24 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-11-16 10:24 . 2012-11-16 10:24 -------- d-----w- c:\program files\Windows Media Connect 2
2012-11-16 08:44 . 2012-11-16 08:44 -------- d-----w- C:\drive backup
2012-11-11 08:57 . 2012-11-15 03:32 -------- d-----w- c:\program files\Mozilla Thunderbird
2012-11-06 09:40 . 2012-11-06 09:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-06 09:40 . 2012-11-06 09:40 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-10-27 09:06 . 2012-11-06 09:41 -------- d-----w- c:\program files\Common Files\Java
2012-10-23 01:54 . 2012-10-23 01:55 -------- d-----w- c:\program files\etax2012
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-17 12:07 . 2012-03-18 07:59 16608 ----a-w- c:\windows\gdrv.sys
2012-11-13 10:29 . 2012-03-30 03:20 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-13 10:29 . 2012-03-22 02:10 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-04 05:26 . 2011-01-24 17:56 1283 ----a-w- c:\windows\Fonts\FONTLOG.txt
2012-10-22 08:37 . 2012-04-11 13:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2004-08-04 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-08-28 15:14 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2012-09-22 03:55 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2012-08-21 13:33 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2012-08-21 12:58 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-21 03:01 . 2012-04-13 10:44 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 03:01 . 2012-04-13 10:44 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-11-01 10:21 . 2012-10-12 11:33 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Helen\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Helen\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Helen\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Helen\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18084864]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 8429568]
"nwiz"="nwiz.exe" [2007-04-19 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 81920]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1318816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-07 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-07 774168]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2007-02-06 252704]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-18 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Helen\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Helen\Application Data\Dropbox\bin\Dropbox.exe [2012-5-25 27112840]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-18 272528]
officejet 6100.lnk - c:\program files\HP\Digital Imaging\bin\hposol08.exe [2003-4-9 147456]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin 802.11g Wireless PCI Card Configuration Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin 802.11g Wireless PCI Card Configuration Utility.lnk
backup=c:\windows\pss\Belkin 802.11g Wireless PCI Card Configuration Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-27 11:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-27 08:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 13:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2012-05-04 05:36 955792 ----a-w- c:\program files\Samsung\Kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2012-05-04 05:37 21392 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-05-04 05:37 3521424 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-10-11 01:45 75304 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 10:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-09-28 02:16 185896 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
2010-08-11 05:11 2920448 ----a-w- c:\program files\WinFast\WFDTV\WFWIZ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
2011-06-08 05:44 101888 ----a-w- c:\program files\WinFast\WFDTV\DTVSchdl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Documents and Settings\\Helen\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [18/03/2012 11:36 PM 89792]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [18/03/2012 11:36 PM 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [18/03/2012 11:36 PM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [18/03/2012 11:36 PM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [18/03/2012 11:36 PM 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [18/03/2012 11:29 PM 151880]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [18/03/2012 11:36 PM 57600]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [18/03/2012 11:36 PM 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [18/03/2012 11:36 PM 83856]
S2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [18/03/2012 7:03 PM 68136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 2:28 PM 160944]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [18/06/2011 4:33 AM 237008]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [18/03/2012 11:36 PM 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [18/03/2012 11:36 PM 87656]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [18/05/2012 1:51 PM 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [18/05/2012 1:51 PM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [18/05/2012 1:51 PM 136680]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 10:29]
.
2012-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 07:57]
.
2012-09-15 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p officejet 6100 series272A572217594EBCF1CEE215E352B92AD073FDE4339654388.job
- c:\program files\HP\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 07:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.1.1.1
FF - ProfilePath - c:\documents and settings\Helen\Application Data\Mozilla\Firefox\Profiles\vtm12p15.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - ExtSQL: 2012-09-23 20:45; firefox@zemanta.com; c:\documents and settings\Helen\Application Data\Mozilla\Firefox\Profiles\vtm12p15.default\extensions\firefox@zemanta.com.xpi
FF - ExtSQL: 2012-11-06 20:40; jqs@sun.com; c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - ExtSQL: 2012-11-06 20:40; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-LogitechSetup - k:\setup\Setup.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-17 23:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-11-17 23:21:43
ComboFix-quarantined-files.txt 2012-11-17 12:21
.
Pre-Run: 199,031,590,912 bytes free
Post-Run: 201,020,952,576 bytes free
.
- - End Of File - - 77CB9EA7D417A25728BFEFC5B1D25F91
 
Good job!

TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg


-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg


------------------------

Click the Start Scan button.

tdss_3.jpg


-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue


tdss_4.jpg


----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


tdss_5.jpg



--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
 
Hi DMJ,

I've run this latest script. It didn't have a "cure" option next to the threats found, it had a "copy to quarantine", but I chose "skip" since the instructions didn't say to use anything except "cure".

Here's the log:

13:06:35.0375 5456 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:06:37.0390 5456 ============================================================
13:06:37.0390 5456 Current date / time: 2012/11/18 13:06:37.0390
13:06:37.0390 5456 SystemInfo:
13:06:37.0390 5456
13:06:37.0390 5456 OS Version: 5.1.2600 ServicePack: 3.0
13:06:37.0390 5456 Product type: Workstation
13:06:37.0390 5456 ComputerName: HELENXP2
13:06:37.0390 5456 UserName: Helen
13:06:37.0390 5456 Windows directory: C:\WINDOWS
13:06:37.0390 5456 System windows directory: C:\WINDOWS
13:06:37.0390 5456 Processor architecture: Intel x86
13:06:37.0390 5456 Number of processors: 2
13:06:37.0390 5456 Page size: 0x1000
13:06:37.0390 5456 Boot type: Normal boot
13:06:37.0390 5456 ============================================================
13:06:39.0640 5456 Drive \Device\Harddisk0\DR0 - Size: 0x1BF286DE00 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:06:39.0656 5456 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
13:06:39.0656 5456 ============================================================
13:06:39.0656 5456 \Device\Harddisk0\DR0:
13:06:39.0656 5456 MBR partitions:
13:06:39.0656 5456 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782
13:06:39.0656 5456 \Device\Harddisk1\DR1:
13:06:39.0656 5456 MBR partitions:
13:06:39.0656 5456 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x19000000
13:06:39.0656 5456 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x190029BD, BlocksNum 0xC80343F
13:06:39.0671 5456 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x25805E3B, BlocksNum 0x1900297E
13:06:39.0687 5456 \Device\Harddisk1\DR1\Partition4: MBR, Type 0x7, StartLBA 0x3E8087F8, BlocksNum 0xC803400
13:06:39.0703 5456 \Device\Harddisk1\DR1\Partition5: MBR, Type 0x7, StartLBA 0x4B00BC37, BlocksNum 0x140245B
13:06:39.0718 5456 \Device\Harddisk1\DR1\Partition6: MBR, Type 0x7, StartLBA 0x4C40E0D1, BlocksNum 0x50014A7
13:06:39.0718 5456 \Device\Harddisk1\DR1\Partition7: MBR, Type 0x7, StartLBA 0x5140F578, BlocksNum 0x232F2588
13:06:39.0718 5456 ============================================================
13:06:39.0812 5456 D: <-> \Device\Harddisk1\DR1\Partition1
13:06:39.0828 5456 G: <-> \Device\Harddisk1\DR1\Partition5
13:06:39.0843 5456 R: <-> \Device\Harddisk0\DR0\Partition1
13:06:39.0890 5456 C: <-> \Device\Harddisk1\DR1\Partition7
13:06:39.0906 5456 P: <-> \Device\Harddisk1\DR1\Partition2
13:06:40.0000 5456 M: <-> \Device\Harddisk1\DR1\Partition6
13:06:40.0031 5456 H: <-> \Device\Harddisk1\DR1\Partition4
13:06:40.0093 5456 V: <-> \Device\Harddisk1\DR1\Partition3
13:06:40.0093 5456 ============================================================
13:06:40.0093 5456 Initialize success
13:06:40.0093 5456 ============================================================
13:09:38.0468 6076 ============================================================
13:09:38.0468 6076 Scan started
13:09:38.0468 6076 Mode: Manual; SigCheck; TDLFS;
13:09:38.0468 6076 ============================================================
13:09:39.0078 6076 ================ Scan system memory ========================
13:09:39.0078 6076 System memory - ok
13:09:39.0078 6076 ================ Scan services =============================
13:09:39.0140 6076 Abiosdsk - ok
13:09:39.0140 6076 abp480n5 - ok
13:09:39.0234 6076 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
13:09:39.0281 6076 ACDaemon - ok
13:09:39.0312 6076 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:09:39.0406 6076 ACPI - ok
13:09:39.0437 6076 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
13:09:39.0531 6076 ACPIEC - ok
13:09:39.0593 6076 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:09:39.0609 6076 AdobeFlashPlayerUpdateSvc - ok
13:09:39.0609 6076 adpu160m - ok
13:09:39.0625 6076 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
13:09:39.0718 6076 aec - ok
13:09:39.0734 6076 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
13:09:39.0765 6076 AFD - ok
13:09:39.0765 6076 Aha154x - ok
13:09:39.0765 6076 aic78u2 - ok
13:09:39.0765 6076 aic78xx - ok
13:09:39.0796 6076 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
13:09:39.0875 6076 Alerter - ok
13:09:39.0906 6076 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
13:09:39.0984 6076 ALG - ok
13:09:39.0984 6076 AliIde - ok
13:09:39.0984 6076 amsint - ok
13:09:40.0015 6076 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:09:40.0031 6076 Apple Mobile Device - ok
13:09:40.0046 6076 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
13:09:40.0140 6076 AppMgmt - ok
13:09:40.0140 6076 asc - ok
13:09:40.0140 6076 asc3350p - ok
13:09:40.0140 6076 asc3550 - ok
13:09:40.0234 6076 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:09:40.0250 6076 aspnet_state - ok
13:09:40.0250 6076 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:09:40.0343 6076 AsyncMac - ok
13:09:40.0343 6076 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
13:09:40.0421 6076 atapi - ok
13:09:40.0437 6076 Atdisk - ok
13:09:40.0437 6076 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:09:40.0531 6076 Atmarpc - ok
13:09:40.0546 6076 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
13:09:40.0640 6076 AudioSrv - ok
13:09:40.0656 6076 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
13:09:40.0750 6076 audstub - ok
13:09:40.0812 6076 [ 55FED228FE147ECB9C47A1C55388896E ] Basics Service C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
13:09:40.0828 6076 Basics Service - ok
13:09:40.0859 6076 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:09:40.0953 6076 Beep - ok
13:09:40.0984 6076 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
13:09:41.0078 6076 BITS - ok
13:09:41.0093 6076 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:09:41.0125 6076 Bonjour Service - ok
13:09:41.0156 6076 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
13:09:41.0171 6076 Browser - ok
13:09:41.0265 6076 catchme - ok
13:09:41.0265 6076 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
13:09:41.0359 6076 cbidf2k - ok
13:09:41.0375 6076 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:09:41.0468 6076 CCDECODE - ok
13:09:41.0468 6076 cd20xrnt - ok
13:09:41.0468 6076 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
13:09:41.0562 6076 Cdaudio - ok
13:09:41.0593 6076 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
13:09:41.0671 6076 Cdfs - ok
13:09:41.0687 6076 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:09:41.0765 6076 Cdrom - ok
