Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hacked - Not Sure How or Where & What the Hackers Got


  • This topic is locked This topic is locked
41 replies to this topic

#1 Rosenberg

Rosenberg

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:05 PM

Posted 22 January 2015 - 10:52 PM

Hi there,

 

I received a frightening call at work today, and I have no idea where or who to turn to to resolve my problem.  I'm hoping you will be able to shed some light on this.

 

A woman contacted me and identified herself as calling from "Bank Invest Capital" and said that a person using my name had requested information from them back in August.  I know absolutely that I did no such thing. 

 

I looked up this "Bank Invest Capital" on google and they are a scam outfit operating out of the Seychalles.

 

I don't know who's been hacked.  I need to ensure that these fraud artists can't access my bank accounts.  Where would I start to look?  Contact the bank and shut everything down?  I've changed my email password, but I'm wondering if I should just close the account.

 

If you have any ideas on how this happened and how I can prevent any damages to myself, I would be forever grateful.

 

Thank you!


Edited by Oh My!, 25 January 2015 - 08:43 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:05 PM

Posted 25 January 2015 - 08:43 PM

Greetings Rosenberg and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. I have removed specific email address information to protect your interests.

Please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Rosenberg

Rosenberg
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:05 PM

Posted 26 January 2015 - 01:50 AM

Hi Gary,
 
First, thank you for your support! Second, this is an amazing amount of personal information to be sending to someone whom I have never met...okay, nothing ventured, nothing gained (deep breath).

I didn't save the Farbar Recovery Scan Tool on my desktop; I will move it there as soon as I sign off here.

Thanks again,
Sharon
 
Here's the contents of one of the txt. files:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2015 01
Ran by User (administrator) on HOMEPC on 25-01-2015 23:18:54
Running from C:\Documents and Settings\User\My Documents\Downloads
Loaded Profiles: User (Available profiles: User & backup & Jenny Calendar & Fredisadmin)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(PeerBlock, LLC) C:\Program Files\PeerBlock\peerblock.exe
(Author - Igor Vigdorchik) C:\Documents and Settings\User\My Documents\Downloaded Applications\StickyNotes\StickyNotes.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-23] (AVAST Software)
HKLM\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
HKU\S-1-5-21-602162358-2049760794-682003330-1003\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2122824 2014-01-14] (PeerBlock, LLC)
HKU\S-1-5-21-602162358-2049760794-682003330-1003\...\Run: [uTorrent] => C:\Documents and Settings\User\Application Data\uTorrent\uTorrent.exe [1385808 2015-01-10] (BitTorrent Inc.)
IFEO\hpqtra08.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\utorrent.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Sticky Notes.lnk
ShortcutTarget: Sticky Notes.lnk -> C:\Documents and Settings\User\My Documents\Downloaded Applications\StickyNotes\StickyNotes.exe (Author - Igor Vigdorchik)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-602162358-2049760794-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-602162358-2049760794-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-602162358-2049760794-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-602162358-2049760794-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> {CF49125D-FBA8-47CD-B46F-628DEEE6C6B8} URL = https://startpage.com/do/search?query={searchTerms}&trackid=sp-001
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-602162358-2049760794-682003330-1003 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-602162358-2049760794-682003330-1003 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid={5032B903-6E2D-495B-AFE2-6AFE641EA363}&mid=741ae85aea467105845063b2cf04e2cf-9f50abf84f3edb7e051ec6527fdde44883bdd0fa&lang=en&ds=AVG&pr=pr&d=2012-10-22 22:11:01&v=13.2.0.3&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-602162358-2049760794-682003330-1003 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
SearchScopes: HKU\S-1-5-21-602162358-2049760794-682003330-1003 -> {CF49125D-FBA8-47CD-B46F-628DEEE6C6B8} URL = https://startpage.com/do/search?query={searchTerms}&trackid=sp-001
SearchScopes: HKU\S-1-5-21-602162358-2049760794-682003330-1003 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-602162358-2049760794-682003330-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1350607551000
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A28AA372-27D5-4E1E-836F-A60223137340}: [NameServer] 95.211.10.3

FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\k1mrtuv5.default-1411236290906
FF DefaultSearchEngine: Google
FF Homepage: hxxp://preview.msn.com/en-ca/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF user.js: detected! => C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\k1mrtuv5.default-1411236290906\user.js
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: ZenMate Security &amp; Privacy VPN - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\k1mrtuv5.default-1411236290906\Extensions\firefox@zenmate.com.xpi [2015-01-02]
FF Extension: Adblock Plus - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\k1mrtuv5.default-1411236290906\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-20]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-10-21]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\18.1.9.799
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-18]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-14]
FF HKU\S-1-5-21-602162358-2049760794-682003330-1003\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR Profile: C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-19]
CHR Extension: (Google Drive) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-19]
CHR Extension: (YouTube) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-19]
CHR Extension: (Google Search) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-19]
CHR Extension: (avast! Online Security) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-19]
CHR Extension: (Google Wallet) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-19]
CHR Extension: (Gmail) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-19]
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-23]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\ChromeExt\13.2.0.5\avg.crx [2012-11-09]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-23] (AVAST Software)
R2 avgfws; C:\Program Files\AVG\AVG2013\avgfws.exe [1432592 2014-11-04] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [660992 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-07-26] (Nitro PDF Software)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [1858360 2014-07-14] (AVG)
R2 UxTuneUp; C:\WINDOWS\System32\uxtuneup.dll [35640 2014-07-14] (AVG)
R2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-23] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-23] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-11-23] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-23] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-11-23] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-11-23] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-11-23] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-23] ()
R3 Avgfwdx; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
S3 Avgfwfd; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [208184 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22328 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [172856 2014-11-04] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [39224 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [182584 2014-10-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42784 2014-08-11] (AVG Technologies)
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2009-05-18] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2009-05-18] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2009-05-18] (HP)
R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [54360 2014-10-01] (Malwarebytes Corporation)
R3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [19016 2014-01-14] ()
S3 RT73; C:\WINDOWS\System32\DRIVERS\Dr71WU.sys [245504 2007-03-05] (Ralink Technology, Corp.) [File not signed]
R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [13120 2013-08-25] ()
R3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 tapoas; C:\WINDOWS\System32\DRIVERS\tapoas.sys [26112 2010-08-03] (The OpenVPN Project) [File not signed]
R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [12320 2013-09-18] (TuneUp Software)
S3 catchme; \??\C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys [X]
S4 hpt3xx; No ImagePath
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 23:18 - 2015-01-25 23:19 - 00000000 ____D () C:\FRST
2015-01-24 17:24 - 2015-01-24 20:51 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Car Shopping
2015-01-14 20:11 - 2015-01-14 20:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-10 23:06 - 2015-01-10 23:56 - 00000888 _____ () C:\Documents and Settings\All Users\Desktop\VPN Watcher.lnk
2015-01-10 23:06 - 2015-01-10 23:56 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\VPN Watcher
2015-01-10 23:06 - 2015-01-10 23:06 - 00000000 ____D () C:\Program Files\UGD Software
2015-01-10 23:06 - 2015-01-10 23:06 - 00000000 ____D () C:\Documents and Settings\User\Application Data\VPN Watcher
2015-01-10 19:07 - 2015-01-10 19:07 - 00000762 _____ () C:\Documents and Settings\All Users\Desktop\OpenVPN GUI.lnk
2015-01-10 19:06 - 2015-01-10 19:07 - 00000000 ____D () C:\Program Files\TAP-Windows
2015-01-10 19:06 - 2015-01-10 19:07 - 00000000 ____D () C:\Program Files\OpenVPN
2015-01-10 19:06 - 2015-01-10 19:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\OpenVPN
2015-01-10 19:06 - 2015-01-10 19:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TAP-Windows

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 23:19 - 2014-05-03 00:30 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\temp
2015-01-25 23:18 - 2012-10-22 21:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2015-01-25 23:13 - 2014-03-16 17:22 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-25 15:56 - 2014-05-03 02:16 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-01-25 15:55 - 2010-06-14 11:18 - 01863194 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-25 14:23 - 2012-10-21 16:46 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Job Stuff
2015-01-25 13:56 - 2010-06-14 11:53 - 00002521 _____ () C:\Documents and Settings\User\Desktop\Microsoft Office Outlook 2003.lnk
2015-01-25 13:13 - 2010-06-09 06:45 - 00032178 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-24 20:54 - 2012-10-27 19:33 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Downloaded Applications
2015-01-24 17:57 - 2013-11-13 20:07 - 00878395 _____ () C:\WINDOWS\setupapi.log
2015-01-24 17:52 - 2013-04-21 21:26 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Weekly Back Up
2015-01-24 17:27 - 2001-08-18 07:00 - 00000650 _____ () C:\WINDOWS\win.ini
2015-01-24 17:25 - 2013-11-15 18:27 - 00000774 _____ () C:\WINDOWS\setupact.log
2015-01-24 17:25 - 2012-10-25 23:22 - 00000000 ____D () C:\Program Files\PeerBlock
2015-01-24 17:24 - 2010-06-08 09:31 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-01-24 17:24 - 2010-06-08 09:31 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-01-24 17:24 - 2001-08-18 07:00 - 00013002 _____ () C:\WINDOWS\system32\wpa.dbl
2015-01-24 17:23 - 2014-03-11 17:36 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-01-24 17:23 - 2010-06-08 16:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-24 16:59 - 2012-10-21 00:23 - 00131072 _____ () C:\WINDOWS\system32\config\TuneUp.evt
2015-01-24 16:53 - 2010-06-09 06:52 - 00000278 ___SH () C:\Documents and Settings\User\ntuser.ini
2015-01-24 16:51 - 2010-06-08 09:15 - 00000000 ____D () C:\WINDOWS\twain_32
2015-01-24 15:03 - 2012-10-21 16:46 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Directions
2015-01-24 00:29 - 2014-03-16 17:22 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-24 00:29 - 2014-03-16 17:22 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-24 00:20 - 2012-10-22 15:05 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-21 00:10 - 2012-10-22 08:48 - 00000000 ____D () C:\Documents and Settings\User\Application Data\HpUpdate
2015-01-19 06:00 - 2012-10-18 19:53 - 00000244 _____ () C:\WINDOWS\Tasks\doc_bkp.job
2015-01-18 12:08 - 2013-04-06 19:06 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-01-18 11:17 - 2010-06-14 11:51 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-01-18 11:17 - 2010-06-08 09:28 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-16 19:10 - 2012-10-24 13:29 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Inspirational
2015-01-14 03:07 - 2013-08-11 20:40 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-12 22:18 - 2012-10-21 16:48 - 00000000 ____D () C:\Documents and Settings\User\My Documents\My Stuff
2015-01-12 22:12 - 2012-11-13 23:06 - 00000000 ____D () C:\Documents and Settings\User\Application Data\uTorrent
2015-01-11 21:46 - 2013-04-06 20:23 - 00040960 _____ () C:\Program Files\Uninstall_CDS.exe
2015-01-10 00:39 - 2012-10-21 16:44 - 00000000 ____D () C:\Documents and Settings\User\My Documents\BtVS
2015-01-08 15:00 - 2014-03-11 17:36 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-01-04 21:20 - 2010-06-08 09:15 - 00000000 ____D () C:\WINDOWS\Help
2015-01-01 16:46 - 2013-02-10 11:36 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Finances
2014-12-31 13:15 - 2012-10-18 17:15 - 110348472 ____N (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-29 19:58 - 2012-12-13 20:53 - 00000000 ____D () C:\Program Files\AVG Secure Search
2014-12-29 19:58 - 2012-10-22 21:10 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search
2014-12-28 17:59 - 2012-10-21 16:49 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Recipes
2014-12-26 18:48 - 2014-12-20 18:48 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Xmas

