Hi,

I posted a thread on 05/01/2013 with the title "My Laptop is Infected with Spyware" and I was being helped by Shelf Life. I had to replace the motherboard and then post my DDR logs attached and below. I notice that my thread has been archived hence my new post. Please can I have some help?

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Run by Jimbub at 18:50:47 on 2013-01-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2760 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: eTrust Antivirus *Disabled/Updated* {33EA71EA-56CF-40B5-A06B-BD3A27397C33}
.
============== Running Processes ================
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVS4YOU\AVSFirewall\AVSFirewallService.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\AVS4YOU\AVSFirewall\AVSFirewall.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = hxxp://www.google.co.uk/hws/sb/dell-usuk-rel/en/side.html?channel=uk
uSearch Page = hxxp://www.google.co.uk/hws/sb/dell-usuk-rel/en/side.html?channel=uk
uDefault_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=2061028
mSearchAssistant = hxxp://www.google.com/ie
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [nwiz] nwiz.exe /installquiet
mRun: [ROC_roc_ssl_v12] "c:\program files\avg secure search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [AVSFirewall] c:\program files\avs4you\avsfirewall\AVSFirewall.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0AMQA1ADQAMwA0ADYANgAzADQANAAtAEYAUAA5ADIAKwA1AC0ARABEAFQAKwAwAC0ARgBMACsAOQAtAFMAVAA5ADAARgBBAFAAUAArADEA"&"prod=90"&"ver=9.0.914
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\james\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Halo\start menu\programs\imvu\Run IMVU.lnk
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by124w.bay124.mail.live.com/mail/resources/MsnPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1352985970703
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/gb/securityadvisor/virusinfo/webscan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{29665DF0-9662-4271-9544-47628E7447F1} : DHCPNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\james\application data\mozilla\firefox\profiles\kij5gm0g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c3c2c17&v=6.103.018.001&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q=
FF - component: c:\documents and settings\james\application data\mozilla\firefox\profiles\kij5gm0g.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin10174.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPILM500.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - ExtSQL: 2013-01-04 14:50; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
FF - ExtSQL: !HIDDEN! 2007-08-29 20:41; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - ExtSQL: !HIDDEN! 2010-07-15 11:56; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-1-4 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-1-4 361032]
R1 AVSRegMonDrv;AVSRegMonDrv;c:\program files\avs4you\avsfirewall\AVSRegMonDrv.sys [2012-11-15 17992]
R1 AVSTDIFilterDrv;AVSTDIFilterDrv;c:\program files\avs4you\avsfirewall\AVSTDIFilterDrv.sys [2012-11-15 24648]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-1-4 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-1-4 44808]
R2 AVSFirewallService;AVSFirewall Service;c:\program files\avs4you\avsfirewall\AVSFirewallService.exe [2012-11-15 80456]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]
R3 AVSNDISIMMP;AVSNDISIMMP;c:\windows\system32\drivers\AVSNDISIMDriver.sys [2012-11-15 23624]
S3 AVSNDISIM;AVSNDISIM Service;c:\windows\system32\drivers\AVSNDISIMDriver.sys [2012-11-15 23624]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-1-4 40776]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
.
=============== Created Last 30 ================
.
2013-01-04 17:08:46 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-01-04 14:50:22 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-01-04 14:49:51 41224 ----a-w- c:\windows\avastSS.scr
2013-01-04 14:20:49 -------- d-----w- c:\documents and settings\all users\application data\Anvisoft
2013-01-04 14:20:44 -------- d-----w- c:\program files\Anvisoft
2013-01-04 08:28:40 -------- d-----w- c:\documents and settings\james\local settings\application data\Help
2012-12-28 20:10:06 -------- d-----w- c:\documents and settings\james\application data\Malwarebytes
2012-12-28 20:03:50 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-12-28 20:03:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-28 20:03:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-24 18:20:10 -------- d-----w- c:\documents and settings\james\application data\RealNetworks
2012-12-24 17:36:31 -------- d-----w- c:\program files\RealNetworks
2012-12-24 17:36:27 -------- d-----w- c:\documents and settings\all users\application data\RealNetworks
2012-12-24 17:36:15 -------- d-----w- c:\program files\common files\xing shared
2012-12-24 17:36:03 153296 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2012-12-24 17:35:54 124056 ----a-w- c:\program files\mozilla firefox\plugins\nprpplugin.dll
.
==================== Find3M ====================
.
2013-01-19 17:33:51 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-19 17:33:51 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01:39 1371648 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 18:51:38.67 ===============

hi Jimbub,

Its me again. You got your new mainboard installed? How did that go, problem free? Your log looks ok.

I installed the motherboard ok but I am still having the same problems as before. I am not allowed to create a restore point before the date my laptop got infected.

Previous to my new motherboard I got the following Avast bootscan error messages:

"FileC:\System Volume Information\_restore is infected by WIN32:trojan.gen"
"FileC:\System Volume Information\_restore is infected by WIN32:Malware.gen".

If you refer to my previous post which has now been archived you will see that I did have other messages and infected files which were picked up by the bootscan. I have included the latest aswMBR log trace below which shows a suspicious file.

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-31 16:42:21
-----------------------------
16:42:21.406 OS Version: Windows 5.1.2600 Service Pack 3
16:42:21.406 Number of processors: 2 586 0xF06
16:42:21.406 ComputerName: JAMES UserName: James
16:42:25.203 Initialize success
16:42:25.390 AVAST engine defs: 13013100
16:42:50.656 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:42:50.656 Disk 0 Vendor: TOSHIBA_MK8034GSX AH301D Size: 76319MB BusType: 3
16:42:50.671 Disk 0 MBR read successfully
16:42:50.671 Disk 0 MBR scan
16:42:50.671 Disk 0 Windows XP default MBR code
16:42:50.671 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 86 MB offset 63
16:42:50.671 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76230 MB offset 176715
16:42:50.687 Disk 0 scanning sectors +156296385
16:42:50.750 Disk 0 scanning C:\WINDOWS\system32\drivers
16:42:59.890 Service scanning
16:43:18.875 Modules scanning
16:43:24.265 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
16:43:25.000 Disk 0 trace - called modules:
16:43:25.031 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
16:43:25.031 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b174ab8]
16:43:25.031 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000008c[0x8b1c77b0]
16:43:25.031 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b1a9940]
16:43:25.500 AVAST engine scan C:\WINDOWS
16:43:32.281 AVAST engine scan C:\WINDOWS\system32
16:45:44.390 AVAST engine scan C:\WINDOWS\system32\drivers
16:45:56.640 AVAST engine scan C:\Documents and Settings\James
16:49:58.109 AVAST engine scan C:\Documents and Settings\All Users
16:50:25.296 Scan finished successfully
16:53:57.875 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\James\Desktop\MBR.dat"
16:53:57.875 The log file has been saved successfully to "C:\Documents and Settings\James\Desktop\aswMBR.txt"

Kind Regards

Jimbub

hi,

These two items below are in your system restore points

FileC:\System Volume Information\_restore is infected by WIN32:trojan.gen"
"FileC:\System Volume Information\_restore is infected by WIN32:Malware.gen".

Once your machine is running ok we would flush out all your old restores points and create a new one. That would take care of the two items above.
The suspicious item you pointed out is related to Sonic software. Suspicious dosnt always mean malware.
Is a updated Malwarebytes coming up clean after a scan?