13:09:41.0812 6076 [ 1C7B1E36F3CED9E4B0B13385E627FE8B ] cfwids C:\WINDOWS\system32\drivers\cfwids.sys
13:09:41.0828 6076 cfwids - ok
13:09:41.0828 6076 Changer - ok
13:09:41.0843 6076 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
13:09:41.0937 6076 CiSvc - ok
13:09:41.0937 6076 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
13:09:42.0031 6076 ClipSrv - ok
13:09:42.0046 6076 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:09:42.0062 6076 clr_optimization_v2.0.50727_32 - ok
13:09:42.0062 6076 CmdIde - ok
13:09:42.0062 6076 COMSysApp - ok
13:09:42.0078 6076 Cpqarray - ok
13:09:42.0078 6076 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
13:09:42.0156 6076 CryptSvc - ok
13:09:42.0156 6076 dac2w2k - ok
13:09:42.0171 6076 dac960nt - ok
13:09:42.0203 6076 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:09:42.0250 6076 DcomLaunch - ok
13:09:42.0265 6076 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
13:09:42.0343 6076 Dhcp - ok
13:09:42.0343 6076 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
13:09:42.0437 6076 Disk - ok
13:09:42.0437 6076 dmadmin - ok
13:09:42.0453 6076 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
13:09:42.0546 6076 dmboot - ok
13:09:42.0562 6076 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
13:09:42.0640 6076 dmio - ok
13:09:42.0671 6076 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
13:09:42.0765 6076 dmload - ok
13:09:42.0765 6076 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
13:09:42.0859 6076 dmserver - ok
13:09:42.0875 6076 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
13:09:42.0953 6076 DMusic - ok
13:09:42.0984 6076 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:09:43.0015 6076 Dnscache - ok
13:09:43.0046 6076 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
13:09:43.0140 6076 Dot3svc - ok
13:09:43.0140 6076 dpti2o - ok
13:09:43.0140 6076 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:09:43.0234 6076 drmkaud - ok
13:09:43.0250 6076 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
13:09:43.0328 6076 EapHost - ok
13:09:43.0328 6076 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
13:09:43.0421 6076 ERSvc - ok
13:09:43.0421 6076 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
13:09:43.0468 6076 Eventlog - ok
13:09:43.0484 6076 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\Es.dll
13:09:43.0500 6076 EventSystem - ok
13:09:43.0500 6076 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
13:09:43.0593 6076 Fastfat - ok
13:09:43.0609 6076 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:09:43.0625 6076 FastUserSwitchingCompatibility - ok
13:09:43.0625 6076 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
13:09:43.0718 6076 Fdc - ok
13:09:43.0718 6076 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
13:09:43.0796 6076 Fips - ok
13:09:43.0812 6076 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:09:43.0906 6076 Flpydisk - ok
13:09:43.0906 6076 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
13:09:43.0984 6076 FltMgr - ok
13:09:44.0031 6076 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:09:44.0046 6076 FontCache3.0.0.0 - ok
13:09:44.0046 6076 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:09:44.0156 6076 Fs_Rec - ok
13:09:44.0156 6076 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:09:44.0250 6076 Ftdisk - ok
13:09:44.0265 6076 [ C6E3105B8C68C35CC1EB26A00FD1A8C6 ] gdrv C:\WINDOWS\gdrv.sys
13:09:44.0281 6076 gdrv - ok
13:09:44.0296 6076 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:09:44.0312 6076 GEARAspiWDM - ok
13:09:44.0328 6076 [ 20438B962021F0EA729020ED5A148D4C ] GEST Service C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
13:09:44.0343 6076 GEST Service - ok
13:09:44.0359 6076 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:09:44.0437 6076 Gpc - ok
13:09:44.0468 6076 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:09:44.0484 6076 gusvc - ok
13:09:44.0500 6076 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:09:44.0593 6076 HDAudBus - ok
13:09:44.0625 6076 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:09:44.0718 6076 helpsvc - ok
13:09:44.0718 6076 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
13:09:44.0812 6076 HidServ - ok
13:09:44.0828 6076 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:09:44.0906 6076 HidUsb - ok
13:09:44.0921 6076 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
13:09:45.0000 6076 hkmsvc - ok
13:09:45.0015 6076 hpn - ok
13:09:45.0031 6076 [ 5FABA4775D4C61E55EC669D643FFC71F ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:09:45.0046 6076 HPZid412 - ok
13:09:45.0046 6076 [ A3C43980EE1F1BEAC778B44EA65DBDD4 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:09:45.0062 6076 HPZipr12 - ok
13:09:45.0078 6076 [ 2906949BD4E206F2BB0DD1896CE9F66F ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:09:45.0093 6076 HPZius12 - ok
13:09:45.0125 6076 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
13:09:45.0140 6076 HTTP - ok
13:09:45.0140 6076 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
13:09:45.0234 6076 HTTPFilter - ok
13:09:45.0234 6076 i2omgmt - ok
13:09:45.0234 6076 i2omp - ok
13:09:45.0234 6076 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:09:45.0328 6076 i8042prt - ok
13:09:45.0375 6076 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:09:45.0421 6076 idsvc - ok
13:09:45.0421 6076 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
13:09:45.0500 6076 Imapi - ok
13:09:45.0515 6076 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
13:09:45.0609 6076 ImapiService - ok
13:09:45.0609 6076 ini910u - ok
13:09:45.0718 6076 [ DB589671E0C403D65884CF0B50600FCD ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:09:45.0843 6076 IntcAzAudAddService - ok
13:09:45.0843 6076 IntelIde - ok
13:09:45.0859 6076 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:09:45.0937 6076 intelppm - ok
13:09:45.0953 6076 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
13:09:46.0046 6076 Ip6Fw - ok
13:09:46.0062 6076 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:09:46.0156 6076 IpFilterDriver - ok
13:09:46.0171 6076 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:09:46.0265 6076 IpInIp - ok
13:09:46.0265 6076 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:09:46.0359 6076 IpNat - ok
13:09:46.0390 6076 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:09:46.0421 6076 iPod Service - ok
13:09:46.0421 6076 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:09:46.0515 6076 IPSec - ok
13:09:46.0515 6076 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