==================== Files in the root of some directories =======

2013-05-21 06:06 - 2014-06-22 12:51 - 0003728 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2013-04-06 20:23 - 2015-01-11 21:46 - 0040960 _____ () C:\Program Files\Uninstall_CDS.exe
2013-05-22 22:04 - 2013-05-22 22:04 - 0009349 _____ () C:\Documents and Settings\User\Application Data\Comma Separated Values (DOS).EML
2012-10-21 16:41 - 2014-05-27 08:53 - 0049152 _____ () C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-31 19:03 - 2014-08-31 19:03 - 0000072 _____ () C:\Documents and Settings\User\Local Settings\Application Data\FASTWiz.log
2008-02-05 12:28 - 2008-02-05 12:28 - 0000051 _____ () C:\Documents and Settings\User\Local Settings\Application Data\setup.txt
2013-11-03 19:59 - 2012-11-14 01:00 - 0000000 _____ () C:\Documents and Settings\User\Local Settings\Application Data\Web Data

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
 
Next .txt file:
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-01-2015 01
Ran by User at 2015-01-25 23:20:45
Running from C:\Documents and Settings\User\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2013 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: AVG Internet Security 2013 (Disabled) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall (Disabled) {8decf618-9569-4340-b34a-d78d28969b66}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-602162358-2049760794-682003330-1003\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
4500_G510gm_Help (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510gm (Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510gm_Software_Min (Version: 000.0.423.000 - Hewlett-Packard) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.287 - Adobe Systems Incorporated)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3495 - AVG Technologies)
AVG 2013 (Version: 13.0.3495 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.4257 - AVG Technologies) Hidden
AVG PC TuneUp 2014 (en-US) (Version: 14.0.1001.519 - AVG) Hidden
AVG PC TuneUp 2014 (HKLM\...\AVG PC TuneUp) (Version: 14.0.1001.519 - AVG)
AVG PC TuneUp 2014 (Version: 14.0.1001.519 - AVG) Hidden
AVG PC TuneUp Language Pack (en-US) (Version: 12.0.4020.9 - AVG Technologies) Hidden
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4746 - CDBurnerXP)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DocMgr (Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
FBReader for Windows (HKLM\...\FBReader for Windows) (Version:  - )
GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel® Network Connections 13.1.33.0 (HKLM\...\{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}) (Version: 13.1.33.0 - Intel)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MOBI to PDF Converter 1.0 (HKLM\...\MOBI to PDF Converter_is1) (Version:  - PDFConvertOnline)
Mozilla Firefox 35.0 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
Network (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Nitro Reader 3 (HKLM\...\{F5451D00-B448-4E9A-82DC-1929F4F1910D}) (Version: 3.5.6.5 - Nitro)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OpenVPN 2.3.6-I001  (HKLM\...\OpenVPN) (Version: 2.3.6-I001 - )
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.3620 - Analog Devices)
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VPN Watcher (HKLM\...\{0F8B2A77-9740-4086-A037-93BAA30EB99E}) (Version: 2.0.4 - UGD Software)
WD Diagnostics (HKLM\...\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}) (Version: 1.09.0002 - Western Digital Technologies)
WebFldrs XP (Version: 9.50.5318 - Microsoft Corporation) Hidden
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows XP Icons Manager 2.1 (HKLM\...\WindowsXPIconsManager) (Version: 2.1 - WindowsXPIconsManager Software Inc)
WinX HD Video Converter Deluxe 3.12.6 (HKLM\...\WinX HD Video Converter Deluxe_is1) (Version:  - Digiarty Software,Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

05-11-2014 16:24:48 System Checkpoint
06-11-2014 17:24:49 System Checkpoint
07-11-2014 18:24:50 System Checkpoint
08-11-2014 22:20:59 System Checkpoint
09-11-2014 22:23:50 System Checkpoint
11-11-2014 13:17:43 System Checkpoint
12-11-2014 13:24:51 System Checkpoint
12-11-2014 18:50:06 Software Distribution Service 3.0
13-11-2014 23:12:53 System Checkpoint
15-11-2014 03:13:15 System Checkpoint
16-11-2014 03:24:40 System Checkpoint
17-11-2014 03:37:11 System Checkpoint
18-11-2014 04:24:39 System Checkpoint
19-11-2014 05:48:41 System Checkpoint
20-11-2014 05:58:57 System Checkpoint
21-11-2014 06:46:55 System Checkpoint
22-11-2014 21:30:52 Software Distribution Service 3.0
22-11-2014 22:24:48 Software Distribution Service 3.0
23-11-2014 00:14:13 Software Distribution Service 3.0
23-11-2014 02:32:07 Software Distribution Service 3.0
23-11-2014 03:47:54 avast! antivirus system restore point
24-11-2014 04:23:47 System Checkpoint
25-11-2014 05:55:16 System Checkpoint
26-11-2014 06:07:08 System Checkpoint
27-11-2014 07:33:11 System Checkpoint
28-11-2014 08:23:17 System Checkpoint
29-11-2014 08:43:37 System Checkpoint
30-11-2014 09:57:38 System Checkpoint
01-12-2014 10:55:37 System Checkpoint
02-12-2014 11:10:55 System Checkpoint
03-12-2014 11:14:49 System Checkpoint
04-12-2014 11:34:11 System Checkpoint
05-12-2014 12:09:40 System Checkpoint
06-12-2014 12:43:36 System Checkpoint
07-12-2014 14:27:08 System Checkpoint
08-12-2014 14:43:24 System Checkpoint
09-12-2014 15:43:28 System Checkpoint
09-12-2014 20:32:07 Software Distribution Service 3.0
10-12-2014 23:12:20 System Checkpoint
12-12-2014 00:47:10 System Checkpoint
13-12-2014 02:44:44 System Checkpoint
14-12-2014 04:08:16 System Checkpoint
15-12-2014 04:43:22 System Checkpoint
16-12-2014 05:59:47 System Checkpoint
17-12-2014 06:43:20 System Checkpoint
18-12-2014 08:36:56 System Checkpoint
19-12-2014 09:12:41 System Checkpoint
20-12-2014 09:43:22 System Checkpoint
21-12-2014 10:55:23 System Checkpoint
22-12-2014 11:55:53 System Checkpoint
23-12-2014 13:11:47 System Checkpoint
25-12-2014 00:24:00 System Checkpoint
26-12-2014 02:57:03 System Checkpoint
27-12-2014 03:43:26 System Checkpoint
28-12-2014 04:43:18 System Checkpoint
29-12-2014 06:07:18 System Checkpoint
30-12-2014 06:43:15 System Checkpoint
31-12-2014 07:43:14 System Checkpoint
01-01-2015 08:43:14 System Checkpoint
02-01-2015 09:43:14 System Checkpoint
03-01-2015 10:43:14 System Checkpoint
04-01-2015 11:43:09 System Checkpoint
05-01-2015 12:43:09 System Checkpoint
06-01-2015 12:55:41 System Checkpoint
07-01-2015 13:43:14 System Checkpoint
07-01-2015 18:22:11 Removed Compatibility Pack for the 2007 Office system
08-01-2015 22:34:33 System Checkpoint
10-01-2015 02:13:03 System Checkpoint
10-01-2015 19:00:42 Removed OpenVPN Client
10-01-2015 23:06:29 Installed VPN Watcher
11-01-2015 23:33:33 System Checkpoint
13-01-2015 00:22:58 System Checkpoint
14-01-2015 01:23:01 System Checkpoint
14-01-2015 03:00:17 Software Distribution Service 3.0
15-01-2015 03:22:59 System Checkpoint
16-01-2015 04:23:01 System Checkpoint
17-01-2015 06:59:52 System Checkpoint
18-01-2015 07:35:01 System Checkpoint
18-01-2015 10:04:04 Software Distribution Service 3.0
18-01-2015 11:17:43 Installed Compatibility Pack for the 2007 Office system
19-01-2015 03:00:24 Software Distribution Service 3.0
19-01-2015 19:46:10 Software Distribution Service 3.0
20-01-2015 22:48:50 System Checkpoint
21-01-2015 23:26:04 System Checkpoint
22-01-2015 23:45:01 System Checkpoint
24-01-2015 04:42:13 System Checkpoint
25-01-2015 06:03:43 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2001-08-18 07:00 - 2014-05-03 00:28 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\doc_bkp.job => ?
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2015-01-25 17:31 - 2015-01-25 17:31 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012501\algo.dll
2014-04-14 21:57 - 2014-11-23 03:55 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-07-14 03:26 - 2014-07-14 03:26 - 00357176 _____ () C:\Program Files\AVG\AVG PC TuneUp\tuavgx.dll
2015-01-14 20:11 - 2015-01-14 20:12 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Program Files\Uninstall_CDS.exe:SummaryInformation
AlternateDataStreams: C:\Program Files\Uninstall_CDS.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

backup (S-1-5-21-602162358-2049760794-682003330-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\backup
Fredisadmin (S-1-5-21-602162358-2049760794-682003330-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-602162358-2049760794-682003330-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-602162358-2049760794-682003330-1000 - Limited - Disabled)
Jenny Calendar (S-1-5-21-602162358-2049760794-682003330-1006 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Jenny Calendar
SUPPORT_388945a0 (S-1-5-21-602162358-2049760794-682003330-1002 - Limited - Disabled)
User (S-1-5-21-602162358-2049760794-682003330-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\User

==================== Faulty Device Manager Devices =============

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/22/2015 07:48:38 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket -548232827.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (01/22/2015 07:48:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application nitro_pipassistant.exe, version 3.5.6.5, faulting module msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd.
Processing media-specific event for [nitro_pipassistant.exe!ws!]

Error: (01/11/2015 02:04:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application openvpn-gui.exe, version 5.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/10/2015 11:50:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application vpnwatcher.exe, version 2.0.4.1, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [vpnwatcher.exe!ws!]

Error: (01/06/2015 08:01:34 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 672853480.

Error: (01/06/2015 08:01:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 34.0.5.5443, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/29/2014 07:58:39 PM) (Source: MsiInstaller) (EventID: 11321) (User: HOMEPC)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error 1321. SA_Error1321: StandardAction(0xC0070529): The Installer has insufficient privileges to modify this file: C:\Program Files\AVG\AVG2013\TBD303F.tmp.

Error: (12/29/2014 07:58:35 PM) (Source: MsiInstaller) (EventID: 11406) (User: HOMEPC)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error 1406. SA_Error1406: StandardAction(0xC007057E): Could not write value CORE_ProdCode to key \SOFTWARE\AVG\AVG2013.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.

Error: (12/29/2014 07:58:29 PM) (Source: MsiInstaller) (EventID: 11406) (User: HOMEPC)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error 1406. SA_Error1406: StandardAction(0xC007057E): Could not write value CORE_ProdCode to key \SOFTWARE\AVG\AVG2013.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.

Error: (12/29/2014 07:58:24 PM) (Source: MsiInstaller) (EventID: 11406) (User: HOMEPC)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error 1406. SA_Error1406: StandardAction(0xC007057E): Could not write value CORE_ProdCode to key \SOFTWARE\AVG\AVG2013.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.


System errors:
=============
Error: (01/25/2015 00:35:58 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.

Error: (01/25/2015 00:35:28 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the avast! Antivirus service.

Error: (01/25/2015 00:34:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.

Error: (01/25/2015 00:33:37 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the avast! Antivirus service.

Error: (01/25/2015 11:32:46 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the avast! Antivirus service.

Error: (01/24/2015 05:58:59 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.

Error: (01/24/2015 05:58:29 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the avast! Antivirus service.

Error: (01/24/2015 05:54:54 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.

Error: (01/24/2015 05:54:24 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the avast! Antivirus service.

