Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer is very slow and will not connect to the internet


  • This topic is locked This topic is locked
7 replies to this topic

#1 JakerADog

JakerADog

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 29 March 2013 - 09:48 PM

I have an XP-SP3 Desktop running at 1.7GHz with 1.25 GB of Ram.  It is running slow and will not connect to the internet.  When I connect it to the web it isn't working.  When I try to update the AVG Antivirus or Malwarebytes Anti-Malware and it doesn't connect to the server.  Here is the DSS.txt file.  Any help would be greatly appreciated.

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.9.2
Run by Owner at 19:00:18 on 2013-03-29
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1278.867 [GMT -7:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - c:\program files\microsoft\bingbar\7.1.391.0\BingExt.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - 
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1349227072406
TCP: NameServer = 10.0.1.1
TCP: Interfaces\{40B8C284-8E22-46BB-9FB0-643477BE2D2B} : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{46279446-30B2-4935-9631-45E9E8B4D912} : DHCPNameServer = 10.0.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
Notify: igfxcui - igfxsrvc.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 35552]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 164832]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-12-26 33112]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-16 5814904]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\14.2.0\toolbarupdater.exe --> c:\program files\common files\avg secure search\vtoolbarupdater\14.2.0\ToolbarUpdater.exe [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2012-11-18 17149]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\wpn111.sys --> c:\windows\system32\drivers\WPN111.sys [?]
.
=============== Created Last 30 ================
.
2013-03-19 19:27:14 -------- d-----w- c:\documents and settings\owner\application data\WindowsDatabase
2013-03-14 18:46:55 -------- d-----w- c:\documents and settings\owner\local settings\application data\Luzoavquvg
.
==================== Find3M  ====================
.
2013-03-13 16:51:34 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 16:51:32 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-19 04:28:24 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05:46 43520 ------w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05:46 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53:57 385024 ------w- c:\windows\system32\html.iec
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:16:02 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36:58 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD800BB-75JHC0 rev.06.01C06 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x890AA4B1]<< 
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x890b193c]; MOV EAX, [0x890b1ab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX;  }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8974AAB8]
3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\00000058[0x897889E8]
5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E37D5] -> [0x89786D98]
\Driver\atapi[0x892A9308] -> IRP_MJ_CREATE -> 0x890AA4B1
error: Read  A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a;  }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x890AA2E2
user & kernel MBR OK 
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 19:01:47.48 ===============
 


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:14 PM

Posted 31 March 2013 - 08:13 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Using a good computer download these tools to a Flash driver or CD and copy the files to the desktop of the infected computer. Run the tool from there.

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Please let me know if you have an internet connection, one normal mode or in Safe Mode.

#3 JakerADog

JakerADog
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 31 March 2013 - 02:38 PM

Thanks for helping!
 
