Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Files/programs stop opening after some time

(In Progress)
(!)

forummember's Avatar
forummember forummember is offline
Member with 17 posts.
THREAD STARTER
 
Join Date: Apr 2011
Experience: Computer Illiterate
15-Sep-2012, 03:51 PM #1
Files/programs stop opening after some time
Hi,

This is in reference to the topic I created here:
http://forums.techguy.org/windows-xp...fter-some.html

On startup I am able to open files and programs. However, after sometime, I cannot open files and programs. I cannot open the files by double clicking or using "Open with." If I keep a program open, it runs fine. I can open folders, though. I suspect I have Malware.

I'd appreciate the help.

Thanks.

Here are the logs:
HijackThis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:48:19 AM, on 9/15/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 SP2 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Moinuddin Malik\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s/search?r=minisearch
R3 - URLSearchHook: (no name) - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DownloadGuardBHO - {20C1A7F0-528E-444F-BAC5-5804A61CCA7F} - C:\Program Files\Lavasoft\Download Guard for Internet Explorer\DownloadGuardBHO.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Opera\program\plugins\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Opera\program\plugins\NPSWF32_FlashUtil.exe -p (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

--
End of file - 10547 bytes



DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Run by Moinuddin Malik at 10:49:45 on 2012-09-15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.74 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://my.juno.com/s/search?r=minisearch
uDefault_Page_URL = hxxp://www.dellnet.com
uSearch Bar = hxxp://my.juno.com/s/search?r=minisearch
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://my.juno.com/s/search?r=minisearch
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Download Guard for Internet Explorer: {20c1a7f0-528e-444f-bac5-5804a61cca7f} - c:\program files\lavasoft\download guard for internet explorer\DownloadGuardBHO.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
{ef99bd32-c1fb-11d2-892f-0090271d4f88}
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
TB: {463DF6D5-BEC1-4D67-B217-59DB692DFC53} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe
mRun: [Dell|Alert] c:\program files\dell\support\alert\bin\DAMon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
dRunOnce: [FlashPlayerUpdate] c:\program files\opera\program\plugins\NPSWF32_FlashUtil.exe -p
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
IE: Display All Images with Full Quality - c:\program files\juno\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\juno\qsacc\appres.dll/227
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: Yahoo! Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.1.11.30.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {556DDE35-E955-11D0-A707-000000521957} - hxxp://www.xblock.com/download/xclean_micro.exe
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D2E1FA0C-5CF8-4F90-AFC8-E531A3E90B42} : DhcpNameServer = 192.168.1.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - c:\program files\juno\bin\jmsgpph.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\moinuddin malik\application data\mozilla\firefox\profiles\r2jvvx5n.default\
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d01a095&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff10.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff8.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff9.dll
FF - component: c:\program files\pc tools security\bdt\firefox\platform\winnt_x86-msvc\components\libheuristic.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.2.0\npsitesafety.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50524.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npdsplay.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-26 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-5-23 263888]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-5-23 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-5-23 656320]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 297168]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-5-23 233976]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-4-28 27632]
.
=============== File Associations ===============
.
.txt=txt_auto_file
.
=============== Created Last 30 ================
.
2012-09-09 22:39:15 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2012-09-09 22:09:49 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-09-09 22:09:49 -------- d-----w- c:\windows\system32\wbem\Repository
2012-08-30 02:09:26 -------- d-sh--w- C:\found.001
2012-08-26 03:06:27 -------- d-sh--w- C:\found.000
.
==================== Find3M ====================
.
2012-09-07 21:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2003-04-06 00:32:54 356352 -c--a-w- c:\program files\putty.exe
2005-06-22 05:37:42 45568 -csha-r- c:\windows\system32\cygz.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST320011A rev.3.75 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll >>UNKNOWN [0x868AA4B1]<<
c:\windows\system32\drivers\PCTCore.sys PC Tools Kernel Driver Suite
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x868b193c]; MOV EAX, [0x868b1ab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37C5] -> \Device\Harddisk0\DR0[0x86FD4AB8]
3 CLASSPNP[0xF76E3FD7] -> nt!IofCallDriver[0x804E37C5] -> [0x86FA9020]
5 PCTCore[0xF75A868B] -> nt!IofCallDriver[0x804E37C5] -> \Device\00000066[0x86FDAF18]
7 ACPI[0xF763A620] -> nt!IofCallDriver[0x804E37C5] -> [0x86F6C940]
\Driver\atapi[0x86AF0660] -> IRP_MJ_CREATE -> 0x868AA4B1
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x868AA2E2
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 10:55:47.84 ===============


Attach.txt attached

Ark.txt:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-15 15:38:39
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 ST320011A rev.3.75
Running: mx8ntf7c.exe; Driver: C:\DOCUME~1\MOINUD~1\LOCALS~1\Temp\pgrcypog.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF75CB93E]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF75A50B6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF75A537E]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF75CC2F8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF75CC682]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF75CAB7C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xF79E4738]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF75CCBC6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF75CBCFC]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xF79E47DC]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xF79E4878]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xF79E4914]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF6396340, 0x121A5F, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF9D5380, 0x25BA81, 0xF8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1248] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 001A3CB4
.text C:\WINDOWS\System32\svchost.exe[1248] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\WINDOWS\System32\svchost.exe[1248] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 001A4457
.text C:\WINDOWS\System32\svchost.exe[1248] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 001A44B8
.text C:\WINDOWS\System32\svchost.exe[1248] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 001A4528
.text C:\WINDOWS\System32\svchost.exe[1248] USER32.dll!IsWindowVisible 7E429E3D 5 Bytes JMP 001A455B
.text C:\WINDOWS\System32\svchost.exe[1248] USER32.dll!MessageBoxIndirectW 7E4664D5 6 Bytes [33, C0, 40, C2, 04, 00] {XOR EAX, EAX; INC EAX; RET 0x4}
.text C:\WINDOWS\System32\svchost.exe[1248] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 001A46C1
.text C:\WINDOWS\System32\svchost.exe[1248] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 001A4697
.text C:\WINDOWS\System32\svchost.exe[1248] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 001A43B9
.text C:\WINDOWS\system32\java.exe[2416] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 001C3CB4

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8688B2E2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8688B2E2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8688B2E2

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{40EFFD12-BF77-1D07-E49E-3C3E8DAF1F44}\InProcServer32@ %SystemRoot%\system32\SHELL32.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{40EFFD12-BF77-1D07-E49E-3C3E8DAF1F44}\InProcServer32@ThreadingModel Free
Reg HKLM\SOFTWARE\Classes\CLSID\{BB55E03B-8313-39B8-6664-72DC1427FEC0}\InprocServer32@ C:\Program Files\Common Files\Microsoft Shared\DAO\Dao350.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{BB55E03B-8313-39B8-6664-72DC1427FEC0}\InprocServer32@InprocServer32 _7fk)--Yp?%(+wEE,ytCImagexCore>sWm93!vv49{`Xxs.W[_'?
Reg HKLM\SOFTWARE\Classes\CLSID\{BB55E03B-8313-39B8-6664-72DC1427FEC0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{BB55E03B-8313-39B8-6664-72DC1427FEC0}\ProgID@ DAO.User.35
Reg HKLM\SOFTWARE\Classes\CLSID\{F20F2AA6-AE5A-3B27-1372-B392C4A11357}\InprocServer32@ C:\WINDOWS\System32\WMDMLOG.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{F20F2AA6-AE5A-3B27-1372-B392C4A11357}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{F20F2AA6-AE5A-3B27-1372-B392C4A11357}\ProgID@ WMDMLogger.WMDMLogger.1
Reg HKLM\SOFTWARE\Classes\CLSID\{F20F2AA6-AE5A-3B27-1372-B392C4A11357}\VersionIndependentProgID@ WMDMLogger.WMDMLogger

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 96,465 posts.
 
Join Date: Aug 2003
17-Sep-2012, 03:40 PM #2
Please go here and download the TDSSKiller.exe to your desktop.
  • Double-click to TDSSKiller.exe on your desktop to run it.
  • Click on Start Scan
  • As we don't want to fix anything yet, if any malicious objects are detected, do NOT select Cure but select Skip instead.
It will produce a log once it finishes in the root drive which should look like this example:

C:\TDSSKiller.<version_date_time>log.txt

Please copy and paste the contents of that log in your next reply.
__________________
Microsoft MVP - Consumer Security
forummember's Avatar
forummember forummember is offline
Member with 17 posts.
THREAD STARTER
 
Join Date: Apr 2011
Experience: Computer Illiterate
19-Sep-2012, 11:40 PM #3
I'll post the log when I go to my parent's home this weekend, but they're telling me the computer works fine now after removing the virus I removed Rouge.Antivirus Suite from the registry.
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 96,465 posts.
 
Join Date: Aug 2003
20-Sep-2012, 08:18 AM #4
OK. There will undoubtedly be other things that need to be done.
forummember's Avatar
forummember forummember is offline
Member with 17 posts.
THREAD STARTER
 
Join Date: Apr 2011
Experience: Computer Illiterate
22-Sep-2012, 04:58 PM #5
The problem came back. Files/programs wouldn't open. No message; they just wouldn't open. I also couldn't shutdown. I reran Hijack, DDS, etc. When I would run Hijack, the run would complete, but when I would try to save the log file, Hijack would just display the hourglass; the only thing I could do was close the window. GMER would crash sometimes. One time it finished, but when I tried to save the log, the same thing would happen as in Hijack. I also ran TDSS; it found the Pihar virus. Here are the logs again. Thanks for all the help.

HiJackthis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:05:25 AM, on 9/22/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 SP2 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Documents and Settings\UserA\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s/search?r=minisearch
R3 - URLSearchHook: (no name) - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DownloadGuardBHO - {20C1A7F0-528E-444F-BAC5-5804A61CCA7F} - C:\Program Files\Lavasoft\Download Guard for Internet Explorer\DownloadGuardBHO.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Opera\program\plugins\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Opera\program\plugins\NPSWF32_FlashUtil.exe -p (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

--
End of file - 10446 bytes



DDS.txt:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Run by UserA at 11:01:10 on 2012-09-22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.456 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://my.juno.com/s/search?r=minisearch
uDefault_Page_URL = hxxp://www.dellnet.com
uSearch Bar = hxxp://my.juno.com/s/search?r=minisearch
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://my.juno.com/s/search?r=minisearch
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Download Guard for Internet Explorer: {20c1a7f0-528e-444f-bac5-5804a61cca7f} - c:\program files\lavasoft\download guard for internet explorer\DownloadGuardBHO.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
{ef99bd32-c1fb-11d2-892f-0090271d4f88}
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
TB: {463DF6D5-BEC1-4D67-B217-59DB692DFC53} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe
mRun: [Dell|Alert] c:\program files\dell\support\alert\bin\DAMon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
dRunOnce: [FlashPlayerUpdate] c:\program files\opera\program\plugins\NPSWF32_FlashUtil.exe -p
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
IE: Display All Images with Full Quality - c:\program files\juno\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\juno\qsacc\appres.dll/227
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: Yahoo! Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.1.11.30.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {556DDE35-E955-11D0-A707-000000521957} - hxxp://www.xblock.com/download/xclean_micro.exe
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D2E1FA0C-5CF8-4F90-AFC8-E531A3E90B42} : DhcpNameServer = 192.168.1.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - c:\program files\juno\bin\jmsgpph.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\UserA\application data\mozilla\firefox\profiles\r2jvvx5n.default\
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d01a095&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff10.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff8.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff9.dll
FF - component: c:\program files\pc tools security\bdt\firefox\platform\winnt_x86-msvc\components\libheuristic.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.2.0\npsitesafety.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50524.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npdsplay.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-26 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-5-23 263888]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-5-23 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-5-23 656320]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 297168]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-5-23 233976]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-5-23 337872]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-1-15 204800]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-11 24652]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-4-28 27632]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 253600]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-12 167264]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 114144]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-5-23 371472]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-5-23 1117144]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-28 136176]
.
=============== File Associations ===============
.
.txt=txt_auto_file
.
=============== Created Last 30 ================
.
2012-09-09 22:39:15 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2012-09-09 22:09:49 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-09-09 22:09:49 -------- d-----w- c:\windows\system32\wbem\Repository
2012-08-30 02:09:26 -------- d-sh--w- C:\found.001
2012-08-26 03:06:27 -------- d-sh--w- C:\found.000
.
==================== Find3M ====================
.
2012-09-07 21:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2003-04-06 00:32:54 356352 -c--a-w- c:\program files\putty.exe
2005-06-22 05:37:42 45568 -csha-r- c:\windows\system32\cygz.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST320011A rev.3.75 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll >>UNKNOWN [0x869704B1]<<
c:\windows\system32\drivers\PCTCore.sys PC Tools Kernel Driver Suite
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8697793c]; MOV EAX, [0x86977ab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37C5] -> \Device\Harddisk0\DR0[0x86F69AB8]
3 CLASSPNP[0xF76E3FD7] -> nt!IofCallDriver[0x804E37C5] -> [0x86F7F970]
5 PCTCore[0xF75A868B] -> nt!IofCallDriver[0x804E37C5] -> \Device\00000065[0x86F6EEB0]
7 ACPI[0xF763A620] -> nt!IofCallDriver[0x804E37C5] -> [0x86F91940]
\Driver\atapi[0x86C2CCA8] -> IRP_MJ_CREATE -> 0x869704B1
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x869702E2
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 11:03:29.62 ===============