Error: (01/24/2015 05:29:30 PM) (Source: 0) (EventID: 11) (User: )
Description: \Device\Harddisk1\D


Microsoft Office Sessions:
=========================
Error: (01/22/2015 07:48:38 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: -548232827

Error: (01/22/2015 07:48:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nitro_pipassistant.exe3.5.6.5msvcr100.dll10.0.40219.3250008d6fd

Error: (01/11/2015 02:04:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: openvpn-gui.exe5.0.0.0hungapp0.0.0.000000000

Error: (01/10/2015 11:50:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vpnwatcher.exe2.0.4.10.0.0.000000000

Error: (01/06/2015 08:01:34 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: 672853480

Error: (01/06/2015 08:01:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe34.0.5.5443hungapp0.0.0.000000000

Error: (12/29/2014 07:58:39 PM) (Source: MsiInstaller) (EventID: 11321) (User: HOMEPC)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error 1321. SA_Error1321: StandardAction(0xC0070529): The Installer has insufficient privileges to modify this file: C:\Program Files\AVG\AVG2013\TBD303F.tmp.(NULL)(NULL)(NULL)(NULL)

Error: (12/29/2014 07:58:35 PM) (Source: MsiInstaller) (EventID: 11406) (User: HOMEPC)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error 1406. SA_Error1406: StandardAction(0xC007057E): Could not write value CORE_ProdCode to key \SOFTWARE\AVG\AVG2013.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.(NULL)(NULL)(NULL)(NULL)

Error: (12/29/2014 07:58:29 PM) (Source: MsiInstaller) (EventID: 11406) (User: HOMEPC)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error 1406. SA_Error1406: StandardAction(0xC007057E): Could not write value CORE_ProdCode to key \SOFTWARE\AVG\AVG2013.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.(NULL)(NULL)(NULL)(NULL)

Error: (12/29/2014 07:58:24 PM) (Source: MsiInstaller) (EventID: 11406) (User: HOMEPC)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error 1406. SA_Error1406: StandardAction(0xC007057E): Could not write value CORE_ProdCode to key \SOFTWARE\AVG\AVG2013.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.(NULL)(NULL)(NULL)(NULL)


==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 2.40GHz
Percentage of memory in use: 77%
Total physical RAM: 1015.48 MB
Available physical RAM: 226.48 MB
Total Pagefile: 1675.66 MB
Available Pagefile: 709.35 MB
Total Virtual: 2047.88 MB
Available Virtual: 1932.96 MB

==================== Drives ================================

Drive c: (Side-A) (Fixed) (Total:127.99 GB) (Free:29.95 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (Side- B) (Fixed) (Total:337.77 GB) (Free:222.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=128 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=337.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:05 PM

Posted 26 January 2015 - 10:19 AM

Greetings Sharon and thank you for the information.

Though it may appear you are posting personal information it is not specific enough for you to be identified.

Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Multiple Antivirus Programs

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please remove all but one of the Antivirus programs currently on your computer, even if only one is running. You can do this via Add/Remove Programs, or Programs and Features in the Control Panel.
 

AVG Internet Security 2013
avast! Antivirus


===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
IFEO\hpqtra08.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\utorrent.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-602162358-2049760794-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> {CF49125D-FBA8-47CD-B46F-628DEEE6C6B8} URL = https://startpage.com/do/search?query={searchTerms}&trackid=sp-001
SearchScopes: HKU\S-1-5-21-602162358-2049760794-682003330-1003 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
SearchScopes: HKU\S-1-5-21-602162358-2049760794-682003330-1003 -> {CF49125D-FBA8-47CD-B46F-628DEEE6C6B8} URL = https://startpage.com/do/search?query={searchTerms}&trackid=sp-001
Toolbar: HKU\S-1-5-21-602162358-2049760794-682003330-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
S3 catchme; \??\C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys [X]
S4 hpt3xx; No ImagePath
S4 IntelIde; No ImagePath
Task: C:\WINDOWS\Tasks\doc_bkp.job => ?
AlternateDataStreams: C:\Program Files\Uninstall_CDS.exe:SummaryInformation
AlternateDataStreams: C:\Program Files\Uninstall_CDS.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Were you able to uninstall an antivirus?
  • Fixlog
  • AdwCleaner log
  • Junkware log
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Rosenberg

Rosenberg
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:05 PM

Posted 28 January 2015 - 01:50 AM

Hi Gary,

I'm sorry I'm so late in doing the next steps that you asked of me. I lost track of time, and they're taking a bit longer than I have right now. I will complete the steps and post what you asked for tomorrow.

I'm still with you, and still very grateful for your help!

Again, I will be no later than tomorrow in posting the files that you asked for.

Thank you!

Sharon

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:05 PM

Posted 28 January 2015 - 09:33 AM

Thanks for touching base. I really do appreciate knowing you are still here.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Rosenberg

Rosenberg
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:05 PM

Posted 28 January 2015 - 10:20 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-01-2015 01
Ran by User at 2015-01-27 23:16:06 Run:1
Running from C:\Documents and Settings\User\Desktop
Loaded Profiles: User (Available profiles: User & backup & Jenny Calendar & Fredisadmin)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
IFEO\hpqtra08.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\utorrent.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-602162358-2049760794-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> {CF49125D-FBA8-47CD-B46F-628DEEE6C6B8} URL = https://startpage.com/do/search?query={searchTerms}&trackid=sp-001
SearchScopes: HKU\S-1-5-21-602162358-2049760794-682003330-1003 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
SearchScopes: HKU\S-1-5-21-602162358-2049760794-682003330-1003 -> {CF49125D-FBA8-47CD-B46F-628DEEE6C6B8} URL = https://startpage.com/do/search?query={searchTerms}&trackid=sp-001
Toolbar: HKU\S-1-5-21-602162358-2049760794-682003330-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
S3 catchme; \??\C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys [X]
S4 hpt3xx; No ImagePath
S4 IntelIde; No ImagePath
Task: C:\WINDOWS\Tasks\doc_bkp.job => ?
AlternateDataStreams: C:\Program Files\Uninstall_CDS.exe:SummaryInformation
AlternateDataStreams: C:\Program Files\Uninstall_CDS.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
*****************

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hpqtra08.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utorrent.exe" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-602162358-2049760794-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF49125D-FBA8-47CD-B46F-628DEEE6C6B8}" => Key deleted successfully.
HKCR\CLSID\{CF49125D-FBA8-47CD-B46F-628DEEE6C6B8} => Key not found.
"HKU\S-1-5-21-602162358-2049760794-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key deleted successfully.
HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
"HKU\S-1-5-21-602162358-2049760794-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF49125D-FBA8-47CD-B46F-628DEEE6C6B8}" => Key deleted successfully.
HKCR\CLSID\{CF49125D-FBA8-47CD-B46F-628DEEE6C6B8} => Key not found.
HKU\S-1-5-21-602162358-2049760794-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
catchme => Service deleted successfully.
hpt3xx => Service deleted successfully.
IntelIde => Service deleted successfully.
C:\WINDOWS\Tasks\doc_bkp.job => Moved successfully.
"C:\Program Files\Uninstall_CDS.exe" => ":SummaryInformation" ADS not found.
C:\Program Files\Uninstall_CDS.exe => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.

==== End of Fixlog 23:16:07 ====

# AdwCleaner v4.109 - Report created 27/01/2015 at 23:32:29
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : User - HOMEPC
# Running from : C:\Documents and Settings\User\My Documents\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : vToolbarUpdater18.1.9

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\apn
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Documents and Settings\backup\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\backup\Application Data\HPAppData
Folder Deleted : C:\Documents and Settings\Jenny Calendar\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Jenny Calendar\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\User\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\User\Application Data\FastMediaConverter
Folder Deleted : C:\Documents and Settings\User\Application Data\HPAppData
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\k1mrtuv5.default-1411236290906\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{5D6D605B-E4B7-490B-A794-9284BC3D2A8B}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v35.0.1 (x86 en-US)


-\\ Google Chrome v

[C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : ejpbbhjlbipncjklfjjaedaieimbmdda