ok here is the log from TDSSKiller
 
10:00:16.0890 3420  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:00:16.0921 3420  ============================================================
10:00:16.0921 3420  Current date / time: 2013/03/31 10:00:16.0921
10:00:16.0921 3420  SystemInfo:
10:00:16.0921 3420 
10:00:16.0921 3420  OS Version: 5.1.2600 ServicePack: 3.0
10:00:16.0921 3420  Product type: Workstation
10:00:16.0921 3420  ComputerName: LINDA-YDGOPB45X
10:00:16.0921 3420  UserName: Owner
10:00:16.0921 3420  Windows directory: C:\WINDOWS
10:00:16.0921 3420  System windows directory: C:\WINDOWS
10:00:16.0921 3420  Processor architecture: Intel x86
10:00:16.0921 3420  Number of processors: 1
10:00:16.0921 3420  Page size: 0x1000
10:00:16.0921 3420  Boot type: Normal boot
10:00:16.0921 3420  ============================================================
10:00:18.0859 3420  Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:00:18.0859 3420  Drive \Device\Harddisk1\DR1 - Size: 0xDF8475800 (55.88 Gb), SectorSize: 0x200, Cylinders: 0x1C7E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:00:18.0875 3420  Drive \Device\Harddisk2\DR7 - Size: 0x3C7C00000 (15.12 Gb), SectorSize: 0x200, Cylinders: 0x7B5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:00:18.0875 3420  ============================================================
10:00:18.0875 3420  \Device\Harddisk0\DR0:
10:00:18.0875 3420  MBR partitions:
10:00:18.0875 3420  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94FE97E
10:00:18.0875 3420  \Device\Harddisk1\DR1:
10:00:18.0875 3420  MBR partitions:
10:00:18.0875 3420  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x6FB03FA
10:00:18.0875 3420  \Device\Harddisk2\DR7:
10:00:18.0875 3420  MBR partitions:
10:00:18.0875 3420  \Device\Harddisk2\DR7\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1E3DFC1
10:00:18.0875 3420  ============================================================
10:00:18.0921 3420  C: <-> \Device\Harddisk0\DR0\Partition1
10:00:18.0984 3420  F: <-> \Device\Harddisk1\DR1\Partition1
10:00:18.0984 3420  ============================================================
10:00:18.0984 3420  Initialize success
10:00:18.0984 3420  ============================================================
10:00:30.0625 3876  ============================================================
10:00:30.0625 3876  Scan started
10:00:30.0625 3876  Mode: Manual; SigCheck; TDLFS;
10:00:30.0625 3876  ============================================================
10:00:31.0000 3876  ================ Scan system memory ========================
10:00:31.0000 3876  System memory - ok
10:00:31.0015 3876  ================ Scan services =============================
10:00:31.0156 3876  Abiosdsk - ok
10:00:31.0203 3876  abp480n5 - ok
10:00:31.0281 3876  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:00:34.0093 3876  ACPI - ok
10:00:34.0140 3876  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
10:00:34.0437 3876  ACPIEC - ok
10:00:34.0562 3876  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:00:34.0640 3876  AdobeFlashPlayerUpdateSvc - ok
10:00:34.0656 3876  adpu160m - ok
10:00:34.0734 3876  [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio         C:\WINDOWS\system32\drivers\aeaudio.sys
10:00:34.0859 3876  aeaudio - ok
10:00:34.0921 3876  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
10:00:35.0250 3876  aec - ok
10:00:35.0312 3876  [ 2C5C22990156A1063E19AD162191DC1D ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
10:00:35.0343 3876  AegisP ( UnsignedFile.Multi.Generic ) - warning
10:00:35.0343 3876  AegisP - detected UnsignedFile.Multi.Generic (1)
10:00:35.0421 3876  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
10:00:35.0562 3876  AFD - ok
10:00:35.0578 3876  Aha154x - ok
10:00:35.0593 3876  aic78u2 - ok
10:00:35.0609 3876  aic78xx - ok
10:00:35.0671 3876  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
10:00:35.0953 3876  Alerter - ok
10:00:35.0984 3876  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
10:00:36.0265 3876  ALG - ok
10:00:36.0296 3876  AliIde - ok
10:00:36.0312 3876  amsint - ok
10:00:36.0343 3876  AppMgmt - ok
10:00:36.0359 3876  asc - ok
10:00:36.0390 3876  asc3350p - ok
10:00:36.0406 3876  asc3550 - ok
10:00:36.0546 3876  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:00:36.0656 3876  aspnet_state - ok
10:00:36.0703 3876  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:00:36.0984 3876  AsyncMac - ok
10:00:37.0015 3876  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
10:00:37.0343 3876  atapi - ok
10:00:37.0375 3876  Atdisk - ok
10:00:37.0453 3876  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:00:37.0750 3876  Atmarpc - ok
10:00:37.0812 3876  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
10:00:38.0093 3876  AudioSrv - ok
10:00:38.0156 3876  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
10:00:38.0437 3876  audstub - ok
10:00:38.0843 3876  [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent     C:\Program Files\AVG\AVG2013\avgidsagent.exe
10:00:39.0359 3876  AVGIDSAgent - ok
10:00:39.0406 3876  [ 7BB2C605094DBCA536D127B434214862 ] AVGIDSDriver    C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
10:00:39.0500 3876  AVGIDSDriver - ok
10:00:39.0562 3876  [ 8F50F98686C9A397A19FCBAE284DB1C5 ] AVGIDSHX        C:\WINDOWS\system32\DRIVERS\avgidshx.sys
10:00:39.0609 3876  AVGIDSHX - ok
10:00:39.0625 3876  [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim      C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
10:00:39.0687 3876  AVGIDSShim - ok
10:00:39.0765 3876  [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86        C:\WINDOWS\system32\DRIVERS\avgldx86.sys
10:00:39.0828 3876  Avgldx86 - ok
10:00:39.0906 3876  [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx         C:\WINDOWS\system32\DRIVERS\avglogx.sys
10:00:39.0968 3876  Avglogx - ok
10:00:40.0015 3876  [ AF7AA9BA434CD28833A66E90993E8DFD ] Avgmfx86        C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
10:00:40.0062 3876  Avgmfx86 - ok
10:00:40.0078 3876  [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86        C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
10:00:40.0140 3876  Avgrkx86 - ok
10:00:40.0203 3876  [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix         C:\WINDOWS\system32\DRIVERS\avgtdix.sys
10:00:40.0250 3876  Avgtdix - ok
10:00:40.0312 3876  [ CAE7B6E4D7EB17829C526153D19B9C95 ] avgtp           C:\WINDOWS\system32\drivers\avgtpx86.sys
10:00:40.0359 3876  avgtp - ok
10:00:40.0437 3876  [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd           C:\Program Files\AVG\AVG2013\avgwdsvc.exe
10:00:40.0500 3876  avgwd - ok
10:00:40.0609 3876  [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc           C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
10:00:40.0703 3876  BBSvc - ok
10:00:40.0734 3876  [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate        C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
10:00:40.0812 3876  BBUpdate - ok
10:00:40.0875 3876  [ B60F57B4D9CDBC663CC03EB8AF7EC34E ] bcm4sbxp        C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
10:00:40.0968 3876  bcm4sbxp - ok
10:00:41.0078 3876  [ 41347688046D49CDE0F6D138A534F73D ] BCMModem        C:\WINDOWS\system32\DRIVERS\BCMSM.sys
10:00:41.0312 3876  BCMModem - ok
10:00:41.0359 3876  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