Ark.txt:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-22 16:42:12
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 ST320011A rev.3.75
Running: 3pmwct04.exe; Driver: C:\DOCUME~1\MOINUD~1\LOCALS~1\Temp\pgrcypog.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF75CB93E]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF75A50B6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF75A537E]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF75CC2F8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF75CC682]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF75CAB7C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xEB0DE738]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF75CCBC6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF75CBCFC]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xEB0DE7DC]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xEB0DE878]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xEB0DE914]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 4A0 804E2AFC 4 Bytes JMP 8EF5160E
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF62DB340, 0x121A5F, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF9D5380, 0x25BA81, 0xF8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\java.exe[448] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 001C3CB4
.text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 001A3CB4
.text C:\WINDOWS\System32\svchost.exe[1240] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\WINDOWS\System32\svchost.exe[1240] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 001A4457
.text C:\WINDOWS\System32\svchost.exe[1240] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 001A44B8
.text C:\WINDOWS\System32\svchost.exe[1240] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 001A4528
.text C:\WINDOWS\System32\svchost.exe[1240] USER32.dll!IsWindowVisible 7E429E3D 5 Bytes JMP 001A455B
.text C:\WINDOWS\System32\svchost.exe[1240] USER32.dll!MessageBoxIndirectW 7E4664D5 6 Bytes [33, C0, 40, C2, 04, 00] {XOR EAX, EAX; INC EAX; RET 0x4}
.text C:\WINDOWS\System32\svchost.exe[1240] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 001A46C1
.text C:\WINDOWS\System32\svchost.exe[1240] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 001A4697
.text C:\WINDOWS\System32\svchost.exe[1240] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 001A43B9

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 869092E2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 869092E2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 869092E2

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{40EFFD12-BF77-1D07-E49E-3C3E8DAF1F44}\InProcServer32@ %SystemRoot%\system32\SHELL32.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{40EFFD12-BF77-1D07-E49E-3C3E8DAF1F44}\InProcServer32@ThreadingModel Free
Reg HKLM\SOFTWARE\Classes\CLSID\{BB55E03B-8313-39B8-6664-72DC1427FEC0}\InprocServer32@ C:\Program Files\Common Files\Microsoft Shared\DAO\Dao350.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{BB55E03B-8313-39B8-6664-72DC1427FEC0}\InprocServer32@InprocServer32 _7fk)--Yp?%(+wEE,ytCImagexCore>sWm93!vv49{`Xxs.W[_'?
Reg HKLM\SOFTWARE\Classes\CLSID\{BB55E03B-8313-39B8-6664-72DC1427FEC0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{BB55E03B-8313-39B8-6664-72DC1427FEC0}\ProgID@ DAO.User.35
Reg HKLM\SOFTWARE\Classes\CLSID\{F20F2AA6-AE5A-3B27-1372-B392C4A11357}\InprocServer32@ C:\WINDOWS\System32\WMDMLOG.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{F20F2AA6-AE5A-3B27-1372-B392C4A11357}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{F20F2AA6-AE5A-3B27-1372-B392C4A11357}\ProgID@ WMDMLogger.WMDMLogger.1
Reg HKLM\SOFTWARE\Classes\CLSID\{F20F2AA6-AE5A-3B27-1372-B392C4A11357}\VersionIndependentProgID@ WMDMLogger.WMDMLogger

