View Full Version : HELP - hyjacked brouser and other malware..
I seem to have been hyjacked. I run all the tools I have all the time. Skybot finds "win32dowloader.gen" plus various other threats almost daily for a week now. (spybot 2.1) Malaware finds numerous "pop.0 optional" files. Avast updates several times a day and runs daily but doesn't seem to find anything. Yesterday I ran the deep scan, but nothing came up. My yahoo account seems to have been hyjacked. When I open it my avast says it's a plishing window and do I want to continue. At the beginning I entered my name and password and it took me to my regular account,but something is seriously wrong. That is not the only site I have problems accessing..
My computer won't allow me to download "aswMBR" - It seems stuck and keeps saying it will take an hour. Now it says 48 mins. At least it's moving which yesterday it wouldn't.
Below find the logs as per your request.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.21.2
Run by Phil at 17:40:36 on 2013-08-18
Microsoft Windows XP Home Edition 5.1.2600.3.1255.44.1033.18.2037.665 [GMT 3:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FTCtrl32.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Samsung\Kies\KiesAirMessage.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FAPIEXE.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\zshp1018.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://search.appsarefun.info/
uProxyServer = localhost:21320
uURLSearchHooks: {7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BC9BF43140F8DFDE8A13C323ED26B8D82B231876._service_run] "c:\program files\google\chrome\application\chrome.exe" --type=service
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [CallControl 4.5] c:\program files\faxtalk communicator\FTCtrl32.exe /autoload
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\phil\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1369691278156
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1369689354156
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
TCP: NameServer = 10.0.0.138
TCP: Interfaces\{D46186AE-A8E2-416E-8171-303509F28198} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{D46186AE-A8E2-416E-8171-303509F28198} : DHCPNameServer = 10.0.0.138
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= c:\windows\system32\guard32.dll c:\progra~1\sprote~1\sprote~1.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: cdbxpp.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: registrybooster.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: switch.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-6 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-6 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-27 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-27 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-27 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-6 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-10-27 46808]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2013-7-2 233472]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-6-30 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-6-30 1033688]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2013-7-2 37344]
S1 MpKsl5c047abb;MpKsl5c047abb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{aadafceb-3a84-4b59-bac0-c5c725f1e960}\mpksl5c047abb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{aadafceb-3a84-4b59-bac0-c5c725f1e960}\MpKsl5c047abb.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-6-30 171928]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-3 162408]
S3 Aldebaran;Aldebaran - Storage Filter Drivers;\??\c:\windows\system32\drivers\aldebaran.sys --> c:\windows\system32\drivers\Aldebaran.sys [?]
S3 DM9USB;DM9601 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\dm9usb.sys [2011-1-12 54272]
S3 GSService;GSService;c:\windows\system32\GSService.exe [2012-12-21 252928]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-16 755880]
.
=============== Created Last 30 ================
.
2013-08-17 13:21:41 -------- d-----w- c:\documents and settings\phil\local settings\application data\Conduit
2013-07-29 22:00:49 -------- d-----w- c:\windows\system32\MRT
.
==================== Find3M ====================
.
2013-07-26 02:47:17 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:47:13 43520 ------w- c:\windows\system32\licmgr10.dll
2013-07-26 02:47:12 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-07-25 15:52:59 385024 ------w- c:\windows\system32\html.iec
2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 03:03:25 2149888 ------w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08:30 2028544 ------w- c:\windows\system32\ntkrnlpa.exe
2013-07-01 01:40:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-01 01:40:26 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-28 08:47:51 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-28 08:47:51 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-27 09:53:55 22 ----a-w- c:\documents and settings\phil\dc.bat
2013-06-04 07:23:02 562688 ------w- c:\windows\system32\qedit.dll
2013-06-04 01:40:45 1876736 ------w- c:\windows\system32\win32k.sys
2013-05-28 01:59:37 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2013-05-28 00:41:07 6144 ----a-w- c:\windows\system32\xpsp4res.dll
2013-05-27 19:34:50 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-27 19:34:43 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-05-27 19:34:42 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-05-27 19:34:42 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-22 11:34:26 37344 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2013-05-22 11:34:24 233472 ----a-w- c:\windows\system32\FsUsbExService.Exe
.
============= FINISH: 17:40:45.12 ===============
Hi and Welcome!! pgbacal :)
My name is Robybel.
I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.
Vista and Windows 7 users:
These tools MUST be run from the executable. (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")
Stay with this topic until I give you the all clean post.
Having said that....Let's get going!!
====================
" I see from the logs that you have two antivirus products installed. Having more than one antivirus can cause slowdowns, conflicts and crashes.
I suggest removing one of them via Programs and Features"
P2P Programs:
P2P programs are a major source of Malware infections.
From your log I see you have uTorrent We do not pass judgment on file-sharing, however we must inform you that engaging in this activity and having this kind of software installed on your system will always make you more susceptible to Malware infections.
The use of P2P programs may be contributing to your current situation, and you would certainly be doing yourself a favour by removing them.
If you wish to keep the program(s), please do not use them until your computer is cleaned.
Information regarding the risk of using these programs can be found from here (http://malwareremoval.com/p2pindex.php) and here (http://www.internetworldstats.com/articles/art053.htm)
Next
Please read carefully and follow these steps.
Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillermain.png
If an infected file is detected, the default action will be Cure, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerMal-1.png
If a suspicious file is detected, the default action will be Skip, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerSuspicious.png
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerCompleted.png
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
01:03:48.0937 13876 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
01:03:49.0687 13876 ============================================================
01:03:49.0687 13876 Current date / time: 2013/08/21 01:03:49.0687
01:03:49.0687 13876 SystemInfo:
01:03:49.0687 13876
01:03:49.0687 13876 OS Version: 5.1.2600 ServicePack: 3.0
01:03:49.0687 13876 Product type: Workstation
01:03:49.0687 13876 ComputerName: PHILIPA-8D9C728
01:03:49.0781 13876 UserName: Phil
01:03:49.0781 13876 Windows directory: C:\WINDOWS
01:03:49.0781 13876 System windows directory: C:\WINDOWS
01:03:49.0781 13876 Processor architecture: Intel x86
01:03:49.0781 13876 Number of processors: 2
01:03:49.0781 13876 Page size: 0x1000
01:03:49.0781 13876 Boot type: Normal boot
01:03:49.0781 13876 ============================================================
01:03:52.0140 13876 Drive \Device\Harddisk0\DR0 - Size: 0x1BF286DE00 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
01:03:52.0156 13876 Drive \Device\Harddisk1\DR1 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
01:03:52.0171 13876 ============================================================
01:03:52.0171 13876 \Device\Harddisk0\DR0:
01:03:52.0171 13876 MBR partitions:
01:03:52.0171 13876 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6B6DE25
01:03:52.0171 13876 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x6B6DE64, BlocksNum 0x742595D
01:03:52.0171 13876 \Device\Harddisk1\DR1:
01:03:52.0171 13876 MBR partitions:
01:03:52.0171 13876 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1368192C
01:03:52.0171 13876 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x136819AA, BlocksNum 0x1368192C
01:03:52.0203 13876 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x26D03315, BlocksNum 0x1367DA6B
01:03:52.0203 13876 ============================================================
01:03:52.0453 13876 F: <-> \Device\Harddisk1\DR1\Partition2
01:03:52.0750 13876 G: <-> \Device\Harddisk1\DR1\Partition3
01:03:53.0421 13876 C: <-> \Device\Harddisk1\DR1\Partition1
01:03:53.0453 13876 Y: <-> \Device\Harddisk0\DR0\Partition1
01:03:53.0453 13876 Z: <-> \Device\Harddisk0\DR0\Partition2
01:03:53.0453 13876 ============================================================
01:03:53.0453 13876 Initialize success
01:03:53.0453 13876 ============================================================
01:03:56.0234 9184 ============================================================
01:03:56.0234 9184 Scan started
01:03:56.0234 9184 Mode: Manual;
01:03:56.0234 9184 ============================================================
01:03:58.0765 9184 ================ Scan system memory ========================
01:03:58.0765 9184 System memory - ok
01:03:58.0765 9184 ================ Scan services =============================
01:03:58.0984 9184 Abiosdsk - ok
01:03:58.0984 9184 abp480n5 - ok
01:03:59.0062 9184 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
01:03:59.0062 9184 ACPI - ok
01:03:59.0093 9184 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
01:03:59.0109 9184 ACPIEC - ok
01:03:59.0203 9184 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
01:03:59.0218 9184 AdobeFlashPlayerUpdateSvc - ok
01:03:59.0234 9184 adpu160m - ok
01:03:59.0281 9184 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
01:03:59.0281 9184 aec - ok
01:03:59.0437 9184 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
01:03:59.0453 9184 AFD - ok
01:03:59.0453 9184 Aha154x - ok
01:03:59.0468 9184 aic78u2 - ok
01:03:59.0468 9184 aic78xx - ok
01:03:59.0484 9184 Aldebaran - ok
01:03:59.0515 9184 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
01:03:59.0515 9184 Alerter - ok
01:03:59.0531 9184 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
01:03:59.0531 9184 ALG - ok
01:03:59.0531 9184 AliIde - ok
01:03:59.0546 9184 amsint - ok
01:03:59.0546 9184 AppMgmt - ok
01:03:59.0546 9184 asc - ok
01:03:59.0562 9184 asc3350p - ok
01:03:59.0562 9184 asc3550 - ok
01:03:59.0703 9184 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
01:03:59.0718 9184 aspnet_state - ok
01:03:59.0734 9184 [ 4AF5F360BA1E8794D32B366E45A64A0A ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
01:03:59.0750 9184 aswFsBlk - ok
01:03:59.0781 9184 [ 1F7094D4268D46F718C51286DC189791 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
01:03:59.0781 9184 aswMonFlt - ok
01:03:59.0812 9184 [ 7B43265F92257A21CBFD88E7A651044C ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
01:03:59.0828 9184 AswRdr - ok
01:03:59.0859 9184 [ B680134BA1813B78B47FDD1DFF223CA5 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
01:03:59.0859 9184 aswRvrt - ok
01:03:59.0890 9184 [ CCD565A8A72AF7D45F9A242013870926 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
01:03:59.0921 9184 aswSnx - ok
01:03:59.0953 9184 [ 937300BC7C4CDF7576BCCE44E19BBB9D ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
01:03:59.0968 9184 aswSP - ok
01:04:00.0000 9184 [ 1F71F170D90E42EFDE9633D81D5E12DC ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
01:04:00.0000 9184 aswTdi - ok
01:04:00.0031 9184 [ 8CFAA2B965773A653F48F1207A9CB9C4 ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
01:04:00.0031 9184 aswVmm - ok
01:04:00.0125 9184 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
01:04:00.0140 9184 AsyncMac - ok
01:04:00.0140 9184 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
01:04:00.0156 9184 atapi - ok
01:04:00.0156 9184 Atdisk - ok
01:04:00.0234 9184 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
01:04:00.0234 9184 Atmarpc - ok
01:04:00.0250 9184 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
01:04:00.0250 9184 AudioSrv - ok
01:04:00.0296 9184 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
01:04:00.0296 9184 audstub - ok
01:04:00.0578 9184 [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
01:04:00.0593 9184 avast! Antivirus - ok
01:04:00.0625 9184 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
01:04:00.0625 9184 Beep - ok
01:04:00.0640 9184 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
01:04:00.0671 9184 BITS - ok