10:00:41.0656 3876  Beep - ok
10:00:41.0734 3876  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
10:00:42.0062 3876  BITS - ok
10:00:42.0125 3876  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
10:00:42.0265 3876  Browser - ok
10:00:42.0328 3876  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
10:00:42.0640 3876  cbidf2k - ok
10:00:42.0750 3876  [ 8EF654045E518AC00E52E7A1E2D3AD70 ] CCALib8         C:\Program Files\Canon\CAL\CALMAIN.exe
10:00:42.0781 3876  CCALib8 ( UnsignedFile.Multi.Generic ) - warning
10:00:42.0781 3876  CCALib8 - detected UnsignedFile.Multi.Generic (1)
10:00:42.0796 3876  cd20xrnt - ok
10:00:42.0875 3876  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
10:00:43.0171 3876  Cdaudio - ok
10:00:43.0234 3876  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
10:00:43.0531 3876  Cdfs - ok
10:00:43.0578 3876  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:00:43.0968 3876  Cdrom - ok
10:00:44.0000 3876  Changer - ok
10:00:44.0078 3876  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
10:00:44.0359 3876  CiSvc - ok
10:00:44.0406 3876  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
10:00:44.0718 3876  ClipSrv - ok
10:00:44.0796 3876  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:00:45.0078 3876  clr_optimization_v2.0.50727_32 - ok
10:00:45.0093 3876  CmdIde - ok
10:00:45.0125 3876  COMSysApp - ok
10:00:45.0156 3876  Cpqarray - ok
10:00:45.0234 3876  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
10:00:45.0515 3876  CryptSvc - ok
10:00:45.0546 3876  dac2w2k - ok
10:00:45.0578 3876  dac960nt - ok
10:00:45.0656 3876  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
10:00:45.0828 3876  DcomLaunch - ok
10:00:45.0890 3876  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
10:00:46.0187 3876  Dhcp - ok
10:00:46.0250 3876  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
10:00:46.0546 3876  Disk - ok
10:00:46.0562 3876  dmadmin - ok
10:00:46.0640 3876  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
10:00:47.0000 3876  dmboot - ok
10:00:47.0078 3876  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
10:00:47.0375 3876  dmio - ok
10:00:47.0406 3876  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
10:00:47.0734 3876  dmload - ok
10:00:47.0796 3876  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
10:00:48.0093 3876  dmserver - ok
10:00:48.0125 3876  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
10:00:48.0437 3876  DMusic - ok
10:00:48.0468 3876  [ D2EE54CDBCED01D48F2B18642BE79A98 ] DNINDIS5        C:\WINDOWS\system32\DNINDIS5.SYS
10:00:48.0578 3876  DNINDIS5 ( UnsignedFile.Multi.Generic ) - warning
10:00:48.0578 3876  DNINDIS5 - detected UnsignedFile.Multi.Generic (1)
10:00:48.0656 3876  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
10:00:48.0890 3876  Dnscache - ok
10:00:48.0968 3876  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
10:00:49.0250 3876  Dot3svc - ok
10:00:49.0265 3876  dpti2o - ok
10:00:49.0312 3876  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
10:00:49.0609 3876  drmkaud - ok
10:00:49.0671 3876  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
10:00:49.0968 3876  EapHost - ok
10:00:50.0046 3876  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
10:00:50.0328 3876  ERSvc - ok
10:00:50.0375 3876  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
10:00:50.0515 3876  Eventlog - ok
10:00:50.0578 3876  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\System32\es.dll
10:00:50.0718 3876  EventSystem - ok
10:00:50.0781 3876  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
10:00:51.0062 3876  Fastfat - ok
10:00:51.0140 3876  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:00:51.0234 3876  FastUserSwitchingCompatibility - ok
10:00:51.0296 3876  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
10:00:51.0593 3876  Fdc - ok
10:00:51.0656 3876  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
10:00:51.0921 3876  Fips - ok
10:00:51.0953 3876  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:00:52.0234 3876  Flpydisk - ok
10:00:52.0296 3876  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
10:00:52.0578 3876  FltMgr - ok
10:00:52.0718 3876  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:00:52.0781 3876  FontCache3.0.0.0 - ok
10:00:52.0812 3876  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:00:53.0109 3876  Fs_Rec - ok
10:00:53.0171 3876  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:00:53.0484 3876  Ftdisk - ok
10:00:53.0546 3876  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:00:53.0828 3876  Gpc - ok
10:00:53.0953 3876  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:00:54.0250 3876  helpsvc - ok
10:00:54.0265 3876  HidServ - ok
10:00:54.0343 3876  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:00:54.0625 3876  HidUsb - ok
10:00:54.0687 3876  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
10:00:54.0984 3876  hkmsvc - ok
10:00:55.0015 3876  hpn - ok
10:00:55.0203 3876  [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
10:00:55.0375 3876  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
10:00:55.0375 3876  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
10:00:55.0437 3876  [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
10:00:55.0515 3876  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
10:00:55.0515 3876  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
10:00:55.0578 3876  [ A04F4AC48895774A2CF9D1C9EAAACEF0 ] HPSLPSVC        C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
10:00:55.0718 3876  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
10:00:55.0718 3876  HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
10:00:55.0781 3876  [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
10:00:56.0031 3876  HPZid412 - ok
10:00:56.0093 3876  [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
10:00:56.0234 3876  HPZipr12 - ok
10:00:56.0296 3876  [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
10:00:56.0406 3876  HPZius12 - ok
10:00:56.0500 3876  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
10:00:56.0625 3876  HTTP - ok
10:00:56.0687 3876  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
10:00:56.0984 3876  HTTPFilter - ok
10:00:57.0000 3876  i2omgmt - ok
10:00:57.0031 3876  i2omp - ok
10:00:57.0109 3876  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:00:57.0390 3876  i8042prt - ok
10:00:57.0484 3876  [ DA58A8BE6A445835F603720C4BC8837E ] ialm            C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
10:00:57.0687 3876  ialm - ok
10:00:57.0859 3876  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:00:58.0015 3876  idsvc - ok
10:00:58.0062 3876  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
10:00:58.0343 3876  Imapi - ok
10:00:58.0421 3876  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\System32\imapi.exe
10:00:58.0718 3876  ImapiService - ok
10:00:58.0750 3876  ini910u - ok
10:00:58.0796 3876  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
10:00:59.0093 3876  IntelIde - ok
10:00:59.0140 3876  [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw           C:\WINDOWS\system32\drivers\ip6fw.sys
10:00:59.0437 3876  ip6fw - ok
10:00:59.0484 3876  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:00:59.0796 3876  IpFilterDriver - ok