Hi Shelf life,

Latest MBAM scan is complete and doesn't pick anything up. After using MBAM my laptop plays up and I have to shutdown by turning off the mains power.

Logs look ok.

"I installed the motherboard ok but I am still having the same problems as before"
"I have to shutdown by turning off the mains power"

This isnt a malware issue, you must have some other hardware issue going on with your laptop. Its also possible it could be a driver issue or even software.

Hi Shelf life,

Sorry, I don't agree with you.

My laptop was working fine before I got the message from Avast to say I had infected files and what about all the Avast bootscan corrupted files and also the WIN32 malware and trojan files which are stopping me doing a system restore?

Regards

Jimbub

I will uninstall and re-install MBAM to see if this helps as this is the only program which affects my shutdown issue.

I didnt realize it was only MBAM causing problems. If it still causes problems after you reinstall it then I would uninstall again for good. Then we can clear out your restore points and make a new one.

I re-installed MBAM but it is still causing the same issue with shutdown so I will un-install MBAM as you advised and contact you again.

Many thanks

Jimbub

Hi Shelf life,

I have uninstalled MBAM as you requested. I have also installed and run Advanced Systemcare 6 to clean up errors on my laptop. So my laptop is in good order apart from the infection.

Regards

Jimbub

By infection you mean the files in your restore archive or something else? Logs look ok.

To make a new restore point:

One of the features of XP/Vista/W7 is the System Restore option, however if malware infects a computer the malware could be backed up also.Its a good idea to make a new clean restore point after malware is removed and the computer appears to be back to normal.

You must be logged in as an Administrator to do this. If you are not logged in as an Administrator, the System Restore tab will not be displayed.
Turning off System Restore will clear out all previous restore points.
To turn off Windows XP System Restore:

NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot. (will delete possibly infected restore points)

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

4. Reboot (new clean restore point)

Jimbub,

MBAM has a support forum if you want to pursue the shutdown issue.
If all is good on your end, a few tips to help you remain malware free:

No software can think for you. Help yourself. In no special order:

1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update (http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us) frequently or use the Windows auto-update feature. Staying updated is also essential for other web based applications like Java, Adobe Flash/Reader, iTunes etc. More and more third party applications are being targeted. Use the auto-update features available in most software. Not sure if you are using the latest version of software? Check their version status and get the updates here. ( http://secunia.com/vulnerability_scanning/online/)

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.

4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. See also E-mail phishing tricks. (http://www.fraud.org/tips/internet/phishing.htm)

5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?

7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts (http://www.microsoft.com/protect/computer/advanced/useraccount.mspx) can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista, Windows 7 and Windows 8 attempts to address.

8) Install and understand the *limitations* of a software firewall.

9) Your browser can be a pipeline to your machine: The why and how (http://www.us-cert.gov/reading_room/securing_browser/) to secure your browser for safer surfing. Consider disabling Java (http://blog.eset.com/2012/08/29/disabling-java-a-safer-way-to-browse) in your browser.

10) Warez, cracks, keygens etc are very popular for carrying malware payloads. If you look for these you will encounter malware. If you download/install files via p2p networks you will encounter malware. Do you really trust the source of the file?
More info/tips with pictures, links below

Happy Safe Surfing.

Thank you for your help Shelf life, I already do most of what you suggest regarding protection from malware, but there are a couple of points I can look into like disabling Java.

I will do the system restore actions and let you know how it goes.

Many thanks

Hi Shelflife,

I am having problems logging in as administrator, so need to sort this out before I can action your solution.

Are you making progress? You got it under control?

Hi Shelf life,

I have access to system restore now and have just completed the actions you gave me to clear out any possible infections in system restore.

I will use my laptop for a couple of days and let you know if it seems "infection" free.

Many Thanks

Jimbub

Hi Shelf life,

I am afraid I still have problems, if you recall MBAM was not installing properly and causing my laptop to crash. Well the same thing is happening, I uninstalled MBAM and tried Super Anti-spyware which didn't install properly and then Comodo Anti-spyware which also didn't install properly.

Not only did these programs not install properly, I also had problems trying to un-install them. In the end I had to revert back to an earlier restore point of today.

These problems have only occured since my laptop became infected. I have never previously had any problems installing/un-installing software on my laptop.

Spybot seems to work ok and doesn't pick anything up, but this was already installed.

I tried to install other non-spyware programs and these are ok.

I am no expert, but it seems there is something installed on my hard drive which is causing these problems and the log files are not picking it up. Advanced System care 6 doesn't fix it and says my laptop is healthy after a scan.

The solution you gave me which should wipe the restore points clean doesn't seem to address the corrupted file messages I got when Avast did a bootscan. It was only Avast which detected the infection initially, and then in its' bootscan. I had no option but to boot into Windows from the bootscan and since then no program has picked up any infected files.

Kind Regards

Not seeing any malware. But we can get another look. Delete your copy of aswMBR from your desktop and get a new copy to run and post the log:
link:
http://public.avast.com/%7Egmerek/aswMBR.exe

Double click the aswMBR icon to run it.
Click the Scan button to start scan.
If you are asked to update the Avast Virus database please allow it to do so.
When it finishes, press the Save Log button, save the logfile to your desktop and post its contents in your reply.

I dont recall you running this so get tdsskiller also
Download it to your desktop:

Link:
http://support.kaspersky.com/downloads/utils/tdsskiller.exe

Click the icon, then on Change Parameters. Check the option: Detect TDLFS file system, then click ok and Start Scan
Once the scan is done you will find a .txt file in your root drive Local Disk (C) labeled as: TDSSKILLER.2.8.13.0_15.10.2012_17.34.06_log.txt (version,date time)
Please copy/paste the log file in your reply.

Maybe your windows installer which handles software installs and uninstalls is corrupt.

Hi Shelflife,

Please see latest logs which you requested below:

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-23 20:10:34
-----------------------------
20:10:34.906 OS Version: Windows 5.1.2600 Service Pack 3
20:10:34.906 Number of processors: 2 586 0xF06
20:10:34.906 ComputerName: Jimbub UserName: Jimbub
20:10:38.359 Initialize success
20:10:38.500 AVAST engine defs: 13022300
20:10:48.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:10:48.890 Disk 0 Vendor: TOSHIBA_MK8034GSX AH301D Size: 76319MB BusType: 3
20:10:48.906 Disk 0 MBR read successfully
20:10:48.906 Disk 0 MBR scan
20:10:48.906 Disk 0 Windows XP default MBR code
20:10:48.921 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 86 MB offset 63
20:10:48.921 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76230 MB offset 176715
20:10:48.937 Disk 0 scanning sectors +156296385
20:10:49.015 Disk 0 scanning C:\WINDOWS\system32\drivers
20:10:59.500 Service scanning
20:11:20.875 Modules scanning
20:11:26.984 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
20:11:28.046 Disk 0 trace - called modules:
20:11:28.078 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
20:11:28.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b19eab8]
20:11:28.078 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000008c[0x8b1a6f18]
20:11:28.093 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b108940]
20:11:28.640 AVAST engine scan C:\WINDOWS
20:11:34.312 AVAST engine scan C:\WINDOWS\system32
20:14:37.203 AVAST engine scan C:\WINDOWS\system32\drivers
20:14:50.000 AVAST engine scan C:\Documents and Settings\Jimbub
20:17:06.390 AVAST engine scan C:\Documents and Settings\All Users
20:17:36.343 Scan finished successfully
20:21:47.328 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jimbub\Desktop\MBR.dat"
20:21:47.343 The log file has been saved successfully to "C:\Documents and Settings\Jimbub\Desktop\aswMBR.txt"



.......................................................................................................

