Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkits Detected


  • Please log in to reply
20 replies to this topic

#1 DebMKY

DebMKY

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 05 October 2012 - 05:26 PM

Hello, just wondering if anyone can assist with a rootkit problem. AVG found 5 rootkits hidden in the registry of my laptop, but can't fix this. Rootkits are bad things, so would like to get rid of them, of course.

The laptop is several years old. A Toshiba Satellite with 1.86GHz Intel processor; 130 GB HD; and 1.5 GB RAM. It was working fine until 2 days ago when it got slow and started freezing up. Today it blue screen - ed me!

I ran AVG, Malwarebytes and SuperAntiSpyware and found 5 Trojans, 4 Backdoor Bots, and these 5 rootkits. The other things were fixed, but AVG was the only one that found the rootkits and says it can't fix them. I also tried the TDSSKiller and that didn't find the rootkits. This laptop is used only by me and never visits questionable websites and I can't imagine how this happened.

Any help anyone can give will be very greatly appreciated.

Thanks!
Deb

Edit: Moved topic from to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:50 PM

Posted 05 October 2012 - 06:02 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 DebMKY

DebMKY
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 05 October 2012 - 08:29 PM

Thank you so much! By the way, the names of the rootkits that AVG detected are all REGHOOK.SYS in different places in the registry - and there are five of them: Service Function: NtSetValueKeyHook ->REGHOOK.SYS; Service Function: NtQueryValueKeyHook ->REGHOOK.SYS; Service Function: NtEnumerateValueKeyHook ->REGHOOK.SYS; Service Function: NtDeleteValueKeyHook ->REGHOOK.SYS; and Service Function: NtCreateValueKeyHook ->REGHOOK.SYS.

I'm including the results of the first two scans, but needed to ask about the third - when I downloaded it, it is preset to remove any threats found and to skip scanning archives. Is that the way you want me to leave it set for the scan? I wasn't sure, since the first two didn't seem to actually fix anything, just generate a report. Please advise.

Here are the first two logs you requested - and thanks so much, again, for your help:

TDSS:

19:40:37.0951 0716 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
19:40:38.0261 0716 ============================================================
19:40:38.0261 0716 Current date / time: 2012/10/05 19:40:38.0261
19:40:38.0261 0716 SystemInfo:
19:40:38.0261 0716
19:40:38.0261 0716 OS Version: 5.1.2600 ServicePack: 3.0
19:40:38.0261 0716 Product type: Workstation
19:40:38.0261 0716 ComputerName: TOSHIBA-USER
19:40:38.0261 0716 UserName: Debbie Manning
19:40:38.0261 0716 Windows directory: C:\WINDOWS
19:40:38.0261 0716 System windows directory: C:\WINDOWS
19:40:38.0261 0716 Processor architecture: Intel x86
19:40:38.0261 0716 Number of processors: 1
19:40:38.0261 0716 Page size: 0x1000
19:40:38.0261 0716 Boot type: Normal boot
19:40:38.0261 0716 ============================================================
19:40:45.0281 0716 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:40:45.0292 0716 ============================================================
19:40:45.0292 0716 \Device\Harddisk0\DR0:
19:40:45.0312 0716 MBR partitions:
19:40:45.0312 0716 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBA50E02
19:40:45.0312 0716 ============================================================
19:40:45.0372 0716 C: <-> \Device\Harddisk0\DR0\Partition1
19:40:45.0382 0716 ============================================================
19:40:45.0382 0716 Initialize success
19:40:45.0382 0716 ============================================================
19:41:33.0230 1584 ============================================================
19:41:33.0230 1584 Scan started
19:41:33.0230 1584 Mode: Manual; TDLFS;
19:41:33.0230 1584 ============================================================
19:41:34.0092 1584 ================ Scan system memory ========================
19:41:34.0102 1584 System memory - ok
19:41:34.0102 1584 ================ Scan services =============================
19:41:34.0252 1584 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
19:41:34.0252 1584 !SASCORE - ok
19:41:34.0432 1584 Abiosdsk - ok
19:41:34.0442 1584 abp480n5 - ok
19:41:34.0522 1584 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:41:34.0522 1584 ACPI - ok
19:41:34.0562 1584 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
19:41:34.0562 1584 ACPIEC - ok
19:41:34.0652 1584 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:41:34.0673 1584 AdobeFlashPlayerUpdateSvc - ok
19:41:34.0693 1584 adpu160m - ok
19:41:34.0753 1584 [ F13D8E7E1FAA31019C25EB17B5FB2662 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
19:41:34.0763 1584 aeaudio - ok
19:41:34.0813 1584 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:41:34.0813 1584 aec - ok
19:41:34.0873 1584 [ F498FD605C08404B20A48954C722FF74 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
19:41:34.0873 1584 AegisP - ok
19:41:34.0933 1584 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:41:34.0943 1584 AFD - ok
19:41:35.0013 1584 [ 0EBB674888CBDEFD5773341C16DD6A07 ] AFS2K C:\WINDOWS\system32\drivers\AFS2K.sys
19:41:35.0013 1584 AFS2K - ok
19:41:35.0163 1584 [ B06D36C988152B4C8DEA71235F6D1011 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
19:41:35.0193 1584 AgereSoftModem - ok
19:41:35.0213 1584 Aha154x - ok
19:41:35.0233 1584 aic78u2 - ok
19:41:35.0253 1584 aic78xx - ok
19:41:35.0303 1584 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:41:35.0444 1584 Alerter - ok
19:41:35.0484 1584 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
19:41:35.0484 1584 ALG - ok
19:41:35.0504 1584 AliIde - ok
19:41:35.0524 1584 amsint - ok
19:41:35.0694 1584 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:41:35.0694 1584 Apple Mobile Device - ok
19:41:35.0714 1584 AppMgmt - ok
19:41:35.0884 1584 [ 7086D7A551BD08810C0F424A278203D2 ] AppMgrService C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe
19:41:35.0944 1584 AppMgrService - ok
19:41:35.0994 1584 [ 7AB8AD130181A1C6EA32528EAB66F7DC ] APPSTREAM C:\WINDOWS\System32\Drivers\APPSTREAM.SYS
19:41:35.0994 1584 APPSTREAM - ok
19:41:36.0065 1584 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:41:36.0075 1584 Arp1394 - ok
19:41:36.0085 1584 asc - ok
19:41:36.0105 1584 asc3350p - ok
19:41:36.0125 1584 asc3550 - ok
19:41:36.0305 1584 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:41:36.0415 1584 aspnet_state - ok
19:41:36.0445 1584 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:41:36.0445 1584 AsyncMac - ok
19:41:36.0465 1584 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:41:36.0475 1584 atapi - ok
19:41:36.0485 1584 Atdisk - ok
19:41:36.0535 1584 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:41:36.0535 1584 Atmarpc - ok
19:41:36.0585 1584 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:41:36.0585 1584 AudioSrv - ok
19:41:36.0645 1584 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:41:36.0645 1584 audstub - ok
19:41:36.0685 1584 [ E8054A423E5D2BDAE6062BAB6DA159C4 ] AVG Anti-Rootkit C:\WINDOWS\system32\DRIVERS\avgarkt.sys
19:41:36.0685 1584 AVG Anti-Rootkit - ok
19:41:36.0836 1584 [ D45B7995761253A92AB071D576114F28 ] AVG Security Toolbar Service C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
19:41:36.0846 1584 AVG Security Toolbar Service - ok
19:41:36.0886 1584 [ EC08D1625F5C6CF2A57B79EB35186F8C ] AvgArCln C:\WINDOWS\system32\DRIVERS\AvgArCln.sys
19:41:36.0886 1584 AvgArCln - ok
19:41:36.0906 1584 Avgfwdx - ok
19:41:37.0336 1584 [ 1D7D0D5D33D8B1507EC5FBFE332E5657 ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
19:41:37.0507 1584 AVGIDSAgent - ok
19:41:37.0577 1584 [ 9E42E8B6BB7FD68F840003A9FC8F24C8 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
19:41:37.0587 1584 AVGIDSDriver - ok
19:41:37.0657 1584 [ CB77A9743A033E33F8409D235C683D99 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
19:41:37.0667 1584 AVGIDSHX - ok
19:41:37.0677 1584 [ 240F106B07CD9B522E2CD9E621618367 ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
19:41:37.0687 1584 AVGIDSShim - ok
19:41:37.0737 1584 [ 7023142C545896D3538C9D36DDC57406 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
19:41:37.0747 1584 Avgldx86 - ok
19:41:37.0797 1584 [ 87E88A36279C8E5869270CC87F5BB7CD ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys
19:41:37.0807 1584 Avglogx - ok
19:41:37.0847 1584 [ DACC0743F5313045D5CCA23F8A7CDF68 ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
19:41:37.0857 1584 Avgmfx86 - ok
19:41:37.0867 1584 [ B8392B63D795A3DE866793220D3559EF ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
19:41:37.0877 1584 Avgrkx86 - ok
19:41:37.0907 1584 [ 69A4DF4CD2A15AACC0E8D2005D6A04BA ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
19:41:37.0907 1584 Avgtdix - ok
19:41:37.0977 1584 [ 3001E24F340D400BFF85935E5777FC5B ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
19:41:37.0977 1584 avgtp - ok
19:41:38.0047 1584 [ 42F11F37CC06D9AB6528AF2E215B8799 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
19:41:38.0057 1584 avgwd - ok
19:41:38.0107 1584 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:41:38.0107 1584 Beep - ok
19:41:38.0188 1584 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
19:41:38.0428 1584 BITS - ok
19:41:38.0558 1584 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:41:38.0568 1584 Bonjour Service - ok
19:41:38.0628 1584 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
19:41:38.0638 1584 Browser - ok
19:41:38.0688 1584 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:41:38.0688 1584 cbidf2k - ok
19:41:38.0728 1584 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:41:38.0728 1584 CCDECODE - ok
19:41:38.0748 1584 cd20xrnt - ok
19:41:38.0808 1584 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:41:38.0808 1584 Cdaudio - ok
19:41:38.0869 1584 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:41:38.0869 1584 Cdfs - ok
19:41:38.0909 1584 [ 223DEA13C9D064BABC882B4727F6F905 ] Cdr4_xp C:\WINDOWS\system32\drivers\Cdr4_xp.sys
19:41:38.0919 1584 Cdr4_xp - ok
19:41:38.0929 1584 [ 9E26599599D178E71AFB5599E146031A ] Cdralw2k C:\WINDOWS\system32\drivers\Cdralw2k.sys
19:41:38.0939 1584 Cdralw2k - ok
19:41:38.0979 1584 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:41:38.0989 1584 Cdrom - ok
19:41:39.0099 1584 [ 98D65C9B0F4A28300E0F5FDCB3A4874C ] CFSvcs C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
19:41:39.0109 1584 CFSvcs - ok
19:41:39.0129 1584 Changer - ok
19:41:39.0169 1584 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:41:39.0309 1584 CiSvc - ok
19:41:39.0359 1584 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:41:39.0540 1584 ClipSrv - ok
19:41:39.0580 1584 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:41:39.0650 1584 clr_optimization_v2.0.50727_32 - ok
19:41:39.0720 1584 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:41:39.0720 1584 CmBatt - ok
19:41:39.0740 1584 CmdIde - ok
19:41:39.0760 1584 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:41:39.0760 1584 Compbatt - ok
19:41:39.0780 1584 COMSysApp - ok
19:41:39.0820 1584 Cpqarray - ok
19:41:39.0860 1584 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:41:39.0870 1584 CryptSvc - ok
19:41:39.0880 1584 dac2w2k - ok
19:41:39.0900 1584 dac960nt - ok
19:41:39.0990 1584 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:41:40.0010 1584 DcomLaunch - ok
19:41:40.0030 1584 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:41:40.0040 1584 Dhcp - ok
19:41:40.0060 1584 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:41:40.0060 1584 Disk - ok
19:41:40.0080 1584 dmadmin - ok
19:41:40.0150 1584 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:41:40.0170 1584 dmboot - ok
19:41:40.0220 1584 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:41:40.0220 1584 dmio - ok
19:41:40.0261 1584 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:41:40.0271 1584 dmload - ok
19:41:40.0321 1584 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:41:40.0321 1584 dmserver - ok
19:41:40.0371 1584 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:41:40.0371 1584 DMusic - ok
19:41:40.0421 1584 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:41:40.0421 1584 Dnscache - ok
19:41:40.0491 1584 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:41:40.0671 1584 Dot3svc - ok
19:41:40.0681 1584 dpti2o - ok
19:41:40.0721 1584 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:41:40.0721 1584 drmkaud - ok
19:41:40.0811 1584 [ 77C4901986FC7A83E853B300E80D234B ] DVD-RAM_Service C:\WINDOWS\system32\DVDRAMSV.exe
19:41:40.0811 1584 DVD-RAM_Service - ok
19:41:40.0851 1584 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:41:41.0012 1584 EapHost - ok
19:41:41.0072 1584 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:41:41.0072 1584 ERSvc - ok
19:41:41.0142 1584 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
19:41:41.0152 1584 Eventlog - ok
19:41:41.0232 1584 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
19:41:41.0232 1584 EventSystem - ok
19:41:41.0352 1584 [ 5AE75738B957C2064566007487D973B6 ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
19:41:41.0362 1584 EvtEng - ok
19:41:41.0392 1584 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:41:41.0392 1584 Fastfat - ok
19:41:41.0462 1584 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:41:41.0482 1584 FastUserSwitchingCompatibility - ok
19:41:41.0532 1584 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
19:41:41.0542 1584 Fax - ok
19:41:41.0602 1584 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
19:41:41.0612 1584 Fdc - ok
19:41:41.0633 1584 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:41:41.0633 1584 Fips - ok
19:41:41.0653 1584 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
19:41:41.0653 1584 Flpydisk - ok
19:41:41.0723 1584 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:41:41.0723 1584 FltMgr - ok
19:41:41.0823 1584 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:41:41.0833 1584 FontCache3.0.0.0 - ok
19:41:41.0913 1584 [ 790A4CA68F44BE35967B3DF61F3E4675 ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS
19:41:41.0913 1584 FsUsbExDisk - ok
19:41:41.0953 1584 [ D3F9205CC4CB07553F2F9472C767EA87 ] FsUsbExService C:\WINDOWS\system32\FsUsbExService.Exe
19:41:41.0963 1584 FsUsbExService - ok
19:41:42.0023 1584 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:41:42.0033 1584 Fs_Rec - ok
19:41:42.0093 1584 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:41:42.0093 1584 Ftdisk - ok
19:41:42.0153 1584 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:41:42.0153 1584 GEARAspiWDM - ok
19:41:42.0173 1584 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:41:42.0183 1584 Gpc - ok
19:41:42.0283 1584 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:41:42.0293 1584 gupdate - ok
19:41:42.0314 1584 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:41:42.0314 1584 gupdatem - ok
19:41:42.0384 1584 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:41:42.0414 1584 gusvc - ok
19:41:42.0484 1584 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:41:42.0484 1584 helpsvc - ok
19:41:42.0504 1584 HidServ - ok
19:41:42.0554 1584 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:41:42.0664 1584 hkmsvc - ok
19:41:42.0684 1584 hpn - ok
19:41:42.0784 1584 [ F50F7984FDD151EDD8A70A8DBD9E2A44 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
19:41:42.0794 1584 hpqcxs08 - ok
19:41:42.0854 1584 [ DF446BA625CC441617843E87798CE048 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
19:41:42.0854 1584 hpqddsvc - ok
19:41:42.0894 1584 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:41:42.0924 1584 HPZid412 - ok
19:41:42.0974 1584 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:41:42.0974 1584 HPZipr12 - ok
19:41:43.0015 1584 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:41:43.0015 1584 HPZius12 - ok
19:41:43.0085 1584 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:41:43.0095 1584 HTTP - ok
19:41:43.0175 1584 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:41:43.0185 1584 HTTPFilter - ok
19:41:43.0195 1584 i2omgmt - ok
19:41:43.0215 1584 i2omp - ok
19:41:43.0285 1584 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:41:43.0285 1584 i8042prt - ok
19:41:43.0395 1584 [ 510A5E1CB84E82D4E89DFF3D96752048 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:41:43.0415 1584 ialm - ok
19:41:43.0555 1584 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:41:43.0585 1584 idsvc - ok
19:41:43.0625 1584 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:41:43.0625 1584 Imapi - ok
19:41:43.0675 1584 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:41:43.0846 1584 ImapiService - ok
19:41:43.0876 1584 ini910u - ok
19:41:43.0926 1584 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
19:41:43.0926 1584 IntelIde - ok
19:41:43.0986 1584 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:41:43.0986 1584 intelppm - ok
19:41:44.0036 1584 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:41:44.0036 1584 Ip6Fw - ok
19:41:44.0076 1584 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:41:44.0086 1584 IpFilterDriver - ok
19:41:44.0106 1584 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:41:44.0116 1584 IpInIp - ok
19:41:44.0166 1584 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:41:44.0186 1584 IpNat - ok
19:41:44.0276 1584 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:41:44.0336 1584 iPod Service - ok
19:41:44.0376 1584 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:41:44.0376 1584 IPSec - ok
19:41:44.0417 1584 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:41:44.0417 1584 IRENUM - ok
19:41:44.0457 1584 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:41:44.0457 1584 isapnp - ok
19:41:44.0507 1584 [ F59C3569A2F2C464BB78CB1BDCDCA55E ] Iviaspi C:\WINDOWS\system32\drivers\iviaspi.sys
19:41:44.0527 1584 Iviaspi - ok
19:41:44.0607 1584 [ 872D090CA5C306F62D1982BCE6302376 ] IWCA C:\WINDOWS\system32\DRIVERS\iwca.sys
19:41:44.0627 1584 IWCA - ok
19:41:44.0657 1584 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:41:44.0657 1584 Kbdclass - ok
19:41:44.0697 1584 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:41:44.0707 1584 kmixer - ok
19:41:44.0747 1584 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:41:44.0747 1584 KSecDD - ok
19:41:44.0807 1584 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:41:44.0817 1584 lanmanserver - ok
19:41:44.0877 1584 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:41:44.0917 1584 lanmanworkstation - ok
19:41:44.0937 1584 Lavasoft Kernexplorer - ok
19:41:44.0987 1584 [ B7C19EC8B0DD7EFA58AD41FFEB8B8CDA ] Lbd C:\WINDOWS\system32\DRIVERS\Lbd.sys
19:41:44.0997 1584 Lbd - ok
19:41:45.0007 1584 lbrtfdc - ok
19:41:45.0067 1584 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:41:45.0067 1584 LmHosts - ok
19:41:45.0108 1584 [ 6A75FD0B5F008D711DC44D9693E8D632 ] meiudf C:\WINDOWS\system32\Drivers\meiudf.sys
19:41:45.0108 1584 meiudf - ok
19:41:45.0148 1584 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:41:45.0318 1584 Messenger - ok
19:41:45.0378 1584 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:41:45.0378 1584 mnmdd - ok
19:41:45.0428 1584 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:41:45.0578 1584 mnmsrvc - ok
19:41:45.0638 1584 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:41:45.0648 1584 Modem - ok
19:41:45.0668 1584 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:41:45.0668 1584 Mouclass - ok
19:41:45.0698 1584 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:41:45.0698 1584 MountMgr - ok
19:41:45.0718 1584 mraid35x - ok
19:41:45.0738 1584 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:41:45.0748 1584 MRxDAV - ok
19:41:45.0839 1584 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:41:45.0849 1584 MRxSmb - ok
19:41:45.0899 1584 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:41:46.0069 1584 MSDTC - ok
19:41:46.0099 1584 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:41:46.0099 1584 Msfs - ok
19:41:46.0119 1584 MSIServer - ok
19:41:46.0149 1584 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:41:46.0159 1584 MSKSSRV - ok
19:41:46.0179 1584 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:41:46.0189 1584 MSPCLOCK - ok
19:41:46.0219 1584 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:41:46.0219 1584 MSPQM - ok
19:41:46.0259 1584 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:41:46.0269 1584 mssmbios - ok
19:41:46.0319 1584 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
19:41:46.0319 1584 MSTEE - ok
19:41:46.0379 1584 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:41:46.0389 1584 Mup - ok