01:04:00.0703 9184 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
01:04:00.0734 9184 Browser - ok
01:04:00.0750 9184 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
01:04:00.0750 9184 cbidf2k - ok
01:04:00.0796 9184 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
01:04:00.0812 9184 CCDECODE - ok
01:04:00.0812 9184 cd20xrnt - ok
01:04:00.0843 9184 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
01:04:00.0843 9184 Cdaudio - ok
01:04:00.0859 9184 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
01:04:00.0859 9184 Cdfs - ok
01:04:00.0890 9184 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
01:04:00.0890 9184 Cdrom - ok
01:04:00.0890 9184 Changer - ok
01:04:00.0906 9184 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
01:04:00.0906 9184 CiSvc - ok
01:04:00.0921 9184 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
01:04:00.0953 9184 ClipSrv - ok
01:04:01.0046 9184 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:04:01.0062 9184 clr_optimization_v2.0.50727_32 - ok
01:04:01.0125 9184 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:04:01.0125 9184 clr_optimization_v4.0.30319_32 - ok
01:04:01.0140 9184 CmdIde - ok
01:04:01.0140 9184 COMSysApp - ok
01:04:01.0156 9184 Cpqarray - ok
01:04:01.0187 9184 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
01:04:01.0187 9184 CryptSvc - ok
01:04:01.0203 9184 dac2w2k - ok
01:04:01.0203 9184 dac960nt - ok
01:04:01.0328 9184 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
01:04:01.0359 9184 DcomLaunch - ok
01:04:01.0390 9184 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
01:04:01.0390 9184 Dhcp - ok
01:04:01.0406 9184 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
01:04:01.0421 9184 Disk - ok
01:04:01.0453 9184 [ CBA7EC7D2CD6082D934EE40038C45D4D ] DM9USB C:\WINDOWS\system32\DRIVERS\dm9usb.sys
01:04:01.0453 9184 DM9USB - ok
01:04:01.0453 9184 dmadmin - ok
01:04:01.0578 9184 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
01:04:01.0609 9184 dmboot - ok
01:04:01.0625 9184 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
01:04:01.0640 9184 dmio - ok
01:04:01.0656 9184 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
01:04:01.0671 9184 dmload - ok
01:04:01.0671 9184 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
01:04:01.0687 9184 dmserver - ok
01:04:01.0718 9184 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
01:04:01.0718 9184 DMusic - ok
01:04:01.0734 9184 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
01:04:01.0750 9184 Dnscache - ok
01:04:01.0875 9184 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
01:04:01.0890 9184 Dot3svc - ok
01:04:01.0890 9184 dpti2o - ok
01:04:01.0921 9184 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
01:04:01.0937 9184 drmkaud - ok
01:04:01.0968 9184 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
01:04:01.0984 9184 EapHost - ok
01:04:02.0015 9184 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
01:04:02.0015 9184 ERSvc - ok
01:04:02.0031 9184 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
01:04:02.0046 9184 Eventlog - ok
01:04:02.0109 9184 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
01:04:02.0140 9184 EventSystem - ok
01:04:02.0234 9184 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
01:04:02.0234 9184 Fastfat - ok
01:04:02.0265 9184 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
01:04:02.0390 9184 FastUserSwitchingCompatibility - ok
01:04:02.0406 9184 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
01:04:02.0406 9184 Fdc - ok
01:04:02.0421 9184 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
01:04:02.0453 9184 Fips - ok
01:04:02.0484 9184 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
01:04:02.0484 9184 Flpydisk - ok
01:04:02.0515 9184 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
01:04:02.0515 9184 FltMgr - ok
01:04:02.0734 9184 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
01:04:02.0750 9184 FontCache3.0.0.0 - ok
01:04:02.0890 9184 [ DDEE99DC54EFA20BD5A442CD733C4462 ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS
01:04:02.0906 9184 FsUsbExDisk - ok
01:04:02.0921 9184 [ 0796C1E47ADB9825269E64B9DAB4E741 ] FsUsbExService C:\WINDOWS\system32\FsUsbExService.Exe
01:04:02.0953 9184 FsUsbExService - ok
01:04:02.0984 9184 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
01:04:02.0984 9184 Fs_Rec - ok
01:04:03.0000 9184 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
01:04:03.0031 9184 Ftdisk - ok
01:04:03.0062 9184 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
01:04:03.0062 9184 Gpc - ok
01:04:03.0093 9184 [ A423E4E2187B5E8DEA8A6B31950ACC18 ] GSService C:\WINDOWS\system32\GSService.exe
01:04:03.0093 9184 GSService - ok
01:04:03.0171 9184 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
01:04:03.0187 9184 gupdate - ok
01:04:03.0203 9184 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
01:04:03.0203 9184 gupdatem - ok
01:04:03.0265 9184 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
01:04:03.0296 9184 HDAudBus - ok
01:04:03.0390 9184 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
01:04:03.0406 9184 helpsvc - ok
01:04:03.0406 9184 HidServ - ok
01:04:03.0437 9184 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
01:04:03.0437 9184 HidUsb - ok
01:04:03.0656 9184 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
01:04:03.0734 9184 hkmsvc - ok
01:04:03.0734 9184 hpn - ok
01:04:03.0781 9184 [ 970178E8E003EB1481293830069624B9 ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
01:04:03.0828 9184 HSFHWBS2 - ok
01:04:03.0843 9184 [ EBB354438A4C5A3327FB97306260714A ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
01:04:03.0875 9184 HSF_DP - ok
01:04:03.0968 9184 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
01:04:03.0984 9184 HTTP - ok
01:04:04.0062 9184 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
01:04:04.0437 9184 HTTPFilter - ok
01:04:04.0437 9184 i2omgmt - ok
01:04:04.0453 9184 i2omp - ok
01:04:04.0890 9184 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
01:04:04.0953 9184 i8042prt - ok
01:04:05.0265 9184 [ 3B743262B6456167888D15F1121B3BF7 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
01:04:05.0640 9184 ialm - ok
01:04:05.0765 9184 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
01:04:05.0765 9184 IDriverT - ok
01:04:05.0937 9184 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
01:04:06.0078 9184 idsvc - ok
01:04:06.0156 9184 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
