Hi, everyone. It's been a while. This shutting down problem starting happening a few weeks ago; we've had it in the shop twice and they couldn't fix it. There's no particuliar time that it happens. It will stay on forever if I let it sit there without doing anything. If I'm watching a You-Tube video or something similiar, when it shuts down, I can still hear the video. Makes me think it has something to do with the monitor perhaps? I don't know but it's driving me crazy----which doesn't take much. :)
Trying to follow instructions: Here's my Erunt files:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Gale at 2012-03-14 10:37:14
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 40 GB (53%) free of 76 GB
Total RAM: 2047 MB (75% free)
======Scheduled tasks folder======
C:\WINDOWS\tasks\User_Feed_Synchronization-{2C2155DD-F9E5-49C8-B53C-4CE92333E1CE}.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Gale\Application Data\Mozilla\Firefox\Profiles\zprp9nem.default
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=C:\Program Files\AVG\AVG2012\Firefox4\
"avg@igeared"=C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"avg@toolbar"=C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.2.0.3\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@movenetworks.com/Quantum Media Player]
"Description"=
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=8]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIMNQMP.xpt
snapfishScript.xpt
C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npmnqmp07030901.dll
nppdf32.dll
npsnapfish.dll
unins000.dat
unins000.exe
C:\Program Files\Mozilla Firefox\searchplugins\
amazondotcom.xml
avg-secure-search.xml
bing.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml
C:\Documents and Settings\Gale\Application Data\Mozilla\Firefox\Profiles\zprp9nem.default\searchplugins\
comcast.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG2012\avgssie.dll [2011-11-11 1378144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18 34304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll [2012-03-12 1869152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-04-18 552960]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll [2012-03-12 1869152]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"AVG_TRAY"=C:\Program Files\AVG\AVG2012\avgtray.exe [2012-01-24 2416480]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2006-03-21 1191936]
"vProt"=C:\Program Files\AVG Secure Search\vprot.exe [2012-03-12 982880]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2011-02-18 2423752]
C:\Documents and Settings\Gale\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=1
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\PopCap Games\BookWorm Deluxe\BookWorm.exe"="C:\Program Files\PopCap Games\BookWorm Deluxe\BookWorm.exe:*:Disabled:BookWorm"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Support.com\bin\tgcmd.exe"="C:\Program Files\Support.com\bin\tgcmd.exe:*:Enabled:Support.com Scheduler and Command Dispatcher"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\Program Files\AVG\AVG2012\avgmfapx.exe"="C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer"
"C:\Program Files\AVG\AVG2012\avgnsx.exe"="C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield"
"C:\Program Files\AVG\AVG2012\avgdiagex.exe"="C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"vidc.iv41"=ir41_32.ax
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
======List of files/folders created in the last 3 months======
2012-03-13 08:38:55 ----D---- C:\Program Files\trend micro
2012-03-13 08:34:48 ----D---- C:\Program Files\ERUNT
2012-03-13 08:25:03 ----D---- C:\Documents and Settings\Gale\Application Data\SUPERAntiSpyware.com
2012-03-13 08:25:03 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2012-03-10 11:16:08 ----N---- C:\WINDOWS\system32\iacenc.dll
2012-03-10 10:56:09 ----D---- C:\Program Files\Office Depot PC Support Agent
2012-03-09 08:55:36 ----ASH---- C:\pagefile.sys
2012-03-01 11:16:20 ----D---- C:\Program Files\MagicTune Premium
2012-02-27 16:19:20 ----D---- C:\Documents and Settings\Gale\Application Data\Leadertech
2012-02-16 02:25:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2660465$
2012-02-16 02:23:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2012-02-15 22:40:13 ----A---- C:\WINDOWS\imsins.BAK
2012-02-15 22:35:37 ----HDC---- C:\WINDOWS\ie8
2012-02-07 14:56:13 ----D---- C:\Documents and Settings\Gale\Application Data\TuneUp Software
2012-02-07 14:55:16 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2012-02-06 22:05:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-02-06 21:21:10 ----SHD---- C:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-02-04 10:12:49 ----A---- C:\WINDOWS\system32\drivers\PortTalk.sys
2012-02-03 17:00:30 ----D---- C:\Program Files\officedepot_stk_sop
2012-02-03 14:19:07 ----A---- C:\TDSSKiller.2.6.19.0_03.02.2012_13.19.07_log.txt
2012-02-02 06:01:54 ----D---- C:\WINDOWS\ie8updates
2012-01-31 19:39:18 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2012-01-31 16:56:13 ----D---- C:\Documents and Settings\Gale\Application Data\supportdotcom
2012-01-31 16:56:00 ----D---- C:\Program Files\supportdotcom
2012-01-31 16:56:00 ----D---- C:\Program Files\Common Files\supportdotcom
2012-01-31 15:28:28 ----D---- C:\Documents and Settings\Gale\Application Data\QuickScan
2012-01-31 15:27:44 ----D---- C:\temp
2012-01-31 15:26:56 ----D---- C:\Program Files\Common Files\supportsoft
2012-01-25 15:00:46 ----A---- C:\WINDOWS\system32\hidserv.dll
2012-01-25 15:00:42 ----A---- C:\WINDOWS\system32\drivers\kbdhid.sys
2012-01-24 17:20:31 ----D---- C:\Misc
2012-01-24 16:37:28 ----N---- C:\WINDOWS\system32\IJRMF.exe
2012-01-24 16:31:24 ----A---- C:\WINDOWS\TrueInstall.exe
2012-01-24 15:53:11 ----D---- C:\WINDOWS\system32\cache
2012-01-21 15:11:06 ----A---- C:\WINDOWS\system32\drivers\mouhid.sys
2012-01-21 15:11:03 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
2012-01-11 23:17:01 ----A---- C:\WINDOWS\system32\rp_stats.dat
2012-01-11 23:17:01 ----A---- C:\WINDOWS\system32\rp_rules.dat
2012-01-11 18:37:08 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2012-01-11 08:54:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2646524$
2012-01-08 23:15:28 ----DC---- C:\WINDOWS\system32\DRVSTORE
2012-01-08 23:15:15 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2012-01-08 21:22:29 ----D---- C:\Program Files\MSN
2012-01-05 12:05:48 ----D---- C:\Program Files\AVG Secure Search
2012-01-05 12:03:01 ----D---- C:\Documents and Settings\Gale\Application Data\AVG2012
2012-01-05 12:01:42 ----D---- C:\Documents and Settings\All Users\Application Data\AVG2012
2012-01-05 11:49:52 ----D---- C:\Documents and Settings\Gale\Application Data\AVG Secure Search
======List of files/folders modified in the last 3 months======
2012-03-14 10:37:16 ----D---- C:\WINDOWS\temp
2012-03-14 10:37:15 ----D---- C:\WINDOWS\Prefetch
2012-03-14 10:37:06 ----D---- C:\WINDOWS\system32\CatRoot2
2012-03-14 09:48:55 ----D---- C:\Documents and Settings\All Users\Application Data\MFAData
2012-03-14 09:48:52 ----D---- C:\WINDOWS\system32\drivers\AVG
2012-03-14 09:37:26 ----D---- C:\WINDOWS\system32\NtmsData
2012-03-13 13:04:33 ----D---- C:\Program Files\Mozilla Firefox
2012-03-13 09:06:12 ----D---- C:\WINDOWS\ERDNT
2012-03-13 08:38:55 ----RD---- C:\Program Files
2012-03-13 08:37:23 ----D---- C:\WINDOWS\system32\drivers
2012-03-13 08:26:32 ----D---- C:\Program Files\SUPERAntiSpyware
2012-03-12 11:54:24 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
2012-03-11 12:23:07 ----D---- C:\WINDOWS\system32
2012-03-11 08:59:03 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-03-11 08:57:29 ----D---- C:\WINDOWS
2012-03-10 23:43:47 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-03-10 23:43:46 ----HD---- C:\WINDOWS\inf
2012-03-10 19:29:39 ----RSD---- C:\WINDOWS\assembly
2012-03-10 19:24:57 ----D---- C:\WINDOWS\Microsoft.NET
2012-03-10 17:59:59 ----D---- C:\Program Files\Microsoft Silverlight
2012-03-10 16:53:05 ----SHD---- C:\WINDOWS\Installer
2012-03-10 16:53:00 ----D---- C:\Config.Msi
2012-03-10 16:52:10 ----D---- C:\WINDOWS\WinSxS
2012-03-10 16:41:18 ----D---- C:\Program Files\Internet Explorer
2012-03-10 16:39:34 ----D---- C:\WINDOWS\system32\CatRoot
2012-03-10 12:50:05 ----D---- C:\Program Files\Outlook Express
2012-03-10 11:12:45 ----D---- C:\WINDOWS\system32\en-us
2012-03-10 11:12:44 ----D---- C:\WINDOWS\Media
2012-03-10 11:12:44 ----D---- C:\WINDOWS\Help
2012-03-10 11:11:34 ----D---- C:\WINDOWS\system32\config
2012-03-10 11:10:58 ----D---- C:\WINDOWS\system32\wbem
2012-03-10 11:10:58 ----D---- C:\WINDOWS\Registration
2012-03-10 11:01:17 ----HD---- C:\Program Files\InstallShield Installation Information
2012-02-28 12:15:28 ----SD---- C:\WINDOWS\Tasks
2012-02-27 16:54:08 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2012-02-27 16:26:47 ----SD---- C:\WINDOWS\Downloaded Program Files
2012-02-16 02:22:02 ----HD---- C:\WINDOWS\$hf_mig$
2012-02-15 22:31:48 ----D---- C:\WINDOWS\Debug
2012-02-15 22:15:25 ----AC---- C:\WINDOWS\NeroDigital.ini