19:41:46.0429 1584 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:41:46.0439 1584 NABTSFEC - ok
19:41:46.0510 1584 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:41:46.0750 1584 napagent - ok
19:41:46.0800 1584 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:41:46.0810 1584 NDIS - ok
19:41:46.0840 1584 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:41:46.0840 1584 NdisIP - ok
19:41:46.0910 1584 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:41:46.0910 1584 NdisTapi - ok
19:41:46.0950 1584 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:41:46.0950 1584 Ndisuio - ok
19:41:46.0990 1584 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:41:47.0000 1584 NdisWan - ok
19:41:47.0040 1584 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:41:47.0060 1584 NDProxy - ok
19:41:47.0130 1584 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
19:41:47.0130 1584 Net Driver HPZ12 - ok
19:41:47.0160 1584 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:41:47.0160 1584 NetBIOS - ok
19:41:47.0201 1584 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:41:47.0201 1584 NetBT - ok
19:41:47.0251 1584 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
19:41:47.0401 1584 NetDDE - ok
19:41:47.0421 1584 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:41:47.0421 1584 NetDDEdsdm - ok
19:41:47.0461 1584 [ 1265EB253ED4EBE4ACB3BD5F548FF796 ] Netdevio C:\WINDOWS\system32\DRIVERS\netdevio.sys
19:41:47.0461 1584 Netdevio - ok
19:41:47.0521 1584 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:41:47.0521 1584 Netlogon - ok
19:41:47.0551 1584 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
19:41:47.0561 1584 Netman - ok
19:41:47.0621 1584 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:41:47.0631 1584 NetTcpPortSharing - ok
19:41:47.0671 1584 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:41:47.0671 1584 NIC1394 - ok
19:41:47.0741 1584 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
19:41:47.0751 1584 Nla - ok
19:41:47.0771 1584 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:41:47.0781 1584 Npfs - ok
19:41:47.0861 1584 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:41:47.0882 1584 Ntfs - ok
19:41:47.0902 1584 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:41:47.0912 1584 NtLmSsp - ok
19:41:47.0952 1584 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:41:48.0072 1584 NtmsSvc - ok
19:41:48.0132 1584 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:41:48.0142 1584 Null - ok
19:41:48.0192 1584 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:41:48.0192 1584 NwlnkFlt - ok
19:41:48.0212 1584 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:41:48.0212 1584 NwlnkFwd - ok
19:41:48.0352 1584 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:41:48.0412 1584 odserv - ok
19:41:48.0462 1584 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:41:48.0462 1584 ohci1394 - ok
19:41:48.0532 1584 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:41:48.0562 1584 ose - ok
19:41:48.0883 1584 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:41:49.0053 1584 osppsvc - ok
19:41:49.0133 1584 [ F57524C6764E96FC29AC64394282EB36 ] OwnershipProtocol C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
19:41:49.0133 1584 OwnershipProtocol - ok
19:41:49.0183 1584 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
19:41:49.0183 1584 Parport - ok
19:41:49.0223 1584 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:41:49.0223 1584 PartMgr - ok
19:41:49.0284 1584 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:41:49.0284 1584 ParVdm - ok
19:41:49.0344 1584 [ 175CC28DCF819F78CAA3FBD44AD9E52A ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
19:41:49.0344 1584 pccsmcfd - ok
19:41:49.0364 1584 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:41:49.0374 1584 PCI - ok
19:41:49.0384 1584 PCIDump - ok
19:41:49.0424 1584 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:41:49.0424 1584 PCIIde - ok
19:41:49.0444 1584 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
19:41:49.0454 1584 Pcmcia - ok
19:41:49.0464 1584 PDCOMP - ok
19:41:49.0484 1584 PDFRAME - ok
19:41:49.0504 1584 PDRELI - ok
19:41:49.0524 1584 PDRFRAME - ok
19:41:49.0534 1584 perc2 - ok
19:41:49.0554 1584 perc2hib - ok
19:41:49.0634 1584 [ 6C1618A07B49E3873582B6449E744088 ] Pfc C:\WINDOWS\system32\drivers\pfc.sys
19:41:49.0664 1584 Pfc - ok
19:41:49.0684 1584 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
19:41:49.0684 1584 PlugPlay - ok
19:41:49.0754 1584 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
19:41:49.0754 1584 Pml Driver HPZ12 - ok
19:41:49.0774 1584 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:41:49.0774 1584 PolicyAgent - ok
19:41:49.0834 1584 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:41:49.0834 1584 PptpMiniport - ok
19:41:49.0844 1584 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:41:49.0854 1584 ProtectedStorage - ok
19:41:49.0864 1584 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:41:49.0864 1584 PSched - ok
19:41:49.0904 1584 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:41:49.0904 1584 Ptilink - ok
19:41:49.0954 1584 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:41:49.0954 1584 PxHelp20 - ok
19:41:49.0975 1584 ql1080 - ok
19:41:49.0985 1584 Ql10wnt - ok
19:41:49.0995 1584 ql12160 - ok
19:41:50.0005 1584 ql1240 - ok
19:41:50.0015 1584 ql1280 - ok
19:41:50.0075 1584 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:41:50.0085 1584 RasAcd - ok
19:41:50.0125 1584 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:41:50.0215 1584 RasAuto - ok
19:41:50.0255 1584 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:41:50.0255 1584 Rasl2tp - ok
19:41:50.0315 1584 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:41:50.0325 1584 RasMan - ok
19:41:50.0345 1584 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:41:50.0345 1584 RasPppoe - ok
19:41:50.0365 1584 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:41:50.0365 1584 Raspti - ok
19:41:50.0415 1584 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:41:50.0435 1584 Rdbss - ok
19:41:50.0505 1584 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:41:50.0505 1584 RDPCDD - ok
19:41:50.0555 1584 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:41:50.0565 1584 RDPWD - ok
19:41:50.0595 1584 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:41:50.0866 1584 RDSessMgr - ok
19:41:50.0946 1584 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:41:50.0956 1584 redbook - ok
19:41:51.0006 1584 [ 0BC57EFF4E1F8156B12FB7C7B681E371 ] REGHOOK C:\WINDOWS\System32\Drivers\REGHOOK.SYS
19:41:51.0006 1584 REGHOOK - ok
19:41:51.0066 1584 [ A7EEBA958CFCCADBD4F47C3CDB51C714 ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
19:41:51.0066 1584 RegSrvc - ok
19:41:51.0126 1584 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:41:51.0316 1584 RemoteAccess - ok
19:41:51.0357 1584 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
19:41:51.0517 1584 RpcLocator - ok
19:41:51.0567 1584 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
19:41:51.0577 1584 RpcSs - ok
19:41:51.0627 1584 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:41:51.0767 1584 RSVP - ok
19:41:51.0857 1584 [ 215DEEE103618F102263C8ECF4B8413E ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
19:41:51.0867 1584 S24EventMonitor - ok
19:41:51.0907 1584 [ 85A26A3BB748DFD3170CDBF45B0DD7FD ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
19:41:51.0907 1584 s24trans - ok
19:41:51.0957 1584 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
19:41:51.0957 1584 SamSs - ok
19:41:52.0027 1584 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:41:52.0027 1584 SASDIFSV - ok
19:41:52.0078 1584 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:41:52.0088 1584 SASKUTIL - ok
19:41:52.0118 1584 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:41:52.0318 1584 SCardSvr - ok
19:41:52.0388 1584 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:41:52.0398 1584 Schedule - ok
19:41:52.0458 1584 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
19:41:52.0468 1584 sdbus - ok
19:41:52.0518 1584 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:41:52.0528 1584 Secdrv - ok
19:41:52.0568 1584 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:41:52.0578 1584 seclogon - ok
19:41:52.0598 1584 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
19:41:52.0598 1584 SENS - ok
19:41:52.0648 1584 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:41:52.0648 1584 Serenum - ok
19:41:52.0668 1584 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
19:41:52.0678 1584 Serial - ok
19:41:52.0799 1584 [ 9D38320BB32230349379DF5DDBBF7FCE ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
19:41:53.0279 1584 ServiceLayer - ok
19:41:53.0359 1584 [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
19:41:53.0359 1584 sffdisk - ok
19:41:53.0409 1584 [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
19:41:53.0409 1584 sffp_sd - ok
19:41:53.0460 1584 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:41:53.0470 1584 Sfloppy - ok
19:41:53.0550 1584 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:41:53.0570 1584 SharedAccess - ok
19:41:53.0600 1584 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:41:53.0610 1584 ShellHWDetection - ok
19:41:53.0630 1584 Simbad - ok
19:41:53.0680 1584 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:41:53.0680 1584 SLIP - ok
19:41:53.0750 1584 [ 014AB093E6452EA88031BB6E22919BB5 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
19:41:53.0760 1584 smwdm - ok
19:41:53.0830 1584 [ 79AD3ACFFA28EC914F652081CAD3DF48 ] SoC PC-Camera Service C:\WINDOWS\system32\DRIVERS\pfc027.sys
19:41:53.0860 1584 SoC PC-Camera Service - ok
19:41:53.0900 1584 [ 3978F082274F723AD5A0A8058C2417DD ] SoundMAX Agent Service (default) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
19:41:53.0900 1584 SoundMAX Agent Service (default) - ok
19:41:53.0920 1584 Sparrow - ok
19:41:53.0960 1584 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:41:53.0970 1584 splitter - ok
19:41:54.0040 1584 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:41:54.0050 1584 Spooler - ok
19:41:54.0100 1584 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:41:54.0110 1584 sr - ok
19:41:54.0181 1584 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
19:41:54.0191 1584 srservice - ok
19:41:54.0251 1584 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:41:54.0271 1584 Srv - ok
19:41:54.0301 1584 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:41:54.0311 1584 SSDPSRV - ok
19:41:54.0381 1584 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:41:54.0401 1584 stisvc - ok
19:41:54.0441 1584 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:41:54.0441 1584 streamip - ok
19:41:54.0481 1584 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:41:54.0491 1584 swenum - ok
19:41:54.0511 1584 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:41:54.0521 1584 swmidi - ok
19:41:54.0541 1584 SwPrv - ok
19:41:54.0611 1584 [ 74E8543A4647A53A26788D5ED3C2172F ] Swupdtmr c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
19:41:54.0611 1584 Swupdtmr - ok
19:41:54.0641 1584 symc810 - ok
19:41:54.0661 1584 symc8xx - ok
19:41:54.0681 1584 sym_hi - ok
19:41:54.0701 1584 sym_u3 - ok
19:41:54.0781 1584 [ F6770219B73BD989D5613D2E9C78A227 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
19:41:54.0791 1584 SynTP - ok
19:41:54.0852 1584 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:41:54.0852 1584 sysaudio - ok
19:41:54.0902 1584 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:41:55.0072 1584 SysmonLog - ok
19:41:55.0112 1584 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:41:55.0132 1584 TapiSrv - ok
19:41:55.0222 1584 [ C65BAC90FDB6E9700D4AAA8C5868F7D7 ] TAPPSRV C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
19:41:55.0232 1584 TAPPSRV - ok
19:41:55.0282 1584 [ EECA2B57545E7B7BE949B5E70E31444F ] TBiosDrv C:\WINDOWS\system32\drivers\TBiosDrv.sys
19:41:55.0302 1584 TBiosDrv - ok
19:41:55.0382 1584 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:41:55.0392 1584 Tcpip - ok
19:41:55.0432 1584 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:41:55.0442 1584 TDPIPE - ok
19:41:55.0472 1584 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:41:55.0472 1584 TDTCP - ok
19:41:55.0512 1584 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:41:55.0522 1584 TermDD - ok
19:41:55.0593 1584 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
19:41:55.0603 1584 TermService - ok
19:41:55.0643 1584 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
19:41:55.0653 1584 Themes - ok
19:41:55.0733 1584 [ 467FF7FB078DCEC24C3F4DB602190E3D ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
19:41:55.0743 1584 tifm21 - ok
19:41:55.0763 1584 TosIde - ok
19:41:55.0793 1584 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:41:55.0803 1584 TrkWks - ok
19:41:55.0863 1584 [ 7420B0C35BE9D7E9651CEB1456948C87 ] TVALD C:\WINDOWS\system32\DRIVERS\NBSMI.sys
19:41:55.0873 1584 TVALD - ok
19:41:55.0923 1584 [ AE90AD1420E25177F6CEB286DA9EEDC4 ] Tvs C:\WINDOWS\system32\DRIVERS\Tvs.sys
19:41:55.0933 1584 Tvs - ok
19:41:55.0983 1584 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:41:55.0993 1584 Udfs - ok
19:41:56.0003 1584 ultra - ok
19:41:56.0083 1584 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:41:56.0093 1584 Update - ok
19:41:56.0143 1584 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:41:56.0274 1584 upnphost - ok
19:41:56.0314 1584 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
19:41:56.0444 1584 UPS - ok
19:41:56.0504 1584 [ 4B8A9C16B6D9258ED99C512AECB8C555 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
19:41:56.0504 1584 USBAAPL - ok
19:41:56.0564 1584 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:41:56.0564 1584 usbccgp - ok
19:41:56.0604 1584 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:41:56.0614 1584 usbehci - ok
19:41:56.0634 1584 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:41:56.0644 1584 usbhub - ok
19:41:56.0684 1584 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:41:56.0684 1584 usbprint - ok
19:41:56.0724 1584 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:41:56.0724 1584 usbscan - ok
19:41:56.0764 1584 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:41:56.0764 1584 USBSTOR - ok
19:41:56.0814 1584 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:41:56.0824 1584 usbuhci - ok
19:41:56.0904 1584 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:41:56.0904 1584 VgaSave - ok
19:41:56.0925 1584 ViaIde - ok
19:41:56.0975 1584 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:41:56.0975 1584 VolSnap - ok
19:41:57.0005 1584 [ F652A24D25E78ED487A53E1FA594FA78 ] VSPD C:\WINDOWS\System32\Drivers\VSPD.SYS
19:41:57.0005 1584 VSPD - ok
19:41:57.0075 1584 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
19:41:57.0255 1584 VSS - ok
19:41:57.0395 1584 [ 40DBA03782BCC10685A8C200C5EBDCD0 ] vToolbarUpdater12.2.6 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
19:41:57.0415 1584 vToolbarUpdater12.2.6 - ok
19:41:57.0666 1584 [ C89DA341FCC883A3D79DC11727484FC2 ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys
19:41:57.0846 1584 w29n51 - ok
19:41:57.0916 1584 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
19:41:57.0926 1584 W32Time - ok
19:41:57.0986 1584 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:41:57.0996 1584 Wanarp - ok
19:41:58.0016 1584 wanatw - ok
19:41:58.0026 1584 WDICA - ok
19:41:58.0076 1584 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:41:58.0076 1584 wdmaud - ok
19:41:58.0116 1584 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:41:58.0126 1584 WebClient - ok
19:41:58.0206 1584 [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend C:\Program Files\Windows Defender\MsMpEng.exe
19:41:58.0206 1584 WinDefend - ok
19:41:58.0327 1584 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:41:58.0327 1584 winmgmt - ok
19:41:58.0397 1584 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:41:58.0767 1584 WmdmPmSN - ok
19:41:58.0847 1584 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:41:58.0987 1584 WmiApSrv - ok
19:41:59.0078 1584 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
19:41:59.0368 1584 WMPNetworkSvc - ok
19:41:59.0408 1584 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
19:41:59.0418 1584 WpdUsb - ok
19:41:59.0488 1584 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:41:59.0488 1584 wscsvc - ok
19:41:59.0528 1584 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:41:59.0538 1584 WSTCODEC - ok
19:41:59.0578 1584 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:41:59.0578 1584 wuauserv - ok
19:41:59.0648 1584 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:41:59.0648 1584 WudfPf - ok
19:41:59.0699 1584 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:41:59.0699 1584 WudfRd - ok
19:41:59.0749 1584 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
19:41:59.0759 1584 WudfSvc - ok
19:41:59.0859 1584 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:41:59.0869 1584 WZCSVC - ok
19:41:59.0919 1584 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:42:00.0089 1584 xmlprov - ok
19:42:00.0159 1584 [ BAC4E920C920168C302C90C0F37740F6 ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys
19:42:00.0169 1584 yukonwxp - ok
19:42:00.0229 1584 ================ Scan global ===============================
19:42:00.0279 1584 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:42:00.0339 1584 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:42:00.0379 1584 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:42:00.0420 1584 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:42:00.0420 1584 [Global] - ok
19:42:00.0430 1584 ================ Scan MBR ==================================
19:42:00.0460 1584 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk0\DR0
19:42:00.0710 1584 \Device\Harddisk0\DR0 - ok
19:42:00.0710 1584 ================ Scan VBR ==================================
19:42:00.0720 1584 [ 1499F85F0F54A2084D0A8BDC26BA59DB ] \Device\Harddisk0\DR0\Partition1
19:42:00.0730 1584 \Device\Harddisk0\DR0\Partition1 - ok
19:42:00.0730 1584 ============================================================
19:42:00.0730 1584 Scan finished
19:42:00.0730 1584 ============================================================
19:42:00.0760 3444 Detected object count: 0
19:42:00.0760 3444 Actual detected object count: 0


ASWMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-05 19:44:46
-----------------------------
19:44:46.008 OS Version: Windows 5.1.2600 Service Pack 3
19:44:46.008 Number of processors: 1 586 0xD08
19:44:46.008 ComputerName: TOSHIBA-USER UserName:
19:44:47.450 Initialize success
19:49:14.364 AVAST engine defs: 12100502
19:53:13.027 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:53:13.037 Disk 0 Vendor: TOSHIBA_MK1032GAX AB211A Size: 95396MB BusType: 3
19:53:13.077 Disk 0 MBR read successfully
19:53:13.087 Disk 0 MBR scan
19:53:13.147 Disk 0 unknown MBR code
19:53:13.157 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 95393 MB offset 63
19:53:13.167 Disk 0 scanning sectors +195366465
19:53:13.267 Disk 0 scanning C:\WINDOWS\system32\drivers
19:53:32.695 Service scanning
19:54:02.738 Modules scanning
19:54:11.391 Disk 0 trace - called modules:
19:54:11.431 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:54:11.441 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89881ab8]
19:54:11.791 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000083[0x898db278]
19:54:11.811 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89907940]
19:54:12.382 AVAST engine scan C:\WINDOWS
19:54:26.953 AVAST engine scan C:\WINDOWS\system32
20:04:03.051 AVAST engine scan C:\WINDOWS\system32\drivers
20:04:30.761 AVAST engine scan C:\Documents and Settings\Debbie Manning
20:15:32.763 AVAST engine scan C:\Documents and Settings\All Users
20:18:18.532 Scan finished successfully
20:21:43.676 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Debbie Manning\My Documents\MBR.dat"
20:21:43.697 The log file has been saved successfully to "C:\Documents and Settings\Debbie Manning\My Documents\aswMBR.txt"