01:04:06.0171 9184 Imapi - ok
01:04:06.0234 9184 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
01:04:06.0250 9184 ImapiService - ok
01:04:06.0250 9184 ini910u - ok
01:04:06.0718 9184 [ DB589671E0C403D65884CF0B50600FCD ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
01:04:06.0921 9184 IntcAzAudAddService - ok
01:04:06.0921 9184 IntelIde - ok
01:04:06.0984 9184 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
01:04:06.0984 9184 intelppm - ok
01:04:06.0984 9184 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
01:04:06.0984 9184 Ip6Fw - ok
01:04:07.0015 9184 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
01:04:07.0015 9184 IpFilterDriver - ok
01:04:07.0046 9184 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
01:04:07.0062 9184 IpInIp - ok
01:04:07.0218 9184 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
01:04:07.0218 9184 IpNat - ok
01:04:07.0234 9184 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
01:04:07.0234 9184 IPSec - ok
01:04:07.0281 9184 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
01:04:07.0296 9184 IRENUM - ok
01:04:07.0312 9184 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
01:04:07.0328 9184 isapnp - ok
01:04:07.0421 9184 [ 5739F2821D49975CEDE6BF0153D0CF01 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
01:04:07.0421 9184 JavaQuickStarterService - ok
01:04:07.0468 9184 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
01:04:07.0468 9184 Kbdclass - ok
01:04:07.0484 9184 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
01:04:07.0500 9184 kbdhid - ok
01:04:07.0593 9184 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
01:04:07.0625 9184 kmixer - ok
01:04:07.0671 9184 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
01:04:07.0687 9184 KSecDD - ok
01:04:07.0703 9184 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
01:04:07.0796 9184 lanmanserver - ok
01:04:07.0812 9184 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
01:04:07.0843 9184 lanmanworkstation - ok
01:04:07.0859 9184 Lavasoft Kernexplorer - ok
01:04:07.0875 9184 lbrtfdc - ok
01:04:07.0953 9184 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
01:04:07.0953 9184 LmHosts - ok
01:04:07.0968 9184 [ A3E700D78EEC390F1208098CDCA5C6B6 ] MarvinBus C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
01:04:07.0968 9184 MarvinBus - ok
01:04:08.0078 9184 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
01:04:08.0093 9184 MDM - ok
01:04:08.0125 9184 [ 195741AEE20369980796B557358CD774 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
01:04:08.0140 9184 mdmxsdk - ok
01:04:08.0171 9184 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
01:04:08.0234 9184 Messenger - ok
01:04:08.0375 9184 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
01:04:08.0375 9184 mnmdd - ok
01:04:08.0390 9184 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
01:04:08.0390 9184 mnmsrvc - ok
01:04:08.0437 9184 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
01:04:08.0437 9184 Modem - ok
01:04:08.0468 9184 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
01:04:08.0468 9184 Mouclass - ok
01:04:08.0484 9184 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
01:04:08.0484 9184 mouhid - ok
01:04:08.0484 9184 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
01:04:08.0500 9184 MountMgr - ok
01:04:08.0671 9184 MpKsl5c047abb - ok
01:04:08.0671 9184 mraid35x - ok
01:04:08.0703 9184 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
01:04:08.0718 9184 MRxDAV - ok
01:04:08.0875 9184 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
01:04:08.0875 9184 MRxSmb - ok
01:04:08.0906 9184 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
01:04:08.0906 9184 MSDTC - ok
01:04:08.0921 9184 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
01:04:08.0937 9184 Msfs - ok
01:04:08.0937 9184 MSIServer - ok
01:04:08.0984 9184 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
01:04:08.0984 9184 MSKSSRV - ok
01:04:09.0000 9184 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
01:04:09.0000 9184 MSPCLOCK - ok
01:04:09.0015 9184 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
01:04:09.0015 9184 MSPQM - ok
01:04:09.0031 9184 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
01:04:09.0031 9184 mssmbios - ok
01:04:09.0062 9184 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
01:04:09.0062 9184 MSTEE - ok
01:04:09.0140 9184 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
01:04:09.0140 9184 Mup - ok
01:04:09.0187 9184 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
01:04:09.0203 9184 NABTSFEC - ok
01:04:09.0265 9184 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
01:04:09.0281 9184 napagent - ok
01:04:09.0328 9184 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
01:04:09.0343 9184 NDIS - ok
01:04:09.0406 9184 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
01:04:09.0421 9184 NdisIP - ok
01:04:09.0437 9184 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
01:04:09.0453 9184 NdisTapi - ok
01:04:09.0453 9184 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
01:04:09.0453 9184 Ndisuio - ok
01:04:09.0500 9184 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
01:04:09.0500 9184 NdisWan - ok
01:04:09.0515 9184 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
01:04:09.0531 9184 NDProxy - ok
01:04:09.0625 9184 [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
01:04:09.0640 9184 Nero BackItUp Scheduler 4.0 - ok
01:04:09.0640 9184 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
01:04:09.0640 9184 NetBIOS - ok
01:04:09.0671 9184 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
01:04:09.0687 9184 NetBT - ok
01:04:09.0734 9184 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
01:04:09.0750 9184 NetDDE - ok
01:04:09.0750 9184 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
01:04:09.0765 9184 NetDDEdsdm - ok
01:04:09.0765 9184 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
01:04:09.0781 9184 Netlogon - ok
01:04:09.0781 9184 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
01:04:09.0890 9184 Netman - ok
01:04:09.0906 9184 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
01:04:09.0937 9184 NetTcpPortSharing - ok
01:04:09.0968 9184 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
01:04:10.0000 9184 Nla - ok
01:04:10.0046 9184 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
01:04:10.0062 9184 Npfs - ok
01:04:10.0062 9184 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
01:04:10.0078 9184 Ntfs - ok