10:00:59.0843 3876  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:01:00.0125 3876  IpInIp - ok
10:01:00.0171 3876  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:01:00.0468 3876  IpNat - ok
10:01:00.0515 3876  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:01:00.0812 3876  IPSec - ok
10:01:00.0875 3876  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
10:01:01.0156 3876  IRENUM - ok
10:01:01.0203 3876  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:01:01.0531 3876  isapnp - ok
10:01:01.0625 3876  [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
10:01:01.0687 3876  JavaQuickStarterService - ok
10:01:01.0765 3876  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:01:02.0046 3876  Kbdclass - ok
10:01:02.0109 3876  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:01:02.0390 3876  kbdhid - ok
10:01:02.0453 3876  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
10:01:02.0750 3876  kmixer - ok
10:01:02.0812 3876  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
10:01:02.0953 3876  KSecDD - ok
10:01:03.0062 3876  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
10:01:03.0171 3876  lanmanserver - ok
10:01:03.0250 3876  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:01:03.0328 3876  lanmanworkstation - ok
10:01:03.0359 3876  lbrtfdc - ok
10:01:03.0468 3876  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
10:01:03.0750 3876  LmHosts - ok
10:01:03.0812 3876  [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
10:01:03.0859 3876  MBAMSwissArmy - ok
10:01:03.0968 3876  [ 944B3087B142CD9BF8DA6B3039FBFBA5 ] McciCMService   C:\Program Files\Common Files\Motive\McciCMService.exe
10:01:04.0062 3876  McciCMService ( UnsignedFile.Multi.Generic ) - warning
10:01:04.0062 3876  McciCMService - detected UnsignedFile.Multi.Generic (1)
10:01:04.0140 3876  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
10:01:04.0437 3876  Messenger - ok
10:01:04.0484 3876  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
10:01:04.0796 3876  mnmdd - ok
10:01:04.0859 3876  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
10:01:05.0140 3876  mnmsrvc - ok
10:01:05.0171 3876  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
10:01:05.0468 3876  Modem - ok
10:01:05.0515 3876  [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys
10:01:05.0843 3876  MODEMCSA - ok
10:01:05.0890 3876  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:01:06.0171 3876  Mouclass - ok
10:01:06.0234 3876  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:01:06.0578 3876  mouhid - ok
10:01:06.0625 3876  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
10:01:06.0890 3876  MountMgr - ok
10:01:06.0906 3876  mraid35x - ok
10:01:06.0953 3876  [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50         C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
10:01:07.0046 3876  MREMP50 ( UnsignedFile.Multi.Generic ) - warning
10:01:07.0046 3876  MREMP50 - detected UnsignedFile.Multi.Generic (1)
10:01:07.0093 3876  [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50         C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
10:01:07.0187 3876  MRESP50 ( UnsignedFile.Multi.Generic ) - warning
10:01:07.0187 3876  MRESP50 - detected UnsignedFile.Multi.Generic (1)
10:01:07.0234 3876  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:01:07.0531 3876  MRxDAV - ok
10:01:07.0625 3876  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:01:07.0796 3876  MRxSmb - ok
10:01:07.0875 3876  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
10:01:08.0171 3876  MSDTC - ok
10:01:08.0250 3876  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
10:01:08.0578 3876  Msfs - ok
10:01:08.0593 3876  MSIServer - ok
10:01:08.0656 3876  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:01:08.0953 3876  MSKSSRV - ok
10:01:08.0984 3876  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:01:09.0281 3876  MSPCLOCK - ok
10:01:09.0312 3876  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
10:01:09.0609 3876  MSPQM - ok
10:01:09.0656 3876  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:01:09.0937 3876  mssmbios - ok
10:01:10.0031 3876  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
10:01:10.0156 3876  Mup - ok
10:01:10.0250 3876  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
10:01:10.0562 3876  napagent - ok
10:01:10.0593 3876  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
10:01:10.0890 3876  NDIS - ok
10:01:10.0968 3876  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:01:11.0093 3876  NdisTapi - ok
10:01:11.0125 3876  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:01:11.0406 3876  Ndisuio - ok
10:01:11.0484 3876  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:01:11.0765 3876  NdisWan - ok
10:01:11.0828 3876  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
10:01:11.0968 3876  NDProxy - ok
10:01:12.0046 3876  [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
10:01:12.0093 3876  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:01:12.0093 3876  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:01:12.0125 3876  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
10:01:12.0437 3876  NetBIOS - ok
10:01:12.0484 3876  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
10:01:12.0828 3876  NetBT - ok
10:01:12.0906 3876  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
10:01:13.0203 3876  NetDDE - ok
10:01:13.0218 3876  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
10:01:13.0500 3876  NetDDEdsdm - ok
10:01:13.0562 3876  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\System32\lsass.exe
10:01:13.0843 3876  Netlogon - ok
10:01:13.0921 3876  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
10:01:14.0218 3876  Netman - ok
10:01:14.0296 3876  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:01:14.0359 3876  NetTcpPortSharing - ok
10:01:14.0390 3876  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
10:01:14.0546 3876  Nla - ok
10:01:14.0625 3876  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
10:01:14.0906 3876  Npfs - ok
10:01:14.0953 3876  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
10:01:15.0421 3876  Ntfs - ok
10:01:15.0484 3876  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\System32\lsass.exe
10:01:15.0781 3876  NtLmSsp - ok
10:01:15.0859 3876  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
10:01:16.0156 3876  NtmsSvc - ok
10:01:16.0187 3876  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
10:01:16.0531 3876  Null - ok
10:01:16.0578 3876  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:01:16.0906 3876  NwlnkFlt - ok
10:01:16.0937 3876  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:01:17.0250 3876  NwlnkFwd - ok
10:01:17.0328 3876  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
10:01:17.0656 3876  Parport - ok
10:01:17.0718 3876  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
10:01:18.0031 3876  PartMgr - ok
10:01:18.0109 3876  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
10:01:18.0390 3876  ParVdm - ok
10:01:18.0500 3876  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
10:01:18.0781 3876  PCI - ok
10:01:18.0796 3876  PCIDump - ok
10:01:18.0812 3876  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\drivers\PCIIde.sys
10:01:19.0125 3876  PCIIde - ok
10:01:19.0171 3876  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
10:01:19.0437 3876  Pcmcia - ok