2012-02-07 16:10:32 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2012-02-07 16:10:32 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2012-02-07 16:10:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2012-02-07 16:10:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2012-02-07 16:10:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2012-02-07 16:10:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2012-02-07 16:10:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
2012-02-07 16:10:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2412687$
2012-02-07 16:10:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2467659$
2012-02-07 16:10:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2436673$
2012-02-07 16:10:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2479628$
2012-02-07 16:10:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2524375$
2012-02-07 16:10:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2555917$
2012-02-07 16:10:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2567680$
2012-02-07 16:10:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2567053$
2012-02-07 16:10:17 ----HDC---- C:\WINDOWS\$NtUninstallKB885884$
2012-02-07 16:10:16 ----HDC---- C:\WINDOWS\$NtUninstallKB891122$
2012-02-07 16:10:04 ----HDC---- C:\WINDOWS\$NtUninstallKB917159$
2012-02-07 16:10:00 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$
2012-02-07 16:09:59 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2012-02-07 16:09:57 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2012-02-07 16:09:57 ----HDC---- C:\WINDOWS\$NtUninstallKB925486$
2012-02-07 16:09:56 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2012-02-07 16:09:54 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2012-02-07 16:09:54 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2012-02-07 16:09:54 ----HDC---- C:\WINDOWS\$NtUninstallKB929969$
2012-02-07 16:09:53 ----HDC---- C:\WINDOWS\$NtUninstallKB931836$
2012-02-07 16:09:52 ----HDC---- C:\WINDOWS\$NtUninstallKB933360$
2012-02-07 16:09:51 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2012-02-07 16:09:51 ----HDC---- C:\WINDOWS\$NtUninstallKB936357$
2012-02-07 16:09:50 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2012-02-07 16:09:50 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$
2012-02-07 16:09:49 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2012-02-07 16:09:48 ----HDC---- C:\WINDOWS\$NtUninstallKB941693$
2012-02-07 16:09:48 ----HDC---- C:\WINDOWS\$NtUninstallKB941644$
2012-02-07 16:09:48 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2012-02-07 16:09:47 ----HDC---- C:\WINDOWS\$NtUninstallKB942763$
2012-02-07 16:09:44 ----HDC---- C:\WINDOWS\$NtUninstallKB946627$
2012-02-07 16:09:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2012-02-07 16:09:39 ----DC---- C:\WINDOWS\$NtUninstallKB952011$
2012-02-07 16:09:36 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2012-02-07 16:09:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2012-02-07 16:09:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2012-02-07 16:09:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2012-02-07 16:09:34 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2012-02-07 16:09:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2012-02-07 16:09:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2012-02-07 16:09:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2012-02-07 16:09:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2012-02-07 16:09:32 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2012-02-07 16:09:31 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2012-02-07 16:09:30 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2012-02-07 16:09:30 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2012-02-07 16:09:29 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2012-02-07 16:09:28 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2012-02-07 16:09:28 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2012-02-07 16:09:27 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2012-02-07 16:09:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2012-02-07 16:09:24 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2012-02-07 16:09:19 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2012-02-07 16:09:19 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2012-02-07 16:09:18 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2012-02-07 16:09:17 ----HDC---- C:\WINDOWS\$NtUninstallKB981957$
2012-02-07 16:09:17 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2012-02-07 16:09:17 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2012-02-07 16:09:16 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2012-02-07 16:09:16 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2012-02-07 16:09:15 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2012-02-06 22:06:40 ----D---- C:\WINDOWS\SoftwareDistribution
2012-02-03 17:05:28 ----D---- C:\Documents and Settings\All Users\Application Data\Support.com
2012-02-03 16:49:11 ----D---- C:\WINDOWS\security
2012-02-03 14:34:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-01-31 21:06:57 ----SHD---- C:\RECYCLER
2012-01-31 19:34:10 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2012-01-31 19:17:16 ----D---- C:\Documents and Settings
2012-01-31 16:56:00 ----D---- C:\Program Files\Common Files
2012-01-27 00:20:26 ----AC---- C:\WINDOWS\system32\MRT.exe
2012-01-24 16:32:27 ----D---- C:\Program Files\CyberLink DVD Solution
2012-01-24 16:10:10 ----RSD---- C:\WINDOWS\Fonts
2012-01-24 16:07:39 ----D---- C:\swsetup
2012-01-24 16:01:30 ----RASH---- C:\boot.ini
2012-01-24 16:01:30 ----AC---- C:\WINDOWS\win.ini
2012-01-24 16:01:30 ----AC---- C:\WINDOWS\system.ini
2012-01-24 16:01:28 ----D---- C:\WINDOWS\pss
2012-01-21 16:04:39 ----D---- C:\Program Files\Common Files\Adobe
2012-01-21 16:04:37 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2012-01-06 20:20:50 ----D---- C:\Program Files\Online Services
2012-01-05 12:00:08 ----D---- C:\Program Files\AVG
2012-01-05 11:11:27 ----D---- C:\Program Files\Common Files\AVG Secure Search
2012-01-05 11:02:18 ----D---- C:\Program Files\Blockbuster
2012-01-05 10:59:04 ----SD---- C:\Documents and Settings\Gale\Application Data\Microsoft
2012-01-05 10:51:21 ----D---- C:\Program Files\Shockwave.com
2011-12-18 15:46:38 ----A---- C:\WINDOWS\system32\ieframe.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\wininet.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\urlmon.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\url.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\occache.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\mstime.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\mshtmled.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\mshtml.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\msfeeds.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\licmgr10.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\jsproxy.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\iertutil.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\iepeers.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2011-12-16 07:23:08 ----A---- C:\WINDOWS\system32\ie4uinit.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 AVGIDSEH;AVGIDSEH; C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2006-05-16 46080]
R0 viamraid;viamraid; C:\WINDOWS\system32\DRIVERS\viamraid.sys [2004-05-18 74112]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2011-08-08 40016]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2007-07-13 8413]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-01-24 4127488]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-09-29 2456064]
R3 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134608]
R3 AVGIDSFilter;AVGIDSFilter; C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
R3 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-10-27 223104]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 catchme;catchme; \??\C:\DOCUME~1\Gale\LOCALS~1\Temp\catchme.sys []
S3 epstw2k;SCM Parallel Port SCSI Driver; C:\WINDOWS\system32\DRIVERS\epstw2k.sys [2004-08-04 114944]
S3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PortTalk;PortTalk; C:\WINDOWS\System32\Drivers\PortTalk.sys [2002-01-12 3567]
S3 scsiscan;SCSI Scanner Driver; C:\WINDOWS\system32\DRIVERS\scsiscan.sys [2008-04-13 11520]
S3 ssmirrdr;ssmirrdr; C:\WINDOWS\system32\DRIVERS\ssmirrdr.sys [2011-03-15 10112]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USR1801;U.S. Robotics Faxmodem Driver 1801; C:\WINDOWS\System32\DRIVERS\USR1801.SYS [2001-08-17 794654]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-09-29 483328]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 Office Depot PC Support Agent;Office Depot PC Support Agent; C:\Program Files\Office Depot PC Support Agent\esService.exe [2011-11-10 924568]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-12 918880]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
S4 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-25 136176]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-17 153376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
When I downloaded the INTREGOPT - the registry thing - no logs came up. It just wanted me to reboot my computer.