20:23:24.0546 2452 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:23:24.0765 2452 ============================================================
20:23:24.0765 2452 Current date / time: 2013/02/23 20:23:24.0765
20:23:24.0765 2452 SystemInfo:
20:23:24.0765 2452
20:23:24.0765 2452 OS Version: 5.1.2600 ServicePack: 3.0
20:23:24.0765 2452 Product type: Workstation
20:23:24.0765 2452 ComputerName: Jimbub
20:23:24.0765 2452 UserName: Jimbub
20:23:24.0765 2452 Windows directory: C:\WINDOWS
20:23:24.0765 2452 System windows directory: C:\WINDOWS
20:23:24.0765 2452 Processor architecture: Intel x86
20:23:24.0765 2452 Number of processors: 2
20:23:24.0765 2452 Page size: 0x1000
20:23:24.0765 2452 Boot type: Normal boot
20:23:24.0765 2452 ============================================================
20:23:26.0546 2452 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:23:26.0562 2452 ============================================================
20:23:26.0562 2452 \Device\Harddisk0\DR0:
20:23:26.0562 2452 MBR partitions:
20:23:26.0562 2452 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2B24B, BlocksNum 0x94E3276
20:23:26.0562 2452 ============================================================
20:23:26.0593 2452 C: <-> \Device\Harddisk0\DR0\Partition1
20:23:26.0593 2452 ============================================================
20:23:26.0593 2452 Initialize success
20:23:26.0593 2452 ============================================================
20:23:47.0015 3112 ============================================================
20:23:47.0015 3112 Scan started
20:23:47.0015 3112 Mode: Manual; TDLFS;
20:23:47.0015 3112 ============================================================
20:23:47.0406 3112 ================ Scan system memory ========================
20:23:49.0265 3112 System memory - ok
20:23:49.0265 3112 ================ Scan services =============================
20:23:49.0390 3112 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
20:23:49.0390 3112 Aavmker4 - ok
20:23:49.0406 3112 Abiosdsk - ok
20:23:49.0437 3112 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
20:23:49.0437 3112 abp480n5 - ok
20:23:49.0484 3112 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:23:49.0484 3112 ACPI - ok
20:23:49.0531 3112 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
20:23:49.0531 3112 ACPIEC - ok
20:23:49.0640 3112 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:23:49.0640 3112 AdobeFlashPlayerUpdateSvc - ok
20:23:49.0671 3112 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
20:23:49.0671 3112 adpu160m - ok
20:23:49.0828 3112 [ CBFAA333EBA2E402A0439A3A0E5413F3 ] AdvancedSystemCareService6 C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
20:23:49.0828 3112 AdvancedSystemCareService6 - ok
20:23:49.0859 3112 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:23:49.0859 3112 aec - ok
20:23:49.0906 3112 [ 12DAFD934641DCF61E446313BC261EC2 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:23:49.0906 3112 AegisP - ok
20:23:49.0968 3112 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:23:49.0968 3112 AFD - ok
20:23:50.0031 3112 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
20:23:50.0031 3112 agp440 - ok
20:23:50.0062 3112 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
20:23:50.0062 3112 agpCPQ - ok
20:23:50.0093 3112 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
20:23:50.0093 3112 Aha154x - ok
20:23:50.0109 3112 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
20:23:50.0109 3112 aic78u2 - ok
20:23:50.0140 3112 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
20:23:50.0140 3112 aic78xx - ok
20:23:50.0171 3112 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:23:50.0187 3112 Alerter - ok
20:23:50.0218 3112 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
20:23:50.0218 3112 ALG - ok
20:23:50.0250 3112 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
20:23:50.0265 3112 AliIde - ok
20:23:50.0281 3112 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
20:23:50.0281 3112 alim1541 - ok
20:23:50.0328 3112 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
20:23:50.0328 3112 amdagp - ok
20:23:50.0328 3112 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
20:23:50.0328 3112 amsint - ok
20:23:50.0359 3112 [ 090880E9BF20F928BC341F96D27C019E ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
20:23:50.0375 3112 ApfiltrService - ok
20:23:50.0421 3112 [ EC94E05B76D033B74394E7B2175103CF ] APPDRV C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
20:23:50.0421 3112 APPDRV - ok
20:23:50.0484 3112 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
20:23:50.0484 3112 AppMgmt - ok
20:23:50.0531 3112 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
20:23:50.0531 3112 asc - ok
20:23:50.0546 3112 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
20:23:50.0562 3112 asc3350p - ok
20:23:50.0578 3112 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
20:23:50.0578 3112 asc3550 - ok
20:23:50.0703 3112 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:23:50.0734 3112 aspnet_state - ok
20:23:50.0765 3112 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
20:23:50.0781 3112 aswFsBlk - ok
20:23:50.0781 3112 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
20:23:50.0781 3112 aswMon2 - ok
20:23:50.0812 3112 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
20:23:50.0812 3112 AswRdr - ok
20:23:50.0859 3112 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
20:23:50.0859 3112 aswSnx - ok
20:23:50.0906 3112 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
20:23:50.0906 3112 aswSP - ok
20:23:50.0921 3112 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
20:23:50.0937 3112 aswTdi - ok
20:23:50.0968 3112 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:23:50.0968 3112 AsyncMac - ok
20:23:50.0968 3112 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:23:50.0984 3112 atapi - ok
20:23:50.0984 3112 Atdisk - ok
20:23:51.0015 3112 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:23:51.0015 3112 Atmarpc - ok
20:23:51.0062 3112 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:23:51.0062 3112 AudioSrv - ok
20:23:51.0125 3112 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:23:51.0125 3112 audstub - ok
20:23:51.0203 3112 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:23:51.0203 3112 avast! Antivirus - ok
20:23:51.0281 3112 [ 359C7C285F3E1B8458D74C74DE52B9CF ] AVSFirewallService C:\Program Files\AVS4YOU\AVSFirewall\AVSFirewallService.exe
20:23:51.0281 3112 AVSFirewallService - ok
20:23:51.0343 3112 [ 7077C906FC499EF9135B9E0D0EE82A7A ] AVSNDISIM C:\WINDOWS\system32\DRIVERS\AVSNDISIMDriver.sys
20:23:51.0343 3112 AVSNDISIM - ok
20:23:51.0343 3112 [ 7077C906FC499EF9135B9E0D0EE82A7A ] AVSNDISIMMP C:\WINDOWS\system32\DRIVERS\AVSNDISIMDriver.sys
20:23:51.0343 3112 AVSNDISIMMP - ok
20:23:51.0375 3112 [ 2EE17413C3AF23458A402BBCB7E92355 ] AVSRegMonDrv C:\Program Files\AVS4YOU\AVSFirewall\AVSRegMonDrv.sys
20:23:51.0375 3112 AVSRegMonDrv - ok
20:23:51.0390 3112 [ 993F2A7EB6F1CBFBB4CB382212D67810 ] AVSTDIFilterDrv C:\Program Files\AVS4YOU\AVSFirewall\AVSTDIFilterDrv.sys
20:23:51.0390 3112 AVSTDIFilterDrv - ok
20:23:51.0468 3112 [ C0ACD392ECE55784884CC208AAFA06CE ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
20:23:51.0468 3112 b57w2k - ok
20:23:51.0500 3112 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:23:51.0500 3112 Beep - ok
20:23:51.0562 3112 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
20:23:51.0593 3112 BITS - ok
20:23:51.0640 3112 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
20:23:51.0640 3112 Browser - ok