01:04:10.0078 9184 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
01:04:10.0078 9184 NtLmSsp - ok
01:04:10.0171 9184 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
01:04:10.0218 9184 NtmsSvc - ok
01:04:10.0234 9184 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
01:04:10.0234 9184 Null - ok
01:04:10.0359 9184 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
01:04:10.0359 9184 NwlnkFlt - ok
01:04:10.0375 9184 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
01:04:10.0375 9184 NwlnkFwd - ok
01:04:10.0515 9184 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
01:04:10.0515 9184 odserv - ok
01:04:10.0546 9184 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:04:10.0546 9184 ose - ok
01:04:10.0593 9184 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
01:04:10.0609 9184 Parport - ok
01:04:10.0625 9184 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
01:04:10.0625 9184 PartMgr - ok
01:04:10.0656 9184 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
01:04:10.0656 9184 ParVdm - ok
01:04:10.0671 9184 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
01:04:10.0687 9184 PCI - ok
01:04:10.0687 9184 PCIDump - ok
01:04:10.0687 9184 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
01:04:10.0687 9184 PCIIde - ok
01:04:10.0796 9184 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
01:04:10.0796 9184 Pcmcia - ok
01:04:10.0812 9184 PDCOMP - ok
01:04:10.0812 9184 PDFRAME - ok
01:04:10.0812 9184 PDRELI - ok
01:04:10.0828 9184 PDRFRAME - ok
01:04:10.0828 9184 perc2 - ok
01:04:10.0843 9184 perc2hib - ok
01:04:10.0859 9184 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
01:04:10.0859 9184 PlugPlay - ok
01:04:10.0875 9184 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
01:04:10.0875 9184 PolicyAgent - ok
01:04:10.0875 9184 PPPoEWin - ok
01:04:10.0906 9184 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
01:04:10.0906 9184 PptpMiniport - ok
01:04:10.0921 9184 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
01:04:10.0921 9184 ProtectedStorage - ok
01:04:10.0937 9184 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
01:04:10.0953 9184 PSched - ok
01:04:11.0000 9184 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
01:04:11.0015 9184 Ptilink - ok
01:04:11.0031 9184 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
01:04:11.0062 9184 PxHelp20 - ok
01:04:11.0062 9184 ql1080 - ok
01:04:11.0062 9184 Ql10wnt - ok
01:04:11.0078 9184 ql12160 - ok
01:04:11.0078 9184 ql1240 - ok
01:04:11.0078 9184 ql1280 - ok
01:04:11.0109 9184 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
01:04:11.0125 9184 RasAcd - ok
01:04:11.0140 9184 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
01:04:11.0171 9184 RasAuto - ok
01:04:11.0171 9184 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
01:04:11.0171 9184 Rasl2tp - ok
01:04:11.0187 9184 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
01:04:11.0375 9184 RasMan - ok
01:04:11.0421 9184 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
01:04:11.0421 9184 RasPppoe - ok
01:04:11.0468 9184 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
01:04:11.0484 9184 Raspti - ok
01:04:11.0546 9184 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
01:04:11.0640 9184 Rdbss - ok
01:04:11.0703 9184 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
01:04:11.0703 9184 RDPCDD - ok
01:04:11.0750 9184 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
01:04:11.0796 9184 RDPWD - ok
01:04:11.0843 9184 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
01:04:11.0859 9184 RDSessMgr - ok
01:04:11.0906 9184 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
01:04:11.0906 9184 redbook - ok
01:04:11.0921 9184 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
01:04:11.0921 9184 RemoteAccess - ok
01:04:12.0031 9184 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
01:04:12.0062 9184 RpcLocator - ok
01:04:12.0125 9184 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
01:04:12.0125 9184 RpcSs - ok
01:04:12.0171 9184 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
01:04:12.0203 9184 RSVP - ok
01:04:12.0265 9184 [ 6EBFBBF24FED8285928B825A46618F8A ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
01:04:12.0296 9184 RTLE8023xp - ok
01:04:12.0296 9184 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
01:04:12.0296 9184 SamSs - ok
01:04:12.0312 9184 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
01:04:12.0343 9184 SCardSvr - ok
01:04:12.0421 9184 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
01:04:12.0437 9184 Schedule - ok
01:04:13.0515 9184 [ 95AA9E165C7DE1B64A11E8B18E91E499 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
01:04:13.0640 9184 SDScannerService - ok
01:04:13.0812 9184 [ D31398D4BB4907B517B6E784C2100C4A ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
01:04:13.0843 9184 SDUpdateService - ok
01:04:13.0921 9184 [ 6AE8E702D1027A9627DDE2B77BB9992B ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
01:04:13.0921 9184 SDWSCService - ok
01:04:13.0953 9184 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
01:04:13.0968 9184 Secdrv - ok
01:04:14.0000 9184 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
01:04:14.0015 9184 seclogon - ok
01:04:14.0062 9184 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
01:04:14.0078 9184 SENS - ok
01:04:14.0109 9184 [ 95A26D5D8CEDA33377AF627DAFC2796F ] Sentinel C:\WINDOWS\System32\Drivers\SENTINEL.SYS
01:04:14.0125 9184 Sentinel - ok
01:04:14.0187 9184 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
01:04:14.0187 9184 serenum - ok
01:04:14.0203 9184 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
01:04:14.0203 9184 Serial - ok
01:04:14.0250 9184 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
01:04:14.0265 9184 Sfloppy - ok
01:04:14.0359 9184 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
01:04:14.0406 9184 SharedAccess - ok
01:04:14.0453 9184 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
01:04:14.0453 9184 ShellHWDetection - ok
01:04:14.0453 9184 Simbad - ok
01:04:14.0609 9184 [ 4E8A4BB5B11D828FF986F6228B1CD3DF ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
01:04:14.0640 9184 SkypeUpdate - ok
01:04:14.0687 9184 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
01:04:14.0703 9184 SLIP - ok
01:04:14.0703 9184 Sparrow - ok
01:04:14.0750 9184 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
01:04:14.0765 9184 splitter - ok
01:04:14.0796 9184 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
01:04:14.0812 9184 Spooler - ok