13:09:46.0609 6076 IRENUM - ok
13:09:46.0625 6076 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:09:46.0703 6076 isapnp - ok
13:09:46.0765 6076 [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
13:09:46.0781 6076 JavaQuickStarterService - ok
13:09:46.0781 6076 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:09:46.0859 6076 Kbdclass - ok
13:09:46.0875 6076 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:09:46.0968 6076 kbdhid - ok
13:09:46.0984 6076 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
13:09:47.0078 6076 kmixer - ok
13:09:47.0093 6076 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
13:09:47.0109 6076 KSecDD - ok
13:09:47.0109 6076 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
13:09:47.0140 6076 lanmanserver - ok
13:09:47.0156 6076 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:09:47.0171 6076 lanmanworkstation - ok
13:09:47.0171 6076 lbrtfdc - ok
13:09:47.0187 6076 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
13:09:47.0265 6076 LmHosts - ok
13:09:47.0453 6076 [ 9A3D4FC6B86E7E36473079AB76AC703D ] LVcKap C:\WINDOWS\system32\DRIVERS\LVcKap.sys
13:09:47.0500 6076 LVcKap - ok
13:09:47.0562 6076 [ 0ACBC11F19320AF6C19F2E20013D9095 ] LVMVDrv C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
13:09:47.0656 6076 LVMVDrv - ok
13:09:47.0687 6076 [ 12866641284EBB41E627BB53C04DA959 ] LVPr2Mon C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
13:09:47.0703 6076 LVPr2Mon - ok
13:09:47.0718 6076 [ 995D0B52870C7A5CAF3EA165FD674A35 ] LVPrcSrv c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
13:09:47.0734 6076 LVPrcSrv - ok
13:09:47.0750 6076 [ A005CEE9BE199C5E375FAA559CA9A7A9 ] LVSrvLauncher C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
13:09:47.0765 6076 LVSrvLauncher - ok
13:09:47.0781 6076 [ 64BC29C3A0388BFC580BB8B1346F7659 ] LVUSBSta C:\WINDOWS\system32\drivers\LVUSBSta.sys
13:09:47.0796 6076 LVUSBSta - ok
13:09:47.0796 6076 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
13:09:47.0828 6076 McAfee SiteAdvisor Service - ok
13:09:47.0875 6076 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
13:09:47.0906 6076 McComponentHostService - ok
13:09:47.0906 6076 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McMPFSvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
13:09:47.0921 6076 McMPFSvc - ok
13:09:47.0921 6076 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] mcmscsvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
13:09:47.0953 6076 mcmscsvc - ok
13:09:47.0953 6076 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McNaiAnn C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
13:09:47.0968 6076 McNaiAnn - ok
13:09:47.0968 6076 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McNASvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
13:09:47.0984 6076 McNASvc - ok
13:09:48.0031 6076 [ B3CD9ADE1C2665124CA34125B331B0B4 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
13:09:48.0062 6076 McODS - ok
13:09:48.0062 6076 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McProxy C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
13:09:48.0078 6076 McProxy - ok
13:09:48.0109 6076 [ 593FA4C378818ECE76BA64A11AD56CF2 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
13:09:48.0125 6076 McShield - ok
13:09:48.0156 6076 [ D7010580BF4E45D5E793A1FE75758C69 ] MDC8021X C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
13:09:48.0156 6076 MDC8021X ( UnsignedFile.Multi.Generic ) - warning
13:09:48.0156 6076 MDC8021X - detected UnsignedFile.Multi.Generic (1)
13:09:48.0187 6076 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
13:09:48.0281 6076 Messenger - ok
13:09:48.0296 6076 [ 43C31BDF404A6D7A7AC1BFD5EAD2A566 ] mfeapfk C:\WINDOWS\system32\drivers\mfeapfk.sys
13:09:48.0312 6076 mfeapfk - ok
13:09:48.0359 6076 [ C1DC5F42D3367F33B6451BE78B38BD46 ] mfeavfk C:\WINDOWS\system32\drivers\mfeavfk.sys
13:09:48.0375 6076 mfeavfk - ok
13:09:48.0375 6076 mfeavfk01 - ok
13:09:48.0390 6076 [ 0435C43F4C2BE01B84868AD2A906397B ] mfebopk C:\WINDOWS\system32\drivers\mfebopk.sys
13:09:48.0406 6076 mfebopk - ok
13:09:48.0421 6076 [ 7E1F8B1BDC8240F08BD358B3A466C005 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
13:09:48.0437 6076 mfefire - ok
13:09:48.0437 6076 [ 4EA6FF90015424517843E931448E00F1 ] mfefirek C:\WINDOWS\system32\drivers\mfefirek.sys
13:09:48.0453 6076 mfefirek - ok
13:09:48.0484 6076 [ D1E998748BA24A731106611D535C6BBF ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys
13:09:48.0515 6076 mfehidk - ok
13:09:48.0531 6076 [ 26C76D10ED650E6492800D6F081ECFBA ] mfendisk C:\WINDOWS\system32\DRIVERS\mfendisk.sys
13:09:48.0546 6076 mfendisk - ok
13:09:48.0562 6076 [ 26C76D10ED650E6492800D6F081ECFBA ] mfendiskmp C:\WINDOWS\system32\DRIVERS\mfendisk.sys
13:09:48.0578 6076 mfendiskmp - ok
13:09:48.0593 6076 [ F454A13377F0A006D20A8C14A753C432 ] mferkdet C:\WINDOWS\system32\drivers\mferkdet.sys
13:09:48.0609 6076 mferkdet - ok
13:09:48.0640 6076 [ 070D3FAF2EAC417C59D8674A8752F7A6 ] mfetdi2k C:\WINDOWS\system32\drivers\mfetdi2k.sys
13:09:48.0656 6076 mfetdi2k - ok
13:09:48.0671 6076 [ B10C4EFD40810C08F4B44DF2EFCB54F7 ] mfevtp C:\WINDOWS\system32\mfevtps.exe
13:09:48.0687 6076 mfevtp - ok
13:09:48.0703 6076 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
13:09:48.0812 6076 mnmdd - ok
13:09:48.0828 6076 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
13:09:48.0921 6076 mnmsrvc - ok
13:09:48.0937 6076 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
13:09:49.0015 6076 Modem - ok
13:09:49.0031 6076 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:09:49.0125 6076 Mouclass - ok
13:09:49.0140 6076 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:09:49.0234 6076 mouhid - ok
13:09:49.0234 6076 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
13:09:49.0328 6076 MountMgr - ok
13:09:49.0359 6076 [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:09:49.0375 6076 MozillaMaintenance - ok
13:09:49.0375 6076 mraid35x - ok
13:09:49.0375 6076 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:09:49.0468 6076 MRxDAV - ok
13:09:49.0484 6076 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:09:49.0500 6076 MRxSmb - ok
13:09:49.0546 6076 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
13:09:49.0625 6076 MSDTC - ok
13:09:49.0625 6076 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:09:49.0718 6076 Msfs - ok
13:09:49.0718 6076 MSIServer - ok
13:09:49.0734 6076 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:09:49.0812 6076 MSKSSRV - ok