*************************

AdwCleaner[R0].txt - [6830 octets] - [27/01/2015 23:26:19]
AdwCleaner[S0].txt - [6893 octets] - [27/01/2015 23:32:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6953 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Microsoft Windows XP x86
Ran by User on Wed 01/28/2015 at 19:56:24.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\User\Local Settings\Application Data\cre"



~~~ FireFox

Emptied folder: C:\Documents and Settings\User\Application Data\mozilla\firefox\profiles\k1mrtuv5.default-1411236290906\minidumps [1 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 01/28/2015 at 20:03:21.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hi Gary,

Okay, I removed Avast antivirus, and I believe I got the 3 logs that you asked for. I haven't used uTorrent for a really long time now; however, all this work on my computer jogged my memory on something. I'm not sure if this is related at all, but several months ago I started using Netflix. Shortly after, I started getting inundated with spam mail. I've never received a lot of spam before, and suddenly I started getting tons of it. I don't know if the 2 are related; Netflix and the spam?

Thank you for your help Gary, very much appreciated!

#8 Rosenberg

Rosenberg
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:05 PM

Posted 28 January 2015 - 10:27 PM

Hi again Gary,

A "PS" - my computer was being incredibly slow and sluggish last night. In fact, lately it's been driving me nuts, for about the last 3-4 months. I've been putting off buying another computer (I know I should upgrade out of XP)but I've also been unemployed, and good computers in my part of the world are pricey...perhaps I should bite the bullet and do it? Collect pop bottles by the side of the highway to pay for it?

I can't imagine life without a computer....!

(the pop bottles comment was just a joke; even unemployed I have the resources, but money is undeniably tight.)

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:05 PM

Posted 28 January 2015 - 11:00 PM

Hi Sharon,

Pop bottles, souinds like my east coast relatives...... :)

I doubt Netflix and spam are related. Are you still getting lots of spam?

There can be a number of reasons for your computer slowdown. Unquestionably one of the factors is the minimal amount of memory, specifically the little amount of free memory:
 

Percentage of memory in use: 77%
Total physical RAM: 1015.48 MB
Available physical RAM: 226.48 MB


Let's do a little work and see if we can free up some resources. Please do these things.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
emptytemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

HijackThis

--------------------
  • Download HijackThis and save it to your desktop
  • Double click the HijackThis icon, then select Run
  • If prompted select I Accept
  • Click on Do a system scan and save a logfile
  • Ignore any warning regarding the Hosts file
  • A report will be generated and will appear on your desktop as an open Notepad document
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • HJT log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Rosenberg

Rosenberg
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:05 PM

Posted 30 January 2015 - 08:26 PM

Hi Gary,

Okay, here are the two files. I actually noticed an improvement in speed today; I haven't been able to view any videos for a while now; they just hang and go nowhere. Today I watched a couple of videos on MSN.ca and they worked far better than they have previously.

And yes, I'm still receiving mega spam. This is new; I never received any spam at all in the past. And it's still coming!

Sharon

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-01-2015 01
Ran by User at 2015-01-27 23:16:06 Run:1
Running from C:\Documents and Settings\User\Desktop
Loaded Profiles: User (Available profiles: User & backup & Jenny Calendar & Fredisadmin)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
IFEO\hpqtra08.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\utorrent.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-602162358-2049760794-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> {CF49125D-FBA8-47CD-B46F-628DEEE6C6B8} URL = https://startpage.com/do/search?query={searchTerms}&trackid=sp-001
SearchScopes: HKU\S-1-5-21-602162358-2049760794-682003330-1003 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
SearchScopes: HKU\S-1-5-21-602162358-2049760794-682003330-1003 -> {CF49125D-FBA8-47CD-B46F-628DEEE6C6B8} URL = https://startpage.com/do/search?query={searchTerms}&trackid=sp-001
Toolbar: HKU\S-1-5-21-602162358-2049760794-682003330-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
S3 catchme; \??\C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys [X]
S4 hpt3xx; No ImagePath
S4 IntelIde; No ImagePath
Task: C:\WINDOWS\Tasks\doc_bkp.job => ?
AlternateDataStreams: C:\Program Files\Uninstall_CDS.exe:SummaryInformation
AlternateDataStreams: C:\Program Files\Uninstall_CDS.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
*****************

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hpqtra08.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utorrent.exe" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-602162358-2049760794-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF49125D-FBA8-47CD-B46F-628DEEE6C6B8}" => Key deleted successfully.
HKCR\CLSID\{CF49125D-FBA8-47CD-B46F-628DEEE6C6B8} => Key not found.
"HKU\S-1-5-21-602162358-2049760794-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key deleted successfully.
HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
"HKU\S-1-5-21-602162358-2049760794-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF49125D-FBA8-47CD-B46F-628DEEE6C6B8}" => Key deleted successfully.
HKCR\CLSID\{CF49125D-FBA8-47CD-B46F-628DEEE6C6B8} => Key not found.
HKU\S-1-5-21-602162358-2049760794-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
catchme => Service deleted successfully.
hpt3xx => Service deleted successfully.
IntelIde => Service deleted successfully.
C:\WINDOWS\Tasks\doc_bkp.job => Moved successfully.
"C:\Program Files\Uninstall_CDS.exe" => ":SummaryInformation" ADS not found.
C:\Program Files\Uninstall_CDS.exe => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.

==== End of Fixlog 23:16:07 ====

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:14:22 PM, on 1/30/2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2013\avgfws.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\User\My Documents\Downloaded Applications\StickyNotes\StickyNotes.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\FRST.exe
C:\Documents and Settings\User\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\User\Application Data\uTorrent\uTorrent.exe" /MINIMIZED
O4 - Startup: Sticky Notes.lnk = C:\Documents and Settings\User\My Documents\Downloaded Applications\StickyNotes\StickyNotes.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1350604690203
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1350607551000
O17 - HKLM\System\CCS\Services\Tcpip\..\{A28AA372-27D5-4E1E-836F-A60223137340}: NameServer = 95.211.10.3
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool3 (NitroReaderDriverReadSpool3) - Nitro PDF Software - C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
O23 - Service: OpenVPN Service (OpenVPNService) - The OpenVPN Project - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 6762 bytes

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:05 PM

Posted 30 January 2015 - 08:47 PM

Hi Sharon,

Please run this now.

===================================================

ComboFix Windows XP

--------------------

For a more detailed explanation on running Combofix and the prompts you will be following please see here.
  • Please download ComboFix from one of these locations and save it to your desktop:

Bleepingcomputer

ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista/Windows 7, ComboFix will skip the below Recovery Console pop ups and continue its malware removal procedure.

Query_RC.gif

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

  • Click on Yes, to continue scanning for malware
----------

Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

----------

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Rosenberg

Rosenberg
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:05 PM

Posted 01 February 2015 - 01:31 AM

Hi Gary,

Here's the ComboFix log. It didn't say anything about the Microsoft Recovery Tool, so I must have it.

Thank you again for all of your help with this - you are very much appreciated!

ComboFix 15-01-29.01 - User 01/31/2015 23:13:20.7.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.642 [GMT -7:00]
Running from: c:\documents and settings\User\My Documents\Downloads\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: AVG Internet Security 2013 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$msi31uninstall_kb893803v2$
c:\windows\$msi31uninstall_kb893803v2$\msi.dll
c:\windows\$msi31uninstall_kb893803v2$\msiexec.exe
c:\windows\$msi31uninstall_kb893803v2$\msihnd.dll
c:\windows\$msi31uninstall_kb893803v2$\msimsg.dll
c:\windows\$msi31uninstall_kb893803v2$\msisip.dll
c:\windows\$msi31uninstall_kb893803v2$\reg00013
c:\windows\$msi31uninstall_kb893803v2$\reg00014
c:\windows\$msi31uninstall_kb893803v2$\reg00015
c:\windows\$msi31uninstall_kb893803v2$\reg00016
c:\windows\$msi31uninstall_kb893803v2$\reg00017
c:\windows\$msi31uninstall_kb893803v2$\reg00018
c:\windows\$msi31uninstall_kb893803v2$\reg00019
c:\windows\$msi31uninstall_kb893803v2$\reg00020
c:\windows\$msi31uninstall_kb893803v2$\reg00021
c:\windows\$msi31uninstall_kb893803v2$\reg00022
c:\windows\$msi31uninstall_kb893803v2$\reg00023
c:\windows\$msi31uninstall_kb893803v2$\reg00024
c:\windows\$msi31uninstall_kb893803v2$\reg00025
c:\windows\$msi31uninstall_kb893803v2$\reg00026
c:\windows\$msi31uninstall_kb893803v2$\reg00027
c:\windows\$msi31uninstall_kb893803v2$\reg00028
c:\windows\$msi31uninstall_kb893803v2$\reg00029
c:\windows\$msi31uninstall_kb893803v2$\reg00030
c:\windows\$msi31uninstall_kb893803v2$\reg00031
c:\windows\$msi31uninstall_kb893803v2$\reg00032
c:\windows\$msi31uninstall_kb893803v2$\reg00033
c:\windows\$msi31uninstall_kb893803v2$\reg00034
c:\windows\$msi31uninstall_kb893803v2$\reg00035
c:\windows\$msi31uninstall_kb893803v2$\reg00036
c:\windows\$msi31uninstall_kb893803v2$\reg00037
c:\windows\$msi31uninstall_kb893803v2$\reg00038
c:\windows\$msi31uninstall_kb893803v2$\reg00039
c:\windows\$msi31uninstall_kb893803v2$\reg00040
c:\windows\$msi31uninstall_kb893803v2$\reg00041
c:\windows\$msi31uninstall_kb893803v2$\reg00042
c:\windows\$msi31uninstall_kb893803v2$\reg00043
c:\windows\$msi31uninstall_kb893803v2$\reg00044
c:\windows\$msi31uninstall_kb893803v2$\reg00045
c:\windows\$msi31uninstall_kb893803v2$\reg00046
c:\windows\$msi31uninstall_kb893803v2$\reg00047
c:\windows\$msi31uninstall_kb893803v2$\reg00048
c:\windows\$msi31uninstall_kb893803v2$\reg00051
c:\windows\$msi31uninstall_kb893803v2$\reg00052
c:\windows\$msi31uninstall_kb893803v2$\reg00053
c:\windows\$msi31uninstall_kb893803v2$\reg00054
c:\windows\$msi31uninstall_kb893803v2$\reg00055
c:\windows\$msi31uninstall_kb893803v2$\reg00056
c:\windows\$msi31uninstall_kb893803v2$\reg00057
c:\windows\$msi31uninstall_kb893803v2$\reg00058
c:\windows\$msi31uninstall_kb893803v2$\reg00059
c:\windows\$msi31uninstall_kb893803v2$\reg00060
c:\windows\$msi31uninstall_kb893803v2$\reg00061
c:\windows\$msi31uninstall_kb893803v2$\reg00062
c:\windows\$msi31uninstall_kb893803v2$\reg00063
c:\windows\$msi31uninstall_kb893803v2$\reg00064
c:\windows\$msi31uninstall_kb893803v2$\reg00065
c:\windows\$msi31uninstall_kb893803v2$\reg00066
c:\windows\$msi31uninstall_kb893803v2$\reg00067
c:\windows\$msi31uninstall_kb893803v2$\reg00068
c:\windows\$msi31uninstall_kb893803v2$\reg00069
c:\windows\$msi31uninstall_kb893803v2$\reg00070
c:\windows\$msi31uninstall_kb893803v2$\reg00071
c:\windows\$msi31uninstall_kb893803v2$\reg00072
c:\windows\$msi31uninstall_kb893803v2$\reg00073
c:\windows\$msi31uninstall_kb893803v2$\reg00074