When I tried to download the Root Appeal, I get an error that says "invalid PE image found".
ANYTHING you can do to help would be very much appreciated. TIA
Hi, Gale.
The Log Posting Instructions have changed and since your RSIT log is incomplete, please follow the instructions below. Note that it will likely be necessary to create more than one reply to fit all of the requested logs.
1. Download
DDS.scr by sUBs and save it to your desktop:
Link (http://download.bleepingcomputer.com/sUBs/dds.scr)
- Double-Click dds.scr and a command window will appear. This is normal
- Shortly after two logs will appear, DDS.txt & Attach.txt
- A window will open instructing you save & post the logs
- Save the logs to a convenient place such as your desktop
- Copy the contents of both DDS.txt and Attach.txt logs and post in your next reply.
2. Download
Security Check by screen317 from
here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or
here (http://screen317.changelog.fr/SecurityCheck.exe).
- Save it to your Desktop.
- Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
3. I see you ran TDSSKiller. Please do not run any tools or make changes unless asked to do so. Please post a copy of
C:\TDSSKiller.2.6.19.0_03.02.2012_13.19.07_log.txt in your next reply.
4. Let's also see an MBAM scan.
- Launch Malwarebytes' Anti-Malware then click the Update tab and "Check for Updates
- Once the update has been installed and the program has loaded, select Quick scan
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fsecuritygarden.googlepages.com%2FMBAM_SR.png&hash=38adbab18bc0003ecf543fafb564e34dadece253)
- Click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Please post contents of that file in your next reply.
** Note **
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
I'm sorry, Corrine. I thought I was doing what I was supposed to do. Give me a while to get this done with this blankety-blank computer.
No problem, Gale, and no guarantees that we'll find what the tech shop didn't see (although they left behind evidence of their presence which I'll point out later that in case you want to remove it).
dds.txt
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Run by Gale at 15:02:03 on 2012-03-14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1461 [GMT -5:00]
.
AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Office Depot PC Support Agent\esService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\gale\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Little%20Shop%20-%20Road%20Trip/Images/stg_drm.ocx
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Little%20Shop%20-%20Road%20Trip/Images/armhelper.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{7AB98642-97D1-48AC-ACBD-000440B22126} : DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{BAD825AD-B624-4193-BBAE-E0CD28D96854} : DhcpNameServer = 24.93.41.125 24.93.41.126
TCP: Interfaces\{EE3C9EE5-A8F6-46AD-8FAE-A886AA0F77DE} : DhcpNameServer = 24.93.41.125 24.93.41.126
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\gale\application data\mozilla\firefox\profiles\zprp9nem.default\
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff10.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff9.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmnqmp07030901.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 Office Depot PC Support Agent;Office Depot PC Support Agent;c:\program files\office depot pc support agent\esService.exe [2011-11-10 924568]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\10.2.0\ToolbarUpdater.exe [2012-3-12 918880]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 16720]
S3 epstw2k;SCM Parallel Port SCSI Driver;c:\windows\system32\drivers\epstw2k.sys [2001-8-17 114944]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [2012-2-4 3567]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2006-7-10 11520]
S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [2011-3-15 10112]
S3 USR1801;U.S. Robotics Faxmodem Driver 1801;c:\windows\system32\drivers\USR1801.SYS [2005-7-29 794654]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-7-11 167264]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-25 136176]
S4 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
=============== Created Last 30 ================
.
2012-03-14 19:32:06 709968 ----a-w- c:\windows\isRS-000.tmp
2012-03-13 13:38:55 -------- d-----w- c:\program files\trend micro
2012-03-13 13:25:03 -------- d-----w- c:\documents and settings\gale\application data\SUPERAntiSpyware.com
2012-03-13 13:25:03 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-03-10 16:16:08 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-03-10 16:16:08 3072 ------w- c:\windows\system32\iacenc.dll
2012-03-10 16:10:58 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-03-10 16:10:58 -------- d-----w- c:\windows\system32\wbem\Repository
2012-03-10 15:56:09 -------- d-----w- c:\program files\Office Depot PC Support Agent
2012-03-01 16:16:20 -------- d-----w- c:\program files\MagicTune Premium
2012-02-16 03:35:37 -------- dc-h--w- c:\windows\ie8
2012-02-15 19:34:10 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-02-15 19:34:08 97240 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2012-02-15 19:34:08 801752 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2012-02-15 19:34:08 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-02-15 19:34:08 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-02-15 19:34:08 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-02-15 19:34:08 45016 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-02-15 19:34:08 437208 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2012-02-15 19:34:08 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-02-15 19:34:08 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2012-02-15 19:34:08 1911768 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2012-02-15 19:34:08 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
.
==================== Find3M ====================
.
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
2007-05-10 22:26:16 767696 -c--a-w- c:\program files\BootDisk.exe
.
============= FINISH: 15:02:46.09 ===============
attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7/7/2006 9:10:55 AM
System Uptime: 3/14/2012 2:32:45 PM (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | 8I915PL-G
Processor: Intel(R) Celeron(R) CPU 3.06GHz | Socket 775 | 3081/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 39.069 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (FAT32) - 1863 GiB total, 1807.39 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: AVG miniport driver
Device ID: ROOT\GR_AVGFWMP\0000
Manufacturer: AVG Technologies
Name: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller - AVG miniport driver
PNP Device ID: ROOT\GR_AVGFWMP\0000
Service: Avgfwdx
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: AVG miniport driver
Device ID: ROOT\GR_AVGFWMP\0001
Manufacturer: AVG Technologies
Name: Realtek RTL8139 Family PCI Fast Ethernet NIC - AVG miniport driver
PNP Device ID: ROOT\GR_AVGFWMP\0001
Service: Avgfwdx
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: AVG miniport driver
Device ID: ROOT\GR_AVGFWMP\0002
Manufacturer: AVG Technologies
Name: WAN Miniport (IP) - AVG miniport driver
PNP Device ID: ROOT\GR_AVGFWMP\0002
Service: Avgfwdx
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: AVG miniport driver
Device ID: ROOT\GR_AVGFWMP\0003
Manufacturer: AVG Technologies
Name: SMC EZ Card 10/100 PCI (SMC1211TX) - AVG miniport driver
PNP Device ID: ROOT\GR_AVGFWMP\0003
Service: Avgfwdx
.