Will await further instructions before running ESET.

Much gratitude - You're the best!
Deb

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:50 PM

Posted 05 October 2012 - 08:39 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#5 DebMKY

DebMKY
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 05 October 2012 - 11:29 PM

Wow. That took a while! Sorry it took so long. I'm in US Central time, so gonna turn in for the night. Will check back soon as I get the chance tomorrow. Thank you for your time, I know it's going to take a while to get through all this. This is everything but ESet. Here are the logs:

MALWAREBYTES LOG:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.05.12

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Debbie Manning :: TOSHIBA-USER [administrator]

10/5/2012 9:07:40 PM
mbam-log-2012-10-05 (21-07-40).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 304622
Time elapsed: 1 hour(s), 38 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


MINITOOLBOX LOG:
MiniToolBox by Farbar Version: 23-07-2012
Ran by Debbie Manning (administrator) on 05-10-2012 at 22:50:44
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP Configuration Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================


WARNING: Could not obtain host information from machine: [TOSHIBA-USER]. Some commands may not be available.


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : toshiba-user Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Wireless Network Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel® PRO/Wireless 2200BG Network Connection Physical Address. . . . . . . . . : 00-12-F0-92-89-31 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.31 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 192.168.1.1 Lease Obtained. . . . . . . . . . : Friday, October 05, 2012 10:48:39 PM Lease Expires . . . . . . . . . . : Saturday, October 06, 2012 10:48:39 PM Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller Physical Address. . . . . . . . . : 00-A0-D1-20-E6-32 Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.225.133, 74.125.225.134, 74.125.225.135, 74.125.225.136
74.125.225.137, 74.125.225.142, 74.125.225.128, 74.125.225.129, 74.125.225.130
74.125.225.131, 74.125.225.132

Pinging google.com [74.125.225.78] with 32 bytes of data: Reply from 74.125.225.78: bytes=32 time=37ms TTL=53 Reply from 74.125.225.78: bytes=32 time=35ms TTL=53 Ping statistics for 74.125.225.78: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 35ms, Maximum = 37ms, Average = 36ms Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24, 72.30.38.140, 98.138.253.109

Pinging yahoo.com [98.139.183.24] with 32 bytes of data: Reply from 98.139.183.24: bytes=32 time=104ms TTL=50 Reply from 98.139.183.24: bytes=32 time=137ms TTL=49 Ping statistics for 98.139.183.24: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 104ms, Maximum = 137ms, Average = 120ms Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data: Reply from 208.43.87.2: Destination host unreachable. Reply from 208.43.87.2: Destination host unreachable. Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms ===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 12 f0 92 89 31 ...... Intel® PRO/Wireless 2200BG Network Connection - Packet Scheduler Miniport
0x3 ...00 a0 d1 20 e6 32 ...... Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.31 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.31 192.168.1.31 20
192.168.1.0 255.255.255.0 192.168.1.31 192.168.1.31 25
192.168.1.31 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.31 192.168.1.31 25
224.0.0.0 240.0.0.0 192.168.1.31 192.168.1.31 25
255.255.255.255 255.255.255.255 192.168.1.31 3 1
255.255.255.255 255.255.255.255 192.168.1.31 192.168.1.31 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/04/2012 10:20:15 PM) (Source: NativeWrapper) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1705.5046kb26563701033643finstallx865.1.2600.2.3.0.7680

Error: (10/04/2012 10:20:14 PM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft .NET Framework 1.1 - Update '{A38B334A-A0A2-436D-BAA0-34FE5E517E44}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2656370-X86\NDP1.1sp1-KB2656370-X86-msi.0.log.

Error: (10/04/2012 10:20:13 PM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.

Error: (10/04/2012 08:19:45 PM) (Source: Application Error) (User: )
Description: Fault bucket -1106308771.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (10/04/2012 08:19:37 PM) (Source: Application Error) (User: )
Description: Faulting application softonicdownloader_for_avg-anti-rootkit.exe, version 1.35.7.0, faulting module softonicdownloader_for_avg-anti-rootkit.exe, version 1.35.7.0, fault address 0x000b4e7b.
Processing media-specific event for [softonicdownloader_for_avg-anti-rootkit.exe!ws!]

Error: (10/04/2012 08:18:16 PM) (Source: Application Error) (User: )
Description: Faulting application softonicdownloader_for_avg-anti-rootkit.exe, version 1.35.7.0, faulting module softonicdownloader_for_avg-anti-rootkit.exe, version 1.35.7.0, fault address 0x000b4e7b.
Processing media-specific event for [softonicdownloader_for_avg-anti-rootkit.exe!ws!]

Error: (10/04/2012 05:09:31 PM) (Source: Application Hang) (User: )
Description: Hanging application mmc.exe, version 5.2.3790.4136, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/04/2012 09:50:28 AM) (Source: NativeWrapper) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1701.5039kb26563531033643finstallx865.1.2600.2.3.0.7680

Error: (10/04/2012 09:50:27 AM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft .NET Framework 1.1 - Update '{0213C6AF-5562-4D09-884C-2ADCFC8C2F35}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2656353-X86\NDP1.1sp1-KB2656353-X86-msi.0.log.

Error: (10/04/2012 09:50:24 AM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.


System errors:
=============
Error: (10/05/2012 03:58:31 PM) (Source: System Error) (User: )
Description: Error code 1000008e, parameter1 c0000005, parameter2 bf9568c8, parameter3 a7bb1c00, parameter4 00000000.

Error: (10/05/2012 03:58:15 PM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (10/05/2012 03:56:53 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (10/05/2012 03:56:53 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (10/05/2012 03:56:42 PM) (Source: Print) (User: NT AUTHORITY)
Description: Printer Broderbund PDF Converter 2.10d failed to initialize because a suitable Amyuni Document Converter 2.10 driver could not be found.

Error: (10/05/2012 03:29:55 PM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (10/05/2012 03:28:34 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (10/05/2012 03:28:34 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (10/05/2012 03:28:14 PM) (Source: Print) (User: NT AUTHORITY)
Description: Printer Broderbund PDF Converter 2.10d failed to initialize because a suitable Amyuni Document Converter 2.10 driver could not be found.

Error: (10/05/2012 03:19:01 PM) (Source: Dhcp) (User: )
Description: Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 0012F0928931. The following error
occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 1.0.0)
4500_Help (Version: 1.00.0000)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe Acrobat 5.0 (Version: 5.0)
Adobe AIR (Version: 2.0.2.12610)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.278)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Amazon MP3 Downloader 1.0.15 (Version: 1.0.15)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
AppStream Technology Windows Edition Client (Version: 5.1.0.82)
AVG 2013 (Version: 13.0.2591)
AVG 2013 (Version: 13.0.2677)
AVG 2013 (Version: 2013.0.2677)
Bonjour (Version: 3.0.0.10)
BPD_HPSU (Version: 1.00.0000)
bpd_scan (Version: 3.00.0000)
BPDSoftware (Version: 50.0.165.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 100.0.170.000)
CCleaner (Version: 3.23)
CD/DVD Drive Acoustic Silencer (Version: 1.00.005)
Count Down (Version: 1.0.0.0)
CustomerResearchQFolder (Version: 1.00.0000)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destination Component (Version: 100.0.0.0)
DeviceDiscovery (Version: 100.0.190.000)
DeviceManagementQFolder (Version: 1.00.0000)
DocMgr (Version: 100.0.201.000)
DocProc (Version: 10.0.0.0)
DocProcQFolder (Version: 1.00.0000)
DownloadX ActiveX Download Control 1.6.5
DVD-RAM Driver
e-Sword (Version: 7.08.0005)
e-Sword (Version: 9.00.0003)
ESET Online Scanner v3
eSupportQFolder (Version: 1.00.0000)
Family Tree Maker 2011 (Version: 20.0.379)
Fax (Version: 100.0.187.000)
Google Chrome (Version: 22.0.1229.79)
Google Update Helper (Version: 1.3.21.123)
GPBaseService (Version: 100.0.187.000)
HP Customer Participation Program 10.0 (Version: 10.0)
HP Document Manager 1.0 (Version: 1.0)
HP Imaging Device Functions 10.0 (Version: 10.0)
HP Officejet J4500 Series (Version: 1.0)
HP Photosmart Essential 2.5 (Version: 1.02.0000)
HP Photosmart Essential 2.5 (Version: 2.5)
HP Smart Web Printing (Version: 3.5)
HP Solution Center 10.0 (Version: 10.0)
HP Update (Version: 4.000.007.003)
HPProductAssistant (Version: 100.0.170.000)
HPSSupply (Version: 100.0.170.000)
InstallIQ Updater (Version: 1.1.1.0)
Intel® Graphics Media Accelerator Driver for Mobile
Intel® PROSet/Wireless Software
InterVideo WinDVD Creator 2 (Version: 2.0.14.337)
InterVideo WinDVD for TOSHIBA (Version: 5.0-B11.463)
iTunes (Version: 10.6.1.7)
J2SE Runtime Environment 5.0 (Version: 1.5.0)
J4500 (Version: 50.0.165.000)
LizardTech DjVu Control
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
MarketResearch (Version: 100.0.170.000)
mCore (Version: 1.23.0000)
mDrWiFi (Version: 1.23.0000)
mEoU.msi (Version: 1.23.0000)
mHelp (Version: 1.23.0000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft English TTS Engine (Version: 2.0.1000.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2 (Version: 9.00.2720)
Microsoft Office 2000 Professional (Version: 9.00.2720)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Business 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher 2007 (Version: 12.0.6612.1000)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Primary Interoperability Assemblies 2005 (Version: 8.0.50727.42)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.6029.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Web Publishing Wizard 1.52
Microsoft Windows Media Video 9 VCM
Microsoft Works (Version: 08.04.0623)
Microsoft WSE 3.0 (Version: 3.0.5305.0)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
mIWA (Version: 1.23.0000)
mIWCA (Version: 1.23.0000)
mLogView (Version: 1.23.0000)
mMHouse (Version: 1.23.0000)
Move Networks Media Player for Internet Explorer
mPfMgr (Version: 1.23.0000)
mPfWiz (Version: 1.23.0000)
mProSafe (Version: 9.00.0000)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
mWlsSafe (Version: 9.00.0000)
mXML (Version: 1.23.0000)
mZConfig (Version: 1.23.0000)
Night Before Christmas (Version: 1.0.2)
OCR Software by I.R.I.S. 10.0 (Version: 10.0)
PC CameraQ (Version: 0.1.3.2.0)
PC Connectivity Solution (Version: 8.15.0.0)
Picasa 3 (Version: 3.8)
PrintMaster Gold 17 (Version: 17.00.0000)
ProductContext (Version: 50.0.165.000)
PSSWCORE (Version: 2.02.0000)
QuickTime (Version: 7.66.73.0)
RealPlayer
RealUpgrade 1.0 (Version: 1.0.0)
Roxio Burn Engine (Version: 1.2.0000)
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio (Version: 1.00.0000)
Samsung New PC Studio USB Driver Installer (Version: 1.00.0000)
SamsungConnectivityCableDriver (Version: 6.83.6.2.1)
SAPI Wrapper (Version: 1.0.0.0)
Scan (Version: 10.1.0.0)
SD Secure Module (Version: 1.0.2)
Shop for HP Supplies (Version: 10.0)
SmartWebPrintingOC (Version: 100.0.189.000)
SolutionCenter (Version: 100.0.175.000)
SoundMAX (Version: 5.12.01.5240)
Status (Version: 100.0.175.000)
SUPERAntiSpyware (Version: 5.5.1022)
Synaptics Pointing Device Driver (Version: 7.12.4.0)
Texas Instruments PCIxx21/x515 drivers. (Version: 1.15.0000)
The Weather Channel Desktop 6
The Weather Channel Toolbar
TinyZIP (Version: 1.0.2)
TIxx21/x515 (Version: 1.15.0000)
Toolbox (Version: 100.0.170.000)
TOSHIBA Assist
TOSHIBA ConfigFree (Version: 5.00.45)
TOSHIBA Controls
TOSHIBA Hotkey Utility (Version: 1.00.03K)
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver (Version: 7.03.05.I)
Toshiba Registration (Version: 1.00.0000)
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem (Version: 2.1.47.6 (SM21476ALD6))
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
Toshiba Tbiosdrv Driver
TOSHIBA TouchPad ON/Off Utility (Version: 1.00.08K)
TOSHIBA Utilities (Version: 1.00.06K)
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Touch and Launch
TrayApp (Version: 100.0.170.000)
TTS Wrapper (Version: 1.0.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB968220) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
VideoToolkit01 (Version: 100.0.128.000)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 100.0.170.000)
Windows Defender (Version: 1.1.1593.21)
Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0) (Version: 02/23/2007 2.5.0.0)
Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0) (Version: 02/23/2007 2.5.0.0)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0) (Version: 10/12/2007 6.85.4.0)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Memory info: ===================================