c:\windows\$msi31uninstall_kb893803v2$\reg00075
c:\windows\$msi31uninstall_kb893803v2$\reg00076
c:\windows\$msi31uninstall_kb893803v2$\reg00077
c:\windows\$msi31uninstall_kb893803v2$\reg00078
c:\windows\$msi31uninstall_kb893803v2$\reg00079
c:\windows\$msi31uninstall_kb893803v2$\reg00080
c:\windows\$msi31uninstall_kb893803v2$\reg00081
c:\windows\$msi31uninstall_kb893803v2$\reg00082
c:\windows\$msi31uninstall_kb893803v2$\reg00083
c:\windows\$msi31uninstall_kb893803v2$\reg00084
c:\windows\$msi31uninstall_kb893803v2$\reg00085
c:\windows\$msi31uninstall_kb893803v2$\reg00086
c:\windows\$msi31uninstall_kb893803v2$\reg00087
c:\windows\$msi31uninstall_kb893803v2$\reg00088
c:\windows\$msi31uninstall_kb893803v2$\reg00089
c:\windows\$msi31uninstall_kb893803v2$\reg00090
c:\windows\$msi31uninstall_kb893803v2$\reg00091
c:\windows\$msi31uninstall_kb893803v2$\reg00092
c:\windows\$msi31uninstall_kb893803v2$\reg00093
c:\windows\$msi31uninstall_kb893803v2$\reg00094
c:\windows\$msi31uninstall_kb893803v2$\reg00095
c:\windows\$msi31uninstall_kb893803v2$\reg00096
c:\windows\$msi31uninstall_kb893803v2$\reg00097
c:\windows\$msi31uninstall_kb893803v2$\reg00098
c:\windows\$msi31uninstall_kb893803v2$\reg00099
c:\windows\$msi31uninstall_kb893803v2$\reg00100
c:\windows\$msi31uninstall_kb893803v2$\reg00101
c:\windows\$msi31uninstall_kb893803v2$\reg00102
c:\windows\$msi31uninstall_kb893803v2$\reg00103
c:\windows\$msi31uninstall_kb893803v2$\reg00104
c:\windows\$msi31uninstall_kb893803v2$\reg00105
c:\windows\$msi31uninstall_kb893803v2$\reg00106
c:\windows\$msi31uninstall_kb893803v2$\reg00107
c:\windows\$msi31uninstall_kb893803v2$\reg00108
c:\windows\$msi31uninstall_kb893803v2$\reg00109
c:\windows\$msi31uninstall_kb893803v2$\reg00110
c:\windows\$msi31uninstall_kb893803v2$\reg00111
c:\windows\$msi31uninstall_kb893803v2$\reg00112
c:\windows\$msi31uninstall_kb893803v2$\reg00113
c:\windows\$msi31uninstall_kb893803v2$\reg00114
c:\windows\$msi31uninstall_kb893803v2$\reg00115
c:\windows\$msi31uninstall_kb893803v2$\reg00116
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.inf
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.txt
c:\windows\$msi31uninstall_kb893803v2$\spuninst\updspapi.dll
.
.
((((((((((((((((((((((((( Files Created from 2015-01-01 to 2015-02-01 )))))))))))))))))))))))))))))))
.
.
2015-01-29 02:56 . 2015-01-29 02:56 -------- d-----w- c:\windows\ERUNT
2015-01-28 06:23 . 2015-01-28 06:33 -------- d-----w- C:\AdwCleaner
2015-01-26 06:18 . 2015-01-31 01:12 -------- d-----w- C:\FRST
2015-01-11 06:06 . 2015-01-11 06:06 -------- d-----w- c:\documents and settings\User\Application Data\VPN Watcher
2015-01-11 06:06 . 2015-01-11 06:06 -------- d-----w- c:\program files\UGD Software
2015-01-11 02:06 . 2015-01-11 02:07 -------- d-----w- c:\program files\TAP-Windows
2015-01-11 02:06 . 2015-01-11 02:07 -------- d-----w- c:\program files\OpenVPN
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-29 06:06 . 2014-03-17 00:22 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-29 06:06 . 2014-03-17 00:22 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-01-12 04:46 . 2013-04-07 03:23 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2014-11-23 09:53 . 2014-04-09 22:17 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-04 07:30 . 2011-01-07 12:41 172856 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2014-01-15 2122824]
"uTorrent"="c:\documents and settings\User\Application Data\uTorrent\uTorrent.exe" [2015-01-11 1385808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2014-11-04 4411952]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
Sticky Notes.lnk - c:\documents and settings\User\My Documents\Downloaded Applications\StickyNotes\StickyNotes.exe [2012-10-25 503808]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Smapp"=c:\program files\Analog Devices\SoundMAX\SMTray.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Documents and Settings\\User\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [10/15/2012 3:48 AM 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/21/2012 3:46 AM 246072]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [3/16/2011 3:03 PM 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [10/22/2012 1:02 PM 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [9/21/2012 3:45 AM 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 5:41 AM 172856]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4/4/2011 11:59 PM 182584]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [10/22/2012 9:10 PM 42784]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2013\avgfws.exe [11/4/2014 12:31 AM 1432592]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [11/20/2013 1:54 AM 283136]
R2 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [11/23/2014 2:50 AM 54360]
R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [7/26/2013 5:48 AM 196624]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [7/14/2014 3:26 AM 1858360]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [7/12/2010 3:33 AM 30944]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [10/25/2012 11:22 PM 19016]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [9/18/2013 11:14 AM 12320]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [10/17/2014 3:35 PM 4942384]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [7/12/2010 3:33 AM 30944]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [8/3/2010 4:25 PM 26112]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PBFILTER
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-17 06:06]
.
2015-01-29 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-09 01:59]
.
2015-01-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-09 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/?trackid=sp-006
mStart Page = https://www.google.com/?trackid=sp-006
mSearch Bar = https://www.google.com/?trackid=sp-006
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{A28AA372-27D5-4E1E-836F-A60223137340}: NameServer = 95.211.10.3
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\k1mrtuv5.default-1411236290906\
FF - prefs.js: browser.startup.homepage - hxxp://preview.msn.com/en-ca/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-01-31 23:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2015-01-31 23:24:51
ComboFix-quarantined-files.txt 2015-02-01 06:24
ComboFix2.txt 2014-05-03 07:30
ComboFix3.txt 2014-04-20 05:42
ComboFix4.txt 2014-04-15 04:17
ComboFix5.txt 2015-02-01 06:05
.
Pre-Run: 34,328,739,840 bytes free
Post-Run: 34,781,655,040 bytes free
.
- - End Of File - - F77D213DC6AACC8727408D03ADB1FACA
8F558EB6672622401DA993E1E865C861

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:05 PM

Posted 01 February 2015 - 09:30 AM

Thank you Sharon, it is my pleasure to work together with you.
 

And yes, I'm still receiving mega spam.

Can you explain this a bit for me. Are you talking about popups, spam email, browser redirects, etc......

Please do this.

===================================================

TDSSKiller by Kaspersky on Windows XP With aswMBR Report

--------------------
  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe and select Run
  • Click Accept twice
  • Click Change parameters
  • Place a check mark in Detect TDLFS file system the click OK
  • Click the Start Scan button
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit
  • Any objects found, will show in the Scan results - Select action for found objects and offer three options
  • If an infected file is detected, the default action will be Cure...do not change it


tdss2.png


  • Click Continue > Reboot now to finish the cleaning process.<- Important!!


tdss4.png


  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

===================================================

aswMBR

--------------------
  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

aswMBR1.png

  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

aswMBR2.png

  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • TDSSKiller log
  • AttachedMBR.dat file

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Rosenberg

Rosenberg
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:05 PM

Posted 02 February 2015 - 07:55 PM

Hi Gary,

Yes, I was referring to spam email. Emails trying to sell me everything under the sun, including the ubiquitous viagra.

TDSSKiller didn't find anything:

16:37:43.0625 0x091c TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
16:37:49.0593 0x091c ============================================================
16:37:49.0593 0x091c Current date / time: 2015/02/02 16:37:49.0593
16:37:49.0593 0x091c SystemInfo:
16:37:49.0593 0x091c
16:37:49.0593 0x091c OS Version: 5.1.2600 ServicePack: 3.0
16:37:49.0593 0x091c Product type: Workstation
16:37:49.0593 0x091c ComputerName: HOMEPC
16:37:49.0593 0x091c UserName: User
16:37:49.0593 0x091c Windows directory: C:\WINDOWS
16:37:49.0593 0x091c System windows directory: C:\WINDOWS
16:37:49.0593 0x091c Processor architecture: Intel x86
16:37:49.0593 0x091c Number of processors: 1
16:37:49.0593 0x091c Page size: 0x1000
16:37:49.0593 0x091c Boot type: Normal boot
16:37:49.0593 0x091c ============================================================
16:37:52.0375 0x091c KLMD registered as C:\WINDOWS\system32\drivers\72236760.sys
16:37:53.0312 0x091c System UUID: {9F3485EF-EE5F-4D0C-DCFE-AAE1234079C1}
16:37:55.0406 0x091c Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
16:37:55.0406 0x091c ============================================================
16:37:55.0406 0x091c \Device\Harddisk0\DR0:
16:37:55.0406 0x091c MBR partitions:
16:37:55.0406 0x091c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFF9D41
16:37:55.0406 0x091c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xFFF9D80, BlocksNum 0x2A38AB10
16:37:55.0406 0x091c ============================================================
16:37:55.0421 0x091c C: <-> \Device\Harddisk0\DR0\Partition1
16:37:55.0453 0x091c E: <-> \Device\Harddisk0\DR0\Partition2
16:37:55.0453 0x091c ============================================================
16:37:55.0453 0x091c Initialize success
16:37:55.0453 0x091c ============================================================
16:38:37.0937 0x0840 ============================================================
16:38:37.0937 0x0840 Scan started
16:38:37.0937 0x0840 Mode: Manual; TDLFS;
16:38:37.0937 0x0840 ============================================================
16:38:37.0937 0x0840 KSN ping started
16:38:41.0406 0x0840 KSN ping finished: true
16:38:43.0156 0x0840 ================ Scan system memory ========================
16:38:43.0156 0x0840 System memory - ok
16:38:43.0156 0x0840 ================ Scan services =============================
16:38:43.0453 0x0840 Abiosdsk - ok
16:38:43.0468 0x0840 abp480n5 - ok
16:38:43.0531 0x0840 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:38:43.0546 0x0840 ACPI - ok
16:38:43.0734 0x0840 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
16:38:43.0734 0x0840 ACPIEC - ok
16:38:43.0812 0x0840 [ A2A9C100FE1BE20A76C0B80D4CA44103, C34B4A31C8563E29EC6A3D318C40075F43C891C23D156F53EE2102C959B7887F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:38:43.0828 0x0840 AdobeFlashPlayerUpdateSvc - ok
16:38:43.0859 0x0840 adpu160m - ok
16:38:43.0890 0x0840 [ E696E749BEDCDA8B23757B8B5EA93780, 9A5F2B7E70C414D0A21AE1ACD0C22587D0BC67BE52472496C4B4B20603057606 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
16:38:43.0906 0x0840 aeaudio - ok
16:38:43.0953 0x0840 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:38:43.0968 0x0840 aec - ok
16:38:44.0015 0x0840 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:38:44.0031 0x0840 AFD - ok
16:38:44.0046 0x0840 Aha154x - ok
16:38:44.0078 0x0840 aic78u2 - ok
16:38:44.0093 0x0840 aic78xx - ok
16:38:44.0125 0x0840 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:38:44.0125 0x0840 Alerter - ok
16:38:44.0156 0x0840 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
16:38:44.0156 0x0840 ALG - ok
16:38:44.0171 0x0840 AliIde - ok
16:38:44.0203 0x0840 amsint - ok
16:38:44.0250 0x0840 [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
16:38:44.0265 0x0840 AppMgmt - ok