20:23:51.0671 3112 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
20:23:51.0671 3112 cbidf - ok
20:23:51.0687 3112 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:23:51.0687 3112 cbidf2k - ok
20:23:51.0703 3112 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
20:23:51.0703 3112 cd20xrnt - ok
20:23:51.0718 3112 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:23:51.0718 3112 Cdaudio - ok
20:23:51.0750 3112 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:23:51.0750 3112 Cdfs - ok
20:23:51.0765 3112 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:23:51.0765 3112 Cdrom - ok
20:23:51.0781 3112 Changer - ok
20:23:51.0812 3112 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:23:51.0812 3112 CiSvc - ok
20:23:51.0843 3112 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:23:51.0859 3112 ClipSrv - ok
20:23:51.0906 3112 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:23:51.0953 3112 clr_optimization_v2.0.50727_32 - ok
20:23:51.0984 3112 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:23:51.0984 3112 CmBatt - ok
20:23:52.0031 3112 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
20:23:52.0031 3112 CmdIde - ok
20:23:52.0046 3112 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:23:52.0046 3112 Compbatt - ok
20:23:52.0046 3112 COMSysApp - ok
20:23:52.0062 3112 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
20:23:52.0062 3112 Cpqarray - ok
20:23:52.0078 3112 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:23:52.0078 3112 CryptSvc - ok
20:23:52.0109 3112 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
20:23:52.0125 3112 dac2w2k - ok
20:23:52.0125 3112 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
20:23:52.0125 3112 dac960nt - ok
20:23:52.0187 3112 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:23:52.0203 3112 DcomLaunch - ok
20:23:52.0250 3112 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:23:52.0265 3112 Dhcp - ok
20:23:52.0312 3112 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:23:52.0312 3112 Disk - ok
20:23:52.0421 3112 [ E2D0DE31442390C35E3163C87CB6A9EB ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
20:23:52.0421 3112 DLABOIOM - ok
20:23:52.0421 3112 [ D979BEBCF7EDCC9C9EE1857D1A68C67B ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
20:23:52.0421 3112 DLACDBHM - ok
20:23:52.0437 3112 [ 83545593E297F50A8E2524B4C071A153 ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS
20:23:52.0437 3112 DLADResN - ok
20:23:52.0437 3112 [ 96E01D901CDC98C7817155CC057001BF ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
20:23:52.0437 3112 DLAIFS_M - ok
20:23:52.0453 3112 [ 0A60A39CC5E767980A31CA5D7238DFA9 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
20:23:52.0453 3112 DLAOPIOM - ok
20:23:52.0453 3112 [ 9FE2B72558FC808357F427FD83314375 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
20:23:52.0453 3112 DLAPoolM - ok
20:23:52.0468 3112 [ 7EE0852AE8907689DF25049DCD2342E8 ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
20:23:52.0468 3112 DLARTL_N - ok
20:23:52.0484 3112 [ F08E1DAFAC457893399E03430A6A1397 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
20:23:52.0484 3112 DLAUDFAM - ok
20:23:52.0500 3112 [ E7D105ED1E694449D444A9933DF8E060 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
20:23:52.0500 3112 DLAUDF_M - ok
20:23:52.0500 3112 dmadmin - ok
20:23:52.0593 3112 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:23:52.0625 3112 dmboot - ok
20:23:52.0640 3112 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:23:52.0656 3112 dmio - ok
20:23:52.0703 3112 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:23:52.0703 3112 dmload - ok
20:23:52.0750 3112 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:23:52.0750 3112 dmserver - ok
20:23:52.0781 3112 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:23:52.0781 3112 DMusic - ok
20:23:52.0796 3112 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:23:52.0812 3112 Dnscache - ok
20:23:52.0843 3112 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:23:52.0859 3112 Dot3svc - ok
20:23:52.0859 3112 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
20:23:52.0859 3112 dpti2o - ok
20:23:52.0890 3112 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:23:52.0906 3112 drmkaud - ok
20:23:52.0906 3112 [ FD0F95981FEF9073659D8EC58E40AA3C ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
20:23:52.0906 3112 DRVMCDB - ok
20:23:52.0921 3112 [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
20:23:52.0921 3112 DRVNDDM - ok
20:23:52.0921 3112 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:23:52.0937 3112 E100B - ok
20:23:52.0968 3112 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:23:52.0968 3112 EapHost - ok
20:23:53.0000 3112 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:23:53.0000 3112 ERSvc - ok
20:23:53.0046 3112 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
20:23:53.0062 3112 Eventlog - ok
20:23:53.0109 3112 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
20:23:53.0125 3112 EventSystem - ok
20:23:53.0203 3112 [ ED9C755312F29D55B8C815EEC7115635 ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
20:23:53.0203 3112 EvtEng - ok
20:23:53.0250 3112 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:23:53.0265 3112 Fastfat - ok
20:23:53.0312 3112 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:23:53.0328 3112 FastUserSwitchingCompatibility - ok
20:23:53.0375 3112 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
20:23:53.0375 3112 Fax - ok
20:23:53.0406 3112 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
20:23:53.0406 3112 Fdc - ok
20:23:53.0453 3112 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:23:53.0453 3112 Fips - ok
20:23:53.0468 3112 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:23:53.0468 3112 Flpydisk - ok
20:23:53.0531 3112 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:23:53.0546 3112 FltMgr - ok
20:23:53.0625 3112 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:23:53.0625 3112 FontCache3.0.0.0 - ok
20:23:53.0671 3112 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:23:53.0671 3112 Fs_Rec - ok
20:23:53.0687 3112 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:23:53.0687 3112 Ftdisk - ok
20:23:53.0781 3112 [ 0879DC7444A201DF84E69C5DD5083D61 ] getPlusHelper C:\Program Files\NOS\bin\getPlus_Helper.dll
20:23:53.0781 3112 getPlusHelper - ok
20:23:53.0828 3112 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:23:53.0828 3112 Gpc - ok
20:23:53.0859 3112 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:23:53.0859 3112 HDAudBus - ok
20:23:53.0953 3112 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:23:53.0953 3112 helpsvc - ok
20:23:54.0000 3112 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
20:23:54.0000 3112 HidServ - ok
20:23:54.0015 3112 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:23:54.0031 3112 HidUsb - ok
20:23:54.0078 3112 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:23:54.0078 3112 hkmsvc - ok
20:23:54.0109 3112 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
20:23:54.0109 3112 hpn - ok
20:23:54.0203 3112 [ E8EC1767EA315A39A0DD8989952CA0E9 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
20:23:54.0218 3112 HSF_DPV - ok
20:23:54.0265 3112 [ 61478FA42EE04562E7F11F4DCA87E9C8 ] HSXHWAZL C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
20:23:54.0265 3112 HSXHWAZL - ok
20:23:54.0328 3112 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:23:54.0343 3112 HTTP - ok
20:23:54.0390 3112 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:23:54.0421 3112 HTTPFilter - ok
20:23:54.0421 3112 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