==== System Restore Points ===================
.
RP1060: 2/7/2012 1:55:43 PM - Installed TuneUp Utilities 2012
RP1061: 2/7/2012 4:24:45 PM - Removed TuneUp Utilities 2012
RP1062: 2/7/2012 4:25:03 PM - Removed TuneUp Utilities 2012
RP1063: 2/7/2012 4:26:00 PM - Removed TuneUp Utilities Language Pack (en-US)
RP1064: 2/11/2012 8:19:09 AM - System Checkpoint
RP1065: 2/12/2012 12:33:56 PM - System Checkpoint
RP1066: 2/13/2012 1:14:24 PM - System Checkpoint
RP1067: 2/14/2012 3:50:29 PM - System Checkpoint
RP1068: 2/15/2012 5:28:19 PM - System Checkpoint
RP1069: 2/15/2012 9:31:27 PM - Software Distribution Service 3.0
RP1070: 2/15/2012 9:37:18 PM - Installed Windows Internet Explorer 8.
RP1071: 2/15/2012 9:40:33 PM - Software Distribution Service 3.0
RP1072: 2/16/2012 1:21:59 AM - Software Distribution Service 3.0
RP1073: 2/18/2012 4:23:53 PM - System Checkpoint
RP1074: 2/19/2012 5:56:01 PM - System Checkpoint
RP1075: 2/22/2012 10:50:21 AM - System Checkpoint
RP1076: 2/23/2012 12:04:50 PM - System Checkpoint
RP1077: 2/24/2012 5:50:11 PM - System Checkpoint
RP1078: 2/26/2012 4:45:57 PM - System Checkpoint
RP1079: 2/27/2012 3:33:57 PM - Installed D-Link Wireless N USB Adapter DWA-130
RP1080: 2/27/2012 3:40:43 PM - Installed D-Link Wireless N USB Adapter DWA-130
RP1081: 2/28/2012 9:39:27 PM - System Checkpoint
RP1082: 3/1/2012 9:26:38 AM - System Checkpoint
RP1083: 3/1/2012 10:16:19 AM - Installed MagicTune Premium
RP1084: 3/2/2012 7:03:04 PM - System Checkpoint
RP1085: 3/3/2012 9:05:18 PM - System Checkpoint
RP1086: 3/7/2012 11:07:54 AM - System Checkpoint
RP1087: 3/8/2012 6:48:27 AM - Removed ClearType Tuning Control Panel Applet
RP1088: 3/8/2012 6:49:40 AM - Removed MagicTune Premium
RP1089: 3/8/2012 9:31:42 PM - Restore Operation
RP1090: 3/9/2012 6:35:26 PM - Restore Operation
RP1091: 3/9/2012 8:46:27 PM - Restore Operation
RP1092: 3/10/2012 9:54:08 AM - Restore Operation
RP1093: 3/10/2012 3:37:22 PM - Software Distribution Service 3.0
RP1094: 3/10/2012 11:42:08 PM - Software Distribution Service 3.0
RP1095: 3/12/2012 3:47:51 PM - System Checkpoint
RP1096: 3/14/2012 1:26:40 PM - System Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.0
Adobe Shockwave Player 11.6
Apple Software Update
ArcSoft PhotoStudio 5.5
ATI Display Driver
AVG 2012
Bookworm Deluxe
Bookworm Deluxe 1.13
Canon MP Navigator 3.0
Canon MP960
Canon MP960 User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint
CCleaner
ClearType Tuning Control Panel Applet
Corel Paint Shop Pro X
Easy-WebPrint
ERUNT 1.1j
Flip Words 2
Google Update Helper
HangARoo v2.052
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
ImageMixer for HDD Camcorder
Java Auto Updater
Java(TM) 6 Update 20
Malwarebytes Anti-Malware version 1.60.1.1000
Marvell Miniport Driver
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office XP Professional
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Move Networks Player for Firefox
Mozilla Firefox 10.0.2 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero OEM
Office Depot PC Support Agent
OLYMPUS CAMEDIA Master 2.5
OverDrive Media Console
Paint Shop Pro 7
Platform
PowerDVD
Realtek AC'97 Audio
ScanSoft OmniPage SE 4.0
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Snood 4
Snood for Windows version 3.52-W
Snood Slide 2.0
swMSM
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB980182)
VIA Platform Device Manager
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Movie Maker 2.0
WinZip
.
==== Event Viewer Messages From Past Week ========
.
3/9/2012 9:32:53 AM, error: ati2mtag [45062] - CRT invalid display type
3/9/2012 5:38:46 PM, error: NetBT [4321] - The name "HOME-S3JRAV5ZCT:20" could not be registered on the Interface with IP address 192.168.1.100. The machine with the IP address 192.168.1.101 did not allow the name to be claimed by this machine.
3/9/2012 5:38:29 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{7AB98642-97D1-48AC-ACBD-000440B22126} because another computer on the network has the same name. The server could not start.
3/8/2012 6:48:43 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
3/10/2012 10:15:21 AM, error: Service Control Manager [7022] - The Office Depot PC Support Agent service hung on starting.
.
==== End Of File ===========================
checkup.txt
Results of screen317's Security Check version 0.99.31
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 2012
```````````````````````````````
Anti-malware/Other Utilities Check:
CCleaner
Java(TM) 6 Update 20
Java version out of date!