Percentage of memory in use: 52%
Total physical RAM: 1527.42 MB
Available physical RAM: 723.95 MB
Total Pagefile: 3426.68 MB
Available Pagefile: 2792.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.73 MB

========================= Partitions: =====================================

1 Drive c: (SQ003520) (Fixed) (Total:93.16 GB) (Free:37.06 GB) NTFS

========================= Users: ========================================

User accounts for \\TOSHIBA-USER

Administrator ASPNET Debbie Manning
Guest HelpAssistant SUPPORT_388945a0

========================= Restore Points ==================================


**** End of log ****

FARBAR LOG:
Farbar Service Scanner Version: 19-09-2012
Ran by Debbie Manning (administrator) on 05-10-2012 at 22:55:23
Running from "C:\Documents and Settings\Debbie Manning\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(10) Avgtdix(12) Gpc(6) IPSec(4) IWCA(11) NetBT(5) PSched(7) s24trans(9) Tcpip(3)
0x0D000000040000000100000002000000030000000D0000000C00000005000000080000000600000007000000090000000A0000000B000000
IpSec Tag value is correct.

**** End of log ****

ADWCLEANER LOG:
# AdwCleaner v2.003 - Logfile created 10/05/2012 at 22:59:03
# Updated 23/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Debbie Manning - TOSHIBA-USER
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Debbie Manning\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
File Deleted : C:\user.js
Folder Deleted : C:\DOCUME~1\DEBBIE~1\LOCALS~1\Temp\avg@toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Debbie Manning\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Debbie Manning\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Debbie Manning\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\Debbie Manning\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\AskBarDis
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [m3ffxtbr@mywebsearch.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - SearchAssistant] = hxxp://www.crawler.com/search/ie.aspx?tb_id=60446 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - CustomizeSearch] = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60446 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60288 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxps://isearch.avg.com/tab?cid={AD6CB810-1211-46BE-8DD9-009F0D257C7B}&mid=2cc07e23aad1950937476b5e5b76eb19-1d6806ddffda370afd35f5d67d0859dbab09a689&lang=en&ds=AVG&pr=fr&d=2012-10-05 15:20:49&v=12.2.5.34&sap=nt --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://www.crawler.com/search/ie.aspx?tb_id=60446 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - CustomizeSearch] = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60446 --> hxxp://www.google.com

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Debbie Manning\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.51] : icon_url = "hxxps://isearch.avg.com/favicon.ico",
Deleted [l.54] : keyword = "isearch.avg.com",
Deleted [l.57] : search_url = "hxxps://isearch.avg.com/search?cid={AD6CB810-1211-46BE-8DD9-009F0D257C7B}&mid=2cc07e23aad1950937476b5e5b76eb19-1d6806ddffda370afd35f5d67d0859dbab09a689&lang=en&ds=AVG&pr=fr&d=2012-10-05 15:20:49&v=12.2.5.34&sap=dsp&q={searchTerms}",

*************************

AdwCleaner[S1].txt - [11501 octets] - [05/10/2012 22:59:03]

########## EOF - C:\AdwCleaner[S1].txt - [11562 octets] ##########


JUNKWARE REMOVAL TOOL:
Junkware Removal Tool (JRT) by Thisisu
Version: 1.2.6 (10.05.2012)
OS: Microsoft Windows XP x86
Ran by Debbie Manning on Fri 10/05/2012 at 23:20:56.79
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] hkey_classes_root\clsid\{9afb8248-617f-460d-9366-d71cdeda3179}
Successfully deleted: [KEY] hkey_classes_root\interface\{db507187-9746-458c-97da-c458131eede7}



*** Files: 0 Detections



*** Folders:

Successfully deleted: [FOLDER] "C:\Program Files\imesh applications"



Removed the following from [PREFS.JS] :



*** Event Viewer Logs - NOT cleared





**************************************************************
Scan was completed on Fri 10/05/2012 at 23:21:19.94
End of Report

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:50 PM

Posted 06 October 2012 - 04:58 AM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#7 DebMKY

DebMKY
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 06 October 2012 - 11:41 AM

Thanks! Logs:

RKill:

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/06/2012 11:29:19 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\system32\DVDRAMSV.exe (PID: 812) [WD-HEUR]
* C:\WINDOWS\system32\FsUsbExService.Exe (PID: 860) [WD-HEUR]
* C:\WINDOWS\AGRSMMSG.exe (PID: 3408) [WD-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 10/06/2012 11:30:05 AM
Execution time: 0 hours(s), 0 minute(s), and 45 seconds(s)



AUTORUNS:

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "AGRSMMSG" "SoftModem Messaging Applet" "Agere Systems" "c:\windows\agrsmmsg.exe"
+ "AVG_UI" "AVG User Interface" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2013\avgui.exe"
+ "DWQueuedReporting" "Watson Subscriber for SENS Network Notifications" "Microsoft Corporation" "c:\program files\common files\microsoft shared\dw\dwtrig20.exe"
+ "EOUApp" "Ease Of Use Wizard Application" "Intel Corporation" "c:\program files\intel\wireless\bin\eouwiz.exe"
+ "HP Software Update" "hpwuSchd Application" "Hewlett-Packard" "c:\program files\hp\hp software update\hpwuschd2.exe"
+ "hpqSRMon" "HpqSRmon" "Hewlett-Packard" "c:\program files\hp\digital imaging\bin\hpqsrmon.exe"
+ "ROC_ROC_NT" "" "" "File not found: C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe"
+ "SynTPLpr" "TouchPad Driver Helper Application" "Synaptics, Inc." "c:\program files\synaptics\syntp\syntplpr.exe"
+ "vProt" "" "" "File not found: C:\Program Files\AVG Secure Search\vprot.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office14\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "linkscanner" "" "" "File not found: C:\Program Files\AVG\AVG2012\avgpp.dll"
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
+ "ms-itss" "Microsoft® InfoTech Storage System Library" "Microsoft Corporation" "c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Microsoft AntiMalware ShellExecuteHook" "Shell Execution Monitor" "Microsoft Corporation" "c:\program files\windows defender\mpshhook.dll"
+ "SABShellExecuteHook Class" "ShellExecuteHook" "SuperAdBlocker.com" "c:\program files\superantispyware\sasseh.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2013\avgse.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2013\avgse.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Adobe PDF Reader Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll"
+ "AVG Safe Search" "" "" "File not found: C:\Program Files\AVG\AVG2012\avgssie.dll"
+ "HP Print Enhancer" "HP Smart Web Printing add-on for Internet Explorer" "Hewlett-Packard Co." "c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll"
+ "HP Smart BHO Class" "HP Smart Web Printing add-on for Internet Explorer" "Hewlett-Packard Co." "c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files\microsoft office\office14\urlredir.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "HP Smart Select" "HP Smart Web Printing add-on for Internet Explorer" "Hewlett-Packard Co." "c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll"
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnielinkednotes.dll"
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnie.dll"
+ "Sun Java Console" "Java Plug-in 1.5.0 for Netscape Navigator (DLL Helper)" "Sun Microsystems, Inc." "c:\program files\java\jre1.5.0\bin\npjpi150.dll"
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "Ad-Aware Update (Weekly).job" "" "" "File not found: C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe update all silent repair"
X "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.4 r402" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
X "AppleSoftwareUpdate.job" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
X "GoogleUpdateTaskMachineCore.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
X "GoogleUpdateTaskMachineUA.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
X "RealUpgradeLogonTaskS-1-5-21-3127632952-2917838504-1503337634-1008.job" "RealUpgrade Launcher " "RealNetworks, Inc." "c:\program files\real\realupgrade\realupgrade.exe"
X "RealUpgradeScheduledTaskS-1-5-21-3127632952-2917838504-1503337634-1008.job" "RealUpgrade Launcher " "RealNetworks, Inc." "c:\program files\real\realupgrade\realupgrade.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "!SASCORE" "SUPERAntiSpyware Core Service" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sascore.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "AppMgmt" "Provides software installation services such as Assign, Publish, and Remove." "" "File not found: C:\WINDOWS\System32\appmgmts.dll"
+ "AppMgrService" "The AppStream Application Manager engine. Responsible for maintaining connections to servers and managing the cache for streamed applications." "AppStream Inc." "c:\program files\appstream\windowsclient\bin\appmgrservice.exe"
+ "AVG Security Toolbar Service" "ToolbarB Application" "" "c:\program files\avg\avg10\toolbar\toolbarbroker.exe"
+ "AVGIDSAgent" "Provides Identity Protection Against Cyber Crime." "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2013\avgidsagent.exe"
+ "avgwd" "AVG Watchdog Service" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2013\avgwdsvc.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "CFSvcs" "Service of ConfigFree." "TOSHIBA CORPORATION" "c:\program files\toshiba\configfree\cfsvcs.exe"
+ "DVD-RAM_Service" "Service of RAMAsst for Windows XP" "Matsubleepa Electric Industrial Co., Ltd." "c:\windows\system32\dvdramsv.exe"
+ "EvtEng" "Intel Event Trace Manager" "Intel Corporation" "c:\program files\intel\wireless\bin\evteng.exe"
+ "FsUsbExService" "FsUsbDevice" "Teruten" "c:\windows\system32\fsusbexservice.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "hpqcxs08" "HP CUE Context Manager Objects" "Hewlett-Packard Co." "c:\program files\hp\digital imaging\bin\hpqcxs08.dll"
+ "hpqddsvc" "This service detects and monitors CUE devices on the system." "Hewlett-Packard Co." "c:\program files\hp\digital imaging\bin\hpqddsvc.dll"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "Net Driver HPZ12" "Dot4Net Module" "Hewlett-Packard" "c:\windows\system32\hpzinw12.dll"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "OwnershipProtocol" "Ownership protocol service" "Intel Corporation" "c:\program files\intel\wireless\bin\oprotsvc.exe"
+ "Pml Driver HPZ12" "PmlDrv Module" "Hewlett-Packard" "c:\windows\system32\hpzipm12.dll"
+ "RegSrvc" "Intel Registry Service" "Intel Corporation" "c:\program files\intel\wireless\bin\regsrvc.exe"
+ "S24EventMonitor" "Handles the Spectrum24 NDIS Traffic" "Intel Corporation " "c:\program files\intel\wireless\bin\s24evmon.exe"
+ "ServiceLayer" "ServiceLayer Module" "Nokia." "c:\program files\pc connectivity solution\servicelayer.exe"
+ "SoundMAX Agent Service (default)" "SoundMAX service agent component" "Analog Devices, Inc." "c:\program files\analog devices\soundmax\smagent.exe"
+ "Swupdtmr" "" "" "c:\toshiba\ivp\swupdate\swupdtmr.exe"
+ "TAPPSRV" "TOSHIBA Application Service for Common Module" "TOSHIBA Corp." "c:\program files\toshiba\toshiba applet\tappsrv.exe"
+ "vToolbarUpdater12.2.6" "ToolbarU Application" "" "c:\program files\common files\avg secure search\vtoolbarupdater\12.2.6\toolbarupdater.exe"
+ "WinDefend" "Helps protect users from malicious software, spyware, and other potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\msmpeng.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "aeaudio" "Andrea Audio Noise Cancellation Driver" "Andrea Electronics Corporation" "c:\windows\system32\drivers\aeaudio.sys"
+ "AegisP" "AEGIS Protocol (IEEE 802.1x) v3.1.6.0" "Meetinghouse Data Communications" "c:\windows\system32\drivers\aegisp.sys"
+ "AFS2K" "Audio File System" "Oak Technology Inc." "c:\windows\system32\drivers\afs2k.sys"
+ "AgereSoftModem" "SoftModem Device Driver" "Agere Systems" "c:\windows\system32\drivers\agrsm.sys"
+ "APPSTREAM" "AppStream Driver" "AppStream Inc" "c:\windows\system32\drivers\appstream.sys"
+ "AVGIDSDriver" "AVG Technologies IDS Application Activity Monitor Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsdriverx.sys"
+ "AVGIDSHX" "AVG Technologies IDS Application Activity Monitor Helper Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidshx.sys"
+ "AVGIDSShim" "AVG Technologies IDS Application Activity Monitor Shim Loader Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsshimx.sys"
+ "Avgldx86" "AVG AVI Loader Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgldx86.sys"
+ "Avglogx" "AVG Logging Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avglogx.sys"
+ "Avgmfx86" "AVG Resident Shield Minifilter Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgmfx86.sys"
+ "Avgrkx86" "AVG Anti-Rootkit Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgrkx86.sys"
+ "Avgtdix" "AVG Network connection watcher" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgtdix.sys"
+ "avgtp" "" "AVG Technologies" "c:\windows\system32\drivers\avgtpx86.sys"
+ "Cdr4_xp" "CDR4 CD and DVD Place Holder Driver (see PxHelp)" "Sonic Solutions" "c:\windows\system32\drivers\cdr4_xp.sys"
+ "Cdralw2k" "CDRAL Place Holder Driver (see PxHelp)" "Sonic Solutions" "c:\windows\system32\drivers\cdralw2k.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "FsUsbExDisk" "" "" "c:\windows\system32\fsusbexdisk.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "HPZid412" "IEEE-1284.4-1999 Driver (Windows 2000)" "HP" "c:\windows\system32\drivers\hpzid412.sys"
+ "HPZipr12" "IEEE-1284.4-1999 Print Class Driver" "HP" "c:\windows\system32\drivers\hpzipr12.sys"
+ "HPZius12" "1284.4<->Usb Datalink Driver (Windows 2000)" "HP" "c:\windows\system32\drivers\hpzius12.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "ialm" "Intel Graphics Miniport Driver" "Intel Corporation" "c:\windows\system32\drivers\ialmnt5.sys"
+ "Iviaspi" "InterVideo ASPI Shell" "InterVideo, Inc." "c:\windows\system32\drivers\iviaspi.sys"
+ "IWCA" "Intel Wireless Connection Agent" "Intel Corporation" "c:\windows\system32\drivers\iwca.sys"
+ "Lavasoft Kernexplorer" "" "" "File not found: C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys"
+ "Lbd" "Ad-Aware mini-filter driver" "Lavasoft AB" "c:\windows\system32\drivers\lbd.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "meiudf" "DVD-RAM UDF File System Driver" "Matsubleepa Electric Industrial Co.,Ltd." "c:\windows\system32\drivers\meiudf.sys"
+ "Netdevio" "TOSHIBA Network Device Usermode I/O Protocol" "TOSHIBA Corporation." "c:\windows\system32\drivers\netdevio.sys"
+ "pccsmcfd" "PCCS Mode Change Filter Driver" "Nokia" "c:\windows\system32\drivers\pccsmcfd.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Pfc" "Padus® ASPI Shell" "Padus, Inc." "c:\windows\system32\drivers\pfc.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "REGHOOK" "Appstream System Services" "Appstream Inc." "c:\windows\system32\drivers\reghook.sys"
+ "s24trans" "WLAN Transport" "Intel Corporation" "c:\windows\system32\drivers\s24trans.sys"
+ "SASDIFSV" "SASDIFSV.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv.sys"
+ "SASKUTIL" "SASKUTIL.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "smwdm" "SoundMAX Integrated Digital Audio " "Analog Devices, Inc." "c:\windows\system32\drivers\smwdm.sys"
+ "SoC PC-Camera Service" "" "" "c:\windows\system32\drivers\pfc027.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics, Inc." "c:\windows\system32\drivers\syntp.sys"
+ "TBiosDrv" "" "" "c:\windows\system32\drivers\tbiosdrv.sys"
+ "tifm21" "tifm21.sys" "Texas Instruments" "c:\windows\system32\drivers\tifm21.sys"
+ "TVALD" "Toshiba Notebook PC SMI Driver" "Toshiba Corporation" "c:\windows\system32\drivers\nbsmi.sys"
+ "Tvs" "TOSHIBA Audio Filter Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\tvs.sys"
+ "USBAAPL" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl.sys"
+ "VSPD" "Appstream communication driver" "Appstream Inc." "c:\windows\system32\drivers\vspd.sys"
+ "w29n51" "Intel® Wireless LAN Driver" "Intel® Corporation" "c:\windows\system32\drivers\w29n51.sys"
+ "wanatw" "" "" "File not found: system32\DRIVERS\wanatw4.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
+ "yukonwxp" "NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller" "Marvell" "c:\windows\system32\drivers\yk51x86.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "vidc.xvid" "" "" "c:\windows\system32\xvidvfw.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Audio Source" "Windows Media Preview Object" "Microsoft Corporation" "c:\program files\windows media components\encoder\wmprevu.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Ezonics Audio Scope" "EZAudioScope Filter (Sample)" "MyCompanyName" "c:\program files\beston\ezmedia box 2.0\ezaudioscope.ax"
+ "Ezonics Audio ValueCtrl" "EZAudioValueCtrl Filter (Sample)" "MyCompanyName" "c:\windows\system32\ezaudiovaluectrl.ax"
+ "Ezonics Cacth Noise" "" "" "c:\program files\beston\ezlive monitor 2.0\ezcatchnoise.ax"
+ "Ezonics Detect Area Shower Trans Filer" "Ezonics Detect Area Shower Trans Filer" "Ezonics Corporation" "c:\program files\beston\ezlive monitor 2.0\ezdetectareashowertf.ax"
+ "Ezonics Frame Receiver" "" "" "c:\program files\beston\ezmedia box 2.0\ezframepipe.ax"
+ "Ezonics Frame Sender" "" "" "c:\program files\beston\ezmedia box 2.0\ezframepipe.ax"
+ "Ezonics Retrieve Ture Time Filter" "Ezonics Detect Area Shower Trans Filer" "Ezonics Corporation" "c:\program files\beston\ezlive monitor 2.0\ezretrievetrueframetime.ax"
+ "Ezonics Video Stamp" "Ezonics Video Stamp" "Ezonics Corporation" "c:\program files\beston\ezmedia box 2.0\ezvideostamp.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "FunUnify Async Filter" "TODO: <파일 설명>" "TODO: <회사 이름>" "c:\program files\samsung\samsung new pc studio\funcodecfilter.ax"
+ "FunUnify Audio Trnas Filter" "TODO: <파일 설명>" "TODO: <회사 이름>" "c:\program files\samsung\samsung new pc studio\funcodecfilter.ax"
+ "FunUnify Codec Filter" "TODO: <파일 설명>" "TODO: <회사 이름>" "c:\program files\samsung\samsung new pc studio\funcodecfilter.ax"
+ "FunUnify Encoder Filter" "TODO: <파일 설명>" "TODO: <회사 이름>" "c:\program files\samsung\samsung new pc studio\funcodecfilter.ax"
+ "FunUnify Video Trans Filter" "TODO: <파일 설명>" "TODO: <회사 이름>" "c:\program files\samsung\samsung new pc studio\funcodecfilter.ax"
+ "HP VTK Frame Grabber Filter" "HP Video Toolkit" "Hewlett-Packard Co." "c:\program files\common files\hp\digital imaging\bin\hpqvtk01.dll"
+ "HP VTK MPEG-1 Encoder" "HP Video Toolkit" "Hewlett-Packard Co." "c:\program files\common files\hp\digital imaging\bin\hpqvtk01.dll"
+ "HP VTK Resize Filter" "HP Video Toolkit" "Hewlett-Packard Co." "c:\program files\common files\hp\digital imaging\bin\hpqvtk01.dll"
+ "HP VTK Rotate Filter" "HP Video Toolkit" "Hewlett-Packard Co." "c:\program files\common files\hp\digital imaging\bin\hpqvtk01.dll"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "InterVideo Audio Decoder" "IVIAUDIO" "InterVideo Inc." "c:\program files\intervideo\common\bin\iviaudio.ax"
+ "InterVideo Audio Encoder" "InterVideo?Audio Encoder Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\iviaenc.ax"
+ "InterVideo Audio Processor" "" "" "c:\program files\intervideo\common\bin\iviaudioprocess.ax"
+ "InterVideo Demultiplexer" "InterVideo® MPEG System Demultiplexer Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\ividemux.ax"
+ "InterVideo Demux" "InterVideo® MPEG System Demultiplexer Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\ividemxx.ax"
+ "Intervideo Disc Read2 Filter" "" "" "c:\program files\intervideo\common\bin\discread.ax"
+ "InterVideo Disc Write2 Filter" "DiscRite" "InterVideo Inc." "c:\program files\intervideo\common\bin\discrite.ax"
+ "InterVideo Down Scale Filter" "InterVideo® Down Scale Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\ividowns.ax"
+ "InterVideo DV Pre-Process" "InterVideo DV Pre-Process Filter" "InterVideo" "c:\program files\intervideo\common\bin\dvprocs.ax"
+ "InterVideo File Writer" "InterVideo® File Writer Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\iviwrite.ax"
+ "InterVideo Multiplexer" "InterVideo® MPEG System Multiplexer Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\ivimux.ax"
+ "InterVideo Navigator" "IVINAV" "InterVideo Inc." "c:\program files\intervideo\common\bin\ivinav.ax"
+ "InterVideo Pre-scaling Filter" "InterVideo® PreScale Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\iviscale.ax"
+ "Intervideo SmartRender" "Intervideo SmartRender Filter" "Microsoft Corporation" "c:\program files\intervideo\common\bin\smartrnd.ax"
+ "InterVideo Still Capture" "InterVideo® Still Capture Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\iviscapt.ax"
+ "InterVideo Stream Buffer Filter" "InterVideo Stream Buffer Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\smbuffer.ax"
+ "InterVideo Stream Renderer" "IinterVideo Stream Renderer Filter " "InterVideo, Inc." "c:\program files\intervideo\common\bin\ivistreamrenderer.ax"
+ "InterVideo Subpicture Source" "Subpicture Source Filter" "InterVideo, Inc." "c:\program files\intervideo\common\bin\ivispic.ax"
+ "InterVideo Video Decoder" "IVIVIDEO" " InterVideo Inc." "c:\program files\intervideo\common\bin\ivivideo.ax"
+ "InterVideo Video Encoder" "InterVideo® MPEG Video Encoder Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\ivivenc.ax"
+ "InterVideo Wave Wrapper" "InterVideo Wave Wrapper Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\iviwavex.ax"
+ "KTF MUSIC AoD Sourcer" "KTF MUSIC AoD Sourcer" "PeeringPortal" "c:\program files\samsung\samsung new pc studio\npsasrc.dll"
+ "KTF MUSIC AoD WMT Splitter" "KTF MUSIC AoD WMT Splitter" "PeeringPortal" "c:\program files\samsung\samsung new pc studio\npsawms.dll"
+ "KTF MUSIC Audio Decoder" "KTF MUSIC Audio Decoder" "PeeringPortal" "c:\program files\samsung\samsung new pc studio\npsadec.dll"
+ "KTF MUSIC Audio Effector" "KTF MUSIC Audio Effector" "PeeringPortal" "c:\program files\samsung\samsung new pc studio\npsaef.dll"
+ "KTF MUSIC MPEG Splitter" "KTF MUSIC MPEG Splitter" "PeeringPortal" "c:\program files\samsung\samsung new pc studio\npsmpgs.dll"
+ "KTF MUSIC VoD Audio Effector" "KTF MUSIC VoD Audio Effector" "PeeringPortal" "c:\program files\samsung\samsung new pc studio\npsvae.dll"
+ "KTF MUSIC VoD Sourcer" "KTF MUSIC VoD Sourcer" "PeeringPortal" "c:\program files\samsung\samsung new pc studio\npsvsrc.dll"
+ "KTF MUSIC VoD Video Effector" "KTF MUSIC VoD Video Effector" "PeeringPortal" "c:\program files\samsung\samsung new pc studio\npsvve.dll"
+ "KTF MUSIC VoD WMT Splitter" "KTF MUSIC VoD WMT Splitter " "PeeringPortal" "c:\program files\samsung\samsung new pc studio\npsvwms.dll"
+ "Moto Image Decoder Filter" "image filter" "mobileleader" "c:\program files\samsung\samsung new pc studio\npsimgfilter.ax"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "NetReceiver" "Video grabbing DirectShow Filter" "-" "c:\program files\beston\ezlive monitor 2.0\netreceiver.ax"
+ "RealPlayer Audio Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Transcode Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Video Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Record Queue" "WME Record Queue" "Microsoft Corporation" "c:\program files\windows media components\encoder\wmedque.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "SubPicture Filter" "subpicture filter" "mobileleader" "c:\program files\samsung\samsung new pc studio\npssubpicture.dll"
+ "Video Source" "Windows Media Preview Object" "Microsoft Corporation" "c:\program files\windows media components\encoder\wmprevu.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "Windows Media Video Decoder" "Windows Media Video Decoder" "Microsoft Corporation" "c:\program files\samsung\samsung new pc studio\wmvds32.ax"
+ "Windows Media Video Decoder" "Windows Media Video Decoder V8" "Microsoft Corporation" "c:\program files\samsung\samsung new pc studio\wmv8ds32.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMEnc Screen Capture Filter" "WMESrcWp Module" "Microsoft Corporation" "c:\program files\windows media components\encoder\wmesrcwp.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "XviD MPEG-4 Video Decoder" "" "" "c:\windows\system32\xvid.ax"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "ASWLNDLL" "AppStream Winlogon Notification DLL" "Appstream Inc." "c:\windows\system32\aswlndll.dll"
+ "igfxcui" "igfxsrvc Module" "Intel Corporation" "c:\windows\system32\igfxsrvc.dll"
+ "IntelWireless" "LogonNotify DLL" "Intel Corporation" "c:\program files\intel\wireless\bin\lgnotify.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "PCL hpz3l5mu" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpz3l5mu.dll"