16:38:44.0281 0x0840 asc - ok
16:38:44.0296 0x0840 asc3350p - ok
16:38:44.0312 0x0840 asc3550 - ok
16:38:44.0406 0x0840 [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:38:44.0421 0x0840 aspnet_state - ok
16:38:44.0453 0x0840 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:38:44.0453 0x0840 AsyncMac - ok
16:38:44.0500 0x0840 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:38:44.0500 0x0840 atapi - ok
16:38:44.0515 0x0840 Atdisk - ok
16:38:44.0562 0x0840 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:38:44.0562 0x0840 Atmarpc - ok
16:38:44.0593 0x0840 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:38:44.0593 0x0840 AudioSrv - ok
16:38:44.0640 0x0840 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:38:44.0640 0x0840 audstub - ok
16:38:44.0671 0x0840 [ 8BE661C16FBF84A73BCEC84B6B4A9DB5, 7C93BB50B6EDDEAABB149045A52BDAE5DD9262DC87EEE537D766714E793292C5 ] Avgfwdx C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
16:38:44.0671 0x0840 Avgfwdx - ok
16:38:44.0703 0x0840 [ 8BE661C16FBF84A73BCEC84B6B4A9DB5, 7C93BB50B6EDDEAABB149045A52BDAE5DD9262DC87EEE537D766714E793292C5 ] Avgfwfd C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
16:38:44.0703 0x0840 Avgfwfd - ok
16:38:44.0843 0x0840 [ 7F1E1F61612CF6AF84AAA5DB7EB2C5DF, E02E9682C12908E9156564039338FD5998CD1839D7BBE038872EB67D392EEAE5 ] avgfws C:\Program Files\AVG\AVG2013\avgfws.exe
16:38:44.0937 0x0840 avgfws - ok
16:38:45.0265 0x0840 [ B575DC72C76D25AA5C82FF3006F39B18, 3530B847E3A3AA9AD571BEE88FCB191BB862B23C8AB23EFF4CEDBCA502E15BAD ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
16:38:45.0546 0x0840 AVGIDSAgent - ok
16:38:45.0625 0x0840 [ 5BCAE36134162830ED283F4C3D88476A, A47EE816A88A8C18458BA721AB829E49D492128BA8D5BF6FF317C2B5A1FFA60F ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
16:38:45.0640 0x0840 AVGIDSDriver - ok
16:38:45.0687 0x0840 [ 7C8E88549BCDAAC965B1B724C175F7A9, 86240BF965C60FFAF381879D1B2DD7190FAD597E7534AEE9A9E48A2BDEC119BA ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
16:38:45.0687 0x0840 AVGIDSHX - ok
16:38:45.0718 0x0840 [ F8D2E76EA51B3B4119DF3D6A7A6D99F3, 417E05BA987345ED48223404DEBC10043A18CBC749462186CC3EE9C20F47C86D ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
16:38:45.0734 0x0840 AVGIDSShim - ok
16:38:45.0765 0x0840 [ FCF551AD50A10E427F743165A533E613, 78EA90EC56A7E1B40B4F9191A33D06A648AB48499A4F19C6AE43EA690585BE25 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
16:38:45.0781 0x0840 Avgldx86 - ok
16:38:45.0812 0x0840 [ E2B9CF2CF787C6978E7CC898E9684E48, 73D5D8514EF1BF3BCC64DC158C68189D07B3940641F1155823C6822D03BC761B ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys
16:38:45.0843 0x0840 Avglogx - ok
16:38:45.0875 0x0840 [ 3F59750A3AA55C46663801E7C2FD1E2B, F748EB6552889974CB1FC6F666F2D78F654CAA990A339C741255355295CD46E8 ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
16:38:45.0890 0x0840 Avgmfx86 - ok
16:38:45.0906 0x0840 [ 90FA3A4BB1039701D68FD1CC2ED3EE22, 5842AECBF76163BCAEE19DED708291DD8402E2D24DD48453E6067A9AE5BABB11 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
16:38:45.0906 0x0840 Avgrkx86 - ok
16:38:45.0953 0x0840 [ A4713E9B75D8A9C2B016C3FDAB196D6A, 7A4405B90732C5BA9FE380ECE8E3FFC802A39283AC4945BC44550723C91E3C53 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
16:38:45.0968 0x0840 Avgtdix - ok
16:38:46.0015 0x0840 [ D15D2E9F5567075740B88F16F01810D6, 09086182352B0901D886B1F588F141DFC1E68CF0CA62BA399F841E1C96DFDFEF ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
16:38:46.0015 0x0840 avgtp - ok
16:38:46.0078 0x0840 [ D646FA5135A1CD795877AFE9D17FA9ED, 2F97FBCD7BD75727A77C17D75D2482AE819D5D2EB9760D96412F9C20AA7D9473 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
16:38:46.0093 0x0840 avgwd - ok
16:38:46.0156 0x0840 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:38:46.0156 0x0840 Beep - ok
16:38:46.0218 0x0840 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll
16:38:46.0265 0x0840 BITS - ok
16:38:46.0312 0x0840 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll
16:38:46.0312 0x0840 Browser - ok
16:38:46.0421 0x0840 catchme - ok
16:38:46.0468 0x0840 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:38:46.0468 0x0840 cbidf2k - ok
16:38:46.0500 0x0840 cd20xrnt - ok
16:38:46.0531 0x0840 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:38:46.0531 0x0840 Cdaudio - ok
16:38:46.0562 0x0840 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:38:46.0578 0x0840 Cdfs - ok
16:38:46.0609 0x0840 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:38:46.0609 0x0840 Cdrom - ok
16:38:46.0640 0x0840 Changer - ok
16:38:46.0671 0x0840 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] cisvc C:\WINDOWS\system32\cisvc.exe
16:38:46.0671 0x0840 cisvc - ok
16:38:46.0687 0x0840 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:38:46.0687 0x0840 ClipSrv - ok
16:38:46.0734 0x0840 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:38:46.0750 0x0840 clr_optimization_v2.0.50727_32 - ok
16:38:46.0765 0x0840 CmdIde - ok
16:38:46.0781 0x0840 COMSysApp - ok
16:38:46.0812 0x0840 Cpqarray - ok
16:38:46.0843 0x0840 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:38:46.0859 0x0840 CryptSvc - ok
16:38:46.0875 0x0840 dac2w2k - ok
16:38:46.0890 0x0840 dac960nt - ok
16:38:46.0953 0x0840 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:38:46.0984 0x0840 DcomLaunch - ok
16:38:47.0015 0x0840 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:38:47.0015 0x0840 Dhcp - ok
16:38:47.0046 0x0840 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:38:47.0046 0x0840 Disk - ok
16:38:47.0062 0x0840 dmadmin - ok
16:38:47.0140 0x0840 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:38:47.0203 0x0840 dmboot - ok
16:38:47.0234 0x0840 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:38:47.0250 0x0840 dmio - ok
16:38:47.0265 0x0840 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:38:47.0281 0x0840 dmload - ok
16:38:47.0312 0x0840 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
16:38:47.0312 0x0840 dmserver - ok
16:38:47.0359 0x0840 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:38:47.0359 0x0840 DMusic - ok
16:38:47.0406 0x0840 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:38:47.0406 0x0840 Dnscache - ok
16:38:47.0453 0x0840 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:38:47.0468 0x0840 Dot3svc - ok
16:38:47.0484 0x0840 dpti2o - ok
16:38:47.0515 0x0840 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:38:47.0515 0x0840 drmkaud - ok
16:38:47.0562 0x0840 [ AC9CF17EE2AE003C98EB4F5336C38058, 40618641B6B2DD71A8C284EB25AF81CA219A82AE7AA91C4BB2B4A3D44A2B3BBF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
16:38:47.0562 0x0840 E100B - ok
16:38:47.0609 0x0840 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:38:47.0625 0x0840 EapHost - ok
16:38:47.0640 0x0840 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:38:47.0640 0x0840 ERSvc - ok
16:38:47.0687 0x0840 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe
16:38:47.0703 0x0840 Eventlog - ok
16:38:47.0750 0x0840 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\System32\es.dll
16:38:47.0765 0x0840 EventSystem - ok
16:38:47.0796 0x0840 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:38:47.0812 0x0840 Fastfat - ok
16:38:47.0843 0x0840 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:38:47.0875 0x0840 FastUserSwitchingCompatibility - ok
16:38:47.0890 0x0840 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
16:38:47.0890 0x0840 Fdc - ok
16:38:47.0921 0x0840 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:38:47.0921 0x0840 Fips - ok
16:38:47.0953 0x0840 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:38:47.0968 0x0840 Flpydisk - ok
16:38:48.0000 0x0840 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
16:38:48.0015 0x0840 FltMgr - ok
16:38:48.0046 0x0840 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:38:48.0046 0x0840 FontCache3.0.0.0 - ok
16:38:48.0078 0x0840 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:38:48.0078 0x0840 Fs_Rec - ok
16:38:48.0109 0x0840 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:38:48.0125 0x0840 Ftdisk - ok
16:38:48.0171 0x0840 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:38:48.0171 0x0840 Gpc - ok
16:38:48.0234 0x0840 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:38:48.0234 0x0840 helpsvc - ok
16:38:48.0250 0x0840 [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ C:\WINDOWS\System32\hidserv.dll
16:38:48.0265 0x0840 HidServ - ok
16:38:48.0296 0x0840 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:38:48.0296 0x0840 hidusb - ok
16:38:48.0328 0x0840 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:38:48.0343 0x0840 hkmsvc - ok
16:38:48.0359 0x0840 hpn - ok
16:38:48.0421 0x0840 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05, 7B3F117C1D606DDA7623BEC0BFBC362C33A12213E899F049AC56A55826984134 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
16:38:48.0437 0x0840 hpqcxs08 - ok
16:38:48.0468 0x0840 [ F3F72A2A86C22610BCA5439FA789DD52, DA5A8F09DCC512AA1558863AD4FAC12F72DD83CA8FB4D8D9831E4AFBB6B3C616 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
16:38:48.0484 0x0840 hpqddsvc - ok
16:38:48.0562 0x0840 [ 568E44F6DCFA173F3670172B69379891, D619B908770E308BE3978DD619CA0ADC229685971FC99379AA5620BE5F7C5F1C ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
16:38:48.0609 0x0840 HPSLPSVC - ok
16:38:48.0671 0x0840 [ D03D10F7DED688FECF50F8FBF1EA9B8A, C19A733571BA831E24EE45EDB730FFFDBA22638F138A32A794BEAB8D8B71D8DD ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:38:48.0671 0x0840 HPZid412 - ok
16:38:48.0703 0x0840 [ 89F41658929393487B6B7D13C8528CE3, 5D06A11225A83F3F33417148BE53654080C88BFA876FEB486A7E43410AC99F23 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:38:48.0703 0x0840 HPZipr12 - ok
16:38:48.0734 0x0840 [ ABCB05CCDBF03000354B9553820E39F8, 6361B5A57CDE23AC5E987ACECF3BEE7AD51134C6E5BF4F833E512C9BC4B86877 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:38:48.0734 0x0840 HPZius12 - ok
16:38:48.0796 0x0840 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:38:48.0812 0x0840 HTTP - ok
16:38:48.0843 0x0840 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:38:48.0875 0x0840 HTTPFilter - ok
16:38:48.0890 0x0840 i2omgmt - ok
16:38:48.0906 0x0840 i2omp - ok
16:38:48.0937 0x0840 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:38:48.0937 0x0840 i8042prt - ok
16:38:49.0015 0x0840 [ 44B7D5A4F2BD9FE21AEA0BB0BACE38C4, D371103E752EF852BEDE330AB23EED4BFFD4150961EC377B03D69D871368F144 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
16:38:49.0062 0x0840 ialm - ok
16:38:49.0156 0x0840 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:38:49.0218 0x0840 idsvc - ok
16:38:49.0265 0x0840 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:38:49.0265 0x0840 Imapi - ok
16:38:49.0312 0x0840 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\system32\imapi.exe
16:38:49.0328 0x0840 ImapiService - ok
16:38:49.0359 0x0840 ini910u - ok
16:38:49.0406 0x0840 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:38:49.0421 0x0840 intelppm - ok
16:38:49.0453 0x0840 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
16:38:49.0453 0x0840 ip6fw - ok
16:38:49.0468 0x0840 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:38:49.0484 0x0840 IpFilterDriver - ok
16:38:49.0515 0x0840 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:38:49.0515 0x0840 IpInIp - ok
16:38:49.0546 0x0840 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:38:49.0562 0x0840 IpNat - ok
16:38:49.0593 0x0840 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:38:49.0593 0x0840 IPSec - ok
16:38:49.0640 0x0840 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:38:49.0640 0x0840 IRENUM - ok
16:38:49.0687 0x0840 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:38:49.0687 0x0840 isapnp - ok
16:38:49.0750 0x0840 [ B9436A665A8621073A12338B16D7BFD4, 1F1CB4758768BF7B7DDB27BF9DA944D869B561ABF7EC39CEC059044E10C1EA88 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
16:38:49.0781 0x0840 JavaQuickStarterService - ok
16:38:49.0796 0x0840 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:38:49.0796 0x0840 Kbdclass - ok