10:01:19.0468 3876  PDCOMP - ok
10:01:19.0484 3876  PDFRAME - ok
10:01:19.0515 3876  PDRELI - ok
10:01:19.0531 3876  PDRFRAME - ok
10:01:19.0562 3876  perc2 - ok
10:01:19.0593 3876  perc2hib - ok
10:01:19.0687 3876  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
10:01:19.0812 3876  PlugPlay - ok
10:01:19.0890 3876  [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
10:01:19.0937 3876  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:01:19.0937 3876  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:01:20.0015 3876  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\System32\lsass.exe
10:01:20.0296 3876  PolicyAgent - ok
10:01:20.0359 3876  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:01:20.0734 3876  PptpMiniport - ok
10:01:20.0859 3876  [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
10:01:21.0375 3876  Processor - ok
10:01:21.0421 3876  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:01:21.0750 3876  ProtectedStorage - ok
10:01:21.0765 3876  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
10:01:22.0062 3876  PSched - ok
10:01:22.0140 3876  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:01:22.0468 3876  Ptilink - ok
10:01:22.0484 3876  ql1080 - ok
10:01:22.0515 3876  Ql10wnt - ok
10:01:22.0531 3876  ql12160 - ok
10:01:22.0562 3876  ql1240 - ok
10:01:22.0578 3876  ql1280 - ok
10:01:22.0609 3876  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:01:22.0906 3876  RasAcd - ok
10:01:22.0968 3876  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
10:01:23.0281 3876  RasAuto - ok
10:01:23.0312 3876  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:01:23.0625 3876  Rasl2tp - ok
10:01:23.0703 3876  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
10:01:24.0000 3876  RasMan - ok
10:01:24.0031 3876  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:01:24.0328 3876  RasPppoe - ok
10:01:24.0359 3876  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
10:01:24.0671 3876  Raspti - ok
10:01:24.0718 3876  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:01:25.0000 3876  Rdbss - ok
10:01:25.0031 3876  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:01:25.0343 3876  RDPCDD - ok
10:01:25.0437 3876  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
10:01:25.0625 3876  RDPWD - ok
10:01:25.0703 3876  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
10:01:25.0984 3876  RDSessMgr - ok
10:01:26.0062 3876  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
10:01:26.0359 3876  redbook - ok
10:01:26.0406 3876  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
10:01:26.0734 3876  RemoteAccess - ok
10:01:26.0781 3876  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\System32\locator.exe
10:01:27.0062 3876  RpcLocator - ok
10:01:27.0109 3876  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
10:01:27.0843 3876  RpcSs - ok
10:01:27.0890 3876  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\System32\rsvp.exe
10:01:28.0218 3876  RSVP - ok
10:01:28.0265 3876  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
10:01:28.0531 3876  SamSs - ok
10:01:28.0593 3876  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
10:01:28.0890 3876  SCardSvr - ok
10:01:28.0953 3876  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
10:01:29.0250 3876  Schedule - ok
10:01:29.0328 3876  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:01:29.0625 3876  Secdrv - ok
10:01:29.0671 3876  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
10:01:30.0000 3876  seclogon - ok
10:01:30.0031 3876  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
10:01:30.0312 3876  SENS - ok
10:01:30.0359 3876  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
10:01:30.0656 3876  serenum - ok
10:01:30.0703 3876  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
10:01:31.0015 3876  Serial - ok
10:01:31.0125 3876  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
10:01:31.0421 3876  Sfloppy - ok
10:01:31.0500 3876  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
10:01:31.0843 3876  SharedAccess - ok
10:01:31.0890 3876  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:01:31.0968 3876  ShellHWDetection - ok
10:01:32.0000 3876  Simbad - ok
10:01:32.0109 3876  [ 70B8DD8707DBF6142530C106365DF67D ] smwdm           C:\WINDOWS\system32\drivers\smwdm.sys
10:01:32.0250 3876  smwdm - ok
10:01:32.0250 3876  Sparrow - ok
10:01:32.0343 3876  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
10:01:32.0640 3876  splitter - ok
10:01:32.0703 3876  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
10:01:32.0843 3876  Spooler - ok
10:01:32.0890 3876  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
10:01:33.0171 3876  sr - ok
10:01:33.0265 3876  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\System32\srsvc.dll
10:01:33.0578 3876  srservice - ok
10:01:33.0656 3876  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
10:01:33.0781 3876  Srv - ok
10:01:33.0843 3876  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
10:01:34.0140 3876  SSDPSRV - ok
10:01:34.0234 3876  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
10:01:34.0562 3876  stisvc - ok
10:01:34.0625 3876  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
10:01:34.0921 3876  swenum - ok
10:01:34.0968 3876  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
10:01:35.0265 3876  swmidi - ok
10:01:35.0296 3876  SwPrv - ok
10:01:35.0328 3876  symc810 - ok
10:01:35.0359 3876  symc8xx - ok
10:01:35.0375 3876  sym_hi - ok
10:01:35.0406 3876  sym_u3 - ok
10:01:35.0468 3876  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
10:01:35.0781 3876  sysaudio - ok
10:01:35.0859 3876  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
10:01:36.0156 3876  SysmonLog - ok
10:01:36.0234 3876  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
10:01:36.0781 3876  TapiSrv - ok
10:01:36.0875 3876  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:01:37.0062 3876  Tcpip - ok
10:01:37.0140 3876  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
10:01:37.0453 3876  TDPIPE - ok
10:01:37.0500 3876  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
10:01:37.0843 3876  TDTCP - ok
10:01:37.0890 3876  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
10:01:38.0312 3876  TermDD - ok
10:01:38.0390 3876  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
10:01:38.0765 3876  TermService - ok
10:01:38.0812 3876  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
10:01:38.0890 3876  Themes - ok
10:01:38.0906 3876  TosIde - ok
10:01:38.0984 3876  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
10:01:39.0281 3876  TrkWks - ok
10:01:39.0343 3876  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
10:01:39.0671 3876  Udfs - ok
10:01:39.0687 3876  ultra - ok
10:01:39.0765 3876  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
10:01:40.0093 3876  Update - ok
10:01:40.0156 3876  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
10:01:40.0453 3876  upnphost - ok
10:01:40.0531 3876  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
10:01:40.0843 3876  UPS - ok
10:01:40.0890 3876  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:01:41.0187 3876  usbccgp - ok
10:01:41.0265 3876  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:01:41.0578 3876  usbehci - ok
10:01:41.0656 3876  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:01:41.0937 3876  usbhub - ok