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:50 PM

Posted 06 October 2012 - 12:06 PM

Any current issues?

#9 DebMKY

DebMKY
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 06 October 2012 - 12:22 PM

Well, it hasn't blue screened since yesterday. Haven't run AVG again yet to see if it's still picking up rootkits. Do you want me to do that?

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:50 PM

Posted 06 October 2012 - 12:22 PM

yes

#11 DebMKY

DebMKY
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 06 October 2012 - 12:29 PM

OK. That takes a couple of hours. Will get back to you. Thanks again!

#12 DebMKY

DebMKY
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 06 October 2012 - 03:04 PM

OK, this is weird. Ran the whole computer scan and it found 21 rootkits and froze up. After about an hour of it hung up on "Finishing", I restarted it. Here's the log of that scan:

AVG Log:

Scheduled scan
Medium priority;"5";"0";"5"
Folders selected for scanning:;"Scan whole computer"
Started/finished:;"10/6/2012, 12:00:00 PM / 10/6/2012, 12:41:01 PM"
Total object scanned:;"205266"
User who launched the scan:;"SYSTEM"

Status;"Priority";"Name";"Description";"Result"
Infected;"Medium";"Service function NtEnumerateValueKey hook -> REGHOOK.SYS
+0x59CF";"C:\WINDOWS\System32\Drivers\REGHOOK.SYS";"Infected"
Infected;"Medium";"Service function NtCreateKey hook -> REGHOOK.SYS
+0x54B3";"C:\WINDOWS\System32\Drivers\REGHOOK.SYS";"Infected"
Infected;"Medium";"Service function NtSetValueKey hook -> REGHOOK.SYS
+0x5668";"C:\WINDOWS\System32\Drivers\REGHOOK.SYS";"Infected"
Infected;"Medium";"Service function NtQueryValueKey hook -> REGHOOK.SYS
+0x57BB";"C:\WINDOWS\System32\Drivers\REGHOOK.SYS";"Infected"
Infected;"Medium";"Service function NtDeleteValueKey hook -> REGHOOK.SYS
+0x58DF";"C:\WINDOWS\System32\Drivers\REGHOOK.SYS";"Infected"

Is it even remotely possible that these results are somehow "False Positives"? I've searched the internet and can't find even one instance of "REGHOOK.SYS". Thought that was odd.

Thanks again!
Deb

Edited by DebMKY, 06 October 2012 - 03:08 PM.


#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:50 PM

Posted 06 October 2012 - 03:41 PM

Download

System look

Launch it and copy this script

:filefind
REGHOOK.SYS

Click on LOOK,post the generated log

#14 DebMKY

DebMKY
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 06 October 2012 - 03:54 PM

Here it is:

SystemLook 30.07.11 by jpshortstuff
Log created at 15:53 on 06/10/2012 by Debbie Manning
Administrator - Elevation successful

========== filefind ==========

Searching for "REGHOOK.SYS"
C:\WINDOWS\system32\drivers\RegHook.sys --a---- 54879 bytes [01:27 28/09/2006] [01:27 28/09/2006] 0BC57EFF4E1F8156B12FB7C7B681E371

-= EOF =-

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:50 PM

Posted 06 October 2012 - 04:04 PM

Go to

https://www.virustotal.com/

Click on CHOOSE FILE

Browse to C:\WINDOWS\system32\drivers\RegHook.sys

Click ok and select SCAN IT option

Post the generated report link here




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users