20:23:54.0421 3112 i2omgmt - ok
20:23:54.0453 3112 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
20:23:54.0468 3112 i2omp - ok
20:23:54.0484 3112 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:23:54.0484 3112 i8042prt - ok
20:23:54.0859 3112 [ E8C7CC369C2FB657E0792AF70DF529E6 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
20:23:55.0187 3112 ialm - ok
20:23:55.0281 3112 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:23:55.0312 3112 idsvc - ok
20:23:55.0343 3112 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:23:55.0343 3112 Imapi - ok
20:23:55.0406 3112 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:23:55.0406 3112 ImapiService - ok
20:23:55.0421 3112 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
20:23:55.0437 3112 ini910u - ok
20:23:55.0437 3112 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
20:23:55.0437 3112 IntelIde - ok
20:23:55.0484 3112 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:23:55.0500 3112 intelppm - ok
20:23:55.0500 3112 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
20:23:55.0500 3112 Ip6Fw - ok
20:23:55.0531 3112 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:23:55.0531 3112 IpFilterDriver - ok
20:23:55.0546 3112 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:23:55.0562 3112 IpInIp - ok
20:23:55.0593 3112 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:23:55.0593 3112 IpNat - ok
20:23:55.0609 3112 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:23:55.0609 3112 IPSec - ok
20:23:55.0640 3112 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
20:23:55.0640 3112 irda - ok
20:23:55.0656 3112 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:23:55.0656 3112 IRENUM - ok
20:23:55.0671 3112 [ 49CC4533CE897CB2E93C1E84A818FDE5 ] Irmon C:\WINDOWS\System32\irmon.dll
20:23:55.0687 3112 Irmon - ok
20:23:55.0703 3112 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:23:55.0703 3112 isapnp - ok
20:23:55.0828 3112 [ 1834C96FB1F9280BCF6DDFA6DE8338BF ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
20:23:55.0828 3112 JavaQuickStarterService - ok
20:23:55.0843 3112 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:23:55.0843 3112 Kbdclass - ok
20:23:55.0859 3112 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:23:55.0859 3112 kbdhid - ok
20:23:55.0890 3112 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:23:55.0890 3112 kmixer - ok
20:23:55.0906 3112 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:23:55.0921 3112 KSecDD - ok
20:23:55.0968 3112 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:23:55.0984 3112 lanmanserver - ok
20:23:56.0031 3112 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:23:56.0046 3112 lanmanworkstation - ok
20:23:56.0062 3112 lbrtfdc - ok
20:23:56.0109 3112 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:23:56.0125 3112 LmHosts - ok
20:23:56.0156 3112 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
20:23:56.0156 3112 MBAMSwissArmy - ok
20:23:56.0265 3112 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
20:23:56.0281 3112 MDM - ok
20:23:56.0296 3112 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:23:56.0312 3112 mdmxsdk - ok
20:23:56.0328 3112 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:23:56.0343 3112 Messenger - ok
20:23:56.0390 3112 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:23:56.0390 3112 mnmdd - ok
20:23:56.0421 3112 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
20:23:56.0437 3112 mnmsrvc - ok
20:23:56.0484 3112 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:23:56.0484 3112 Modem - ok
20:23:56.0500 3112 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:23:56.0500 3112 Mouclass - ok
20:23:56.0531 3112 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:23:56.0531 3112 mouhid - ok
20:23:56.0562 3112 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:23:56.0562 3112 MountMgr - ok
20:23:56.0640 3112 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:23:56.0640 3112 MozillaMaintenance - ok
20:23:56.0687 3112 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
20:23:56.0687 3112 mraid35x - ok
20:23:56.0687 3112 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:23:56.0703 3112 MRxDAV - ok
20:23:56.0734 3112 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:23:56.0750 3112 MRxSmb - ok
20:23:56.0781 3112 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
20:23:56.0781 3112 MSDTC - ok
20:23:56.0828 3112 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:23:56.0828 3112 Msfs - ok
20:23:56.0843 3112 [ 95C6432151CCFF8617352F8E616A1AA4 ] MSIRCOMM C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
20:23:56.0843 3112 MSIRCOMM - ok
20:23:56.0843 3112 MSIServer - ok
20:23:56.0843 3112 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:23:56.0859 3112 MSKSSRV - ok
20:23:56.0859 3112 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:23:56.0859 3112 MSPCLOCK - ok
20:23:56.0875 3112 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:23:56.0875 3112 MSPQM - ok
20:23:56.0921 3112 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:23:56.0921 3112 mssmbios - ok
20:23:56.0937 3112 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:23:56.0937 3112 Mup - ok
20:23:56.0984 3112 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
20:23:57.0015 3112 napagent - ok
20:23:57.0062 3112 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:23:57.0078 3112 NDIS - ok
20:23:57.0109 3112 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:23:57.0125 3112 NdisTapi - ok
20:23:57.0140 3112 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:23:57.0140 3112 Ndisuio - ok
20:23:57.0140 3112 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:23:57.0156 3112 NdisWan - ok
20:23:57.0171 3112 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:23:57.0171 3112 NDProxy - ok
20:23:57.0187 3112 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:23:57.0187 3112 NetBIOS - ok
20:23:57.0234 3112 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:23:57.0250 3112 NetBT - ok
20:23:57.0296 3112 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
20:23:57.0312 3112 NetDDE - ok
20:23:57.0328 3112 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:23:57.0343 3112 NetDDEdsdm - ok
20:23:57.0375 3112 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:23:57.0375 3112 Netlogon - ok
20:23:57.0406 3112 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
20:23:57.0421 3112 Netman - ok
20:23:57.0468 3112 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:23:57.0468 3112 NetTcpPortSharing - ok
20:23:57.0515 3112 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
20:23:57.0531 3112 Nla - ok
20:23:57.0593 3112 [ 1E421A6BCF2203CC61B821ADA9DE878B ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys
20:23:57.0593 3112 nm - ok
20:23:57.0609 3112 [ 6623E51595C0076755C29C00846C4EB2 ] NPF C:\WINDOWS\system32\drivers\npf.sys
20:23:57.0625 3112 NPF - ok
20:23:57.0640 3112 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:23:57.0640 3112 Npfs - ok
20:23:57.0687 3112 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:23:57.0703 3112 Ntfs - ok
20:23:57.0703 3112 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
20:23:57.0718 3112 NtLmSsp - ok
20:23:57.0781 3112 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:23:57.0796 3112 NtmsSvc - ok
20:23:57.0828 3112 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:23:57.0828 3112 Null - ok
20:23:58.0015 3112 [ 5796A04CCC99542FDFB43F2ACCD803DF ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:23:58.0109 3112 nv - ok