13:09:49.0812 6076 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:09:49.0906 6076 MSPCLOCK - ok
13:09:49.0921 6076 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:09:50.0000 6076 MSPQM - ok
13:09:50.0000 6076 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:09:50.0093 6076 mssmbios - ok
13:09:50.0109 6076 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
13:09:50.0203 6076 MSTEE - ok
13:09:50.0218 6076 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
13:09:50.0234 6076 Mup - ok
13:09:50.0234 6076 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:09:50.0328 6076 NABTSFEC - ok
13:09:50.0343 6076 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
13:09:50.0437 6076 napagent - ok
13:09:50.0437 6076 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
13:09:50.0531 6076 NDIS - ok
13:09:50.0531 6076 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:09:50.0625 6076 NdisIP - ok
13:09:50.0625 6076 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:09:50.0640 6076 NdisTapi - ok
13:09:50.0656 6076 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:09:50.0734 6076 Ndisuio - ok
13:09:50.0734 6076 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:09:50.0828 6076 NdisWan - ok
13:09:50.0828 6076 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:09:50.0843 6076 NDProxy - ok
13:09:50.0843 6076 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:09:50.0921 6076 NetBIOS - ok
13:09:50.0937 6076 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:09:51.0031 6076 NetBT - ok
13:09:51.0046 6076 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
13:09:51.0125 6076 NetDDE - ok
13:09:51.0125 6076 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
13:09:51.0218 6076 NetDDEdsdm - ok
13:09:51.0234 6076 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
13:09:51.0312 6076 Netlogon - ok
13:09:51.0328 6076 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
13:09:51.0406 6076 Netman - ok
13:09:51.0468 6076 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:09:51.0484 6076 NetTcpPortSharing - ok
13:09:51.0500 6076 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
13:09:51.0531 6076 Nla - ok
13:09:51.0531 6076 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:09:51.0625 6076 Npfs - ok
13:09:51.0640 6076 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:09:51.0734 6076 Ntfs - ok
13:09:51.0734 6076 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
13:09:51.0812 6076 NtLmSsp - ok
13:09:51.0828 6076 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
13:09:51.0921 6076 NtmsSvc - ok
13:09:51.0921 6076 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
13:09:52.0031 6076 Null - ok
13:09:52.0156 6076 [ 1D5268CA4DDA44D8B835225B04DCC78A ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:09:52.0359 6076 nv - ok
13:09:52.0359 6076 [ 048AE835A4300A1ABD3B87EACD5DBAC7 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
13:09:52.0375 6076 NVSvc - ok
13:09:52.0406 6076 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:09:52.0500 6076 NwlnkFlt - ok
13:09:52.0500 6076 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:09:52.0593 6076 NwlnkFwd - ok
13:09:52.0640 6076 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:09:52.0656 6076 ose - ok
13:09:52.0781 6076 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:09:52.0968 6076 osppsvc - ok
13:09:52.0968 6076 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
13:09:53.0046 6076 Parport - ok
13:09:53.0078 6076 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
13:09:53.0156 6076 PartMgr - ok
13:09:53.0171 6076 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
13:09:53.0265 6076 ParVdm - ok
13:09:53.0265 6076 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
13:09:53.0343 6076 PCI - ok
13:09:53.0359 6076 PCIDump - ok
13:09:53.0359 6076 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
13:09:53.0453 6076 PCIIde - ok
13:09:53.0468 6076 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
13:09:53.0562 6076 Pcmcia - ok
13:09:53.0562 6076 PDCOMP - ok
13:09:53.0562 6076 PDFRAME - ok
13:09:53.0562 6076 PDRELI - ok
13:09:53.0562 6076 PDRFRAME - ok
13:09:53.0562 6076 perc2 - ok
13:09:53.0562 6076 perc2hib - ok
13:09:53.0609 6076 [ 8A2D1F929D4FD287543663B1BEB7023F ] PID_0928 C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
13:09:53.0640 6076 PID_0928 - ok
13:09:53.0640 6076 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
13:09:53.0671 6076 PlugPlay - ok
13:09:53.0703 6076 [ 901C43516504CBE582E4C4193E00876A ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
13:09:53.0703 6076 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:09:53.0703 6076 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:09:53.0703 6076 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
13:09:53.0796 6076 PolicyAgent - ok
13:09:53.0812 6076 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:09:53.0906 6076 PptpMiniport - ok
13:09:53.0906 6076 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:09:53.0984 6076 ProtectedStorage - ok
13:09:53.0984 6076 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
13:09:54.0078 6076 PSched - ok
13:09:54.0078 6076 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:09:54.0156 6076 Ptilink - ok
13:09:54.0171 6076 ql1080 - ok
13:09:54.0171 6076 Ql10wnt - ok
13:09:54.0171 6076 ql12160 - ok
13:09:54.0171 6076 ql1240 - ok
13:09:54.0171 6076 ql1280 - ok
13:09:54.0187 6076 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:09:54.0281 6076 RasAcd - ok
13:09:54.0296 6076 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:09:54.0375 6076 RasAuto - ok
13:09:54.0390 6076 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:09:54.0468 6076 Rasl2tp - ok
13:09:54.0484 6076 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:09:54.0562 6076 RasMan - ok
13:09:54.0578 6076 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:09:54.0656 6076 RasPppoe - ok
13:09:54.0656 6076 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
13:09:54.0750 6076 Raspti - ok
13:09:54.0750 6076 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:09:54.0843 6076 Rdbss - ok
13:09:54.0843 6076 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:09:54.0937 6076 RDPCDD - ok
13:09:54.0937 6076 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:09:55.0031 6076 rdpdr - ok
13:09:55.0078 6076 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
13:09:55.0093 6076 RDPWD - ok
13:09:55.0109 6076 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