10:01:42.0000 3876  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:01:42.0296 3876  usbprint - ok
10:01:42.0375 3876  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:01:42.0687 3876  usbscan - ok
10:01:42.0703 3876  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:01:43.0015 3876  USBSTOR - ok
10:01:43.0078 3876  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:01:43.0359 3876  usbuhci - ok
10:01:43.0406 3876  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
10:01:43.0718 3876  VgaSave - ok
10:01:43.0734 3876  ViaIde - ok
10:01:43.0781 3876  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
10:01:44.0078 3876  VolSnap - ok
10:01:44.0140 3876  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
10:01:44.0468 3876  VSS - ok
10:01:44.0484 3876  vToolbarUpdater14.2.0 - ok
10:01:44.0562 3876  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\System32\w32time.dll
10:01:44.0890 3876  W32Time - ok
10:01:44.0968 3876  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:01:45.0437 3876  Wanarp - ok
10:01:45.0468 3876  WDICA - ok
10:01:45.0546 3876  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
10:01:45.0859 3876  wdmaud - ok
10:01:45.0906 3876  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
10:01:46.0218 3876  WebClient - ok
10:01:46.0343 3876  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
10:01:46.0656 3876  winmgmt - ok
10:01:46.0859 3876  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:01:47.0046 3876  wlidsvc - ok
10:01:47.0125 3876  [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
10:01:47.0421 3876  WmdmPmSN - ok
10:01:47.0515 3876  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
10:01:47.0843 3876  WmiApSrv - ok
10:01:47.0875 3876  WPN111 - ok
10:01:47.0953 3876  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
10:01:48.0281 3876  wscsvc - ok
10:01:48.0343 3876  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
10:01:48.0656 3876  wuauserv - ok
10:01:48.0734 3876  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
10:01:49.0078 3876  WZCSVC - ok
10:01:49.0140 3876  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
10:01:49.0421 3876  xmlprov - ok
10:01:49.0468 3876  ================ Scan global ===============================
10:01:49.0546 3876  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
10:01:49.0625 3876  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
10:01:49.0671 3876  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
10:01:49.0718 3876  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
10:01:49.0718 3876  [Global] - ok
10:01:49.0734 3876  ================ Scan MBR ==================================
10:01:49.0765 3876  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
10:01:49.0765 3876  Suspicious mbr (Forged): \Device\Harddisk0\DR0
10:01:49.0796 3876  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
10:01:49.0796 3876  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
10:01:49.0843 3876  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
10:01:49.0843 3876  \Device\Harddisk0\DR0 - detected TDSS File System (1)
10:01:49.0859 3876  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
10:01:50.0156 3876  \Device\Harddisk1\DR1 ( TDSS File System ) - warning
10:01:50.0156 3876  \Device\Harddisk1\DR1 - detected TDSS File System (1)
10:01:50.0171 3876  [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk2\DR7
10:02:02.0875 3876  \Device\Harddisk2\DR7 - ok
10:02:02.0875 3876  ================ Scan VBR ==================================
10:02:02.0890 3876  [ 2F50C0980E8C1A9CE9C6BC15DAC276DE ] \Device\Harddisk0\DR0\Partition1
10:02:02.0890 3876  \Device\Harddisk0\DR0\Partition1 - ok
10:02:02.0921 3876  [ A835762CC9A4ADAED2775D7CC67072CB ] \Device\Harddisk1\DR1\Partition1
10:02:02.0921 3876  \Device\Harddisk1\DR1\Partition1 - ok
10:02:02.0937 3876  [ EE7B221AC2D13ABB3F4CC5707191F6BC ] \Device\Harddisk2\DR7\Partition1
10:02:02.0937 3876  \Device\Harddisk2\DR7\Partition1 - ok
10:02:02.0953 3876  ============================================================
10:02:02.0953 3876  Scan finished
10:02:02.0953 3876  ============================================================
10:02:03.0093 3436  Detected object count: 14
10:02:03.0093 3436  Actual detected object count: 14
10:04:21.0875 3436  AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:21.0875 3436  AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:21.0890 3436  CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:21.0890 3436  CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:21.0890 3436  DNINDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:21.0890 3436  DNINDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:21.0890 3436  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:21.0890 3436  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:21.0890 3436  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:21.0890 3436  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:21.0890 3436  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:21.0890 3436  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:21.0906 3436  McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:21.0906 3436  McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:21.0906 3436  MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:21.0906 3436  MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:21.0906 3436  MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:21.0906 3436  MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:21.0906 3436  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:21.0906 3436  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:21.0921 3436  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:21.0921 3436  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:23.0187 3436  \Device\Harddisk0\DR0\# - copied to quarantine
10:04:23.0187 3436  \Device\Harddisk0\DR0 - copied to quarantine
10:04:23.0250 3436  \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
10:04:23.0281 3436  \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
10:04:23.0328 3436  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
10:04:23.0359 3436  \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
10:04:23.0437 3436  \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
10:04:23.0500 3436  \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
10:04:23.0546 3436  \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
10:04:23.0593 3436  \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
10:04:23.0609 3436  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
10:04:23.0640 3436  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
10:04:23.0671 3436  \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
10:04:23.0687 3436  \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
10:04:23.0750 3436  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
10:04:23.0750 3436  \Device\Harddisk0\DR0 - ok
10:04:24.0796 3436  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
10:04:24.0796 3436  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
10:04:24.0796 3436  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
10:04:24.0812 3436  \Device\Harddisk1\DR1 ( TDSS File System ) - skipped by user
10:04:24.0812 3436  \Device\Harddisk1\DR1 ( TDSS File System ) - User select action: Skip
10:04:43.0046 3780  Deinitialize success
 