20:23:58.0187 3112 [ F99A2F3A79E8E37D6B4AE2A269AEFEEA ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
20:23:58.0203 3112 NVSvc - ok
20:23:58.0234 3112 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:23:58.0250 3112 NwlnkFlt - ok
20:23:58.0250 3112 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:23:58.0250 3112 NwlnkFwd - ok
20:23:58.0296 3112 [ B17228142CEC9B3C222239FD935A37CA ] omci C:\WINDOWS\system32\DRIVERS\omci.sys
20:23:58.0296 3112 omci - ok
20:23:58.0343 3112 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:23:58.0343 3112 ose - ok
20:23:58.0390 3112 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
20:23:58.0406 3112 Parport - ok
20:23:58.0421 3112 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:23:58.0421 3112 PartMgr - ok
20:23:58.0437 3112 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:23:58.0437 3112 ParVdm - ok
20:23:58.0453 3112 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:23:58.0453 3112 PCI - ok
20:23:58.0453 3112 PCIDump - ok
20:23:58.0468 3112 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:23:58.0468 3112 PCIIde - ok
20:23:58.0500 3112 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:23:58.0500 3112 Pcmcia - ok
20:23:58.0515 3112 PDCOMP - ok
20:23:58.0515 3112 PDFRAME - ok
20:23:58.0531 3112 PDRELI - ok
20:23:58.0531 3112 PDRFRAME - ok
20:23:58.0531 3112 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
20:23:58.0546 3112 perc2 - ok
20:23:58.0546 3112 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
20:23:58.0546 3112 perc2hib - ok
20:23:58.0578 3112 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
20:23:58.0593 3112 PlugPlay - ok
20:23:58.0609 3112 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:23:58.0609 3112 PolicyAgent - ok
20:23:58.0640 3112 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:23:58.0640 3112 PptpMiniport - ok
20:23:58.0640 3112 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:23:58.0656 3112 ProtectedStorage - ok
20:23:58.0656 3112 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:23:58.0656 3112 PSched - ok
20:23:58.0671 3112 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:23:58.0671 3112 Ptilink - ok
20:23:58.0703 3112 [ 1962166E0CEB740704F30FA55AD3D509 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:23:58.0703 3112 PxHelp20 - ok
20:23:58.0734 3112 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
20:23:58.0734 3112 ql1080 - ok
20:23:58.0734 3112 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
20:23:58.0750 3112 Ql10wnt - ok
20:23:58.0750 3112 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
20:23:58.0750 3112 ql12160 - ok
20:23:58.0765 3112 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
20:23:58.0765 3112 ql1240 - ok
20:23:58.0781 3112 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
20:23:58.0781 3112 ql1280 - ok
20:23:58.0796 3112 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:23:58.0796 3112 RasAcd - ok
20:23:58.0843 3112 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:23:58.0859 3112 RasAuto - ok
20:23:58.0906 3112 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
20:23:58.0906 3112 Rasirda - ok
20:23:58.0906 3112 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:23:58.0921 3112 Rasl2tp - ok
20:23:58.0968 3112 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:23:59.0000 3112 RasMan - ok
20:23:59.0000 3112 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:23:59.0000 3112 RasPppoe - ok
20:23:59.0015 3112 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:23:59.0015 3112 Raspti - ok
20:23:59.0078 3112 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:23:59.0078 3112 Rdbss - ok
20:23:59.0078 3112 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:23:59.0093 3112 RDPCDD - ok
20:23:59.0125 3112 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:23:59.0125 3112 rdpdr - ok
20:23:59.0187 3112 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:23:59.0187 3112 RDPWD - ok
20:23:59.0234 3112 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:23:59.0265 3112 RDSessMgr - ok
20:23:59.0343 3112 [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
20:23:59.0343 3112 RealNetworks Downloader Resolver Service - ok
20:23:59.0375 3112 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:23:59.0375 3112 redbook - ok
20:23:59.0406 3112 [ 6F81C8A63FB824EB8A2401AB45795553 ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
20:23:59.0406 3112 RegSrvc - ok
20:23:59.0453 3112 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:23:59.0468 3112 RemoteAccess - ok
20:23:59.0515 3112 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:23:59.0515 3112 RemoteRegistry - ok
20:23:59.0562 3112 [ E51A8D02B4BD33EBA1F7A5B76C3766ED ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
20:23:59.0578 3112 rpcapd - ok
20:23:59.0593 3112 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
20:23:59.0609 3112 RpcLocator - ok
20:23:59.0656 3112 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
20:23:59.0671 3112 RpcSs - ok
20:23:59.0718 3112 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
20:23:59.0734 3112 RSVP - ok
20:23:59.0812 3112 [ B792F2C647B1FC3E4987DE582EE00FE3 ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
20:23:59.0812 3112 S24EventMonitor - ok
20:23:59.0859 3112 [ 2E4E912CE95F5EF4D4A5079F6CE367FC ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
20:23:59.0859 3112 s24trans - ok
20:23:59.0875 3112 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
20:23:59.0890 3112 SamSs - ok
20:23:59.0937 3112 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:23:59.0953 3112 SCardSvr - ok
20:24:00.0000 3112 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:24:00.0015 3112 Schedule - ok
20:24:00.0062 3112 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:24:00.0062 3112 Secdrv - ok
20:24:00.0093 3112 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
20:24:00.0093 3112 seclogon - ok
20:24:00.0109 3112 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
20:24:00.0109 3112 SENS - ok
20:24:00.0156 3112 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
20:24:00.0156 3112 serenum - ok
20:24:00.0187 3112 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
20:24:00.0187 3112 Serial - ok
20:24:00.0234 3112 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:24:00.0250 3112 Sfloppy - ok
20:24:00.0296 3112 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:24:00.0312 3112 SharedAccess - ok
20:24:00.0328 3112 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:24:00.0343 3112 ShellHWDetection - ok
20:24:00.0343 3112 Simbad - ok
20:24:00.0390 3112 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
20:24:00.0390 3112 sisagp - ok
20:24:00.0421 3112 [ 707647A1AA0EDB6CBEF61B0C75C28ED3 ] SMCIRDA C:\WINDOWS\system32\DRIVERS\smcirda.sys
20:24:00.0421 3112 SMCIRDA - ok
20:24:00.0453 3112 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
20:24:00.0453 3112 Sparrow - ok
20:24:00.0484 3112 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:24:00.0484 3112 splitter - ok
20:24:00.0531 3112 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:24:00.0546 3112 Spooler - ok
20:24:00.0562 3112 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:24:00.0578 3112 sr - ok
20:24:00.0625 3112 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
20:24:00.0656 3112 srservice - ok
20:24:00.0718 3112 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:24:00.0734 3112 Srv - ok
20:24:00.0750 3112 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:24:00.0765 3112 SSDPSRV - ok
20:24:00.0875 3112 [ 3AD78E22210D3FBD9F76DE84A8DF19B5 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