13:09:55.0187 6076 RDSessMgr - ok
13:09:55.0234 6076 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
13:09:55.0312 6076 redbook - ok
13:09:55.0328 6076 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:09:55.0406 6076 RemoteAccess - ok
13:09:55.0421 6076 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
13:09:55.0515 6076 RemoteRegistry - ok
13:09:55.0531 6076 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
13:09:55.0609 6076 RpcLocator - ok
13:09:55.0640 6076 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
13:09:55.0687 6076 RpcSs - ok
13:09:55.0734 6076 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
13:09:55.0828 6076 RSVP - ok
13:09:55.0843 6076 [ 839141088AD7EE90F5B441B2D1AFD22C ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
13:09:55.0875 6076 RTLE8023xp - ok
13:09:55.0875 6076 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
13:09:55.0953 6076 SamSs - ok
13:09:55.0984 6076 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
13:09:56.0078 6076 SCardSvr - ok
13:09:56.0093 6076 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:09:56.0187 6076 Schedule - ok
13:09:56.0187 6076 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:09:56.0281 6076 Secdrv - ok
13:09:56.0296 6076 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
13:09:56.0375 6076 seclogon - ok
13:09:56.0375 6076 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
13:09:56.0468 6076 SENS - ok
13:09:56.0468 6076 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
13:09:56.0546 6076 serenum - ok
13:09:56.0562 6076 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
13:09:56.0640 6076 Serial - ok
13:09:56.0640 6076 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
13:09:56.0734 6076 Sfloppy - ok
13:09:56.0765 6076 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
13:09:56.0859 6076 SharedAccess - ok
13:09:56.0875 6076 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:09:56.0890 6076 ShellHWDetection - ok
13:09:56.0890 6076 Simbad - ok
13:09:56.0906 6076 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
13:09:56.0921 6076 SkypeUpdate - ok
13:09:56.0937 6076 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:09:57.0015 6076 SLIP - ok
13:09:57.0015 6076 Sparrow - ok
13:09:57.0031 6076 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
13:09:57.0125 6076 splitter - ok
13:09:57.0156 6076 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
13:09:57.0171 6076 Spooler - ok
13:09:57.0203 6076 [ 03D7AD16AC204C48640CBE6ED8281A65 ] spupdsvc C:\WINDOWS\system32\spupdsvc.exe
13:09:57.0218 6076 spupdsvc - ok
13:09:57.0234 6076 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
13:09:57.0312 6076 sr - ok
13:09:57.0328 6076 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
13:09:57.0406 6076 srservice - ok
13:09:57.0421 6076 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:09:57.0437 6076 Srv - ok
13:09:57.0500 6076 [ 48F44A1BE434830B7C90FB730745F65A ] ssadbus C:\WINDOWS\system32\DRIVERS\ssadbus.sys
13:09:57.0515 6076 ssadbus - ok
13:09:57.0515 6076 [ 9630B486B62CC0ADB0A89152ED0218D7 ] ssadmdfl C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
13:09:57.0531 6076 ssadmdfl - ok
13:09:57.0546 6076 [ 9AFAA23421622C392B55508FA9613949 ] ssadmdm C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
13:09:57.0562 6076 ssadmdm - ok
13:09:57.0609 6076 [ 069351A1D7D291013177A90AE6EDCCBC ] sscdbus C:\WINDOWS\system32\DRIVERS\sscdbus.sys
13:09:57.0625 6076 sscdbus - ok
13:09:57.0671 6076 [ 1C925BE223A5C0F9F469252292A48DF6 ] sscdmdfl C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
13:09:57.0687 6076 sscdmdfl - ok
13:09:57.0703 6076 [ AE3E77AE0FBDB07EB1AC3FED74A0695E ] sscdmdm C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
13:09:57.0718 6076 sscdmdm - ok
13:09:57.0734 6076 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:09:57.0812 6076 SSDPSRV - ok
13:09:57.0828 6076 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
13:09:57.0921 6076 stisvc - ok
13:09:57.0953 6076 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:09:58.0031 6076 streamip - ok
13:09:58.0046 6076 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
13:09:58.0140 6076 swenum - ok
13:09:58.0140 6076 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
13:09:58.0218 6076 swmidi - ok
13:09:58.0218 6076 SwPrv - ok
13:09:58.0234 6076 symc810 - ok
13:09:58.0234 6076 symc8xx - ok
13:09:58.0234 6076 sym_hi - ok
13:09:58.0234 6076 sym_u3 - ok
13:09:58.0250 6076 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
13:09:58.0328 6076 sysaudio - ok
13:09:58.0343 6076 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
13:09:58.0437 6076 SysmonLog - ok
13:09:58.0453 6076 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:09:58.0531 6076 TapiSrv - ok
13:09:58.0562 6076 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:09:58.0609 6076 Tcpip - ok
13:09:58.0609 6076 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
13:09:58.0703 6076 TDPIPE - ok
13:09:58.0703 6076 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
13:09:58.0781 6076 TDTCP - ok
13:09:58.0781 6076 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
13:09:58.0875 6076 TermDD - ok
13:09:58.0906 6076 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
13:09:59.0000 6076 TermService - ok
13:09:59.0031 6076 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
13:09:59.0046 6076 Themes - ok
13:09:59.0093 6076 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
13:09:59.0171 6076 TlntSvr - ok
13:09:59.0171 6076 TosIde - ok
13:09:59.0187 6076 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
13:09:59.0265 6076 TrkWks - ok
13:09:59.0281 6076 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
13:09:59.0375 6076 Udfs - ok
13:09:59.0375 6076 [ 3C8E44C4FED100F4EA0DD2404775160E ] UimBus C:\WINDOWS\system32\DRIVERS\UimBus.sys
13:09:59.0390 6076 UimBus ( UnsignedFile.Multi.Generic ) - warning
13:09:59.0390 6076 UimBus - detected UnsignedFile.Multi.Generic (1)
13:09:59.0390 6076 [ 2C4578AB991D6E9446FFABEAD86ECA14 ] Uim_IM C:\WINDOWS\system32\Drivers\Uim_IM.sys
13:09:59.0390 6076 Uim_IM ( UnsignedFile.Multi.Generic ) - warning
13:09:59.0390 6076 Uim_IM - detected UnsignedFile.Multi.Generic (1)
13:09:59.0406 6076 [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
13:09:59.0406 6076 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
13:09:59.0406 6076 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
13:09:59.0406 6076 ultra - ok