 

 

 

 
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-03-31 10:18:09
-----------------------------
10:18:09.218    OS Version: Windows 5.1.2600 Service Pack 3
10:18:09.218    Number of processors: 1 586 0x103
10:18:09.218    ComputerName: LINDA-YDGOPB45X  UserName: Owner
10:18:10.640    Initialize success
10:18:37.546    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
10:18:37.546    Disk 0 Vendor: WDC_WD800BB-75JHC0 06.01C06 Size: 76293MB BusType: 3
10:18:37.546    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
10:18:37.546    Disk 1 Vendor: WDC_WD600BB-75CAA0 16.06V16 Size: 57220MB BusType: 3
10:18:37.703    Disk 0 MBR read successfully
10:18:37.703    Disk 0 MBR scan
10:18:37.703    Disk 0 Windows XP default MBR code
10:18:37.703    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        76285 MB offset 63
10:18:37.718    Disk 0 scanning sectors +156232125
10:18:37.859    Disk 0 scanning C:\WINDOWS\system32\drivers
10:18:49.125    Service scanning
10:19:11.484    Modules scanning
10:19:23.156    Disk 0 trace - called modules:
10:19:23.187    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
10:19:23.703    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8974aab8]
10:19:23.703    3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000059[0x89743f18]
10:19:23.703    5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x89786d98]
10:19:23.718    Scan finished successfully
10:42:36.703    Disk 0 MBR has been saved successfully to "G:\BCF\hud\MBR.dat"
10:42:36.765    The log file has been saved successfully to "G:\BCF\hud\aswMBR.txt"
 

 

 

Internet does appear to be working again.