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----


And TDSSKiller:
16:42:27.0296 2500 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
16:42:29.0312 2500 ============================================================
16:42:29.0312 2500 Current date / time: 2012/09/22 16:42:29.0312
16:42:29.0312 2500 SystemInfo:
16:42:29.0312 2500
16:42:29.0312 2500 OS Version: 5.1.2600 ServicePack: 3.0
16:42:29.0312 2500 Product type: Workstation
16:42:29.0312 2500 ComputerName: HOME
16:42:29.0312 2500 UserName: UserA
16:42:29.0312 2500 Windows directory: C:\WINDOWS
16:42:29.0312 2500 System windows directory: C:\WINDOWS
16:42:29.0312 2500 Processor architecture: Intel x86
16:42:29.0312 2500 Number of processors: 1
16:42:29.0312 2500 Page size: 0x1000
16:42:29.0312 2500 Boot type: Normal boot
16:42:29.0312 2500 ============================================================
16:42:47.0156 2500 Drive \Device\Harddisk0\DR0 - Size: 0x4A94F0000 (18.65 Gb), SectorSize: 0x200, Cylinders: 0x982, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:42:47.0171 2500 ============================================================
16:42:47.0171 2500 \Device\Harddisk0\DR0:
16:42:47.0171 2500 MBR partitions:
16:42:47.0171 2500 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x2536D3D
16:42:47.0171 2500 ============================================================
16:42:47.0390 2500 C: <-> \Device\Harddisk0\DR0\Partition1
16:42:47.0390 2500 ============================================================
16:42:47.0406 2500 Initialize success
16:42:47.0406 2500 ============================================================
16:42:52.0375 2788 ============================================================
16:42:52.0375 2788 Scan started
16:42:52.0375 2788 Mode: Manual;
16:42:52.0375 2788 ============================================================
16:42:52.0953 2788 ================ Scan system memory ========================
16:43:00.0187 2788 System memory - ok
16:43:00.0203 2788 ================ Scan services =============================
16:43:00.0859 2788 [ B021D0AE4605CE5DF67F06E741278CDF ] a016bus C:\WINDOWS\system32\DRIVERS\a016bus.sys
16:43:00.0906 2788 a016bus - ok
16:43:00.0968 2788 [ 5B6BC2DE851012906D4AAE84C802E3F2 ] a016mdfl C:\WINDOWS\system32\DRIVERS\a016mdfl.sys
16:43:00.0968 2788 a016mdfl - ok
16:43:01.0046 2788 [ C80CFFB5819CCFC97F2B09E2259DFDE6 ] a016mdm C:\WINDOWS\system32\DRIVERS\a016mdm.sys
16:43:01.0093 2788 a016mdm - ok
16:43:01.0156 2788 [ 415243177FF67D3CFBA44D931B809BF3 ] a016mgmt C:\WINDOWS\system32\DRIVERS\a016mgmt.sys
16:43:01.0203 2788 a016mgmt - ok
16:43:01.0281 2788 [ 3A853F9B8B69541CDE714A83A0A6434E ] a016obex C:\WINDOWS\system32\DRIVERS\a016obex.sys
16:43:01.0343 2788 a016obex - ok
16:43:01.0359 2788 Abiosdsk - ok
16:43:01.0421 2788 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
16:43:01.0437 2788 abp480n5 - ok
16:43:01.0578 2788 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:43:01.0687 2788 ACPI - ok
16:43:01.0750 2788 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
16:43:01.0828 2788 ACPIEC - ok
16:43:02.0062 2788 [ 0D4C486A24A711A45FD83ACDF4D18506 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:43:02.0203 2788 AdobeFlashPlayerUpdateSvc - ok
16:43:02.0296 2788 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\System32\DRIVERS\adpu160m.sys
16:43:02.0343 2788 adpu160m - ok
16:43:02.0406 2788 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
16:43:02.0421 2788 aeaudio - ok
16:43:02.0531 2788 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:43:02.0578 2788 aec - ok
16:43:02.0687 2788 [ 322D0E36693D6E24A2398BEE62A268CD ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:43:02.0765 2788 AFD - ok
16:43:02.0812 2788 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
16:43:02.0828 2788 agp440 - ok
16:43:02.0875 2788 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
16:43:02.0890 2788 agpCPQ - ok
16:43:02.0937 2788 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\System32\DRIVERS\aha154x.sys
16:43:02.0968 2788 Aha154x - ok
16:43:03.0000 2788 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\System32\DRIVERS\aic78u2.sys
16:43:03.0031 2788 aic78u2 - ok
16:43:03.0140 2788 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\System32\DRIVERS\aic78xx.sys
16:43:03.0156 2788 aic78xx - ok
16:43:03.0218 2788 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:43:03.0265 2788 Alerter - ok
16:43:03.0312 2788 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
16:43:03.0328 2788 ALG - ok
16:43:03.0359 2788 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\System32\DRIVERS\aliide.sys
16:43:03.0375 2788 AliIde - ok
16:43:03.0453 2788 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\System32\DRIVERS\alim1541.sys
16:43:03.0484 2788 alim1541 - ok
16:43:03.0546 2788 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\System32\DRIVERS\amdagp.sys
16:43:03.0562 2788 amdagp - ok
16:43:03.0593 2788 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\System32\DRIVERS\amsint.sys
16:43:03.0609 2788 amsint - ok
16:43:03.0625 2788 AppMgmt - ok
16:43:03.0687 2788 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\System32\DRIVERS\asc.sys
16:43:03.0718 2788 asc - ok
16:43:03.0765 2788 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\System32\DRIVERS\asc3350p.sys
16:43:03.0875 2788 asc3350p - ok
16:43:03.0921 2788 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\System32\DRIVERS\asc3550.sys
16:43:03.0937 2788 asc3550 - ok
16:43:04.0093 2788 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:43:04.0140 2788 aspnet_state - ok
16:43:04.0218 2788 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:43:04.0250 2788 AsyncMac - ok
16:43:04.0328 2788 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:43:04.0328 2788 atapi - ok
16:43:04.0343 2788 Atdisk - ok
16:43:04.0406 2788 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:43:04.0437 2788 Atmarpc - ok
16:43:04.0515 2788 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:43:04.0531 2788 AudioSrv - ok
16:43:04.0578 2788 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:43:04.0578 2788 audstub - ok
16:43:05.0093 2788 [ D45B7995761253A92AB071D576114F28 ] AVG Security Toolbar Service C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
16:43:05.0218 2788 AVG Security Toolbar Service - ok
16:43:08.0437 2788 [ 7A0F6A3E0E41425B9BA54616B482668A ] AVGIDSAgent C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
16:43:11.0781 2788 AVGIDSAgent - ok
16:43:11.0890 2788 [ 2D18221AAB3DB2D408D6C55C0F23090A ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
16:43:11.0968 2788 AVGIDSDriver - ok
16:43:12.0046 2788 [ 1AF676DB3F3D4CC709CFAB2571CF5FC3 ] AVGIDSEH C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
16:43:12.0109 2788 AVGIDSEH - ok
16:43:12.0171 2788 [ 4C51E233C87F9EC7598551DE554BC99D ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
16:43:12.0218 2788 AVGIDSFilter - ok
16:43:12.0296 2788 [ C3FC426E54F55C1CC3219E415B88E10C ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
16:43:12.0312 2788 AVGIDSShim - ok
16:43:12.0453 2788 [ 4E796D3D2C3182B13B3E3B5A2AD4EF0A ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
16:43:12.0562 2788 Avgldx86 - ok
16:43:12.0609 2788 [ 5639DE66B37D02BD22DF4CF3155FBA60 ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
16:43:12.0687 2788 Avgmfx86 - ok
16:43:12.0765 2788 [ D1BAF652EDA0AE70896276A1FB32C2D4 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
16:43:12.0828 2788 Avgrkx86 - ok
16:43:13.0062 2788 [ AAF0EBCAD95F2164CFFB544E00392498 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
16:43:13.0250 2788 Avgtdix - ok
16:43:13.0406 2788 [ FC2BC51120A945F7C70376495E4E7737 ] avgwd C:\Program Files\AVG\AVG10\avgwdsvc.exe
16:43:13.0515 2788 avgwd - ok
16:43:13.0593 2788 [ 1B9C81AB9A456EABD9F8335F04B5F495 ] basic2 C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys
16:43:13.0609 2788 basic2 - ok
16:43:13.0671 2788 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:43:13.0671 2788 Beep - ok
16:43:13.0875 2788 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
16:43:14.0156 2788 BITS - ok
16:43:14.0265 2788 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
16:43:14.0312 2788 Browser - ok
16:43:14.0593 2788 [ E895280B396456393540C90EFAE0BDE4 ] Browser Defender Update Service C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
16:43:14.0734 2788 Browser Defender Update Service - ok
16:43:14.0796 2788 [ 73458867C8963C76260C18D7BDB15625 ] bvrp_pci C:\WINDOWS\system32\drivers\bvrp_pci.sys
16:43:14.0828 2788 bvrp_pci - ok
16:43:14.0890 2788 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
16:43:14.0953 2788 cbidf - ok
16:43:14.0968 2788 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:43:14.0984 2788 cbidf2k - ok
16:43:15.0109 2788 [ A9ACC4B9730B6D5B0BB2BFFDC53F0812 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe
16:43:15.0140 2788 CCALib8 - ok
16:43:15.0203 2788 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
16:43:15.0203 2788 cd20xrnt - ok
16:43:15.0250 2788 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:43:15.0312 2788 Cdaudio - ok
16:43:15.0375 2788 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:43:15.0437 2788 Cdfs - ok
16:43:15.0500 2788 [ BF79E659C506674C0497CC9C61F1A165 ] Cdr4_xp C:\WINDOWS\system32\drivers\Cdr4_xp.sys
16:43:15.0515 2788 Cdr4_xp - ok
16:43:15.0531 2788 [ 2C41CD49D82D5FD85C72D57B6CA25471 ] Cdralw2k C:\WINDOWS\system32\drivers\Cdralw2k.sys
16:43:15.0546 2788 Cdralw2k - ok
16:43:15.0640 2788 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:43:15.0656 2788 Cdrom - ok
16:43:15.0765 2788 [ 072070A498D5FAD70C3A99A5F0B1331B ] cdudf_xp C:\WINDOWS\system32\drivers\cdudf_xp.sys
16:43:15.0921 2788 cdudf_xp - ok
16:43:15.0953 2788 Changer - ok
16:43:16.0015 2788 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc C:\WINDOWS\system32\cisvc.exe
16:43:16.0062 2788 cisvc - ok
16:43:16.0093 2788 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:43:16.0109 2788 ClipSrv - ok
16:43:16.0187 2788 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:43:16.0203 2788 clr_optimization_v2.0.50727_32 - ok
16:43:16.0296 2788 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\System32\DRIVERS\cmdide.sys
16:43:16.0328 2788 CmdIde - ok
16:43:16.0359 2788 COMSysApp - ok
16:43:16.0437 2788 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\System32\DRIVERS\cpqarray.sys
16:43:16.0453 2788 Cpqarray - ok
16:43:16.0531 2788 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:43:16.0531 2788 CryptSvc - ok
16:43:16.0609 2788 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
16:43:16.0625 2788 dac2w2k - ok
16:43:16.0671 2788 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\System32\DRIVERS\dac960nt.sys
16:43:16.0687 2788 dac960nt - ok
16:43:16.0906 2788 [ 2589FE6015A316C0F5D5112B4DA7B509 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:43:17.0062 2788 DcomLaunch - ok
16:43:17.0187 2788 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:43:17.0187 2788 Dhcp - ok
16:43:17.0234 2788 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:43:17.0281 2788 Disk - ok
16:43:17.0328 2788 [ 51EF6CA3D57055FED6AB99021D562443 ] DM9102 C:\WINDOWS\system32\DRIVERS\DM9PCI5.SYS
16:43:17.0359 2788 DM9102 - ok
16:43:17.0375 2788 dmadmin - ok
16:43:17.0500 2788 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:43:17.0593 2788 dmboot - ok
16:43:17.0703 2788 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:43:17.0843 2788 dmio - ok
16:43:17.0968 2788 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:43:18.0031 2788 dmload - ok
16:43:18.0109 2788 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
16:43:18.0125 2788 dmserver - ok
16:43:18.0171 2788 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:43:18.0203 2788 DMusic - ok
16:43:18.0250 2788 [ 474B4DC3983173E4B4C9740B0DAC98A6 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:43:18.0265 2788 Dnscache - ok
16:43:18.0375 2788 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:43:18.0546 2788 Dot3svc - ok
16:43:18.0609 2788 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\System32\DRIVERS\dpti2o.sys
16:43:18.0625 2788 dpti2o - ok
16:43:18.0687 2788 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:43:18.0703 2788 drmkaud - ok
16:43:18.0765 2788 [ A3997BAAB606CAA92F27E07BC4F070F0 ] dvd_2K C:\WINDOWS\system32\drivers\dvd_2K.sys
16:43:18.0812 2788 dvd_2K - ok
16:43:18.0859 2788 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:43:18.0937 2788 EapHost - ok
16:43:18.0968 2788 EL90XBC - ok
16:43:19.0046 2788 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:43:19.0078 2788 ERSvc - ok
16:43:19.0171 2788 [ 0E776ED5F7CC9F94299E70461B7B8185 ] Eventlog C:\WINDOWS\system32\services.exe
16:43:19.0218 2788 Eventlog - ok
16:43:19.0375 2788 [ 19A799805B24990867B00C120D300C3A ] EventSystem C:\WINDOWS\System32\es.dll
16:43:19.0484 2788 EventSystem - ok
16:43:19.0593 2788 [ C823DEBE2548656549F84A875D65237B ] Fallback C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys
16:43:19.0687 2788 Fallback - ok
16:43:19.0796 2788 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:43:19.0843 2788 Fastfat - ok
16:43:20.0000 2788 [ 1926899BF9FFE2602B63074971700412 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:43:20.0046 2788 FastUserSwitchingCompatibility - ok
16:43:20.0203 2788 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
16:43:20.0281 2788 Fax - ok
16:43:20.0312 2788 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
16:43:20.0328 2788 Fdc - ok
16:43:20.0390 2788 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:43:20.0406 2788 Fips - ok
16:43:20.0468 2788 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:43:20.0484 2788 Flpydisk - ok
16:43:20.0578 2788 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
16:43:20.0734 2788 FltMgr - ok