Adobe Flash Player 10.3.181.14 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (10.0.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````
tdss log.txt
13:19:07.0671 1956 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
13:19:10.0562 1956 ============================================================
13:19:10.0562 1956 Current date / time: 2012/02/03 13:19:10.0562
13:19:10.0562 1956 SystemInfo:
13:19:10.0562 1956
13:19:10.0562 1956 OS Version: 5.1.2600 ServicePack: 3.0
13:19:10.0562 1956 Product type: Workstation
13:19:10.0562 1956 ComputerName: HOME-S3JRAV5ZCT
13:19:10.0562 1956 UserName: Gale
13:19:10.0562 1956 Windows directory: C:\WINDOWS
13:19:10.0562 1956 System windows directory: C:\WINDOWS
13:19:10.0562 1956 Processor architecture: Intel x86
13:19:10.0562 1956 Number of processors: 1
13:19:10.0562 1956 Page size: 0x1000
13:19:10.0562 1956 Boot type: Safe boot with network
13:19:10.0562 1956 ============================================================
13:19:13.0250 1956 Initialize success
13:19:39.0453 1196 ============================================================
13:19:39.0453 1196 Scan started
13:19:39.0453 1196 Mode: Manual; TDLFS;
13:19:39.0453 1196 ============================================================
13:19:41.0046 1196 Abiosdsk - ok
13:19:41.0109 1196 abp480n5 - ok
13:19:41.0187 1196 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:19:41.0187 1196 ACPI - ok
13:19:41.0359 1196 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:19:41.0359 1196 ACPIEC - ok
13:19:41.0468 1196 adpu160m - ok
13:19:41.0640 1196 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:19:41.0640 1196 aec - ok
13:19:41.0796 1196 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:19:41.0812 1196 AFD - ok
13:19:41.0890 1196 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
13:19:41.0921 1196 agp440 - ok
13:19:42.0125 1196 Aha154x - ok
13:19:42.0203 1196 aic78u2 - ok
13:19:42.0281 1196 aic78xx - ok
13:19:42.0484 1196 ALCXWDM (8a8909fdd548d84a3e02e04f699ee705) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
13:19:42.0671 1196 ALCXWDM - ok
13:19:42.0906 1196 AliIde - ok
13:19:42.0984 1196 amsint - ok
13:19:43.0203 1196 asc - ok
13:19:43.0296 1196 asc3350p - ok
13:19:43.0359 1196 asc3550 - ok
13:19:43.0625 1196 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:19:43.0640 1196 AsyncMac - ok
13:19:43.0796 1196 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:19:43.0796 1196 atapi - ok
13:19:44.0000 1196 Atdisk - ok
13:19:44.0296 1196 ati2mtag (0c2ca1c294938139829b1983a0c38b31) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:19:44.0390 1196 ati2mtag - ok
13:19:44.0593 1196 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:19:44.0609 1196 Atmarpc - ok
13:19:44.0750 1196 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:19:44.0765 1196 audstub - ok
13:19:45.0062 1196 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
13:19:45.0062 1196 AVGIDSDriver - ok
13:19:45.0156 1196 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
13:19:45.0156 1196 AVGIDSEH - ok
13:19:45.0375 1196 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
13:19:45.0375 1196 AVGIDSFilter - ok
13:19:45.0468 1196 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
13:19:45.0500 1196 AVGIDSShim - ok
13:19:45.0593 1196 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
13:19:45.0609 1196 Avgldx86 - ok
13:19:45.0828 1196 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
13:19:45.0828 1196 Avgmfx86 - ok
13:19:46.0015 1196 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
13:19:46.0015 1196 Avgrkx86 - ok
13:19:46.0156 1196 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
13:19:46.0156 1196 Avgtdix - ok
13:19:46.0453 1196 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:19:46.0453 1196 Beep - ok
13:19:46.0750 1196 catchme - ok
13:19:47.0000 1196 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:19:47.0015 1196 cbidf2k - ok
13:19:47.0171 1196 cd20xrnt - ok
13:19:47.0375 1196 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:19:47.0375 1196 Cdaudio - ok
13:19:47.0484 1196 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:19:47.0484 1196 Cdfs - ok
13:19:47.0593 1196 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:19:47.0593 1196 Cdrom - ok
13:19:47.0671 1196 Changer - ok
13:19:47.0828 1196 CmdIde - ok
13:19:47.0984 1196 Cpqarray - ok
13:19:48.0109 1196 dac2w2k - ok
13:19:48.0203 1196 dac960nt - ok
13:19:48.0390 1196 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:19:48.0421 1196 Disk - ok
13:19:48.0656 1196 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:19:48.0671 1196 dmboot - ok
13:19:48.0796 1196 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:19:48.0796 1196 dmio - ok
13:19:48.0937 1196 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:19:48.0937 1196 dmload - ok
13:19:49.0187 1196 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:19:49.0187 1196 DMusic - ok
13:19:49.0281 1196 dpti2o - ok
13:19:49.0343 1196 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:19:49.0343 1196 drmkaud - ok
13:19:49.0546 1196 epstw2k (aff9bc3da54aa48bf212443f769699c7) C:\WINDOWS\system32\DRIVERS\epstw2k.sys
13:19:49.0562 1196 epstw2k - ok
13:19:49.0750 1196 es1371 (a55dd7d8ced5d2624a9ee2dda7be0319) C:\WINDOWS\system32\drivers\es1371mp.sys
13:19:49.0750 1196 es1371 - ok
13:19:49.0984 1196 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:19:49.0984 1196 Fastfat - ok
13:19:50.0078 1196 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:19:50.0093 1196 Fdc - ok
13:19:50.0265 1196 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:19:50.0265 1196 Fips - ok
13:19:50.0453 1196 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:19:50.0453 1196 Flpydisk - ok
13:19:50.0546 1196 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:19:50.0593 1196 FltMgr - ok
13:19:50.0765 1196 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:19:50.0765 1196 Fs_Rec - ok
13:19:51.0031 1196 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:19:51.0031 1196 Ftdisk - ok
13:19:51.0140 1196 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
13:19:51.0140 1196 gameenum - ok
13:19:51.0359 1196 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:19:51.0375 1196 Gpc - ok
13:19:51.0484 1196 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:19:51.0484 1196 HidUsb - ok
13:19:51.0609 1196 hpn - ok
13:19:51.0734 1196 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:19:51.0765 1196 HTTP - ok
13:19:51.0859 1196 i2omgmt - ok
13:19:51.0906 1196 i2omp - ok
13:19:52.0093 1196 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:19:52.0093 1196 i8042prt - ok
13:19:52.0359 1196 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:19:52.0359 1196 Imapi - ok
13:19:52.0421 1196 ini910u - ok
13:19:52.0531 1196 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:19:52.0531 1196 IntelIde - ok
13:19:52.0703 1196 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:19:52.0734 1196 intelppm - ok
13:19:52.0859 1196 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:19:52.0859 1196 ip6fw - ok
13:19:52.0953 1196 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:19:52.0953 1196 IpFilterDriver - ok
13:19:53.0093 1196 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:19:53.0093 1196 IpInIp - ok
13:19:53.0218 1196 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:19:53.0218 1196 IpNat - ok
13:19:53.0312 1196 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:19:53.0312 1196 IPSec - ok
13:19:53.0468 1196 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:19:53.0468 1196 IRENUM - ok
13:19:53.0625 1196 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:19:53.0625 1196 isapnp - ok
13:19:53.0750 1196 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:19:53.0750 1196 Kbdclass - ok
13:19:53.0859 1196 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:19:53.0859 1196 kbdhid - ok
13:19:54.0187 1196 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:19:54.0187 1196 kmixer - ok
13:19:54.0375 1196 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:19:54.0406 1196 KSecDD - ok
13:19:54.0578 1196 lbrtfdc - ok
13:19:54.0781 1196 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
13:19:54.0828 1196 MCSTRM - ok
13:19:55.0125 1196 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:19:55.0156 1196 mnmdd - ok
13:19:55.0250 1196 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:19:55.0250 1196 Modem - ok
13:19:55.0437 1196 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:19:55.0453 1196 Mouclass - ok
13:19:55.0593 1196 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:19:55.0609 1196 mouhid - ok
13:19:55.0703 1196 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:19:55.0703 1196 MountMgr - ok
13:19:55.0750 1196 mraid35x - ok
13:19:55.0859 1196 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:19:55.0859 1196 MRxDAV - ok
13:19:56.0109 1196 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:19:56.0109 1196 MRxSmb - ok
13:19:56.0343 1196 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:19:56.0343 1196 Msfs - ok
13:19:56.0390 1196 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:19:56.0406 1196 MSKSSRV - ok
13:19:56.0531 1196 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:19:56.0531 1196 MSPCLOCK - ok
13:19:56.0640 1196 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:19:56.0640 1196 MSPQM - ok