 

 


 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:14 PM

Posted 01 April 2013 - 07:46 AM

I think we are making progress.

Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#5 JakerADog

JakerADog
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 01 April 2013 - 08:02 PM

Here are the logs.

 

ComboFix 13-04-01.01 - Owner 04/01/2013  17:21:09.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1278.895 [GMT -7:00]
Running from: g:\bcf\hud\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Cache
c:\windows\system32\Cache\09f6159239363830.fb
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\8f569c463a816d1a.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\bd0f3e20c540da83.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-02 to 2013-04-02  )))))))))))))))))))))))))))))))
.
.
2013-03-31 17:11 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-31 17:11 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-03-19 19:27 . 2013-03-19 19:29 -------- d-----w- c:\documents and settings\Owner\Application Data\WindowsDatabase
2013-03-17 16:03 . 2013-03-17 16:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Luzoavquvg
2013-03-14 18:46 . 2013-03-14 18:46 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Luzoavquvg
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 16:51 . 2012-10-04 00:58 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 16:51 . 2012-10-04 00:58 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-19 04:28 . 2012-12-27 02:54 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-02-12 00:32 . 2012-10-03 02:38 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2003-07-16 20:49 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 20:05 . 2003-07-16 20:51 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05 . 2003-07-16 20:32 43520 ------w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05 . 2003-07-16 20:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53 . 2012-10-03 02:38 385024 ------w- c:\windows\system32\html.iec
2013-01-26 03:55 . 2003-07-16 20:40 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:16 . 2003-07-16 20:39 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36 . 2002-08-29 01:04 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2003-07-16 20:51 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2003-07-16 20:42 1292288 ----a-w- c:\windows\system32\quartz.dll
2013-01-02 06:49 . 2003-07-16 20:34 148992 ----a-w- c:\windows\system32\mpg2splt.ax
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-06-12 00:22 1307728 ----a-w- c:\program files\Microsoft\BingBar\7.1.391.0\BingExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/21/2012 4:46 AM 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/31/2012 4:46 AM 35552]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/22/2012 5:25 AM 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [3/19/2012 5:17 AM 164832]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [12/26/2012 7:54 PM 33112]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [10/22/2012 2:05 PM 196664]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [6/11/2012 5:22 PM 240208]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [11/16/2012 12:34 AM 5814904]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [6/11/2012 5:22 PM 193616]
S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [11/18/2012 7:42 AM 17149]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys --> c:\windows\system32\DRIVERS\WPN111.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ    HPSLPSVC
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-04 16:52]
.
2013-04-02 c:\windows\Tasks\User_Feed_Synchronization-{6D6A4CD6-B598-4285-9C27-5056F8FAE281}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 10.0.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
SafeBoot-49315620.sys
SafeBoot-67450101.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-01 17:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-746137067-515967899-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,32,13,9d,f7,aa,90,39,45,98,8c,ea,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,32,13,9d,f7,aa,90,39,45,98,8c,ea,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-04-01  17:33:25
ComboFix-quarantined-files.txt  2013-04-02 00:33
.
Pre-Run: 61,142,335,488 bytes free
Post-Run: 61,365,100,544 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - E1B7661FA983F1C34D07E4ACA73948F5
 

 

 

 

 

 Results of screen317's Security Check version 0.99.61 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 AVG 2013    
 AVG 2012    
 AVG 2013    
 ESET Online Scanner v3  
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.70.0.1100 
 CCleaner    
 Java 7 Update 9 
 Java version out of Date!
````````Process Check: objlist.exe by Laurent```````` 
 AVG avgwdsvc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

 

 

 

# AdwCleaner v2.115 - Logfile created 04/01/2013 at 17:40:37
# Updated 17/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - LINDA-YDGOPB45X
# Boot Mode : Normal
# Running from : G:\BCF\hud\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [4631 octets] - [24/03/2013 07:07:58]
AdwCleaner[S2].txt - [834 octets] - [24/03/2013 13:54:18]
AdwCleaner[S3].txt - [757 octets] - [25/03/2013 18:07:02]
AdwCleaner[S4].txt - [686 octets] - [01/04/2013 17:40:37]

########## EOF - C:\AdwCleaner[S4].txt - [745 octets] ##########

 

 

It seems to be working a lot better now. 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:14 PM

Posted 02 April 2013 - 08:08 AM

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java 7 Update 9


Java 7 update 10 introduced important new security controls
You can read about it here.
http://nakedsecurity.sophos.com/2012/12/19/java-7-update-10-introduces-important-new-security-controls/

Note
Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
http://www.benedelman.org/images/iac-jan13/ask-iac-011613-small.png
I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
===

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
  • ===

    To remove AdwCleaner.

    Please double click on AdwCleaner.exe to run the tool.
    Click on Uninstall.
    Confirm with Yes.

    If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

    Delete the other tools we used.
    You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

    Surf Safely, and Think Prevention!
    ===


#7 JakerADog

JakerADog
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 02 April 2013 - 07:32 PM

Thank you very much, the computer seems to be back to normal. I appreciate all the guidance.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:14 PM

Posted 03 April 2013 - 08:34 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users