16:43:20.0875 2788 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:43:20.0921 2788 FontCache3.0.0.0 - ok
16:43:21.0000 2788 [ 6483414841D4CAB6C3B4DB2AC6EDD70B ] Fsks C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys
16:43:21.0046 2788 Fsks - ok
16:43:21.0078 2788 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:43:21.0093 2788 Fs_Rec - ok
16:43:21.0187 2788 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:43:21.0250 2788 Ftdisk - ok
16:43:21.0312 2788 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:43:21.0359 2788 Gpc - ok
16:43:21.0531 2788 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:43:21.0578 2788 gupdate - ok
16:43:21.0718 2788 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:43:21.0734 2788 helpsvc - ok
16:43:21.0812 2788 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
16:43:21.0828 2788 HidServ - ok
16:43:21.0890 2788 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:43:21.0906 2788 HidUsb - ok
16:43:21.0968 2788 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:43:22.0046 2788 hkmsvc - ok
16:43:22.0093 2788 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\System32\DRIVERS\hpn.sys
16:43:22.0125 2788 hpn - ok
16:43:22.0203 2788 [ B077B7F8E79779EA967E84A4FC040227 ] hpt3xx C:\WINDOWS\System32\DRIVERS\hpt3xx.sys
16:43:22.0281 2788 hpt3xx - ok
16:43:22.0390 2788 [ 95B894B508DB03507B61FE213EF6FE19 ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
16:43:22.0484 2788 HSFHWBS2 - ok
16:43:22.0812 2788 [ F66402179CA2B2AE68493103DB5FA48C ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
16:43:23.0921 2788 HSF_DP - ok
16:43:24.0140 2788 [ 74E379857D4C0DFB56DE2D19B8F4C434 ] hsf_msft C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
16:43:24.0359 2788 hsf_msft - ok
16:43:24.0500 2788 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:43:24.0578 2788 HTTP - ok
16:43:24.0640 2788 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:43:24.0671 2788 HTTPFilter - ok
16:43:24.0703 2788 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
16:43:24.0718 2788 i2omgmt - ok
16:43:24.0781 2788 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\System32\DRIVERS\i2omp.sys
16:43:24.0796 2788 i2omp - ok
16:43:24.0843 2788 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:43:24.0875 2788 i8042prt - ok
16:43:25.0312 2788 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:43:25.0562 2788 idsvc - ok
16:43:25.0640 2788 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\drivers\Imapi.sys
16:43:25.0671 2788 Imapi - ok
16:43:25.0796 2788 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\System32\imapi.exe
16:43:25.0843 2788 ImapiService - ok
16:43:25.0921 2788 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\System32\DRIVERS\ini910u.sys
16:43:25.0937 2788 ini910u - ok
16:43:25.0984 2788 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\System32\DRIVERS\intelide.sys
16:43:26.0015 2788 IntelIde - ok
16:43:26.0078 2788 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:43:26.0125 2788 intelppm - ok
16:43:26.0203 2788 [ B28EBE493AC60306E6C39DB37D1EE91A ] iomdisk C:\WINDOWS\system32\DRIVERS\iomdisk.sys
16:43:26.0390 2788 iomdisk - ok
16:43:26.0484 2788 [ 896EFAA6FFAA0F9CAA655757A3BE3C40 ] Iomega App Services C:\PROGRA~1\Iomega\System32\AppServices.exe
16:43:26.0515 2788 Iomega App Services - ok
16:43:26.0593 2788 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
16:43:26.0625 2788 ip6fw - ok
16:43:26.0687 2788 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:43:26.0703 2788 IpFilterDriver - ok
16:43:26.0765 2788 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:43:26.0765 2788 IpInIp - ok
16:43:26.0843 2788 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:43:26.0906 2788 IpNat - ok
16:43:26.0968 2788 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:43:27.0000 2788 IPSec - ok
16:43:27.0062 2788 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:43:27.0093 2788 IRENUM - ok
16:43:27.0140 2788 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:43:27.0218 2788 isapnp - ok
16:43:27.0421 2788 [ 890369AED0DDE1A98F09F7DC239CA2BD ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
16:43:27.0484 2788 JavaQuickStarterService - ok
16:43:27.0687 2788 [ 9C5E3FDBFCC30CF71A49CA178B9AD442 ] K56 C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys
16:43:27.0796 2788 K56 - ok
16:43:27.0875 2788 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:43:27.0968 2788 Kbdclass - ok
16:43:28.0015 2788 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:43:28.0046 2788 kbdhid - ok
16:43:28.0140 2788 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:43:28.0203 2788 kmixer - ok
16:43:28.0296 2788 [ 1705745D900DABF2D89F90EBADDC7517 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:43:28.0359 2788 KSecDD - ok
16:43:28.0421 2788 [ F385F4B02C535BFFE1D70CAB80838123 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
16:43:28.0468 2788 lanmanserver - ok
16:43:28.0562 2788 [ 1B67B632786FEF1C1BBAEF46C2F3F2E6 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:43:28.0609 2788 lanmanworkstation - ok
16:43:29.0125 2788 [ D527F9785ED538FF1F94B4E0FAC7F12A ] Lavasoft Ad-Aware Service C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
16:43:29.0500 2788 Lavasoft Ad-Aware Service - ok
16:43:29.0609 2788 [ B7C19EC8B0DD7EFA58AD41FFEB8B8CDA ] Lbd C:\WINDOWS\system32\DRIVERS\Lbd.sys
16:43:29.0703 2788 Lbd - ok
16:43:29.0734 2788 lbrtfdc - ok
16:43:29.0953 2788 [ 06DC2FDC6282F0D68910417B1150C848 ] LinksysUpdater C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
16:43:30.0031 2788 LinksysUpdater - ok
16:43:30.0109 2788 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:43:30.0171 2788 LmHosts - ok
16:43:30.0250 2788 [ 32933B07FC16D9F778BEE12545FA1B1A ] LPDSVC C:\WINDOWS\System32\tcpsvcs.exe
16:43:30.0265 2788 LPDSVC - ok
16:43:30.0515 2788 [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
16:43:30.0640 2788 McciCMService - ok
16:43:30.0671 2788 [ A1E9D936EAC07EE9386E87BAC1377FAD ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
16:43:30.0687 2788 mdmxsdk - ok
16:43:30.0781 2788 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:43:30.0828 2788 Messenger - ok
16:43:30.0890 2788 [ E97E3FE03B6F271336CB2FBB24734989 ] mmc_2K C:\WINDOWS\system32\drivers\mmc_2K.sys
16:43:30.0921 2788 mmc_2K - ok
16:43:31.0015 2788 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:43:31.0031 2788 mnmdd - ok
16:43:31.0109 2788 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
16:43:31.0125 2788 mnmsrvc - ok
16:43:31.0203 2788 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:43:31.0218 2788 Modem - ok
16:43:31.0296 2788 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
16:43:31.0312 2788 MODEMCSA - ok
16:43:31.0359 2788 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:43:31.0359 2788 Mouclass - ok
16:43:31.0421 2788 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:43:31.0437 2788 mouhid - ok
16:43:31.0515 2788 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:43:31.0531 2788 MountMgr - ok
16:43:31.0671 2788 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:43:31.0718 2788 MozillaMaintenance - ok
16:43:31.0781 2788 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\System32\DRIVERS\mraid35x.sys
16:43:31.0812 2788 mraid35x - ok
16:43:31.0984 2788 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:43:32.0046 2788 MRxDAV - ok
16:43:32.0234 2788 [ 68755F0FF16070178B54674FE5B847B0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:43:32.0406 2788 MRxSmb - ok
16:43:32.0468 2788 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
16:43:32.0500 2788 MSDTC - ok
16:43:32.0531 2788 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:43:32.0578 2788 Msfs - ok
16:43:32.0593 2788 MSIServer - ok
16:43:32.0640 2788 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:43:32.0640 2788 MSKSSRV - ok
16:43:32.0703 2788 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:43:32.0703 2788 MSPCLOCK - ok
16:43:32.0734 2788 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:43:32.0750 2788 MSPQM - ok
16:43:32.0781 2788 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:43:32.0796 2788 mssmbios - ok
16:43:32.0843 2788 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:43:32.0890 2788 Mup - ok
16:43:33.0078 2788 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
16:43:33.0265 2788 napagent - ok
16:43:33.0390 2788 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:43:33.0468 2788 NDIS - ok
16:43:33.0515 2788 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:43:33.0546 2788 NdisTapi - ok
16:43:33.0609 2788 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:43:33.0625 2788 Ndisuio - ok
16:43:33.0671 2788 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:43:33.0718 2788 NdisWan - ok
16:43:33.0765 2788 [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:43:33.0781 2788 NDProxy - ok
16:43:33.0812 2788 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:43:33.0859 2788 NetBIOS - ok
16:43:33.0984 2788 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:43:34.0093 2788 NetBT - ok
16:43:34.0218 2788 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
16:43:34.0312 2788 NetDDE - ok
16:43:34.0359 2788 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:43:34.0375 2788 NetDDEdsdm - ok
16:43:34.0468 2788 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\System32\lsass.exe
16:43:34.0484 2788 Netlogon - ok
16:43:34.0656 2788 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
16:43:34.0734 2788 Netman - ok
16:43:34.0859 2788 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:43:34.0890 2788 NetTcpPortSharing - ok
16:43:35.0093 2788 [ B4138E99236F0F57D4CF49BAE98A0746 ] Nla C:\WINDOWS\System32\mswsock.dll
16:43:35.0203 2788 Nla - ok
16:43:35.0343 2788 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:43:35.0359 2788 Npfs - ok
16:43:35.0640 2788 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:43:35.0859 2788 Ntfs - ok
16:43:35.0890 2788 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
16:43:35.0890 2788 NtLmSsp - ok
16:43:36.0093 2788 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:43:36.0375 2788 NtmsSvc - ok
16:43:36.0406 2788 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
16:43:36.0421 2788 Null - ok
16:43:36.0953 2788 [ 71DBDC08DF86B80511E72953FA1AD6B0 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:43:37.0546 2788 nv - ok
16:43:37.0656 2788 [ 5ED834603C36414B579979B3A9C90F54 ] NVSvc C:\WINDOWS\System32\nvsvc32.exe
16:43:37.0687 2788 NVSvc - ok
16:43:37.0750 2788 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:43:37.0750 2788 NwlnkFlt - ok
16:43:37.0812 2788 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:43:37.0828 2788 NwlnkFwd - ok
16:43:37.0968 2788 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:43:38.0031 2788 ose - ok
16:43:38.0156 2788 [ C90018BAFDC7098619A4A95B046B30F3 ] P3 C:\WINDOWS\system32\DRIVERS\p3.sys
16:43:38.0171 2788 P3 - ok
16:43:38.0250 2788 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
16:43:38.0359 2788 Parport - ok
16:43:38.0421 2788 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:43:38.0437 2788 PartMgr - ok
16:43:38.0515 2788 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:43:38.0531 2788 ParVdm - ok
16:43:38.0625 2788 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:43:38.0656 2788 PCI - ok
16:43:38.0671 2788 PCIDump - ok
16:43:38.0750 2788 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
16:43:38.0750 2788 PCIIde - ok
16:43:38.0875 2788 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
16:43:38.0984 2788 Pcmcia - ok
16:43:39.0171 2788 [ 2D5C059C1A12BABF336F319F45C161D3 ] PCTCore C:\WINDOWS\system32\drivers\PCTCore.sys
16:43:39.0343 2788 PCTCore - ok
16:43:39.0609 2788 [ F820B4C61D1E591325B679D479D4EEA4 ] pctDS C:\WINDOWS\system32\drivers\pctDS.sys
16:43:39.0750 2788 pctDS - ok
16:43:40.0015 2788 [ ACC8C15F3D59F17C5D903FF1DE3B43D3 ] pctEFA C:\WINDOWS\system32\drivers\pctEFA.sys
16:43:40.0328 2788 pctEFA - ok
16:43:40.0515 2788 [ 83DDD552F7F1043F764E8CC88FF41232 ] PCTSD C:\WINDOWS\system32\Drivers\PCTSD.sys
16:43:40.0609 2788 PCTSD - ok
16:43:40.0640 2788 PDCOMP - ok
16:43:40.0656 2788 PDFRAME - ok
16:43:40.0671 2788 PDRELI - ok
16:43:40.0703 2788 PDRFRAME - ok
16:43:40.0781 2788 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\System32\DRIVERS\perc2.sys
16:43:40.0796 2788 perc2 - ok
16:43:40.0890 2788 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\System32\DRIVERS\perc2hib.sys
16:43:40.0906 2788 perc2hib - ok
16:43:41.0015 2788 [ 0E776ED5F7CC9F94299E70461B7B8185 ] PlugPlay C:\WINDOWS\system32\services.exe
16:43:41.0031 2788 PlugPlay - ok
16:43:41.0078 2788 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
16:43:41.0078 2788 PolicyAgent - ok
16:43:41.0171 2788 [ C740D0CB238670629AF1B740414A8F3C ] ppa3 C:\WINDOWS\system32\DRIVERS\ppa3.sys
16:43:41.0203 2788 ppa3 - ok
16:43:41.0250 2788 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:43:41.0265 2788 PptpMiniport - ok
16:43:41.0312 2788 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
16:43:41.0359 2788 Processor - ok
16:43:41.0390 2788 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:43:41.0406 2788 ProtectedStorage - ok
16:43:41.0453 2788 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:43:41.0484 2788 PSched - ok
16:43:41.0531 2788 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:43:41.0578 2788 Ptilink - ok
16:43:41.0671 2788 [ 070EDDD0E4A5BE55DD590D8B30DBFF22 ] pwd_2k C:\WINDOWS\system32\drivers\pwd_2k.sys
16:43:41.0687 2788 pwd_2k - ok
16:43:41.0718 2788 PxHelp20 - ok
16:43:41.0812 2788 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\System32\DRIVERS\ql1080.sys
16:43:41.0937 2788 ql1080 - ok
16:43:42.0031 2788 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
16:43:42.0093 2788 Ql10wnt - ok
16:43:42.0203 2788 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\System32\DRIVERS\ql12160.sys