13:19:56.0812 1196 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:19:56.0812 1196 mssmbios - ok
13:19:56.0937 1196 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:19:56.0937 1196 Mup - ok
13:19:57.0156 1196 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:19:57.0156 1196 NDIS - ok
13:19:57.0281 1196 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:19:57.0281 1196 NdisTapi - ok
13:19:57.0390 1196 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:19:57.0390 1196 Ndisuio - ok
13:19:57.0609 1196 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:19:57.0609 1196 NdisWan - ok
13:19:57.0750 1196 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:19:57.0750 1196 NDProxy - ok
13:19:57.0843 1196 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:19:57.0859 1196 NetBIOS - ok
13:19:58.0015 1196 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:19:58.0015 1196 NetBT - ok
13:19:58.0421 1196 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:19:58.0421 1196 Npfs - ok
13:19:58.0468 1196 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:19:58.0484 1196 Ntfs - ok
13:19:58.0640 1196 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:19:58.0640 1196 Null - ok
13:19:58.0953 1196 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:19:59.0046 1196 nv - ok
13:19:59.0359 1196 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:19:59.0375 1196 NwlnkFlt - ok
13:19:59.0437 1196 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:19:59.0437 1196 NwlnkFwd - ok
13:19:59.0609 1196 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:19:59.0609 1196 Parport - ok
13:19:59.0640 1196 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:19:59.0656 1196 PartMgr - ok
13:19:59.0750 1196 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:19:59.0781 1196 ParVdm - ok
13:19:59.0921 1196 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:19:59.0921 1196 PCI - ok
13:19:59.0984 1196 PCIDump - ok
13:20:00.0093 1196 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:20:00.0093 1196 PCIIde - ok
13:20:00.0281 1196 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:20:00.0281 1196 Pcmcia - ok
13:20:00.0390 1196 PDCOMP - ok
13:20:00.0484 1196 PDFRAME - ok
13:20:00.0609 1196 PDRELI - ok
13:20:00.0718 1196 PDRFRAME - ok
13:20:00.0859 1196 perc2 - ok
13:20:00.0953 1196 perc2hib - ok
13:20:01.0218 1196 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:20:01.0218 1196 PptpMiniport - ok
13:20:01.0265 1196 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
13:20:01.0265 1196 Processor - ok
13:20:01.0421 1196 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:20:01.0421 1196 PSched - ok
13:20:01.0500 1196 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:20:01.0500 1196 Ptilink - ok
13:20:01.0578 1196 PxHelp20 (0c8da0a8b0d227319c285e0eae65defd) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:20:01.0593 1196 PxHelp20 - ok
13:20:01.0687 1196 ql1080 - ok
13:20:01.0750 1196 Ql10wnt - ok
13:20:01.0812 1196 ql12160 - ok
13:20:01.0875 1196 ql1240 - ok
13:20:01.0984 1196 ql1280 - ok
13:20:02.0125 1196 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:20:02.0125 1196 RasAcd - ok
13:20:02.0250 1196 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:20:02.0250 1196 Rasl2tp - ok
13:20:02.0359 1196 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:20:02.0359 1196 RasPppoe - ok
13:20:02.0468 1196 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:20:02.0468 1196 Raspti - ok
13:20:02.0593 1196 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:20:02.0593 1196 Rdbss - ok
13:20:02.0703 1196 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:20:02.0703 1196 RDPCDD - ok
13:20:02.0906 1196 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:20:02.0906 1196 RDPWD - ok
13:20:03.0156 1196 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:20:03.0156 1196 redbook - ok
13:20:03.0437 1196 rtl8139 - ok
13:20:03.0640 1196 scsiscan (089870dab7aa277585c475ae09ee4c63) C:\WINDOWS\system32\DRIVERS\scsiscan.sys
13:20:03.0640 1196 scsiscan - ok
13:20:03.0718 1196 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:20:03.0718 1196 Secdrv - ok
13:20:03.0875 1196 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:20:03.0890 1196 serenum - ok
13:20:04.0062 1196 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:20:04.0062 1196 Serial - ok
13:20:04.0312 1196 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:20:04.0312 1196 Sfloppy - ok
13:20:04.0437 1196 Simbad - ok
13:20:04.0531 1196 Sparrow - ok
13:20:04.0671 1196 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:20:04.0671 1196 splitter - ok
13:20:04.0781 1196 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:20:04.0781 1196 sr - ok
13:20:04.0953 1196 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:20:04.0953 1196 Srv - ok
13:20:05.0093 1196 ssmirrdr (f843301bdadb2728822c83413ef5f132) C:\WINDOWS\system32\DRIVERS\ssmirrdr.sys
13:20:05.0093 1196 ssmirrdr - ok
13:20:05.0390 1196 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:20:05.0390 1196 swenum - ok
13:20:05.0437 1196 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:20:05.0437 1196 swmidi - ok
13:20:05.0531 1196 symc810 - ok
13:20:05.0640 1196 symc8xx - ok
13:20:05.0734 1196 sym_hi - ok
13:20:05.0796 1196 sym_u3 - ok
13:20:05.0953 1196 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:20:05.0968 1196 sysaudio - ok
13:20:06.0140 1196 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:20:06.0156 1196 Tcpip - ok
13:20:06.0453 1196 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:20:06.0453 1196 TDPIPE - ok
13:20:06.0562 1196 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:20:06.0562 1196 TDTCP - ok
13:20:06.0703 1196 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:20:06.0703 1196 TermDD - ok
13:20:06.0875 1196 TosIde - ok
13:20:07.0078 1196 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
13:20:07.0093 1196 TVICHW32 - ok
13:20:07.0203 1196 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:20:07.0203 1196 Udfs - ok
13:20:07.0312 1196 ultra - ok
13:20:07.0453 1196 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:20:07.0453 1196 Update - ok
13:20:07.0593 1196 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:20:07.0609 1196 usbccgp - ok
13:20:07.0718 1196 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:20:07.0718 1196 usbehci - ok
13:20:07.0828 1196 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:20:07.0828 1196 usbhub - ok
13:20:07.0953 1196 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:20:07.0953 1196 usbprint - ok
13:20:08.0062 1196 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:20:08.0062 1196 usbscan - ok
13:20:08.0203 1196 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:20:08.0203 1196 USBSTOR - ok
13:20:08.0343 1196 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:20:08.0343 1196 usbuhci - ok
13:20:08.0453 1196 USR1801 (a80feb3e2b5bd47d12080439771fdab1) C:\WINDOWS\system32\DRIVERS\USR1801.SYS
13:20:08.0500 1196 USR1801 - ok
13:20:08.0656 1196 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:20:08.0656 1196 VgaSave - ok
13:20:08.0781 1196 ViaIde - ok
13:20:08.0953 1196 viamraid (f199939205dccc7836ae5ab8b5dd5e83) C:\WINDOWS\system32\DRIVERS\viamraid.sys
13:20:08.0968 1196 viamraid - ok
13:20:09.0031 1196 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:20:09.0031 1196 VolSnap - ok
13:20:09.0312 1196 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:20:09.0312 1196 Wanarp - ok
13:20:09.0343 1196 WDICA - ok
13:20:09.0500 1196 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:20:09.0500 1196 wdmaud - ok
13:20:09.0906 1196 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
13:20:09.0921 1196 WpdUsb - ok
13:20:10.0171 1196 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:20:10.0203 1196 WudfPf - ok
13:20:10.0296 1196 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:20:10.0296 1196 WudfRd - ok
13:20:10.0484 1196 yukonwxp (b29e7a2e211494ac05c2575d4725497a) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
13:20:10.0500 1196 yukonwxp - ok
13:20:10.0625 1196 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:20:10.0875 1196 \Device\Harddisk0\DR0 - ok
13:20:10.0937 1196 Boot (0x1200) (25270752a08117663c6617c176dda1f2) \Device\Harddisk0\DR0\Partition0
13:20:10.0953 1196 \Device\Harddisk0\DR0\Partition0 - ok
13:20:11.0031 1196 ============================================================
13:20:11.0031 1196 Scan finished
13:20:11.0031 1196 ============================================================
13:20:11.0093 0732 Detected object count: 0
13:20:11.0093 0732 Actual detected object count: 0
13:22:34.0718 1000 Deinitialize success
MBAM scan
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.03.14.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Gale :: HOME-S3JRAV5ZCT [administrator]
3/14/2012 2:38:39 PM
mbam-log-2012-03-14 (14-38-39).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197981
Time elapsed: 5 minute(s), 43 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Thank you, Gale.
Please follow these instructions carefully.Download ComboFix from one of the following locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)
!!! IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.
Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html).