01:04:14.0843 9184 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
01:04:14.0859 9184 sr - ok
01:04:14.0906 9184 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
01:04:14.0921 9184 srservice - ok
01:04:15.0000 9184 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
01:04:15.0015 9184 Srv - ok
01:04:15.0031 9184 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
01:04:15.0062 9184 SSDPSRV - ok
01:04:15.0062 9184 StarOpen - ok
01:04:15.0109 9184 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
01:04:15.0125 9184 stisvc - ok
01:04:15.0156 9184 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
01:04:15.0156 9184 streamip - ok
01:04:15.0171 9184 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
01:04:15.0171 9184 swenum - ok
01:04:15.0234 9184 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
01:04:15.0234 9184 swmidi - ok
01:04:15.0250 9184 SwPrv - ok
01:04:15.0250 9184 symc810 - ok
01:04:15.0265 9184 symc8xx - ok
01:04:15.0265 9184 sym_hi - ok
01:04:15.0265 9184 sym_u3 - ok
01:04:15.0312 9184 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
01:04:15.0328 9184 sysaudio - ok
01:04:15.0375 9184 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
01:04:15.0390 9184 SysmonLog - ok
01:04:15.0421 9184 [ FD90A16CEB10D4FDAA00AAF39B8FF58F ] taphss C:\WINDOWS\system32\DRIVERS\taphss.sys
01:04:15.0437 9184 taphss - ok
01:04:15.0468 9184 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
01:04:15.0500 9184 TapiSrv - ok
01:04:15.0593 9184 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
01:04:15.0609 9184 Tcpip - ok
01:04:15.0640 9184 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
01:04:15.0656 9184 TDPIPE - ok
01:04:15.0671 9184 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
01:04:15.0687 9184 TDTCP - ok
01:04:15.0703 9184 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
01:04:15.0718 9184 TermDD - ok
01:04:15.0796 9184 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
01:04:15.0828 9184 TermService - ok
01:04:15.0843 9184 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
01:04:15.0859 9184 Themes - ok
01:04:15.0859 9184 TosIde - ok
01:04:15.0890 9184 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
01:04:15.0906 9184 TrkWks - ok
01:04:15.0921 9184 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
01:04:15.0921 9184 Udfs - ok
01:04:15.0937 9184 ultra - ok
01:04:16.0000 9184 [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
01:04:16.0000 9184 UnlockerDriver5 - ok
01:04:16.0062 9184 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
01:04:16.0078 9184 Update - ok
01:04:16.0140 9184 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
01:04:16.0171 9184 upnphost - ok
01:04:16.0187 9184 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
01:04:16.0203 9184 UPS - ok
01:04:16.0296 9184 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
01:04:16.0312 9184 usbaudio - ok
01:04:16.0343 9184 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
01:04:16.0343 9184 usbccgp - ok
01:04:16.0406 9184 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
01:04:16.0421 9184 usbehci - ok
01:04:16.0453 9184 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
01:04:16.0453 9184 usbhub - ok
01:04:16.0500 9184 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
01:04:16.0500 9184 usbprint - ok
01:04:16.0531 9184 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
01:04:16.0546 9184 usbscan - ok
01:04:16.0593 9184 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
01:04:16.0593 9184 usbstor - ok
01:04:16.0640 9184 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
01:04:16.0640 9184 usbuhci - ok
01:04:16.0687 9184 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
01:04:16.0703 9184 usbvideo - ok
01:04:16.0750 9184 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
01:04:16.0765 9184 VgaSave - ok
01:04:16.0765 9184 ViaIde - ok
01:04:16.0812 9184 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
01:04:16.0812 9184 VolSnap - ok
01:04:16.0875 9184 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
01:04:16.0890 9184 VSS - ok
01:04:16.0937 9184 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
01:04:16.0968 9184 W32Time - ok
01:04:16.0984 9184 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
01:04:16.0984 9184 Wanarp - ok
01:04:17.0000 9184 WDICA - ok
01:04:17.0031 9184 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
01:04:17.0046 9184 wdmaud - ok
01:04:17.0093 9184 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
01:04:17.0093 9184 WebClient - ok
01:04:17.0203 9184 [ 1225EBEA76AAC3C84DF6C54FE5E5D8BE ] winachsf C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
01:04:18.0171 9184 winachsf - ok
01:04:18.0921 9184 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
01:04:18.0953 9184 winmgmt - ok
01:04:19.0125 9184 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
01:04:19.0671 9184 WinRM - ok
01:04:19.0906 9184 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
01:04:20.0000 9184 WmdmPmSN - ok
01:04:20.0671 9184 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
01:04:20.0703 9184 WmiApSrv - ok
01:04:20.0937 9184 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
01:04:20.0953 9184 WMPNetworkSvc - ok
01:04:21.0000 9184 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
01:04:21.0000 9184 WpdUsb - ok
01:04:21.0218 9184 [ 120F3B596F79FC990B7D808857A8B3BC ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
01:04:21.0250 9184 WPFFontCache_v0400 - ok
01:04:21.0281 9184 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
01:04:21.0281 9184 WS2IFSL - ok
01:04:21.0296 9184 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
01:04:21.0296 9184 wscsvc - ok
01:04:21.0328 9184 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
01:04:21.0328 9184 WSTCODEC - ok
01:04:21.0343 9184 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
01:04:21.0359 9184 wuauserv - ok
01:04:21.0375 9184 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
01:04:21.0390 9184 WudfPf - ok
01:04:21.0406 9184 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
01:04:21.0406 9184 WudfRd - ok
01:04:21.0406 9184 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
01:04:21.0421 9184 WudfSvc - ok
01:04:21.0437 9184 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
01:04:21.0453 9184 WZCSVC - ok
01:04:21.0484 9184 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
01:04:21.0500 9184 xmlprov - ok
01:04:21.0515 9184 ================ Scan global ===============================