16:43:42.0234 2788 ql12160 - ok
16:43:42.0296 2788 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\System32\DRIVERS\ql1240.sys
16:43:42.0312 2788 ql1240 - ok
16:43:42.0375 2788 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\System32\DRIVERS\ql1280.sys
16:43:42.0437 2788 ql1280 - ok
16:43:42.0531 2788 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:43:42.0531 2788 RasAcd - ok
16:43:42.0640 2788 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:43:42.0734 2788 RasAuto - ok
16:43:42.0796 2788 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:43:42.0812 2788 Rasl2tp - ok
16:43:42.0968 2788 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:43:43.0046 2788 RasMan - ok
16:43:43.0109 2788 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:43:43.0125 2788 RasPppoe - ok
16:43:43.0171 2788 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:43:43.0187 2788 Raspti - ok
16:43:43.0312 2788 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:43:43.0375 2788 Rdbss - ok
16:43:43.0437 2788 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:43:43.0437 2788 RDPCDD - ok
16:43:43.0562 2788 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:43:43.0656 2788 rdpdr - ok
16:43:43.0765 2788 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:43:43.0921 2788 RDPWD - ok
16:43:44.0000 2788 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:43:44.0046 2788 RDSessMgr - ok
16:43:44.0109 2788 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:43:44.0125 2788 redbook - ok
16:43:44.0203 2788 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:43:44.0265 2788 RemoteAccess - ok
16:43:44.0312 2788 [ BB7549BD94D1AAC3599C7606C50C48A0 ] Rksample C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys
16:43:44.0359 2788 Rksample - ok
16:43:44.0437 2788 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
16:43:44.0484 2788 ROOTMODEM - ok
16:43:44.0562 2788 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
16:43:44.0593 2788 RpcLocator - ok
16:43:44.0765 2788 [ 2589FE6015A316C0F5D5112B4DA7B509 ] RpcSs C:\WINDOWS\system32\rpcss.dll
16:43:44.0781 2788 RpcSs - ok
16:43:44.0906 2788 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
16:43:44.0953 2788 RSVP - ok
16:43:45.0015 2788 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
16:43:45.0015 2788 SamSs - ok
16:43:45.0125 2788 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:43:45.0171 2788 SCardSvr - ok
16:43:45.0421 2788 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:43:45.0562 2788 Schedule - ok
16:43:45.0796 2788 [ CADC6D185D8560A1EC266B0A97C4F153 ] sdAuxService C:\Program Files\PC Tools Security\pctsAuxs.exe
16:43:45.0953 2788 sdAuxService - ok
16:43:46.0421 2788 [ 1B556AB08795428E2F3DAFCFCB54C782 ] sdCoreService C:\Program Files\PC Tools Security\pctsSvc.exe
16:43:46.0968 2788 sdCoreService - ok
16:43:47.0078 2788 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:43:47.0109 2788 Secdrv - ok
16:43:47.0203 2788 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
16:43:47.0218 2788 seclogon - ok
16:43:47.0312 2788 [ E5B56569A9F79B70314FEDE6C953641E ] seehcri C:\WINDOWS\system32\DRIVERS\seehcri.sys
16:43:47.0328 2788 seehcri - ok
16:43:47.0437 2788 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
16:43:47.0468 2788 SENS - ok
16:43:47.0578 2788 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
16:43:47.0578 2788 serenum - ok
16:43:47.0640 2788 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
16:43:47.0671 2788 Serial - ok
16:43:47.0718 2788 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:43:47.0750 2788 Sfloppy - ok
16:43:48.0031 2788 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
16:43:48.0156 2788 SharedAccess - ok
16:43:48.0265 2788 [ 1926899BF9FFE2602B63074971700412 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:43:48.0281 2788 ShellHWDetection - ok
16:43:48.0296 2788 Simbad - ok
16:43:48.0390 2788 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\System32\DRIVERS\sisagp.sys
16:43:48.0406 2788 sisagp - ok
16:43:48.0609 2788 [ 12D9287937366BF1C9AD7007B5407DEB ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
16:43:48.0812 2788 smwdm - ok
16:43:48.0890 2788 [ 60C377BE6B3CC83F6A8584934B181D2E ] SNMP C:\WINDOWS\System32\snmp.exe
16:43:48.0906 2788 SNMP - ok
16:43:48.0937 2788 [ 80A050795A107A76C2B1CD4CFBE010E6 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
16:43:48.0953 2788 SNMPTRAP - ok
16:43:49.0015 2788 [ D9E8E0CE154A2F6430D9EFABDF730867 ] SoftFax C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys
16:43:49.0078 2788 SoftFax - ok
16:43:49.0125 2788 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\System32\DRIVERS\sparrow.sys
16:43:49.0140 2788 Sparrow - ok
16:43:49.0203 2788 [ 6C843C43FD7F0B42CFE477CE88D0F9B3 ] SpeakerPhone C:\WINDOWS\system32\DRIVERS\HSF_SPKP.sys
16:43:49.0218 2788 SpeakerPhone - ok
16:43:49.0296 2788 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:43:49.0296 2788 splitter - ok
16:43:49.0390 2788 [ D8E14A61ACC1D4A6CD0D38AEBAC7FA3B ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:43:49.0421 2788 Spooler - ok
16:43:49.0531 2788 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:43:49.0593 2788 sr - ok
16:43:49.0750 2788 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\System32\srsvc.dll
16:43:49.0812 2788 srservice - ok
16:43:49.0937 2788 [ 5252605079810904E31C332E241CD59B ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:43:50.0062 2788 Srv - ok
16:43:50.0125 2788 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:43:50.0187 2788 SSDPSRV - ok
16:43:50.0468 2788 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:43:50.0671 2788 stisvc - ok
16:43:50.0750 2788 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:43:50.0828 2788 swenum - ok
16:43:50.0921 2788 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:43:50.0953 2788 swmidi - ok
16:43:50.0968 2788 SwPrv - ok
16:43:51.0015 2788 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\System32\DRIVERS\symc810.sys
16:43:51.0031 2788 symc810 - ok
16:43:51.0093 2788 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\System32\DRIVERS\symc8xx.sys
16:43:51.0125 2788 symc8xx - ok
16:43:51.0187 2788 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\System32\DRIVERS\sym_hi.sys
16:43:51.0203 2788 sym_hi - ok
16:43:51.0265 2788 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\System32\DRIVERS\sym_u3.sys
16:43:51.0281 2788 sym_u3 - ok
16:43:51.0328 2788 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:43:51.0359 2788 sysaudio - ok
16:43:51.0468 2788 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:43:51.0531 2788 SysmonLog - ok
16:43:51.0671 2788 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:43:51.0796 2788 TapiSrv - ok
16:43:51.0984 2788 [ 93EA8D04EC73A85DB02EB8805988F733 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:43:52.0125 2788 Tcpip - ok
16:43:52.0171 2788 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:43:52.0218 2788 TDPIPE - ok
16:43:52.0265 2788 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:43:52.0296 2788 TDTCP - ok
16:43:52.0343 2788 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:43:52.0359 2788 TermDD - ok
16:43:52.0531 2788 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
16:43:52.0671 2788 TermService - ok
16:43:52.0750 2788 [ 1926899BF9FFE2602B63074971700412 ] Themes C:\WINDOWS\System32\shsvcs.dll
16:43:52.0750 2788 Themes - ok
16:43:52.0875 2788 [ 8021A499DB46B2961C285168671CB9AF ] Tones C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys
16:43:52.0890 2788 Tones - ok
16:43:53.0031 2788 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\System32\DRIVERS\toside.sys
16:43:53.0046 2788 TosIde - ok
16:43:53.0062 2788 TPkd - ok
16:43:53.0187 2788 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:43:53.0234 2788 TrkWks - ok
16:43:53.0343 2788 [ 27E66E79FD742C107FDB23280E17D869 ] UdfReadr_xp C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
16:43:53.0437 2788 UdfReadr_xp - ok
16:43:53.0515 2788 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:43:53.0625 2788 Udfs - ok
16:43:53.0671 2788 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\System32\DRIVERS\ultra.sys
16:43:53.0687 2788 ultra - ok
16:43:53.0796 2788 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\System32\wdfmgr.exe
16:43:53.0843 2788 UMWdf - ok
16:43:54.0000 2788 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:43:54.0218 2788 Update - ok
16:43:54.0343 2788 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
16:43:54.0546 2788 upnphost - ok
16:43:54.0609 2788 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
16:43:54.0625 2788 UPS - ok
16:43:54.0718 2788 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:43:54.0734 2788 usbccgp - ok
16:43:54.0796 2788 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:43:54.0828 2788 usbehci - ok
16:43:54.0859 2788 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:43:54.0890 2788 usbhub - ok
16:43:54.0921 2788 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:43:54.0937 2788 usbprint - ok
16:43:55.0031 2788 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:43:55.0062 2788 usbscan - ok
16:43:55.0125 2788 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:43:55.0140 2788 USBSTOR - ok
16:43:55.0187 2788 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:43:55.0187 2788 usbuhci - ok
16:43:55.0375 2788 [ 269C0ADE94B90029B12497747BE408CB ] V124 C:\WINDOWS\system32\DRIVERS\HSF_V124.sys
16:43:55.0546 2788 V124 - ok
16:43:55.0609 2788 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:43:55.0625 2788 VgaSave - ok
16:43:55.0687 2788 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\System32\DRIVERS\viaagp.sys
16:43:55.0703 2788 viaagp - ok
16:43:55.0781 2788 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\System32\DRIVERS\viaide.sys
16:43:55.0781 2788 ViaIde - ok
16:43:55.0984 2788 [ 5F974FDE801C73952770736BECDE11E7 ] Viewpoint Manager Service C:\Program Files\Viewpoint\Common\ViewpointService.exe
16:43:56.0000 2788 Viewpoint Manager Service - ok
16:43:56.0109 2788 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:43:56.0140 2788 VolSnap - ok
16:43:56.0296 2788 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
16:43:56.0375 2788 VSS - ok
16:43:56.0953 2788 [ 8ED347BAD8D1FB7C40B593BFB01786D2 ] vToolbarUpdater11.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
16:43:57.0375 2788 vToolbarUpdater11.2.0 - ok
16:43:57.0546 2788 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\System32\w32time.dll
16:43:57.0625 2788 w32time - ok
16:43:57.0703 2788 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:43:57.0718 2788 Wanarp - ok
16:43:57.0750 2788 WDICA - ok
16:43:57.0812 2788 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:43:57.0843 2788 wdmaud - ok
16:43:57.0937 2788 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
16:43:57.0968 2788 WebClient - ok
16:43:58.0140 2788 [ FE71B3857BED54600E02288B212E7B7C ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
16:43:58.0296 2788 winachsf - ok
16:43:58.0406 2788 [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend C:\Program Files\Windows Defender\MsMpEng.exe
16:43:58.0421 2788 WinDefend - ok
16:43:58.0578 2788 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:43:58.0656 2788 winmgmt - ok
16:43:58.0750 2788 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\System32\mspmsnsv.dll
16:43:58.0796 2788 WmdmPmSN - ok
16:43:58.0921 2788 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
16:43:58.0968 2788 WmiApSrv - ok
16:43:59.0078 2788 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:43:59.0078 2788 WS2IFSL - ok
16:43:59.0156 2788 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
16:43:59.0203 2788 wscsvc - ok
16:43:59.0312 2788 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:43:59.0343 2788 WudfPf - ok
16:43:59.0421 2788 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:43:59.0453 2788 WudfRd - ok
16:43:59.0515 2788 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
16:43:59.0578 2788 WudfSvc - ok
16:43:59.0890 2788 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:44:00.0171 2788 WZCSVC - ok
16:44:00.0281 2788 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:44:00.0406 2788 xmlprov - ok
16:44:00.0421 2788 ================ Scan global ===============================
16:44:00.0593 2788 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
16:44:00.0875 2788 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
16:44:01.0125 2788 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
16:44:01.0203 2788 [ 0E776ED5F7CC9F94299E70461B7B8185 ] C:\WINDOWS\system32\services.exe
16:44:01.0203 2788 [Global] - ok
16:44:01.0203 2788 ================ Scan MBR ==================================
16:44:01.0265 2788 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
16:44:01.0281 2788 Suspicious mbr (Forged): \Device\Harddisk0\DR0
16:44:01.0296 2788 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
16:44:01.0296 2788 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
16:44:01.0312 2788 ================ Scan VBR ==================================
16:44:01.0328 2788 [ BC04B0CBD4C3DDD381DEE9E26EF67683 ] \Device\Harddisk0\DR0\Partition1
16:44:01.0437 2788 \Device\Harddisk0\DR0\Partition1 - ok
16:44:01.0437 2788 ============================================================
16:44:01.0437 2788 Scan finished
16:44:01.0437 2788 ============================================================
16:44:01.0484 2572 Detected object count: 1
16:44:01.0484 2572 Actual detected object count: 1
16:44:15.0625 2572 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - skipped by user
16:44:15.0625 2572 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Skip
16:44:18.0109 1912 Deinitialize success
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 96,465 posts.
 