20:24:00.0890 3112 STHDA - ok
20:24:00.0953 3112 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:24:00.0984 3112 stisvc - ok
20:24:01.0015 3112 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:24:01.0015 3112 swenum - ok
20:24:01.0078 3112 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:24:01.0078 3112 swmidi - ok
20:24:01.0078 3112 SwPrv - ok
20:24:01.0109 3112 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
20:24:01.0109 3112 symc810 - ok
20:24:01.0109 3112 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
20:24:01.0125 3112 symc8xx - ok
20:24:01.0125 3112 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
20:24:01.0125 3112 sym_hi - ok
20:24:01.0140 3112 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
20:24:01.0140 3112 sym_u3 - ok
20:24:01.0156 3112 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:24:01.0171 3112 sysaudio - ok
20:24:01.0218 3112 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:24:01.0234 3112 SysmonLog - ok
20:24:01.0265 3112 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:24:01.0296 3112 TapiSrv - ok
20:24:01.0328 3112 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:24:01.0343 3112 Tcpip - ok
20:24:01.0390 3112 [ 1AA9DBC8B58C4A610BFDD6F3884936C9 ] tcsd_win32.exe C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
20:24:01.0390 3112 tcsd_win32.exe - ok
20:24:01.0421 3112 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:24:01.0421 3112 TDPIPE - ok
20:24:01.0421 3112 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:24:01.0437 3112 TDTCP - ok
20:24:01.0437 3112 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:24:01.0437 3112 TermDD - ok
20:24:01.0500 3112 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
20:24:01.0515 3112 TermService - ok
20:24:01.0546 3112 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
20:24:01.0562 3112 Themes - ok
20:24:01.0609 3112 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
20:24:01.0625 3112 TlntSvr - ok
20:24:01.0640 3112 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
20:24:01.0640 3112 TosIde - ok
20:24:01.0671 3112 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:24:01.0687 3112 TrkWks - ok
20:24:01.0703 3112 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:24:01.0703 3112 Udfs - ok
20:24:01.0718 3112 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
20:24:01.0718 3112 ultra - ok
20:24:01.0781 3112 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:24:01.0796 3112 Update - ok
20:24:01.0843 3112 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:24:01.0875 3112 upnphost - ok
20:24:01.0890 3112 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
20:24:01.0906 3112 UPS - ok
20:24:01.0968 3112 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:24:01.0968 3112 usbccgp - ok
20:24:02.0015 3112 [ 2825E0E294686A26506690059E1F437A ] USBCCID C:\WINDOWS\system32\DRIVERS\usbccid.sys
20:24:02.0031 3112 USBCCID - ok
20:24:02.0093 3112 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:24:02.0093 3112 usbehci - ok
20:24:02.0125 3112 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:24:02.0125 3112 usbhub - ok
20:24:02.0156 3112 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:24:02.0171 3112 usbprint - ok
20:24:02.0187 3112 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:24:02.0187 3112 usbscan - ok
20:24:02.0203 3112 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:24:02.0218 3112 USBSTOR - ok
20:24:02.0234 3112 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:24:02.0250 3112 usbuhci - ok
20:24:02.0250 3112 UStorage Server Service - ok
20:24:02.0250 3112 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:24:02.0265 3112 VgaSave - ok
20:24:02.0281 3112 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
20:24:02.0296 3112 viaagp - ok
20:24:02.0296 3112 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
20:24:02.0296 3112 ViaIde - ok
20:24:02.0328 3112 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:24:02.0328 3112 VolSnap - ok
20:24:02.0390 3112 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
20:24:02.0421 3112 VSS - ok
20:24:02.0453 3112 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
20:24:02.0468 3112 w32time - ok
20:24:02.0593 3112 [ B1F126E7E28877106D60E6FF3998D033 ] w39n51 C:\WINDOWS\system32\DRIVERS\w39n51.sys
20:24:02.0625 3112 w39n51 - ok
20:24:02.0656 3112 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:24:02.0656 3112 Wanarp - ok
20:24:02.0656 3112 WDICA - ok
20:24:02.0687 3112 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:24:02.0703 3112 wdmaud - ok
20:24:02.0718 3112 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:24:02.0734 3112 WebClient - ok
20:24:02.0796 3112 [ BA6B6FB242A6BA4068C8B763063BEB63 ] winachsf C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
20:24:02.0812 3112 winachsf - ok
20:24:02.0921 3112 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:24:02.0937 3112 winmgmt - ok
20:24:02.0937 3112 WinRing0_1_2_0 - ok
20:24:03.0062 3112 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
20:24:03.0109 3112 WinRM - ok
20:24:03.0187 3112 [ AFB5A2A79BB01699A269C316D8B9BEF1 ] WLANKEEPER C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
20:24:03.0187 3112 WLANKEEPER - ok
20:24:03.0218 3112 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:24:03.0234 3112 WmdmPmSN - ok
20:24:03.0296 3112 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
20:24:03.0312 3112 Wmi - ok
20:24:03.0359 3112 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
20:24:03.0359 3112 WmiAcpi - ok
20:24:03.0406 3112 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:24:03.0421 3112 WmiApSrv - ok
20:24:03.0531 3112 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
20:24:03.0562 3112 WMPNetworkSvc - ok
20:24:03.0609 3112 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:24:03.0625 3112 wscsvc - ok
20:24:03.0640 3112 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:24:03.0656 3112 wuauserv - ok
20:24:03.0718 3112 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:24:03.0718 3112 WudfPf - ok
20:24:03.0734 3112 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:24:03.0750 3112 WudfRd - ok
20:24:03.0765 3112 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
20:24:03.0781 3112 WudfSvc - ok
20:24:03.0859 3112 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:24:03.0875 3112 WZCSVC - ok
20:24:03.0921 3112 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:24:03.0937 3112 xmlprov - ok
20:24:03.0953 3112 ================ Scan global ===============================
20:24:04.0015 3112 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
20:24:04.0031 3112 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:24:04.0062 3112 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:24:04.0109 3112 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
20:24:04.0125 3112 [Global] - ok
20:24:04.0125 3112 ================ Scan MBR ==================================
20:24:04.0140 3112 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:24:04.0500 3112 \Device\Harddisk0\DR0 - ok
20:24:04.0500 3112 ================ Scan VBR ==================================
20:24:04.0500 3112 [ 62DBE9EFFF7D693A8874D9D034D2EF52 ] \Device\Harddisk0\DR0\Partition1
20:24:04.0500 3112 \Device\Harddisk0\DR0\Partition1 - ok
20:24:04.0500 3112 ============================================================
20:24:04.0500 3112 Scan finished
20:24:04.0500 3112 ============================================================
20:24:04.0515 3288 Detected object count: 0
20:24:04.0515 3288 Actual detected object count: 0
20:24:11.0140 0612 Deinitialize success