01:04:21.0562 9184 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
01:04:21.0640 9184 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
01:04:21.0671 9184 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
01:04:21.0703 9184 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
01:04:21.0703 9184 [Global] - ok
01:04:21.0703 9184 ================ Scan MBR ==================================
01:04:21.0703 9184 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
01:04:21.0718 9184 \Device\Harddisk0\DR0 - ok
01:04:21.0734 9184 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
01:04:30.0625 9184 \Device\Harddisk1\DR1 - ok
01:04:30.0625 9184 ================ Scan VBR ==================================
01:04:30.0625 9184 [ 4314789BB1482B84387BC54E94086D25 ] \Device\Harddisk0\DR0\Partition1
01:04:30.0625 9184 \Device\Harddisk0\DR0\Partition1 - ok
01:04:30.0640 9184 [ D8B475B5753DA72631577D7F66750E6E ] \Device\Harddisk0\DR0\Partition2
01:04:30.0640 9184 \Device\Harddisk0\DR0\Partition2 - ok
01:04:30.0671 9184 [ 96A5BFDB37207B900762E94D1495513F ] \Device\Harddisk1\DR1\Partition1
01:04:30.0671 9184 \Device\Harddisk1\DR1\Partition1 - ok
01:04:30.0687 9184 [ 413072DD2881799E527E686F1FF37D26 ] \Device\Harddisk1\DR1\Partition2
01:04:30.0718 9184 \Device\Harddisk1\DR1\Partition2 - ok
01:04:30.0734 9184 [ 185B5E6792C359249007C4A2D9824251 ] \Device\Harddisk1\DR1\Partition3
01:04:30.0781 9184 \Device\Harddisk1\DR1\Partition3 - ok
01:04:30.0781 9184 ============================================================
01:04:30.0781 9184 Scan finished
01:04:30.0781 9184 ============================================================
01:04:30.0781 1664 Detected object count: 0
01:04:30.0781 1664 Actual detected object count: 0
Quick question: You said I am running two anti virus programs. I know I am running advast. Is Spybot the 2nd. Please excuse my ignorance.
Thanks,
pgbacal
[
When I ran tdsskiller from my desktop it did not allow me to scan objects (the 2 boxes as shown in your image). It just had Start scan which I pressed
Hi pgbacal :bigthumb:
Quick question: You said I am running two anti virus programs. I know I am running advast. Is Spybot the 2nd. Please excuse my ignorance. From your log I see: Avast and AVG
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
:bigthumb: Feel free to ask everything
Ok good!!
Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe).
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Next
AdwCleaner
Please download AdwCleaner (http://general-changelog-team.fr/en/tools/15-adwcleaner) by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
Next
http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
Next
Download RogueKiller (http://www.sur-la-toile.com/RogueKiller/) and save it to your desktop.
Quit all other programs
Start RogueKiller.exe
Wait until the Prescan has finished ...
Click on Scan
http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRScan.png
Wait for the end of the scan
A report will be created on your desktop.
Click on the Delete button
http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRDelete.png
Next click on the ShortcutsFix
http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRShortcutsFix.png
another report will be created on your desktop.
Please post: All RKreport.txt text files located on your desktop.
On your next reply please post :
checkup.txt
AdwCleaner[S1].txt
JRT.txt
All RKreport.txt
Let me know if you have any problems in performing with the steps above or any questions you may have.
Good Day!
I started following your instructions:
and am posting the one I finished checkup.txt . I am unable to access the adwClearner. BUT
the advclearner didn't work as you mentioned and afterwards, I could not access the drives on my computer via "My Computer". I rebooted and it was the same. Also when I reboot I get this message:
"WINDOWS SECURIY ALERT
Windows Explorer with 3 options: keep blocking / unblock / ask me later"
I press "As Me Later"
Below are the 2 reports that I finished (I am worried why I can't access my hard drives)
Results of screen317's Security Check version 0.99.72
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Free Antivirus
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Wise Disk Cleaner 7.85
Java(TM) 6 Update 45
Java 7 Update 21
Java version out of Date!
Adobe Flash Player 11.7.700.224
Adobe Reader 10.1.7 Adobe Reader out of Date!
Google Chrome 28.0.1500.72
Google Chrome 28.0.1500.95
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 7%
````````````````````End of Log``````````````````````
TGH
Hi pgbacal :bigthumb:
From your log I see: Avast and AVG
:bigthumb: Feel free to ask everything
Ok good!!
Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe).
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Next
AdwCleaner
Please download AdwCleaner (http://general-changelog-team.fr/en/tools/15-adwcleaner) by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
Next
http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
Next
Download RogueKiller (http://www.sur-la-toile.com/RogueKiller/) and save it to your desktop.
Quit all other programs
Start RogueKiller.exe
Wait until the Prescan has finished ...
Click on Scan
http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRScan.png
Wait for the end of the scan
A report will be created on your desktop.
Click on the Delete button
http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRDelete.png
Next click on the ShortcutsFix
http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRShortcutsFix.png
another report will be created on your desktop.
Please post: All RKreport.txt text files located on your desktop.
On your next reply please post :
checkup.txt
AdwCleaner[S1].txt
JRT.txt
All RKreport.txt
Let me know if you have any problems in performing with the steps above or any questions you may have.
Good Day!
I wrote to you yesterday.
I can not seem to remove AVG, and it doesn't appear as a running program.
I dowloaded all the files you told me to \
* checkup.txt
* AdwCleaner[S1].txt
* JRT.txt
* All RKreport.txt
BUT
I ran checkup.txt. See below
Results of screen317's Security Check version 0.99.72
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Free Antivirus
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Wise Disk Cleaner 7.85
Java(TM) 6 Update 45
Java 7 Update 21
Java version out of Date!
Adobe Flash Player 11.7.700.224
Adobe Reader 10.1.7 Adobe Reader out of Date!