Now, please run ComboFix:
- Note: If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
- Double-click ComboFix.exe on your desktop and follow the prompts.
- As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
- When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fsecuritygarden.googlepages.com%2FCF_RC1.png&hash=29e6fe1eb864e58b4b66611caa7d7b6be84a47f8)
- After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fsecuritygarden.googlepages.com%2FCF_RC2.png&hash=e111f6aa2d657579d44cabc5fb4258fd1dce26eb)
- Click "Yes" to continue scanning for malware.
- When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply.
Corrine, I've run comboFix after disabling security apps. A little black screen comes up, goes real fast and stops. I can't for the life of me find c:combofix.txt. I didn't get either of the popups you referenced either. It just did its thing and zooooom it was gone.
Advice??????
Actually, it definitely doesn't sound like it did its thing. Please try in Safe Mode.
- If the computer is running, shut down Windows, and then turn off the power.
- Wait 30 seconds, and then turn the computer on.
- Start tapping the F8 key. The Windows Advanced Options Menu will appear. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
- Ensure that the Safe Mode option is selected.
- Press Enter. The computer then begins to start in Safe Mode.
- Login on your usual account.
I don't mean to sound dense, but what do I do when I get to safe mode? Whatever it is I'll do tomorrow. Right now I'm going to put myself in safe mode in my bed. Good night.
Hi, Gale.
Even though you disabled AVG, it is most likely still interfering with the running of ComboFix. What I want you to do is to run ComboFix in Safe Mode. The other alternative is to uninstall AVG, restart your computer and then run ComboFix.
I think you're right, Corrine......... Hold my coat, I'm going in.
Yay! I did it. I'm so proud of myself. Combo said I didn't have MS Recovery disk, so I had to shut down and go to safemode networking or something like that. It deleted a lot of stuff. :thud: Anyway, Combo downloaded it and here are the results:
ComboFix 12-03-14.01 - Gale 03/15/2012 12:55:27.5.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1769 [GMT -5:00]
Running from: c:\documents and settings\Gale\Desktop\ComboFix.exe
AV: AVG Anti-Virus 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
c:\documents and settings\Gale\Desktop\Scanner.lnk
c:\documents and settings\Gale\WINDOWS
c:\program files\Program Files
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\DellSTFetch.dll
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\English\contact.html
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\English\CoreBranding.dll
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\a.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\a1.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\a2.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\cas0.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\cas0a.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\cas1a.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\cas3.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\cas4.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\CCC.css
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\CCC.js
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\CCS-phone.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\Container.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\ea.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\eb.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\IE5.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\Images\banner_PSP.jpg
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\Images\Button\BuyMeBody.jpg
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\Images\Button\BuyMeLeft.jpg
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\Images\Button\BuyMeRight.jpg
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\Images\Circle.jpg
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\Images\contact_us.jpg
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\Images\Frame\Bottom.jpg
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\Images\Frame\BottomRight.jpg
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\Images\Frame\BotttomLeft.jpg
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\Images\Frame\LeftSide.jpg
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\Images\Frame\RightSide.jpg
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\Images\Frame\Top.jpg
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\Images\Frame\TopLeft.jpg
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\Images\Frame\TopRight.jpg
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\Images\register.jpg
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\P1b.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\Presetup.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\RegCCSphone.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\regOffer.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\regOffline.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\td1b.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\td2b.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\up1b.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\up2b.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\up3b.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\up4b.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\up5b.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\upb.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\UPpm.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\UPpm1.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PhotoServices\English\Ofoto.PhotoService
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PhotoServices\English\PhotoBox.PhotoService
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PhotoServices\English\Shutterfly.PhotoService
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PhotoServices\msvcp60.dll
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PhotoServices\msvcrt.dll
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PhotoServices\orca22.dll
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PhotoServices\orcacm22.dll
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PhotoServices\sfUpload.dll
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\WMILocGt.dll
c:\windows\EventSystem.log
c:\windows\IsUn0407.exe
c:\windows\system32\Cache
c:\windows\system32\Cache\1e71bcbe1f682129.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\bbf5576a4594f236.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\SET115.tmp
c:\windows\system32\SET118.tmp
c:\windows\system32\SET11E.tmp
c:\windows\system32\setb4.tmp
c:\windows\system32\SETCA.tmp
c:\windows\system32\SETDC.tmp
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2012-02-15 to 2012-03-15 )))))))))))))))))))))))))))))))
.
.
2012-03-15 00:15 . 2011-08-09 21:33 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2012-03-13 13:38 . 2012-03-14 15:37 -------- d-----w- c:\program files\trend micro
2012-03-13 13:34 . 2012-03-13 13:35 -------- d-----w- c:\program files\ERUNT
2012-03-13 13:25 . 2012-03-13 13:25 -------- d-----w- c:\documents and settings\Gale\Application Data\SUPERAntiSpyware.com
2012-03-13 13:25 . 2012-03-13 13:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-03-10 16:16 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-03-10 16:16 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-03-10 16:10 . 2012-03-10 16:10 -------- d-----w- c:\windows\system32\wbem\Repository
2012-03-10 15:56 . 2012-03-10 16:13 -------- d-----w- c:\program files\Office Depot PC Support Agent
2012-03-01 16:16 . 2012-03-10 16:01 -------- d-----w- c:\program files\MagicTune Premium
2012-02-27 21:19 . 2012-02-27 21:19 -------- d-----w- c:\documents and settings\Gale\Application Data\Leadertech
2012-02-16 07:24 . 2012-02-16 07:24 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2012-02-16 03:35 . 2012-03-10 00:53 -------- dc-h--w- c:\windows\ie8
2012-02-15 19:34 . 2012-03-12 18:15 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-02-15 19:34 . 2012-03-12 18:15 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-02-15 19:34 . 2012-03-12 18:15 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-02-15 19:34 . 2012-03-12 18:15 97240 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2012-02-15 19:34 . 2012-03-12 18:15 801752 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2012-02-15 19:34 . 2012-03-12 18:15 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-02-15 19:34 . 2012-03-12 18:15 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-02-15 19:34 . 2012-03-12 18:15 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-02-15 19:34 . 2012-03-12 18:15 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-02-15 19:34 . 2012-03-12 18:15 437208 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2012-02-15 19:34 . 2012-03-12 18:15 1911768 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2012-02-15 19:34 . 2012-03-12 18:15 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-03 09:22 . 2004-08-04 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-09 16:20 . 2005-07-29 22:59 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-12-17 19:46 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2007-05-10 22:26 . 2007-05-10 22:26 767696 -c--a-w- c:\program files\BootDisk.exe
2012-03-12 18:15 . 2012-02-15 19:34 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-12 16:54 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-12 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-02-18 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-12 982880]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Gale\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\PopCap Games\\BookWorm Deluxe\\BookWorm.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Support.com\\bin\\tgcmd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 8:13 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [3/16/2011 4:03 PM 32592]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4/5/2011 12:59 AM 295248]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 6:41 AM 230608]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 7:25 AM 4433248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 7:09 AM 192776]
S2 Office Depot PC Support Agent;Office Depot PC Support Agent;c:\program files\Office Depot PC Support Agent\esService.exe [11/10/2011 2:15 AM 924568]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [3/12/2012 11:54 AM 918880]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [4/14/2011 9:28 PM 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 7:53 AM 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 7:53 AM 16720]
S3 epstw2k;SCM Parallel Port SCSI Driver;c:\windows\system32\drivers\epstw2k.sys [8/17/2001 8:50 AM 114944]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [2/4/2012 10:12 AM 3567]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [7/10/2006 9:15 PM 11520]
S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [3/15/2011 12:11 AM 10112]
S3 USR1801;U.S. Robotics Faxmodem Driver 1801;c:\windows\system32\drivers\USR1801.SYS [7/29/2005 12:12 PM 794654]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [7/11/2011 3:33 PM 167264]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/25/2011 9:27 AM 136176]
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-15 c:\windows\Tasks\User_Feed_Synchronization-{2C2155DD-F9E5-49C8-B53C-4CE92333E1CE}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\Gale\Application Data\Mozilla\Firefox\Profiles\zprp9nem.default\
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-CCleaner - c:\documents and settings\Gale\Desktop\CCleaner\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-15 13:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-03-15 13:02:56
ComboFix-quarantined-files.txt 2012-03-15 18:02
.