Join Date: Aug 2003
22-Sep-2012, 05:16 PM #6
Run TDSSKiller again and this time allow it to cure the infection it finds. Then post the new log please.
forummember's Avatar
forummember forummember is offline
Member with 17 posts.
THREAD STARTER
 
Join Date: Apr 2011
Experience: Computer Illiterate
22-Sep-2012, 05:40 PM #7
Here's the log. Thanks for all the help. We'll see how things go now.

17:35:14.0453 1560 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
17:35:14.0734 1560 ============================================================
17:35:14.0734 1560 Current date / time: 2012/09/22 17:35:14.0734
17:35:14.0734 1560 SystemInfo:
17:35:14.0734 1560
17:35:14.0734 1560 OS Version: 5.1.2600 ServicePack: 3.0
17:35:14.0734 1560 Product type: Workstation
17:35:15.0000 1560 ComputerName: HOME
17:35:15.0000 1560 UserName: UserA
17:35:15.0000 1560 Windows directory: C:\WINDOWS
17:35:15.0000 1560 System windows directory: C:\WINDOWS
17:35:15.0000 1560 Processor architecture: Intel x86
17:35:15.0000 1560 Number of processors: 1
17:35:15.0000 1560 Page size: 0x1000
17:35:15.0000 1560 Boot type: Normal boot
17:35:15.0000 1560 ============================================================
17:35:17.0375 1560 BG loaded
17:35:18.0484 1560 Drive \Device\Harddisk0\DR0 - Size: 0x4A94F0000 (18.65 Gb), SectorSize: 0x200, Cylinders: 0x982, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:35:18.0484 1560 ============================================================
17:35:18.0484 1560 \Device\Harddisk0\DR0:
17:35:18.0484 1560 MBR partitions:
17:35:18.0484 1560 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x2536D3D
17:35:18.0484 1560 ============================================================
17:35:18.0531 1560 C: <-> \Device\Harddisk0\DR0\Partition1
17:35:18.0531 1560 ============================================================
17:35:18.0531 1560 Initialize success
17:35:18.0531 1560 ============================================================
17:35:21.0578 0400 ============================================================
17:35:21.0578 0400 Scan started
17:35:21.0578 0400 Mode: Manual;
17:35:21.0578 0400 ============================================================
17:35:23.0718 0400 ================ Scan system memory ========================
17:35:25.0921 0400 System memory - ok
17:35:25.0921 0400 ================ Scan services =============================
17:35:26.0812 0400 [ B021D0AE4605CE5DF67F06E741278CDF ] a016bus C:\WINDOWS\system32\DRIVERS\a016bus.sys
17:35:26.0812 0400 a016bus - ok
17:35:26.0937 0400 [ 5B6BC2DE851012906D4AAE84C802E3F2 ] a016mdfl C:\WINDOWS\system32\DRIVERS\a016mdfl.sys
17:35:26.0937 0400 a016mdfl - ok
17:35:27.0062 0400 [ C80CFFB5819CCFC97F2B09E2259DFDE6 ] a016mdm C:\WINDOWS\system32\DRIVERS\a016mdm.sys
17:35:27.0078 0400 a016mdm - ok
17:35:27.0203 0400 [ 415243177FF67D3CFBA44D931B809BF3 ] a016mgmt C:\WINDOWS\system32\DRIVERS\a016mgmt.sys
17:35:27.0218 0400 a016mgmt - ok
17:35:27.0312 0400 [ 3A853F9B8B69541CDE714A83A0A6434E ] a016obex C:\WINDOWS\system32\DRIVERS\a016obex.sys
17:35:27.0312 0400 a016obex - ok
17:35:27.0328 0400 Abiosdsk - ok
17:35:27.0546 0400 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
17:35:27.0562 0400 abp480n5 - ok
17:35:27.0703 0400 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:35:27.0718 0400 ACPI - ok
17:35:27.0781 0400 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:35:27.0796 0400 ACPIEC - ok
17:35:28.0015 0400 [ 0D4C486A24A711A45FD83ACDF4D18506 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:35:28.0062 0400 AdobeFlashPlayerUpdateSvc - ok
17:35:28.0203 0400 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\System32\DRIVERS\adpu160m.sys
17:35:28.0203 0400 adpu160m - ok
17:35:28.0265 0400 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
17:35:28.0265 0400 aeaudio - ok
17:35:28.0468 0400 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:35:28.0500 0400 aec - ok
17:35:28.0625 0400 [ 322D0E36693D6E24A2398BEE62A268CD ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:35:28.0640 0400 AFD - ok
17:35:28.0671 0400 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
17:35:28.0671 0400 agp440 - ok
17:35:28.0734 0400 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
17:35:28.0734 0400 agpCPQ - ok
17:35:28.0796 0400 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\System32\DRIVERS\aha154x.sys
17:35:28.0796 0400 Aha154x - ok
17:35:28.0828 0400 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\System32\DRIVERS\aic78u2.sys
17:35:28.0937 0400 aic78u2 - ok
17:35:29.0000 0400 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\System32\DRIVERS\aic78xx.sys
17:35:29.0015 0400 aic78xx - ok
17:35:29.0046 0400 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:35:29.0062 0400 Alerter - ok
17:35:29.0093 0400 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
17:35:29.0109 0400 ALG - ok
17:35:29.0140 0400 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\System32\DRIVERS\aliide.sys
17:35:29.0140 0400 AliIde - ok
17:35:29.0218 0400 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\System32\DRIVERS\alim1541.sys
17:35:29.0218 0400 alim1541 - ok
17:35:29.0312 0400 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\System32\DRIVERS\amdagp.sys
17:35:29.0328 0400 amdagp - ok
17:35:29.0500 0400 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\System32\DRIVERS\amsint.sys
17:35:29.0531 0400 amsint - ok
17:35:29.0546 0400 AppMgmt - ok
17:35:29.0671 0400 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\System32\DRIVERS\asc.sys
17:35:29.0671 0400 asc - ok
17:35:29.0734 0400 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\System32\DRIVERS\asc3350p.sys
17:35:29.0750 0400 asc3350p - ok
17:35:29.0812 0400 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\System32\DRIVERS\asc3550.sys
17:35:29.0812 0400 asc3550 - ok
17:35:30.0203 0400 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:35:30.0203 0400 aspnet_state - ok
17:35:30.0312 0400 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:35:30.0312 0400 AsyncMac - ok
17:35:30.0531 0400 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:35:30.0562 0400 atapi - ok
17:35:30.0578 0400 Atdisk - ok
17:35:30.0656 0400 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:35:30.0656 0400 Atmarpc - ok
17:35:30.0734 0400 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:35:30.0750 0400 AudioSrv - ok
17:35:30.0812 0400 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:35:30.0812 0400 audstub - ok
17:35:31.0218 0400 [ D45B7995761253A92AB071D576114F28 ] AVG Security Toolbar Service C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
17:35:31.0234 0400 AVG Security Toolbar Service - ok
17:35:35.0312 0400 [ 7A0F6A3E0E41425B9BA54616B482668A ] AVGIDSAgent C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
17:35:35.0468 0400 AVGIDSAgent - ok
17:35:35.0796 0400 [ 2D18221AAB3DB2D408D6C55C0F23090A ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
17:35:35.0796 0400 AVGIDSDriver - ok
17:35:35.0875 0400 [ 1AF676DB3F3D4CC709CFAB2571CF5FC3 ] AVGIDSEH C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
17:35:35.0921 0400 AVGIDSEH - ok
17:35:35.0968 0400 [ 4C51E233C87F9EC7598551DE554BC99D ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
17:35:35.0984 0400 AVGIDSFilter - ok
17:35:36.0046 0400 [ C3FC426E54F55C1CC3219E415B88E10C ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
17:35:36.0078 0400 AVGIDSShim - ok
17:35:36.0328 0400 [ 4E796D3D2C3182B13B3E3B5A2AD4EF0A ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
17:35:36.0328 0400 Avgldx86 - ok
17:35:36.0375 0400 [ 5639DE66B37D02BD22DF4CF3155FBA60 ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
17:35:36.0375 0400 Avgmfx86 - ok
17:35:36.0484 0400 [ D1BAF652EDA0AE70896276A1FB32C2D4 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
17:35:36.0484 0400 Avgrkx86 - ok
17:35:36.0609 0400 [ AAF0EBCAD95F2164CFFB544E00392498 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
17:35:36.0640 0400 Avgtdix - ok
17:35:36.0906 0400 [ FC2BC51120A945F7C70376495E4E7737 ] avgwd C:\Program Files\AVG\AVG10\avgwdsvc.exe
17:35:36.0937 0400 avgwd - ok
17:35:37.0015 0400 [ 1B9C81AB9A456EABD9F8335F04B5F495 ] basic2 C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys
17:35:37.0015 0400 basic2 - ok
17:35:37.0109 0400 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:35:37.0125 0400 Beep - ok
17:35:37.0453 0400 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
17:35:37.0468 0400 BITS - ok
17:35:37.0656 0400 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
17:35:37.0687 0400 Browser - ok
17:35:38.0031 0400 [ E895280B396456393540C90EFAE0BDE4 ] Browser Defender Update Service C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
17:35:38.0046 0400 Browser Defender Update Service - ok
17:35:38.0125 0400 [ 73458867C8963C76260C18D7BDB15625 ] bvrp_pci C:\WINDOWS\system32\drivers\bvrp_pci.sys
17:35:38.0125 0400 bvrp_pci - ok
17:35:38.0187 0400 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
17:35:38.0187 0400 cbidf - ok
17:35:38.0218 0400 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:35:38.0218 0400 cbidf2k - ok
17:35:38.0406 0400 [ A9ACC4B9730B6D5B0BB2BFFDC53F0812 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe
17:35:38.0406 0400 CCALib8 - ok
17:35:38.0484 0400 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
17:35:38.0484 0400 cd20xrnt - ok
17:35:38.0562 0400 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:35:38.0562 0400 Cdaudio - ok
17:35:38.0625 0400 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:35:38.0640 0400 Cdfs - ok
17:35:38.0703 0400 [ BF79E659C506674C0497CC9C61F1A165 ] Cdr4_xp C:\WINDOWS\system32\drivers\Cdr4_xp.sys
17:35:38.0703 0400 Cdr4_xp - ok
17:35:38.0718 0400 [ 2C41CD49D82D5FD85C72D57B6CA25471 ] Cdralw2k C:\WINDOWS\system32\drivers\Cdralw2k.sys
17:35:38.0718 0400 Cdralw2k - ok
17:35:38.0765 0400 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:35:38.0781 0400 Cdrom - ok
17:35:38.0890 0400 [ 072070A498D5FAD70C3A99A5F0B1331B ] cdudf_xp C:\WINDOWS\system32\drivers\cdudf_xp.sys
17:35:38.0890 0400 cdudf_xp - ok
17:35:38.0906 0400 Changer - ok
17:35:39.0000 0400 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc C:\WINDOWS\system32\cisvc.exe
17:35:39.0062 0400 cisvc - ok
17:35:39.0125 0400 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:35:39.0140 0400 ClipSrv - ok
17:35:39.0234 0400 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:35:39.0250 0400 clr_optimization_v2.0.50727_32 - ok
17:35:39.0375 0400 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\System32\DRIVERS\cmdide.sys
17:35:39.0375 0400 CmdIde - ok
17:35:39.0390 0400 COMSysApp - ok
17:35:39.0546 0400 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\System32\DRIVERS\cpqarray.sys
17:35:39.0546 0400 Cpqarray - ok
17:35:39.0640 0400 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:35:39.0656 0400 CryptSvc - ok
17:35:39.0734 0400 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
17:35:39.0734 0400 dac2w2k - ok
17:35:39.0765 0400 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\System32\DRIVERS\dac960nt.sys
17:35:39.0765 0400 dac960nt - ok
17:35:40.0000 0400 [ 2589FE6015A316C0F5D5112B4DA7B509 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:35:40.0015 0400 DcomLaunch - ok
17:35:40.0156 0400 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:35:40.0156 0400 Dhcp - ok
17:35:40.0218 0400 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:35:40.0218 0400 Disk - ok
17:35:40.0234 0400 [ 51EF6CA3D57055FED6AB99021D562443 ] DM9102 C:\WINDOWS\system32\DRIVERS\DM9PCI5.SYS
17:35:40.0250 0400 DM9102 - ok
17:35:40.0265 0400 dmadmin - ok
17:35:40.0421 0400 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:35:40.0437 0400 dmboot - ok
17:35:40.0546 0400 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:35:40.0546 0400 dmio - ok
17:35:40.0609 0400 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:35:40.0609 0400 dmload - ok
17:35:40.0671 0400 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:35:40.0687 0400 dmserver - ok
17:35:40.0750 0400 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:35:40.0765 0400 DMusic - ok
17:35:40.0796 0400 [ 474B4DC3983173E4B4C9740B0DAC98A6 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:35:40.0812 0400 Dnscache - ok
17:35:40.0937 0400 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:35:40.0937 0400 Dot3svc - ok
17:35:41.0046 0400 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\System32\DRIVERS\dpti2o.sys
17:35:41.0093 0400 dpti2o - ok
17:35:41.0140 0400 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:35:41.0156 0400 drmkaud - ok
17:35:41.0250 0400 [ A3997BAAB606CAA92F27E07BC4F070F0 ] dvd_2K C:\WINDOWS\system32\drivers\dvd_2K.sys
17:35:41.0250 0400 dvd_2K - ok
17:35:41.0328 0400 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:35:41.0343 0400 EapHost - ok
17:35:41.0359 0400 EL90XBC - ok
17:35:41.0437 0400 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:35:41.0437 0400 ERSvc - ok
17:35:41.0546 0400 [ 0E776ED5F7CC9F94299E70461B7B8185 ] Eventlog C:\WINDOWS\system32\services.exe
17:35:41.0546 0400 Eventlog - ok
17:35:41.0687 0400 [ 19A799805B24990867B00C120D300C3A ] EventSystem C:\WINDOWS\System32\es.dll
17:35:41.0718 0400 EventSystem - ok
17:35:41.0828 0400 [ C823DEBE2548656549F84A875D65237B ] Fallback C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys
17:35:41.0843 0400 Fallback - ok
17:35:41.0968 0400 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:35:41.0968 0400 Fastfat - ok
17:35:42.0078 0400 [ 1926899BF9FFE2602B63074971700412 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:35:42.0140 0400 FastUserSwitchingCompatibility - ok
17:35:42.0437 0400 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
17:35:42.0515 0400 Fax - ok
17:35:42.0578 0400 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
17:35:42.0578 0400 Fdc - ok
17:35:42.0609 0400 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:35:42.0609 0400 Fips - ok
17:35:42.0687 0400 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:35:42.0703 0400 Flpydisk - ok
17:35:42.0828 0400 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:35:42.0843 0400 FltMgr - ok