Google Chrome 28.0.1500.72
Google Chrome 28.0.1500.95
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 7%
````````````````````End of Log``````````````````````
Next
I tried running Adwcleaner, and it didn't work like you said and has created havoic with my computer. It takes forever to open "My computer" and now it isn't opening. It is extremely slow when I reboot. I can't access my C: drive so can't access the the file saved from Adwclearner . I can access my documents from inside a program (word)
HELP... I feel worse off them before.
I have not run the other two programs.
SHOULD I TRY TORAN THE OTHER TWO PROGRAMS I thought I already answered you yesterday, but it doesn't seem to be on this thread.
Please get back to me as soon as possible,
Thanks,
Pgbacal
Hi pgbacal :bigthumb:
From your log I see: Avast and AVG
:bigthumb: Feel free to ask everything
Ok good!!
Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe).
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Next
AdwCleaner
Please download AdwCleaner (http://general-changelog-team.fr/en/tools/15-adwcleaner) by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
Next
http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
Next
Download RogueKiller (http://www.sur-la-toile.com/RogueKiller/) and save it to your desktop.
Quit all other programs
Start RogueKiller.exe
Wait until the Prescan has finished ...
Click on Scan
http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRScan.png
Wait for the end of the scan
A report will be created on your desktop.
Click on the Delete button
http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRDelete.png
Next click on the ShortcutsFix
http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRShortcutsFix.png
another report will be created on your desktop.
Please post: All RKreport.txt text files located on your desktop.
On your next reply please post :
checkup.txt
AdwCleaner[S1].txt
JRT.txt
All RKreport.txt
Let me know if you have any problems in performing with the steps above or any questions you may have.
Good Day!
Hi pgbacal
Ok I'm here
Please read through these instructions to familarize yourself with what to expect when this tool runs
Refer to the ComboFix User's Guide (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)
* IMPORTANT- Save ComboFix.exe to your Desktop
====================================================
Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html)
====================================================
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC_update.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/cfRC_screen_2.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
On your next reply please post :
Combofix log
Let me know if you have any problems in performing with the steps above or any questions you may have.
Good Day!
I downloaded Combofix and tried running it. It said that I am running real time AVG Free Antivirus 2012. I can't find it to uninstall it in the Add/Delete of the Control Panel, so I did I search and still didn't find the actual program.
How do I find this nuisance of a program and delete once and for all, so I can continue .
I am in the middle fo Combofix so am waiting for a reply from you.
Many thanks,
Philippa
Hi pgbacal
Ok I'm here
Please read through these instructions to familarize yourself with what to expect when this tool runs
Refer to the ComboFix User's Guide (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)
* IMPORTANT- Save ComboFix.exe to your Desktop
====================================================
Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html)
====================================================
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC_update.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/cfRC_screen_2.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
On your next reply please post :
Combofix log
Let me know if you have any problems in performing with the steps above or any questions you may have.
Good Day!
Hi pgbacal
Try this
Unistall AVG
Download AVG Remover: http://www.avg.com/ww-en/utilities
Choose the version compatible with your OS
Place the file on the Desktop
Double-click on the tool to run
restart the system
I had to run the AVG remover twice,and 2 reboots, before combofix started working. It downloaded Microsoft Recover Consule and continued through 50 stages, when the screen went blank and the computer rebooted by itself.
Then I didn't see combofix any more, nor any screens telling me it had finished and was preparing the log. I opened 'My Computer' to go to the combofix directory to look for the txt file, but instead found the that combofix shows a tree of my hard drives and my drives were now under the directory combofix, and no txt file was there.
I really don't understand what is happening.
Hi pgbacal
Try this
Unistall AVG
Download AVG Remover: http://www.avg.com/ww-en/utilities
Choose the version compatible with your OS
Place the file on the Desktop
Double-click on the tool to run
restart the system
Hi pgbacal
Try to re-reboot, next, go in C:\ and find the txt
Sorry but I can't find the combofix.txt file anywhere. I did a search, unsuccessfully. I then ran the combofix again and the same thing happened. I made sure my avast for permanently disabled so it wouldn't start when the computer rebooted itself.
The combofix ran and reached the 50th stage and then rebooted automatically. I got my two usual problematic messages - 1. The computer finds new hardware and asks me to install it. I closed this screen (I've been having these problems for a few weeks now with the mouse and keyboard)
2. The computer asks me if I want to keep blocking windows explorer or not. I really don't understand this message so I just answer - "later" (3 options, unblock, keep blocking, or deal with it later).
After this I searched for the file combofix.txt. I find the folder in C:Combofix, but when I open it I get a mirror of my hard drive.
I am at a loss. Perhaps I should go back to some of the original programs you asked me to run or do you think perhaps that a total reformat of my C: might solve my problems. While I have an original windows XP that is all I have.
Any and all suggestions welcome.
Hi pgbacal
Try to re-reboot, next, go in C:\ and find the txt
Hi pgbacal :welcome:
you think perhaps that a total reformat of my C: might solve my problems. Surely. But let me try this one :bigthumb:
Please click HERE (http://www.kaspersky.com/antivirus-removal-tool?form=1) to download Kaspersky Virus Removal Tool (click on the Download link for Version 11).
NOTE. This is quite large file, so be patient.
Double click on the file you just downloaded and let it install.
It will install to your desktop (be patient; it may take a while).
Accept license agreement and click "Start" button.
Click on Settings button http://209.85.48.8/228/109/upload/p4484522.gif
In Scan scope leave pre-checked items as they're and also checkmark My Computer
In Actions checkmark Select action: (disinfect; delete if disinfection fails) instead of preselected Prompt on detection
Click on Automatic Scan tab and then click on Start scanning button.
Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
When the scan is done NO log will be produced.
Click on Report button http://209.85.48.8/228/109/upload/p4484523.gif then on Automatic Scan report tab.
Right click anywhere within right pane, click Select All then right click again and click Copy.
This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
You can save this on the desktop.
Post the contents of the document in your next reply.
Due to inactivity this topic will be closed.
If you need help please start a new thread