Pre-Run: 41,491,243,008 bytes free
Post-Run: 41,808,093,184 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 94149852125211176E32EA485394DDE3
Great job, Gale! :dance:
First, let's take care of the out-of-date, vulnerable software.
Java: The current version of Java is JRE6u31. Please get the latest version here: http://java.com/en/download/index.jsp
Adobe Flash Player: Since you have both IE and Firefox, you need to update Adobe Flash Player for both browsers. Please download and install both of the following. (Note: You will need to close your browser to install the update.)
Flash Player 11 (32-Bit)
IE 32-Bit: http://fpdownload.macromedia.com/get/flashplayer/pdc/11.1.102.63/install_flash_player_ax_32bit.exe
Non-IE 32-Bit (Opera, Firefox etc): http://fpdownload.macromedia.com/get/flashplayer/pdc/11.1.102.63/install_flash_player_32bit.exe
Adobe Reader: The current version of Adobe Reader is 10.1.2. Install the latest version of Adobe Reader from http://www.adobe.com/products/reader/
or switch to an alternate PDF reader. There are a number of open source readers available from http://pdfreaders.org/. Others include Nitro Reader (http://www.nitropdf.com/free/index.htm) and Sumatra PDF (http://blog.kowalczyk.info/software/sumatrapdf/free-pdf-reader.html).
Note: Make sure UNcheck any prechecked unwanted toolbars or programs during installation if offered, including the McAfee Plus scan.
Mozilla Firefox: Although just released, Firefox was updated to version 11.0 and includes a critical security update. To get the update, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."
You may also want to uninstall "Office Depot PC Support Agent".
Please go
here (http://www.eset.com/onlinescan/) to run an on-line scan from ESET.
- Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
- Turn off the real time scanner of any existing antivirus program while performing the online scan
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the ActiveX control to install
- Click Start
- Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
- Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
- Click Scan
- Wait for the scan to finish
- Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
- Copy and paste that log as a reply to this topic and also let me know how things are now.
Wow! That took forever. The shutdowns haven't been as frequent today, but I haven't been on here much either. I was really surprised that it didn't shut down during that last download.
Here's the latest:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4043e4fc48d2c242be2c6262d9d54e06
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-16 02:14:45
# local_time=2012-03-15 09:14:45 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=770 16774142 0 2 63304132 63304132 0 0
# compatibility_mode=1024 16777175 100 0 5157441 5157441 0 0
# compatibility_mode=1792 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=88424
# found=0
# cleaned=0
# scan_time=5839
Corrine, I'll have limited computer time thru the weekend. My grandboys are coming to stay with us. Hope I can check in every now and then, but they keep me pretty busy. Didn't want you to think I didn't care. I sincerely appreciate everything all you guys do here.
Hi, Gale.
Don't be concerned about checking in over the weekend. Enjoy the time with your grandboys and let us know next week how your computer is.
Hello, Corrine & Landzdown. Well I have some good news and some bad news. The bad news is that my computer has gotten worse, much worse. The good news is that we decided to get a new one put together for us with much more power, ram and memory. (probably the wrong termininology), but I hope you know what I mean.
I want to extend my deepest gratitude to everyone @ Landdown and especially you, Corrine, who take so much of their time to help others. It's greatly appreciated. I know it's early, but :hammy: all around. :)
How exciting, Gale!!! Your new computer will be Windows 7, a great operating system, but there will be a learning curve. We'll be happy to answer any questions we can to not only help get you up to speed with Windows 7 but also to properly secure your new computer.
I had to go digging to find this old article by fellow MVP Andre Da Costa, but thought it would be helpful: For the 'former' Windows XP User – Welcome to Windows 7! | Teching It Easy: with Windows (http://techingiteasy.wordpress.com/2009/08/19/for-the-former-windows-xp-user-welcome-to-windows-7/).
Another place you'll want to be sure to check is this Microsoft Windows 7 website: Windows 7 Help & How-to - Microsoft Windows (http://windows.microsoft.com/en-US/windows7/help)
~~~~~~~~~~~~~~
When you say your current computer is worse, do you mean slower or that it is crashing? The reason I ask is, although you will be happier with a new, updated, faster computer, if the issue is crashing not related to dying hardware, it may possible to get the XP machine working only for strict limited-user accounts for your grandboys to play games when they visit.
Aaaargh! I almost completed a reply and poof! By getting worse, it's shutting down more often. MUCH more often. Sometimes I can stay online for a couple of hours, but most of the time that's the limit without it shutting down.
Tks, Corrine. At first I was aggravated at the thought of buying a new computer because 'we've' fixed this one before. :) Besides, this one is not that old and I didn't want to spend the money on it. But the more I think about it the more excited I get. I'm tired of messing with this one. It will be like losing an old friend, ya know?
Good idea about giving it to the boys. We bought them one last year for Christmas and they love it. We have all the safeguards on it for them. They're 5 & 7 and the 7 yr old is a genius. Not bragging, just fact. :) He can whiz around that thing like nobody's business. It's amazing to watch him. They enjoy watching Dinosaur movies on it and when Christopher (7 yr old) thinks of ANYTHING that he doesn't know about, he immediately has to 'google' it. He does the same thing here. I'm always with them when they play on my computer. And yes, I can sing the Dinosaur King song, lol.
Tks for the websites. I've saved them for future use. I'm sure I'll be referring to them a lot. I've had XP so long it will be like saying good-bye to an old friend.
I know where to come when I have computer problems. You guys and gals are the best in the biz by far! Thanks again.
If you are serious about getting the XP computer checked out, it will require some work but if the problem is related to something my friends can help you fix, it will be worth it to have a spare as well as a computer the boys can use.
Sysnative is a new forum but the people setting it up are friends of mine, many are Microsoft MVPs and all are very experienced and knowledgeable. (You's see my name in the list of "Site Leaders".) Follow the instructions here: Blue Screen of Death (BSOD) Posting Instructions (http://www.sysnative.com/forums/showthread.php?68-Blue-Screen-of-Death-(BSOD)-Posting-Instructions-Windows-7-amp-Vista)
As expected, you'll need to register for an account. I suggest using the same Gale_Tx name (so I'll recognize you ;) ). If you have any problems running the requested/suggested tools, please indicate that when you create your topic. So whoever is helping you knows what has already been done, provide a link to your thread here. (http://www.landzdown.com/analysis-and-malware-removal/computer-arbitrarily-shutting-down/)
As to finishing up here, you can go ahead and delete SecurityCheck and TDSSKiller, then do the following:
Please do the following to implement cleanup procedures and also to reset System Restore points:
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:
ComboFix /Uninstall
Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal (https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=combofix%40live%2ecom&item_name=ComboFix&no_shipping=0&no_note=1&tax=0¤cy_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8).
As always, Corrine, you're a gem! I will go to the other site and see about getting this one fixed. It would be nice to use my computer when they're here. :)
I've gotten ride of ComboFix the way you described and contributed to them as well. Thanks again. 'Til we meet again. :flowers:
Stop in any time, Gale -- even if it is just to say Hi, play a game in the Lounge or ask about something you that puzzles you. We'll certainly do our best to help!