17:35:43.0000 0400 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:35:43.0000 0400 FontCache3.0.0.0 - ok
17:35:43.0093 0400 [ 6483414841D4CAB6C3B4DB2AC6EDD70B ] Fsks C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys
17:35:43.0109 0400 Fsks - ok
17:35:43.0125 0400 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:35:43.0125 0400 Fs_Rec - ok
17:35:43.0250 0400 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:35:43.0250 0400 Ftdisk - ok
17:35:43.0343 0400 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:35:43.0343 0400 Gpc - ok
17:35:44.0250 0400 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
17:35:44.0250 0400 gupdate - ok
17:35:44.0390 0400 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:35:44.0390 0400 helpsvc - ok
17:35:44.0453 0400 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
17:35:44.0453 0400 HidServ - ok
17:35:50.0500 0400 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:35:50.0578 0400 HidUsb - ok
17:35:50.0890 0400 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:35:50.0921 0400 hkmsvc - ok
17:35:51.0000 0400 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\System32\DRIVERS\hpn.sys
17:35:51.0062 0400 hpn - ok
17:35:51.0156 0400 [ B077B7F8E79779EA967E84A4FC040227 ] hpt3xx C:\WINDOWS\System32\DRIVERS\hpt3xx.sys
17:35:51.0171 0400 hpt3xx - ok
17:35:51.0328 0400 [ 95B894B508DB03507B61FE213EF6FE19 ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
17:35:51.0359 0400 HSFHWBS2 - ok
17:35:52.0078 0400 [ F66402179CA2B2AE68493103DB5FA48C ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
17:35:52.0187 0400 HSF_DP - ok
17:35:52.0843 0400 [ 74E379857D4C0DFB56DE2D19B8F4C434 ] hsf_msft C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
17:35:52.0859 0400 hsf_msft - ok
17:35:53.0000 0400 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:35:53.0031 0400 HTTP - ok
17:35:53.0093 0400 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:35:53.0109 0400 HTTPFilter - ok
17:35:53.0125 0400 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
17:35:53.0140 0400 i2omgmt - ok
17:35:53.0187 0400 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\System32\DRIVERS\i2omp.sys
17:35:53.0203 0400 i2omp - ok
17:35:53.0234 0400 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:35:53.0234 0400 i8042prt - ok
17:35:56.0921 0400 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:35:57.0046 0400 idsvc - ok
17:35:57.0218 0400 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\drivers\Imapi.sys
17:35:57.0390 0400 Imapi - ok
17:35:57.0703 0400 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\System32\imapi.exe
17:35:57.0734 0400 ImapiService - ok
17:35:57.0906 0400 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\System32\DRIVERS\ini910u.sys
17:35:57.0921 0400 ini910u - ok
17:35:58.0046 0400 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\System32\DRIVERS\intelide.sys
17:35:58.0062 0400 IntelIde - ok
17:35:58.0203 0400 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:35:58.0265 0400 intelppm - ok
17:35:58.0406 0400 [ B28EBE493AC60306E6C39DB37D1EE91A ] iomdisk C:\WINDOWS\system32\DRIVERS\iomdisk.sys
17:35:58.0578 0400 iomdisk - ok
17:35:58.0937 0400 [ 896EFAA6FFAA0F9CAA655757A3BE3C40 ] Iomega App Services C:\PROGRA~1\Iomega\System32\AppServices.exe
17:35:58.0937 0400 Iomega App Services - ok
17:35:59.0046 0400 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:35:59.0093 0400 ip6fw - ok
17:35:59.0359 0400 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:35:59.0375 0400 IpFilterDriver - ok
17:35:59.0578 0400 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:35:59.0593 0400 IpInIp - ok
17:36:01.0000 0400 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:36:01.0046 0400 IpNat - ok
17:36:01.0375 0400 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:36:01.0421 0400 IPSec - ok
17:36:01.0546 0400 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:36:01.0578 0400 IRENUM - ok
17:36:01.0671 0400 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:36:01.0750 0400 isapnp - ok
17:36:02.0468 0400 [ 890369AED0DDE1A98F09F7DC239CA2BD ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
17:36:02.0609 0400 JavaQuickStarterService - ok
17:36:03.0046 0400 [ 9C5E3FDBFCC30CF71A49CA178B9AD442 ] K56 C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys
17:36:03.0078 0400 K56 - ok
17:36:03.0218 0400 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:36:03.0218 0400 Kbdclass - ok
17:36:03.0281 0400 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:36:03.0328 0400 kbdhid - ok
17:36:03.0421 0400 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:36:03.0437 0400 kmixer - ok
17:36:03.0625 0400 [ 1705745D900DABF2D89F90EBADDC7517 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:36:03.0640 0400 KSecDD - ok
17:36:03.0734 0400 [ F385F4B02C535BFFE1D70CAB80838123 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:36:03.0750 0400 lanmanserver - ok
17:36:03.0875 0400 [ 1B67B632786FEF1C1BBAEF46C2F3F2E6 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:36:03.0890 0400 lanmanworkstation - ok
17:36:15.0734 0400 [ D527F9785ED538FF1F94B4E0FAC7F12A ] Lavasoft Ad-Aware Service C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
17:36:15.0750 0400 Lavasoft Ad-Aware Service - ok
17:36:16.0515 0400 [ B7C19EC8B0DD7EFA58AD41FFEB8B8CDA ] Lbd C:\WINDOWS\system32\DRIVERS\Lbd.sys
17:36:16.0515 0400 Lbd - ok
17:36:16.0625 0400 lbrtfdc - ok
17:36:16.0890 0400 [ 06DC2FDC6282F0D68910417B1150C848 ] LinksysUpdater C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
17:36:16.0906 0400 LinksysUpdater - ok
17:36:17.0375 0400 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:36:17.0375 0400 LmHosts - ok
17:36:17.0500 0400 [ 32933B07FC16D9F778BEE12545FA1B1A ] LPDSVC C:\WINDOWS\System32\tcpsvcs.exe
17:36:17.0562 0400 LPDSVC - ok
17:36:17.0953 0400 [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
17:36:18.0453 0400 McciCMService - ok
17:36:18.0531 0400 [ A1E9D936EAC07EE9386E87BAC1377FAD ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:36:18.0546 0400 mdmxsdk - ok
17:36:24.0734 0400 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:36:24.0984 0400 Messenger - ok
17:36:25.0046 0400 [ E97E3FE03B6F271336CB2FBB24734989 ] mmc_2K C:\WINDOWS\system32\drivers\mmc_2K.sys
17:36:25.0500 0400 mmc_2K - ok
17:36:25.0921 0400 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:36:26.0171 0400 mnmdd - ok
17:36:26.0562 0400 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
17:36:26.0640 0400 mnmsrvc - ok
17:36:26.0859 0400 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:36:27.0046 0400 Modem - ok
17:36:27.0156 0400 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
17:36:27.0312 0400 MODEMCSA - ok
17:36:27.0375 0400 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:36:27.0828 0400 Mouclass - ok
17:36:27.0953 0400 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:36:28.0296 0400 mouhid - ok
17:36:28.0609 0400 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:36:28.0734 0400 MountMgr - ok
17:36:28.0875 0400 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:36:29.0125 0400 MozillaMaintenance - ok
17:36:29.0234 0400 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\System32\DRIVERS\mraid35x.sys
17:36:29.0390 0400 mraid35x - ok
17:36:29.0718 0400 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:36:30.0125 0400 MRxDAV - ok
17:36:30.0515 0400 [ 68755F0FF16070178B54674FE5B847B0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:36:30.0984 0400 MRxSmb - ok
17:36:31.0156 0400 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
17:36:31.0312 0400 MSDTC - ok
17:36:31.0421 0400 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:36:31.0515 0400 Msfs - ok
17:36:31.0656 0400 MSIServer - ok
17:36:31.0734 0400 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:36:31.0828 0400 MSKSSRV - ok
17:36:32.0000 0400 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:36:32.0015 0400 MSPCLOCK - ok
17:36:32.0156 0400 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:36:32.0156 0400 MSPQM - ok
17:36:32.0281 0400 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:36:32.0281 0400 mssmbios - ok
17:36:32.0593 0400 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:36:32.0609 0400 Mup - ok
17:36:32.0906 0400 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
17:36:32.0953 0400 napagent - ok
17:36:33.0218 0400 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:36:33.0250 0400 NDIS - ok
17:36:33.0421 0400 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:36:33.0421 0400 NdisTapi - ok
17:36:33.0562 0400 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:36:33.0578 0400 Ndisuio - ok
17:36:33.0703 0400 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:36:33.0718 0400 NdisWan - ok
17:36:33.0875 0400 [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:36:33.0906 0400 NDProxy - ok
17:36:33.0968 0400 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:36:33.0968 0400 NetBIOS - ok
17:36:34.0140 0400 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:36:34.0171 0400 NetBT - ok
17:36:34.0328 0400 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
17:36:34.0359 0400 NetDDE - ok
17:36:34.0468 0400 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:36:34.0484 0400 NetDDEdsdm - ok
17:36:34.0703 0400 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\System32\lsass.exe
17:36:34.0703 0400 Netlogon - ok
17:36:35.0125 0400 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
17:36:35.0156 0400 Netman - ok
17:36:35.0406 0400 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:36:35.0406 0400 NetTcpPortSharing - ok
17:36:35.0812 0400 [ B4138E99236F0F57D4CF49BAE98A0746 ] Nla C:\WINDOWS\System32\mswsock.dll
17:36:35.0828 0400 Nla - ok
17:36:35.0968 0400 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:36:36.0000 0400 Npfs - ok
17:36:36.0593 0400 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:36:36.0687 0400 Ntfs - ok
17:36:36.0765 0400 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
17:36:36.0765 0400 NtLmSsp - ok
17:36:37.0812 0400 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:36:37.0812 0400 NtmsSvc - ok
17:36:38.0531 0400 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:36:38.0562 0400 Null - ok
17:36:40.0609 0400 [ 71DBDC08DF86B80511E72953FA1AD6B0 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:36:40.0687 0400 nv - ok
17:36:41.0093 0400 [ 5ED834603C36414B579979B3A9C90F54 ] NVSvc C:\WINDOWS\System32\nvsvc32.exe
17:36:41.0109 0400 NVSvc - ok
17:36:41.0515 0400 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:36:41.0531 0400 NwlnkFlt - ok
17:36:41.0765 0400 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:36:41.0765 0400 NwlnkFwd - ok
17:36:42.0859 0400 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:36:42.0859 0400 ose - ok
17:36:43.0093 0400 [ C90018BAFDC7098619A4A95B046B30F3 ] P3 C:\WINDOWS\system32\DRIVERS\p3.sys
17:36:43.0156 0400 P3 - ok
17:36:43.0359 0400 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
17:36:43.0375 0400 Parport - ok
17:36:43.0500 0400 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:36:43.0500 0400 PartMgr - ok
17:36:44.0531 0400 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:36:45.0515 0400 ParVdm - ok
17:36:46.0937 0400 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:36:46.0937 0400 PCI - ok
17:36:46.0953 0400 PCIDump - ok
17:36:48.0812 0400 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:36:49.0937 0400 PCIIde - ok
17:36:50.0343 0400 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:36:51.0218 0400 Pcmcia - ok
17:36:51.0640 0400 [ 2D5C059C1A12BABF336F319F45C161D3 ] PCTCore C:\WINDOWS\system32\drivers\PCTCore.sys
17:36:52.0515 0400 PCTCore - ok
17:36:52.0859 0400 [ F820B4C61D1E591325B679D479D4EEA4 ] pctDS C:\WINDOWS\system32\drivers\pctDS.sys
17:36:53.0562 0400 pctDS - ok
17:36:54.0734 0400 [ ACC8C15F3D59F17C5D903FF1DE3B43D3 ] pctEFA C:\WINDOWS\system32\drivers\pctEFA.sys
17:36:55.0984 0400 pctEFA - ok
17:36:56.0296 0400 [ 83DDD552F7F1043F764E8CC88FF41232 ] PCTSD C:\WINDOWS\system32\Drivers\PCTSD.sys
17:36:57.0171 0400 PCTSD - ok
17:36:57.0500 0400 PDCOMP - ok
17:36:57.0640 0400 PDFRAME - ok
17:36:57.0921 0400 PDRELI - ok
17:36:58.0140 0400 PDRFRAME - ok
17:36:58.0781 0400 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\System32\DRIVERS\perc2.sys
17:36:59.0109 0400 perc2 - ok
17:36:59.0250 0400 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\System32\DRIVERS\perc2hib.sys
17:36:59.0484 0400 perc2hib - ok
17:36:59.0656 0400 [ 0E776ED5F7CC9F94299E70461B7B8185 ] PlugPlay C:\WINDOWS\system32\services.exe
17:36:59.0656 0400 PlugPlay - ok
17:36:59.0875 0400 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
17:36:59.0875 0400 PolicyAgent - ok
17:37:00.0234 0400 [ C740D0CB238670629AF1B740414A8F3C ] ppa3 C:\WINDOWS\system32\DRIVERS\ppa3.sys
17:37:00.0812 0400 ppa3 - ok
17:37:01.0281 0400 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:37:01.0421 0400 PptpMiniport - ok
17:37:01.0640 0400 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
17:37:01.0828 0400 Processor - ok
17:37:01.0953 0400 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:37:01.0968 0400 ProtectedStorage - ok
17:37:02.0250 0400 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:37:02.0531 0400 PSched - ok
17:37:02.0906 0400 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:37:03.0328 0400 Ptilink - ok
17:37:03.0421 0400 [ 070EDDD0E4A5BE55DD590D8B30DBFF22 ] pwd_2k C:\WINDOWS\system32\drivers\pwd_2k.sys
17:37:03.0765 0400 pwd_2k - ok
17:37:03.0843 0400 PxHelp20 - ok
17:37:04.0015 0400 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\System32\DRIVERS\ql1080.sys
17:37:05.0843 0400 ql1080 - ok
17:37:07.0484 0400 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
17:37:08.0765 0400 Ql10wnt - ok
17:37:09.0328 0400 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\System32\DRIVERS\ql12160.sys
17:37:09.0640 0400 ql12160 - ok
17:37:10.0203 0400 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\System32\DRIVERS\ql1240.sys
17:37:10.0406 0400 ql1240 - ok
17:37:11.0328 0400 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\System32\DRIVERS\ql1280.sys