16:38:49.0828 0x0840 [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:38:49.0828 0x0840 kbdhid - ok
16:38:49.0875 0x0840 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:38:49.0890 0x0840 kmixer - ok
16:38:49.0937 0x0840 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:38:49.0937 0x0840 KSecDD - ok
16:38:49.0984 0x0840 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
16:38:50.0000 0x0840 lanmanserver - ok
16:38:50.0046 0x0840 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:38:50.0062 0x0840 lanmanworkstation - ok
16:38:50.0078 0x0840 lbrtfdc - ok
16:38:50.0140 0x0840 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:38:50.0140 0x0840 LmHosts - ok
16:38:50.0171 0x0840 [ 7263D95DC327A7911874293D509AD79E, 9A50A16C907FFF2B03A283BBCF966465D4CA1BFECA06EAD5B06B4FBF22B6B513 ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys
16:38:50.0171 0x0840 mbamchameleon - ok
16:38:50.0250 0x0840 [ 11F714F85530A2BD134074DC30E99FCA, BDB5FD3B2DF4ADD19B31965B3E789768B59E872B3EA85912B1FFB32B2AF9D5D8 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
16:38:50.0281 0x0840 MDM - ok
16:38:50.0312 0x0840 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:38:50.0328 0x0840 Messenger - ok
16:38:50.0343 0x0840 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:38:50.0343 0x0840 mnmdd - ok
16:38:50.0375 0x0840 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
16:38:50.0375 0x0840 mnmsrvc - ok
16:38:50.0421 0x0840 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:38:50.0421 0x0840 Modem - ok
16:38:50.0468 0x0840 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:38:50.0468 0x0840 Mouclass - ok
16:38:50.0500 0x0840 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:38:50.0500 0x0840 mouhid - ok
16:38:50.0531 0x0840 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:38:50.0546 0x0840 MountMgr - ok
16:38:50.0578 0x0840 [ 345477F02C308B7480702767218C86A2, 98AFB5CF35BD82BA44B8F52CBC5FA3760506ADD7892C2AA1A77E8DF71FC8523F ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:38:50.0593 0x0840 MozillaMaintenance - ok
16:38:50.0609 0x0840 mraid35x - ok
16:38:50.0656 0x0840 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:38:50.0671 0x0840 MRxDAV - ok
16:38:50.0734 0x0840 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:38:50.0765 0x0840 MRxSmb - ok
16:38:50.0812 0x0840 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\System32\msdtc.exe
16:38:50.0812 0x0840 MSDTC - ok
16:38:50.0843 0x0840 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:38:50.0843 0x0840 Msfs - ok
16:38:50.0875 0x0840 MSIServer - ok
16:38:50.0890 0x0840 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:38:50.0906 0x0840 MSKSSRV - ok
16:38:50.0906 0x0840 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:38:50.0921 0x0840 MSPCLOCK - ok
16:38:50.0937 0x0840 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:38:50.0937 0x0840 MSPQM - ok
16:38:50.0968 0x0840 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:38:50.0968 0x0840 mssmbios - ok
16:38:51.0000 0x0840 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:38:51.0015 0x0840 Mup - ok
16:38:51.0062 0x0840 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
16:38:51.0093 0x0840 napagent - ok
16:38:51.0109 0x0f24 Object required for P2P: [ D646FA5135A1CD795877AFE9D17FA9ED ] avgwd
16:38:51.0125 0x0840 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:38:51.0140 0x0840 NDIS - ok
16:38:51.0156 0x0840 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:38:51.0171 0x0840 NdisTapi - ok
16:38:51.0187 0x0840 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:38:51.0203 0x0840 Ndisuio - ok
16:38:51.0218 0x0840 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:38:51.0234 0x0840 NdisWan - ok
16:38:51.0265 0x0840 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:38:51.0265 0x0840 NDProxy - ok
16:38:51.0312 0x0840 [ A081CB6FB9A12668F233EB5414BE3A0E, EE2A1311B51D1FEBAF79F45E568A927D8EA7704AFC8495AED2D26927566F61E3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
16:38:51.0312 0x0840 Net Driver HPZ12 - ok
16:38:51.0343 0x0840 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:38:51.0343 0x0840 NetBIOS - ok
16:38:51.0375 0x0840 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:38:51.0390 0x0840 NetBT - ok
16:38:51.0437 0x0840 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
16:38:51.0453 0x0840 NetDDE - ok
16:38:51.0468 0x0840 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:38:51.0484 0x0840 NetDDEdsdm - ok
16:38:51.0515 0x0840 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:38:51.0515 0x0840 Netlogon - ok
16:38:51.0562 0x0840 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
16:38:51.0578 0x0840 Netman - ok
16:38:51.0640 0x0840 [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:38:51.0656 0x0840 NetTcpPortSharing - ok
16:38:51.0718 0x0840 [ C09C9E59DB51BB2921C8C38799359A80, A39590AA899ADED009B14B66C435EA14D1362C20BB6CC0C577C05AC7A6FA9A07 ] NitroReaderDriverReadSpool3 C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
16:38:51.0734 0x0840 NitroReaderDriverReadSpool3 - ok
16:38:51.0796 0x0840 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll
16:38:51.0812 0x0840 Nla - ok
16:38:51.0843 0x0840 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:38:51.0843 0x0840 Npfs - ok
16:38:51.0906 0x0840 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:38:51.0937 0x0840 Ntfs - ok
16:38:51.0953 0x0840 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
16:38:51.0968 0x0840 NtLmSsp - ok
16:38:52.0031 0x0840 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:38:52.0062 0x0840 NtmsSvc - ok
16:38:52.0093 0x0840 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
16:38:52.0109 0x0840 Null - ok
16:38:52.0140 0x0840 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:38:52.0140 0x0840 NwlnkFlt - ok
16:38:52.0171 0x0840 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:38:52.0171 0x0840 NwlnkFwd - ok
16:38:52.0234 0x0840 [ 2184024728C007F57C22A5CFB967F75F, 2AF3596C61C16283520A3B964F242E7515C5D334F4B6405A1875DCE6AAB6671C ] OpenVPNService C:\Program Files\OpenVPN\bin\openvpnserv.exe
16:38:52.0234 0x0840 OpenVPNService - ok
16:38:52.0265 0x0840 [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:38:52.0281 0x0840 ose - ok
16:38:52.0328 0x0840 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
16:38:52.0328 0x0840 Parport - ok
16:38:52.0343 0x0840 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:38:52.0359 0x0840 PartMgr - ok
16:38:52.0390 0x0840 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:38:52.0390 0x0840 ParVdm - ok
16:38:52.0437 0x03e4 Object required for P2P: [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc
16:38:52.0453 0x0840 [ 8C96D0658F58E235F422A7894929BF58, 4A95351393BD6E8B22FE43C42A33AC7C59DB9F4FD6DFABD44EE14113331D3B91 ] pbfilter C:\Program Files\PeerBlock\pbfilter.sys
16:38:52.0453 0x0840 pbfilter - ok
16:38:52.0484 0x0840 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:38:52.0484 0x0840 PCI - ok
16:38:52.0515 0x0840 PCIDump - ok
16:38:52.0546 0x0840 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
16:38:52.0546 0x0840 PCIIde - ok
16:38:52.0578 0x0840 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
16:38:52.0578 0x0840 Pcmcia - ok
16:38:52.0609 0x0840 PDCOMP - ok
16:38:52.0625 0x0840 PDFRAME - ok
16:38:52.0640 0x0840 PDRELI - ok
16:38:52.0656 0x0840 PDRFRAME - ok
16:38:52.0671 0x0840 perc2 - ok
16:38:52.0703 0x0840 perc2hib - ok
16:38:52.0765 0x0840 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe
16:38:52.0781 0x0840 PlugPlay - ok
16:38:52.0812 0x0840 [ 65BC271F337637731D3C71455AE1F476, DAD32B61FE0147F8D2DA4C8F016920CD6BB2098F16E3CC2768009763E71DEFBC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
16:38:52.0812 0x0840 Pml Driver HPZ12 - ok
16:38:52.0843 0x0840 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
16:38:52.0843 0x0840 PolicyAgent - ok
16:38:52.0875 0x0840 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:38:52.0890 0x0840 PptpMiniport - ok
16:38:52.0921 0x0840 [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
16:38:52.0921 0x0840 Processor - ok
16:38:52.0937 0x0840 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:38:52.0937 0x0840 ProtectedStorage - ok
16:38:52.0968 0x0840 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:38:52.0968 0x0840 PSched - ok
16:38:53.0000 0x0840 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:38:53.0015 0x0840 Ptilink - ok
16:38:53.0031 0x0840 ql1080 - ok
16:38:53.0046 0x0840 Ql10wnt - ok
16:38:53.0062 0x0840 ql12160 - ok
16:38:53.0078 0x0840 ql1240 - ok
16:38:53.0109 0x0840 ql1280 - ok
16:38:53.0125 0x0840 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:38:53.0125 0x0840 RasAcd - ok
16:38:53.0156 0x0840 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:38:53.0171 0x0840 RasAuto - ok
16:38:53.0203 0x0840 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:38:53.0203 0x0840 Rasl2tp - ok
16:38:53.0265 0x0840 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:38:53.0281 0x0840 RasMan - ok
16:38:53.0296 0x0840 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:38:53.0312 0x0840 RasPppoe - ok
16:38:53.0328 0x0840 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:38:53.0328 0x0840 Raspti - ok
16:38:53.0390 0x0840 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:38:53.0406 0x0840 Rdbss - ok
16:38:53.0421 0x0840 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:38:53.0421 0x0840 RDPCDD - ok
16:38:53.0453 0x0840 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:38:53.0468 0x0840 rdpdr - ok
16:38:53.0531 0x0840 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:38:53.0546 0x0840 RDPWD - ok
16:38:53.0578 0x0840 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:38:53.0593 0x0840 RDSessMgr - ok
16:38:53.0640 0x0840 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:38:53.0640 0x0840 redbook - ok
16:38:53.0687 0x0840 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:38:53.0703 0x0840 RemoteAccess - ok
16:38:53.0734 0x0840 [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
16:38:53.0734 0x0840 RemoteRegistry - ok
16:38:53.0765 0x0840 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7, CDF10D3D8ADA7ADB1CC1567BFA986557C6D69F4099B70FDFABD4C3D09E3CA778 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
16:38:53.0765 0x0840 ROOTMODEM - ok
16:38:53.0812 0x0840 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\System32\locator.exe
16:38:53.0812 0x0840 RpcLocator - ok
16:38:53.0859 0x0840 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\System32\rpcss.dll
16:38:53.0890 0x0840 RpcSs - ok
16:38:53.0921 0x0840 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\System32\rsvp.exe
16:38:53.0953 0x0840 RSVP - ok
16:38:54.0000 0x0840 [ CB20F16AFDBA63707FB971E0922EDEC1, 6617BE6417D3BE82D2FF6CFC28CA7C24FB8EE889A545E4CB3E784A05AF722F47 ] RT73 C:\WINDOWS\system32\DRIVERS\Dr71WU.sys
16:38:54.0031 0x0840 RT73 - ok
16:38:54.0062 0x0840 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
16:38:54.0062 0x0840 SamSs - ok
16:38:54.0093 0x0840 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:38:54.0109 0x0840 SCardSvr - ok
16:38:54.0156 0x0840 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:38:54.0171 0x0840 Schedule - ok
16:38:54.0218 0x0840 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:38:54.0234 0x0840 Secdrv - ok
16:38:54.0281 0x0840 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
16:38:54.0281 0x0840 seclogon - ok
16:38:54.0328 0x0840 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
16:38:54.0328 0x0840 SENS - ok
16:38:54.0359 0x0840 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
16:38:54.0359 0x0840 serenum - ok
16:38:54.0375 0x0840 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
16:38:54.0390 0x0840 Serial - ok
16:38:54.0437 0x0840 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:38:54.0437 0x0840 Sfloppy - ok
16:38:54.0484 0x0840 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
16:38:54.0515 0x0840 SharedAccess - ok
16:38:54.0546 0x0840 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:38:54.0562 0x0840 ShellHWDetection - ok
16:38:54.0578 0x0840 Simbad - ok