I can't install any anti-spyware software properly (I have tried 4 different programs) but I can install other software like Radio Player, Google Sketchup and a subnet calculator. My laptop takes longer than it should to start up and the Taskbar at the bottom of the screen is blacked out for about 2 minutes when Windows XP is booting up. The other gremlin I have is that the volume control icon doesn't appear in the Taskbar.

I don't know if this is relevant, but whilst web browsing Avast blocked WIN32:Malware-Gen. About 5 minutes later Avast reported that it had blocked a Malware threat and I now have 2 items in the Virus Chest (BIT15.tmp and bitC.tmp)

Kind Regards

Jimbub

Logs look ok. Still not seeing any malware. Looks like what avast found was from a web page. that means its trying to do its job. Web Shield I think they call it?
Once last download. There is a guide you can read first before using it. Read through the guide then apply the directions on your own machine. Post the log in your reply.
Guide to using Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Hi Shelf life,

Please see Combofix log below, many thanks:



ComboFix 13-02-26.01 - Jimbub 28/02/2013 17:43:53.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2775 [GMT 0:00]
Running from: c:\documents and settings\Jimbub\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: eTrust Antivirus *Disabled/Updated* {33EA71EA-56CF-40B5-A06B-BD3A27397C33}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\QSLLPSVCShare
c:\windows\system32\SET7B.tmp
c:\windows\system32\SET7D.tmp
c:\windows\system32\SET89.tmp
c:\windows\system32\test
c:\windows\system32\Thumbs.db
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-01-28 to 2013-02-28 )))))))))))))))))))))))))))))))
.
.
2013-02-24 18:54 . 2013-02-24 18:54 -------- d-----w- c:\documents and settings\Jimbub\Local Settings\Application Data\RadioSure
2013-02-20 23:03 . 2013-02-20 23:03 40960 ----a-r- c:\documents and settings\Jimbub\Application Data\Microsoft\Installer\{01ED1AFB-D352-413B-8415-5DC5F1D23983}\NewShortcut2_01ED1AFBD352413B84155DC5F1D23983.exe
2013-02-20 23:03 . 2013-02-20 23:03 40960 ----a-r- c:\documents and settings\Jimbub\Application Data\Microsoft\Installer\{01ED1AFB-D352-413B-8415-5DC5F1D23983}\NewShortcut1_01ED1AFBD352413B84155DC5F1D23983.exe
2013-02-20 23:03 . 2013-02-20 23:03 40960 ----a-r- c:\documents and settings\Jimbub\Application Data\Microsoft\Installer\{01ED1AFB-D352-413B-8415-5DC5F1D23983}\ARPPRODUCTICON.exe
2013-02-20 22:44 . 2013-02-20 22:44 -------- d-----w- c:\windows\system32\wbem\Repository
2013-02-20 22:37 . 2013-02-20 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SolarWinds
2013-02-20 22:36 . 2013-02-20 22:36 -------- d-----w- c:\documents and settings\Jimbub\Application Data\SolarWinds
2013-02-20 22:18 . 2013-02-20 22:42 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\COMODO(2)
2013-02-20 21:55 . 2013-02-20 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO
2013-02-20 21:55 . 2013-02-20 22:42 -------- d-----w- c:\program files\Common Files\Comodo
2013-02-20 21:53 . 2013-02-20 22:42 -------- d-----w- c:\documents and settings\Jimbub\Local Settings\Application Data\COMODO
2013-02-20 20:03 . 2013-02-20 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERSetup
2013-02-20 19:02 . 2013-02-20 19:02 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-02-20 19:01 . 2012-12-14 16:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-03 18:54 . 2013-02-03 18:54 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\IObit
2013-02-03 18:22 . 2013-02-03 18:22 -------- d-----w- c:\windows\system32\winrm
2013-02-03 18:22 . 2013-02-03 18:22 -------- d-----w- c:\windows\system32\GroupPolicy
2013-02-03 18:22 . 2013-02-03 18:22 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2013-02-03 17:42 . 2013-02-03 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-02-03 17:42 . 2013-02-03 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2013-02-03 17:42 . 2013-02-03 17:42 -------- d-----w- c:\documents and settings\Jimbub\Application Data\IObit
2013-02-03 17:42 . 2013-02-03 17:42 -------- d-----w- c:\program files\IObit
2013-01-31 16:27 . 2013-01-31 16:27 -------- d-----w- c:\documents and settings\Jimbub\Local Settings\Application Data\PCHealth
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-28 17:33 . 2012-11-15 16:00 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-28 17:33 . 2012-11-15 16:00 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-26 03:55 . 2004-08-11 16:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:19 . 2004-08-11 16:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37 . 2004-08-03 21:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2004-08-11 16:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2004-08-11 16:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2013-01-02 06:49 . 2004-08-11 16:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2012-12-26 20:16 . 2004-08-11 16:00 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:16 . 2004-08-11 16:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-12-26 20:16 . 2004-08-11 16:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2004-08-11 16:00 385024 ----a-w- c:\windows\system32\html.iec
2012-12-16 12:23 . 2004-08-11 16:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2002-04-03 15:01 . 2007-03-08 10:41 286720 ------w- c:\program files\internet explorer\plugins\PanoViewer.dll
1999-04-30 16:00 . 2007-03-08 10:41 98304 ------w- c:\program files\internet explorer\plugins\UPjpeg.dll
2013-01-31 16:39 . 2013-01-31 16:39 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-01-15 491840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472]
"NVHotkey"="nvHotkey.dll" [2006-01-19 73728]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"nwiz"="nwiz.exe" [2006-01-19 1519616]
"AVSFirewall"="c:\program files\AVS4YOU\AVSFirewall\AVSFirewall.exe" [2010-09-20 6159432]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-12-24 295072]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA&inst=NwA3AC0AMQA1ADQAMwA0ADYANgAzADQANAAtAEYAUAA5ADIAKwA1AC0ARABEAFQAKwAwAC0ARgBMACsAOQAtAFMAVAA5ADAARgBBAFAAUAArADEA&prod=90&ver=9.0.914" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [04/01/2013 14:50 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [04/01/2013 14:50 361032]
R1 AVSRegMonDrv;AVSRegMonDrv;c:\program files\AVS4YOU\AVSFirewall\AVSRegMonDrv.sys [15/11/2012 15:51 17992]
R1 AVSTDIFilterDrv;AVSTDIFilterDrv;c:\program files\AVS4YOU\AVSFirewall\AVSTDIFilterDrv.sys [15/11/2012 15:51 24648]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [03/02/2013 17:42 465216]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/01/2013 14:50 21256]
R2 AVSFirewallService;AVSFirewall Service;c:\program files\AVS4YOU\AVSFirewall\AVSFirewallService.exe [15/11/2012 15:51 80456]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [29/11/2012 20:31 38608]
R3 AVSNDISIMMP;AVSNDISIMMP;c:\windows\system32\drivers\AVSNDISIMDriver.sys [15/11/2012 15:51 23624]
S3 AVSNDISIM;AVSNDISIM Service;c:\windows\system32\drivers\AVSNDISIMDriver.sys [15/11/2012 15:51 23624]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [20/02/2013 19:02 40776]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 20:22 34064]
S3 WinRing0_1_2_0;WinRing0_1_2_0; [x]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-15 17:33]
.
2013-02-28 c:\windows\Tasks\ASC6_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 6\Monitor.exe [2013-02-03 18:47]
.
2013-02-28 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-01-04 22:50]
.
2013-02-24 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
2013-02-28 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1330721021-1131774879-2568000522-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]
.
2013-02-21 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1330721021-1131774879-2568000522-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Jimbub\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\Jimbub\Application Data\Mozilla\Firefox\Profiles\kij5gm0g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c3c2c17&v=6.103.018.001&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q=
FF - ExtSQL: 2013-01-04 14:50; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: !HIDDEN! 2010-07-15 11:56; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-U-Storage Service - c:\docume~1\Jimbub~1\LOCALS~1\Temp\U-Storage.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-28 17:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\`*& 2*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\Ð* 2*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
Completion time: 2013-02-28 17:50:14
ComboFix-quarantined-files.txt 2013-02-28 17:50
.
Pre-Run: 54,462,734,336 bytes free
Post-Run: 54,620,778,496 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 4A40D9179F5AFB8CE08F68BDCDA5BB5A

Not a whole lot there as far as malware goes. I assume your problems are unchanged?

Yes, problems are the same.

Not a malware issue. Cant remove what I dont see or what tools dont detect or remove themselves.Theres nothing else left to run. Back in Jan. I said not everything is caused by malware. There are general computer forums here, (http://forums.whatthetech.com/index.php?) for nonmalware issues. I also think replacing a mainboard without a reformat reinstall is just asking for potential problems, but thats just my two cents. Ive built many desktops but have never just replaced a mainboard by itself.

If you think you still have malware then you can visit the Avast forums, I think you said it all started after Avast picked up something. You could also reformat/reinstall Windows.

You can remove combofix like this:

start>run and type in:
combofix /uninstall
click ok or enter
note the space after the x and before the /

you can delete the aswmbr and tdsskiller icon from your desktop as well as the logs.

Hi Shelf life,

Well, the problems remain the same as before I replaced the motherboard! The one thing I was most concerned about was not being able to install anti-spyware properly. I have not experienced problems replacing these type motherboards before.

Thank you very much for your help investigating the problems. I have learned more about spyware as a result

I think I will take your advice, wipe the hard drive and re-install Windows.

Kind Regards

Jimbub

Hi Jimbub,

Ok your welcome. A reformat/reinstall will give you a clean slate to start with.