17:37:12.0000 0400 ql1280 - ok
17:37:13.0281 0400 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:37:13.0703 0400 RasAcd - ok
17:37:14.0156 0400 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:37:14.0671 0400 RasAuto - ok
17:37:15.0656 0400 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:37:15.0906 0400 Rasl2tp - ok
17:37:16.0359 0400 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:37:17.0015 0400 RasMan - ok
17:37:17.0109 0400 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:37:17.0359 0400 RasPppoe - ok
17:37:17.0562 0400 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:37:18.0546 0400 Raspti - ok
17:37:18.0875 0400 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:37:20.0250 0400 Rdbss - ok
17:37:20.0468 0400 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:37:21.0843 0400 RDPCDD - ok
17:37:24.0281 0400 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:37:26.0546 0400 rdpdr - ok
17:37:26.0765 0400 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:37:27.0359 0400 RDPWD - ok
17:37:27.0640 0400 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:37:27.0718 0400 RDSessMgr - ok
17:37:27.0781 0400 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:37:28.0109 0400 redbook - ok
17:37:28.0687 0400 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:37:29.0078 0400 RemoteAccess - ok
17:37:29.0296 0400 [ BB7549BD94D1AAC3599C7606C50C48A0 ] Rksample C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys
17:37:29.0437 0400 Rksample - ok
17:37:29.0625 0400 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
17:37:29.0703 0400 ROOTMODEM - ok
17:37:29.0953 0400 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
17:37:30.0046 0400 RpcLocator - ok
17:37:30.0218 0400 [ 2589FE6015A316C0F5D5112B4DA7B509 ] RpcSs C:\WINDOWS\system32\rpcss.dll
17:37:30.0453 0400 RpcSs - ok
17:37:30.0687 0400 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
17:37:30.0875 0400 RSVP - ok
17:37:30.0921 0400 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
17:37:30.0921 0400 SamSs - ok
17:37:31.0171 0400 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:37:31.0484 0400 SCardSvr - ok
17:37:31.0671 0400 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:37:32.0062 0400 Schedule - ok
17:37:32.0609 0400 [ CADC6D185D8560A1EC266B0A97C4F153 ] sdAuxService C:\Program Files\PC Tools Security\pctsAuxs.exe
17:37:33.0453 0400 sdAuxService - ok
17:37:35.0062 0400 [ 1B556AB08795428E2F3DAFCFCB54C782 ] sdCoreService C:\Program Files\PC Tools Security\pctsSvc.exe
17:37:36.0578 0400 sdCoreService - ok
17:37:36.0656 0400 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:37:37.0859 0400 Secdrv - ok
17:37:37.0968 0400 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
17:37:39.0125 0400 seclogon - ok
17:37:39.0296 0400 [ E5B56569A9F79B70314FEDE6C953641E ] seehcri C:\WINDOWS\system32\DRIVERS\seehcri.sys
17:37:39.0656 0400 seehcri - ok
17:37:39.0718 0400 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
17:37:40.0515 0400 SENS - ok
17:37:40.0609 0400 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:37:41.0875 0400 serenum - ok
17:37:42.0031 0400 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
17:37:42.0531 0400 Serial - ok
17:37:42.0609 0400 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:37:42.0828 0400 Sfloppy - ok
17:37:43.0234 0400 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:37:43.0484 0400 SharedAccess - ok
17:37:43.0562 0400 [ 1926899BF9FFE2602B63074971700412 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:37:43.0578 0400 ShellHWDetection - ok
17:37:43.0625 0400 Simbad - ok
17:37:43.0734 0400 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\System32\DRIVERS\sisagp.sys
17:37:44.0312 0400 sisagp - ok
17:37:44.0593 0400 [ 12D9287937366BF1C9AD7007B5407DEB ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
17:37:45.0218 0400 smwdm - ok
17:37:45.0296 0400 [ 60C377BE6B3CC83F6A8584934B181D2E ] SNMP C:\WINDOWS\System32\snmp.exe
17:37:45.0359 0400 SNMP - ok
17:37:45.0437 0400 [ 80A050795A107A76C2B1CD4CFBE010E6 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
17:37:45.0515 0400 SNMPTRAP - ok
17:37:45.0640 0400 [ D9E8E0CE154A2F6430D9EFABDF730867 ] SoftFax C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys
17:37:45.0703 0400 SoftFax - ok
17:37:45.0765 0400 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\System32\DRIVERS\sparrow.sys
17:37:46.0109 0400 Sparrow - ok
17:37:46.0343 0400 [ 6C843C43FD7F0B42CFE477CE88D0F9B3 ] SpeakerPhone C:\WINDOWS\system32\DRIVERS\HSF_SPKP.sys
17:37:47.0781 0400 SpeakerPhone - ok
17:37:47.0843 0400 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:37:47.0984 0400 splitter - ok
17:37:48.0234 0400 [ D8E14A61ACC1D4A6CD0D38AEBAC7FA3B ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:37:48.0265 0400 Spooler - ok
17:37:48.0562 0400 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:37:48.0843 0400 sr - ok
17:37:49.0031 0400 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\System32\srsvc.dll
17:37:49.0343 0400 srservice - ok
17:37:49.0625 0400 [ 5252605079810904E31C332E241CD59B ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:37:49.0812 0400 Srv - ok
17:37:49.0890 0400 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:37:49.0937 0400 SSDPSRV - ok
17:37:50.0296 0400 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:37:50.0609 0400 stisvc - ok
17:37:50.0890 0400 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:37:51.0171 0400 swenum - ok
17:37:51.0437 0400 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:37:51.0734 0400 swmidi - ok
17:37:51.0750 0400 SwPrv - ok
17:37:51.0859 0400 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\System32\DRIVERS\symc810.sys
17:37:51.0875 0400 symc810 - ok
17:37:51.0968 0400 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\System32\DRIVERS\symc8xx.sys
17:37:52.0015 0400 symc8xx - ok
17:37:52.0250 0400 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\System32\DRIVERS\sym_hi.sys
17:37:52.0312 0400 sym_hi - ok
17:37:52.0390 0400 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\System32\DRIVERS\sym_u3.sys
17:37:52.0671 0400 sym_u3 - ok
17:37:52.0750 0400 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:37:52.0937 0400 sysaudio - ok
17:37:53.0015 0400 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:37:53.0046 0400 SysmonLog - ok
17:37:53.0312 0400 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:37:53.0468 0400 TapiSrv - ok
17:37:53.0656 0400 [ 93EA8D04EC73A85DB02EB8805988F733 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:37:54.0531 0400 Tcpip - ok
17:37:54.0765 0400 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:37:55.0093 0400 TDPIPE - ok
17:37:55.0515 0400 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:37:55.0828 0400 TDTCP - ok
17:37:55.0875 0400 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:37:56.0375 0400 TermDD - ok
17:37:57.0265 0400 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
17:37:57.0500 0400 TermService - ok
17:37:57.0671 0400 [ 1926899BF9FFE2602B63074971700412 ] Themes C:\WINDOWS\System32\shsvcs.dll
17:37:57.0671 0400 Themes - ok
17:37:57.0750 0400 [ 8021A499DB46B2961C285168671CB9AF ] Tones C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys
17:37:57.0828 0400 Tones - ok
17:37:58.0296 0400 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\System32\DRIVERS\toside.sys
17:37:58.0421 0400 TosIde - ok
17:37:58.0453 0400 TPkd - ok
17:37:58.0656 0400 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:37:58.0687 0400 TrkWks - ok
17:37:58.0828 0400 [ 27E66E79FD742C107FDB23280E17D869 ] UdfReadr_xp C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
17:37:59.0437 0400 UdfReadr_xp - ok
17:37:59.0812 0400 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:38:00.0125 0400 Udfs - ok
17:38:00.0187 0400 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\System32\DRIVERS\ultra.sys
17:38:00.0593 0400 ultra - ok
17:38:01.0015 0400 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\System32\wdfmgr.exe
17:38:01.0656 0400 UMWdf - ok
17:38:02.0250 0400 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:38:03.0234 0400 Update - ok
17:38:04.0953 0400 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:38:05.0640 0400 upnphost - ok
17:38:05.0796 0400 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
17:38:06.0281 0400 UPS - ok
17:38:06.0406 0400 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:38:06.0765 0400 usbccgp - ok
17:38:06.0921 0400 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:38:07.0203 0400 usbehci - ok
17:38:07.0375 0400 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:38:07.0843 0400 usbhub - ok
17:38:07.0984 0400 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:38:08.0265 0400 usbprint - ok
17:38:08.0375 0400 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:38:08.0890 0400 usbscan - ok
17:38:09.0078 0400 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:38:09.0187 0400 USBSTOR - ok
17:38:09.0250 0400 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:38:09.0765 0400 usbuhci - ok
17:38:09.0968 0400 [ 269C0ADE94B90029B12497747BE408CB ] V124 C:\WINDOWS\system32\DRIVERS\HSF_V124.sys
17:38:10.0218 0400 V124 - ok
17:38:10.0250 0400 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:38:10.0296 0400 VgaSave - ok
17:38:10.0343 0400 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\System32\DRIVERS\viaagp.sys
17:38:10.0578 0400 viaagp - ok
17:38:10.0703 0400 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\System32\DRIVERS\viaide.sys
17:38:10.0843 0400 ViaIde - ok
17:38:10.0984 0400 [ 5F974FDE801C73952770736BECDE11E7 ] Viewpoint Manager Service C:\Program Files\Viewpoint\Common\ViewpointService.exe
17:38:11.0000 0400 Viewpoint Manager Service - ok
17:38:11.0078 0400 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:38:11.0281 0400 VolSnap - ok
17:38:11.0421 0400 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
17:38:11.0531 0400 VSS - ok
17:38:12.0328 0400 [ 8ED347BAD8D1FB7C40B593BFB01786D2 ] vToolbarUpdater11.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
17:38:12.0875 0400 vToolbarUpdater11.2.0 - ok
17:38:13.0000 0400 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\System32\w32time.dll
17:38:13.0093 0400 w32time - ok
17:38:13.0156 0400 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:38:13.0296 0400 Wanarp - ok
17:38:13.0343 0400 WDICA - ok
17:38:13.0421 0400 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:38:13.0500 0400 wdmaud - ok
17:38:13.0734 0400 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:38:13.0812 0400 WebClient - ok
17:38:14.0031 0400 [ FE71B3857BED54600E02288B212E7B7C ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
17:38:14.0484 0400 winachsf - ok
17:38:14.0609 0400 [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend C:\Program Files\Windows Defender\MsMpEng.exe
17:38:14.0828 0400 WinDefend - ok
17:38:15.0046 0400 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:38:15.0109 0400 winmgmt - ok
17:38:15.0296 0400 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\System32\mspmsnsv.dll
17:38:15.0687 0400 WmdmPmSN - ok
17:38:16.0046 0400 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
17:38:16.0171 0400 WmiApSrv - ok
17:38:16.0250 0400 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:38:16.0281 0400 WS2IFSL - ok
17:38:16.0468 0400 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:38:16.0500 0400 wscsvc - ok
17:38:16.0609 0400 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:38:16.0937 0400 WudfPf - ok
17:38:17.0062 0400 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:38:17.0234 0400 WudfRd - ok
17:38:17.0484 0400 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
17:38:18.0109 0400 WudfSvc - ok
17:38:19.0062 0400 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:38:20.0406 0400 WZCSVC - ok
17:38:20.0843 0400 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:38:21.0421 0400 xmlprov - ok
17:38:21.0531 0400 ================ Scan global ===============================
17:38:21.0843 0400 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
17:38:22.0500 0400 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
17:38:22.0890 0400 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
17:38:23.0000 0400 [ 0E776ED5F7CC9F94299E70461B7B8185 ] C:\WINDOWS\system32\services.exe
17:38:23.0031 0400 [Global] - ok
17:38:23.0046 0400 ================ Scan MBR ==================================
17:38:23.0078 0400 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
17:38:26.0187 0400 \Device\Harddisk0\DR0 - ok
17:38:26.0187 0400 ================ Scan VBR ==================================
17:38:26.0218 0400 [ BC04B0CBD4C3DDD381DEE9E26EF67683 ] \Device\Harddisk0\DR0\Partition1
17:38:26.0218 0400 \Device\Harddisk0\DR0\Partition1 - ok
17:38:26.0218 0400 ============================================================
17:38:26.0218 0400 Scan finished
17:38:26.0218 0400 ============================================================
17:38:26.0281 1812 Detected object count: 0
17:38:26.0281 1812 Actual detected object count: 0
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 96,465 posts.
 
Join Date: Aug 2003
23-Sep-2012, 10:54 AM #8
Please visit Combofix Guide & Instructions for instructions for installing the Recovery Console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.
forummember's Avatar
forummember forummember is offline
Member with 17 posts.
THREAD STARTER
 
Join Date: Apr 2011
Experience: Computer Illiterate
01-Oct-2012, 01:16 PM #9
Sorry for not replying to this. My parents say their computer is working fine after removing Pihar. I'm not sure what sites they visit to get the virus, but whenever they have these symptoms again, they run TDSSKiller and the problem goes away.
I'll run Combofix this weekend.
Thanks for all the help.
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 96,465 posts.
 
Join Date: Aug 2003
01-Oct-2012, 04:19 PM #10
TDSSKiller doesn't always get all of the infection and it can respawn if not taken care of properly.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