13:09:59.0421 6076 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
13:09:59.0500 6076 Update - ok
13:09:59.0515 6076 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
13:09:59.0609 6076 upnphost - ok
13:09:59.0609 6076 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
13:09:59.0703 6076 UPS - ok
13:09:59.0718 6076 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
13:09:59.0750 6076 USBAAPL - ok
13:09:59.0765 6076 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:09:59.0843 6076 usbccgp - ok
13:09:59.0890 6076 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:09:59.0984 6076 usbehci - ok
13:10:00.0031 6076 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:10:00.0125 6076 usbhub - ok
13:10:00.0140 6076 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:10:00.0218 6076 usbprint - ok
13:10:00.0218 6076 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:10:00.0312 6076 usbscan - ok
13:10:00.0328 6076 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:10:00.0421 6076 USBSTOR - ok
13:10:00.0421 6076 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:10:00.0515 6076 usbuhci - ok
13:10:00.0515 6076 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
13:10:00.0593 6076 VgaSave - ok
13:10:00.0593 6076 ViaIde - ok
13:10:00.0609 6076 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
13:10:00.0687 6076 VolSnap - ok
13:10:00.0703 6076 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
13:10:00.0781 6076 VSS - ok
13:10:00.0796 6076 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
13:10:00.0890 6076 W32Time - ok
13:10:00.0906 6076 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:10:01.0000 6076 Wanarp - ok
13:10:01.0000 6076 WDICA - ok
13:10:01.0000 6076 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
13:10:01.0078 6076 wdmaud - ok
13:10:01.0093 6076 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
13:10:01.0187 6076 WebClient - ok
13:10:01.0234 6076 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:10:01.0312 6076 winmgmt - ok
13:10:01.0328 6076 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
13:10:01.0343 6076 WmdmPmSN - ok
13:10:01.0375 6076 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
13:10:01.0421 6076 Wmi - ok
13:10:01.0421 6076 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:10:01.0515 6076 WmiApSrv - ok
13:10:01.0562 6076 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
13:10:01.0593 6076 WMPNetworkSvc - ok
13:10:01.0609 6076 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
13:10:01.0625 6076 WpdUsb - ok
13:10:01.0640 6076 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:10:01.0734 6076 WS2IFSL - ok
13:10:01.0765 6076 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
13:10:01.0859 6076 wscsvc - ok
13:10:01.0906 6076 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:10:01.0984 6076 WSTCODEC - ok
13:10:02.0000 6076 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
13:10:02.0078 6076 wuauserv - ok
13:10:02.0093 6076 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:10:02.0109 6076 WudfPf - ok
13:10:02.0109 6076 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:10:02.0125 6076 WudfRd - ok
13:10:02.0140 6076 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
13:10:02.0171 6076 WudfSvc - ok
13:10:02.0187 6076 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
13:10:02.0281 6076 WZCSVC - ok
13:10:02.0281 6076 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
13:10:02.0375 6076 xmlprov - ok
13:10:02.0375 6076 ================ Scan global ===============================
13:10:02.0406 6076 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
13:10:02.0421 6076 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
13:10:02.0453 6076 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
13:10:02.0453 6076 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
13:10:02.0453 6076 [Global] - ok
13:10:02.0453 6076 ================ Scan MBR ==================================
13:10:02.0468 6076 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
13:10:02.0656 6076 \Device\Harddisk0\DR0 - ok
13:10:02.0671 6076 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
13:10:02.0890 6076 \Device\Harddisk1\DR1 - ok
13:10:02.0890 6076 ================ Scan VBR ==================================
13:10:02.0890 6076 [ C3F2CA37C7A394D9A8AA40ED2F396C88 ] \Device\Harddisk0\DR0\Partition1
13:10:02.0890 6076 \Device\Harddisk0\DR0\Partition1 - ok
13:10:02.0890 6076 [ 7340D3CCEA48A05F639C151829A5223A ] \Device\Harddisk1\DR1\Partition1
13:10:02.0890 6076 \Device\Harddisk1\DR1\Partition1 - ok
13:10:02.0906 6076 [ 2997F8551EC13DBEE4527CCD267DFB5B ] \Device\Harddisk1\DR1\Partition2
13:10:02.0906 6076 \Device\Harddisk1\DR1\Partition2 - ok
13:10:02.0906 6076 [ 0BAAFBE73AB0858BFB96287FF3DAB6F5 ] \Device\Harddisk1\DR1\Partition3
13:10:02.0906 6076 \Device\Harddisk1\DR1\Partition3 - ok
13:10:02.0921 6076 [ F0EAABB6664E702B672ABB8BC348E30D ] \Device\Harddisk1\DR1\Partition4
13:10:02.0921 6076 \Device\Harddisk1\DR1\Partition4 - ok
13:10:02.0937 6076 [ E05FFBF84889BAF80178D6DFB4BA0BBC ] \Device\Harddisk1\DR1\Partition5
13:10:02.0937 6076 \Device\Harddisk1\DR1\Partition5 - ok
13:10:02.0937 6076 [ 665CD6EB6EF182DBB70AEF8EBE6639EA ] \Device\Harddisk1\DR1\Partition6
13:10:02.0937 6076 \Device\Harddisk1\DR1\Partition6 - ok
13:10:02.0953 6076 [ B8C5208EC4C0C74172F4EC1443624940 ] \Device\Harddisk1\DR1\Partition7
13:10:02.0953 6076 \Device\Harddisk1\DR1\Partition7 - ok
13:10:02.0953 6076 ============================================================
13:10:02.0953 6076 Scan finished
13:10:02.0953 6076 ============================================================
13:10:02.0953 3040 Detected object count: 5
13:10:02.0953 3040 Actual detected object count: 5
13:10:25.0203 3040 MDC8021X ( UnsignedFile.Multi.Generic ) - skipped by user
13:10:25.0203 3040 MDC8021X ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:10:25.0203 3040 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:10:25.0203 3040 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:10:25.0203 3040 UimBus ( UnsignedFile.Multi.Generic ) - skipped by user
13:10:25.0203 3040 UimBus ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:10:25.0203 3040 Uim_IM ( UnsignedFile.Multi.Generic ) - skipped by user
13:10:25.0203 3040 Uim_IM ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:10:25.0203 3040 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
13:10:25.0203 3040 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:10:36.0171 4112 Deinitialize success
 
ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.


Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death
 
Hi DMJ,

I've run the scan, here are the results:

D:\Documents and Settings\Helen\Local Settings\Temp\ICReinstall\cnet_gbooks_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
D:\Documents and Settings\Helen\My Documents\Downloads\cnet_gbooks_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

Since the first set of scans I ran, my computer is no longer crashing or having the blue screen of death. It seems to be functioning normally at the moment - though I have 10 svchost.exe running, is that normal? (none running at 100%).

Thank you for all your help!!
 
Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE
You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

NOTE: If you already have this installed, you don't have to reinstall it.

Please download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

  • Double-click the CCleaner shortcut on the desktop to start the program.
  • A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
  • On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
  • Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
 
Here are the results you've asked for:

Results of screen317's Security Check version 0.99.54
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
PC Tools Spyware Doctor
McAfee Anti-Virus and Anti-Spyware
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
CCleaner
Java(TM) 6 Update 37
Java version out of Date!
Adobe Flash Player 11.5.502.110
Adobe Reader X (10.1.4)
Mozilla Firefox (16.0.2)
Mozilla Thunderbird (16.0.2)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Am I all clear then? My computer definitely seems to be back to normal. I can't thank you enough!!!!! I didn't know how I was going to deal with this at all.
 
Glad I could help. :D

Java Update!

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

Read more about Java exploit problems


Personal Tips on Preventing Malware

See this page for more info about malware and prevention.


Any other questions before I mark this topic solved?
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
793
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Microsoft breaks users' PCs again with latest Windows 11 update
Replies
19
Views
391
trparky
T

Latest posts

Back