16:38:54.0656 0x0840 [ FA3368A7039F5ABAA4B933703AC34763, E79E917421CB233BFC5AFEDA0D370A0EE503BA1A2C2C085C36928C7AF23A12B9 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
16:38:54.0703 0x0840 smwdm - ok
16:38:54.0765 0x0840 [ 3978F082274F723AD5A0A8058C2417DD, B3C07E4686414BA64491C70BD6185ABE41AC2EFBC1EC9FF54A8C3760054FA0BF ] SoundMAX Agent Service (default) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
16:38:54.0765 0x0840 SoundMAX Agent Service (default) - ok
16:38:54.0781 0x0840 Sparrow - ok
16:38:54.0812 0x0840 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:38:54.0812 0x0840 splitter - ok
16:38:54.0859 0x0840 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:38:54.0859 0x0840 Spooler - ok
16:38:54.0859 0x0f24 Object send P2P result: true
16:38:54.0890 0x0840 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:38:54.0890 0x0f24 Object required for P2P: [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog
16:38:54.0890 0x0840 sr - ok
16:38:54.0937 0x0840 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\system32\srsvc.dll
16:38:54.0953 0x0840 srservice - ok
16:38:55.0015 0x0840 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:38:55.0046 0x0840 Srv - ok
16:38:55.0093 0x0840 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:38:55.0093 0x0840 SSDPSRV - ok
16:38:55.0125 0x0840 [ 1F730FDDC8E4602ECFD8D143F970CF82, 71CCC206C7C15DAD420F8AFDC08EEB5525ACD509350636197E3373D778A5559D ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
16:38:55.0125 0x0840 StarOpen - ok
16:38:55.0187 0x0840 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:38:55.0218 0x0840 stisvc - ok
16:38:55.0265 0x0840 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:38:55.0265 0x0840 swenum - ok
16:38:55.0296 0x0840 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:38:55.0296 0x0840 swmidi - ok
16:38:55.0312 0x0840 SwPrv - ok
16:38:55.0343 0x0840 symc810 - ok
16:38:55.0359 0x0840 symc8xx - ok
16:38:55.0390 0x0840 sym_hi - ok
16:38:55.0406 0x0840 sym_u3 - ok
16:38:55.0437 0x0840 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:38:55.0453 0x0840 sysaudio - ok
16:38:55.0484 0x0840 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:38:55.0484 0x0840 SysmonLog - ok
16:38:55.0546 0x0840 [ 432D9D823C4C26B6070C41BAD4404CE4, 741B41F7467D312AF4CC733EA31F647FBCD06985CBB6A14117E8A87A6F7B06F5 ] tap0901 C:\WINDOWS\system32\DRIVERS\tap0901.sys
16:38:55.0546 0x0840 tap0901 - ok
16:38:55.0578 0x0840 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:38:55.0593 0x03e4 Object send P2P result: true
16:38:55.0609 0x0840 TapiSrv - ok
16:38:55.0640 0x0840 [ 827C8058C284FF0013E4462EFE2591A3, CC97766296666B924970F8371127BB74AB96053C556886DD396E788A6C3A2218 ] tapoas C:\WINDOWS\system32\DRIVERS\tapoas.sys
16:38:55.0656 0x0840 tapoas - ok
16:38:55.0718 0x0840 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:38:55.0765 0x0840 Tcpip - ok
16:38:55.0812 0x0840 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:38:55.0828 0x0840 TDPIPE - ok
16:38:55.0859 0x0840 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:38:55.0859 0x0840 TDTCP - ok
16:38:55.0890 0x0840 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:38:55.0890 0x0840 TermDD - ok
16:38:55.0953 0x0840 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
16:38:55.0968 0x0840 TermService - ok
16:38:56.0015 0x0840 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
16:38:56.0015 0x0840 Themes - ok
16:38:56.0062 0x0840 [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
16:38:56.0062 0x0840 TlntSvr - ok
16:38:56.0078 0x0840 TosIde - ok
16:38:56.0125 0x0840 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:38:56.0125 0x0840 TrkWks - ok
16:38:56.0312 0x0840 [ F88A177FA51674CE8EAF43DA56DF5D36, D565C86BAAE8431D139C7FF79F9F365FE2361FCA302B9AB7E33169D08483F28B ] TuneUp.UtilitiesSvc C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
16:38:56.0406 0x0840 TuneUp.UtilitiesSvc - ok
16:38:56.0468 0x0840 [ E5049C43601473B5A909058596111229, 96CFE481F767C66FA2877594384086C1BE8B2BADBF12DBF4CB72CF73898D0876 ] TuneUpUtilitiesDrv C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys
16:38:56.0468 0x0840 TuneUpUtilitiesDrv - ok
16:38:56.0515 0x0840 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:38:56.0515 0x0840 Udfs - ok
16:38:56.0531 0x0840 ultra - ok
16:38:56.0593 0x0840 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:38:56.0625 0x0840 Update - ok
16:38:56.0671 0x0840 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
16:38:56.0687 0x0840 upnphost - ok
16:38:56.0718 0x0840 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
16:38:56.0718 0x0840 UPS - ok
16:38:56.0750 0x0840 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:38:56.0750 0x0840 usbccgp - ok
16:38:56.0781 0x0840 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:38:56.0781 0x0840 usbehci - ok
16:38:56.0828 0x0840 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:38:56.0828 0x0840 usbhub - ok
16:38:56.0859 0x0840 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:38:56.0859 0x0840 usbprint - ok
16:38:56.0890 0x0840 [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:38:56.0890 0x0840 usbscan - ok
16:38:56.0921 0x0840 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:38:56.0921 0x0840 USBSTOR - ok
16:38:56.0953 0x0840 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:38:56.0968 0x0840 usbuhci - ok
16:38:57.0015 0x0840 [ 78AD1693A685FA570C36E65B6708E16F, 111CC856C630C2C8A7AF456688201227A2DC97D3BF7A038F160A8BB1803E5515 ] UxTuneUp C:\WINDOWS\System32\uxtuneup.dll
16:38:57.0015 0x0840 UxTuneUp - ok
16:38:57.0031 0x0840 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:38:57.0046 0x0840 VgaSave - ok
16:38:57.0062 0x0840 ViaIde - ok
16:38:57.0093 0x0840 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:38:57.0093 0x0840 VolSnap - ok
16:38:57.0140 0x0840 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
16:38:57.0171 0x0840 VSS - ok
16:38:57.0218 0x0840 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time C:\WINDOWS\system32\w32time.dll
16:38:57.0234 0x0840 W32Time - ok
16:38:57.0281 0x0840 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:38:57.0281 0x0840 Wanarp - ok
16:38:57.0296 0x0840 WDICA - ok
16:38:57.0312 0x0840 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:38:57.0328 0x0840 wdmaud - ok
16:38:57.0359 0x0840 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
16:38:57.0359 0x0840 WebClient - ok
16:38:57.0437 0x0840 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:38:57.0453 0x0840 winmgmt - ok
16:38:57.0531 0x0840 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8, 98C21DEEB7124426D749FACDAD06EBD7F500AE5C465A98D558919C2A51C08554 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
16:38:57.0531 0x0840 WmdmPmSN - ok
16:38:57.0593 0x0840 [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi C:\WINDOWS\System32\advapi32.dll
16:38:57.0640 0x0840 Wmi - ok
16:38:57.0687 0x0840 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
16:38:57.0703 0x0840 WmiApSrv - ok
16:38:57.0734 0x0840 [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:38:57.0734 0x0840 WS2IFSL - ok
16:38:57.0796 0x0840 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
16:38:57.0859 0x0840 wscsvc - ok
16:38:57.0890 0x0840 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
16:38:57.0906 0x0840 wuauserv - ok
16:38:57.0968 0x0840 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:38:58.0015 0x0f24 Object send P2P result: true
16:38:58.0015 0x0f24 Object required for P2P: [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay
16:38:58.0078 0x0840 WZCSVC - ok
16:38:58.0140 0x0840 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:38:58.0171 0x0840 xmlprov - ok
16:38:58.0203 0x0840 ================ Scan global ===============================
16:38:58.0218 0x0840 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
16:38:58.0296 0x0840 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
16:38:58.0343 0x0840 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
16:38:58.0375 0x0840 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
16:38:58.0390 0x0840 [ Global ] - ok
16:38:58.0390 0x0840 ================ Scan MBR ==================================
16:38:58.0421 0x0840 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
16:38:58.0671 0x0840 \Device\Harddisk0\DR0 - ok
16:38:58.0671 0x0840 ================ Scan VBR ==================================
16:38:58.0687 0x0840 [ AB8E5D40B8AF869A4D8348BDC339B605 ] \Device\Harddisk0\DR0\Partition1
16:38:58.0734 0x0840 \Device\Harddisk0\DR0\Partition1 - ok
16:38:58.0750 0x0840 [ 3739B71CC09C9A3A3C0570AD8177F4D4 ] \Device\Harddisk0\DR0\Partition2
16:38:58.0781 0x0840 \Device\Harddisk0\DR0\Partition2 - ok
16:38:58.0796 0x0840 ================ Scan generic autorun ======================
16:38:59.0062 0x0840 [ 24A3FDF5F2ED5AD16BDD35150F00EFDA, EC52FBD9F15D082633D3104CE1213693A41363F44653F238D0D33F4F8F96EA44 ] C:\Program Files\AVG\AVG2013\avgui.exe
16:38:59.0296 0x0840 AVG_UI - ok
16:38:59.0375 0x0840 [ C637FC4638A96165256B28D38DE7B953, CD658543610F151C7860DBDCF36596C9B5417D87E598FA50A435392D4AED1C14 ] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
16:38:59.0390 0x0840 HP Software Update - ok
16:38:59.0531 0x0840 [ 805A429D05615FB82B4D1D15ED08F6C1, DD6753AE8B7498C4B2D764C4F363CBCABD5D413CF9E4DE0F6C5DF84394822F78 ] C:\Program Files\PeerBlock\peerblock.exe
16:38:59.0640 0x0840 PeerBlock - ok
16:38:59.0687 0x0840 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
16:38:59.0703 0x0840 ctfmon.exe - ok
16:38:59.0703 0x0840 AVG-Secure-Search-Update_JUNE2013_TB - ok
16:38:59.0718 0x0840 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
16:38:59.0718 0x0840 ctfmon.exe - ok
16:38:59.0734 0x0840 AVG-Secure-Search-Update_JUNE2013_TB - ok
16:38:59.0750 0x0840 avg_spchecker - ok
16:38:59.0765 0x0840 spchecker - ok
16:38:59.0765 0x0840 Waiting for KSN requests completion. In queue: 163
16:39:00.0765 0x0840 Waiting for KSN requests completion. In queue: 163
16:39:01.0062 0x0f24 Object send P2P result: true
16:39:01.0765 0x0840 Waiting for KSN requests completion. In queue: 162
16:39:02.0765 0x0840 Waiting for KSN requests completion. In queue: 162
16:39:03.0046 0x0958 Object required for P2P: [ 23C74D75E36E7158768DD63D92789A91 ] IPSec
16:39:03.0765 0x0840 Waiting for KSN requests completion. In queue: 156
16:39:04.0765 0x0840 Waiting for KSN requests completion. In queue: 156
16:39:05.0765 0x0840 Waiting for KSN requests completion. In queue: 156
16:39:06.0093 0x0958 Object send P2P result: true
16:39:06.0093 0x0958 Object required for P2P: [ F927A4434C5028758A842943EF1A3849 ] Ndisuio
16:39:06.0765 0x0840 Waiting for KSN requests completion. In queue: 123
16:39:07.0765 0x0840 Waiting for KSN requests completion. In queue: 123
16:39:08.0765 0x0840 Waiting for KSN requests completion. In queue: 123
16:39:09.0156 0x0958 Object send P2P result: true
16:39:09.0156 0x0958 Object required for P2P: [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM
16:39:09.0765 0x0840 Waiting for KSN requests completion. In queue: 72
16:39:10.0765 0x0840 Waiting for KSN requests completion. In queue: 72
16:39:11.0765 0x0840 Waiting for KSN requests completion. In queue: 72
16:39:12.0187 0x0958 Object send P2P result: true
16:39:12.0796 0x0840 AV detected via SS1: AVG Internet Security 2013, 2013.0, enabled, updated
16:39:12.0796 0x0840 FW detected via SS1: AVG Internet Security 2013, 2013.0, enabled
16:39:12.0812 0x0840 FW detected via SS1: AVG Firewall, 10.0, disabled
16:39:16.0156 0x0840 ============================================================
16:39:16.0156 0x0840 Scan finished
16:39:16.0156 0x0840 ============================================================
16:39:16.0171 0x06a4 Detected object count: 0
16:39:16.0171 0x06a4 Actual detected object count: 0
16:39:25.0562 0x0710 Deinitialize success

#15 Rosenberg

Rosenberg
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:05 PM

Posted 02 February 2015 - 07:58 PM

Hi Gary,

I tried to attach the MBR.dat file, but I get a message, "you aren't permitted to upload this kind of file."

Sharon




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users