139d2e78.exe again

PeterJ · June 19, 2013, 02:39:33 PM

Hi. It seems I have pretty much the same problem as Ovaunda had recently. I am locked out of my account on this PC (which is the Adminstrator's account). I can only access the computer via my wife's account at the moment. My symptoms are that when I try to log into my account I get a command prompt that says '"C:\Documents and Settings\user\My Documents\139d2e78.exe"' is not recognised as an operable program or batch file C:\Documents and Settings\User> - and I then can go no further.

I have a fairly elderly Dell Dimension 8250 running Windows XP Professional Version 5.1.2600 Service Pack 3 Build 2600.

I have tried Malwarebytes which found and removed 139d2e78.dll (not .exe) but the problem persists.

I also bought PC Cleaner Pro on the recommendation I found via Google but I'm regretting that decision already. It has not fixed the problem and their 'expert' technical support service was no help at all. I have now uninstalled it.

One more thing - I have downloaded DDS.scr and run it but the resulting text file is gobblydook - here's a small sample
ÆãK@×lÿà \ÔkÙwÑ`2ˆp!@à•€ØI½o¶
How can I correct that please?

Here is my Checkup log:

Results of screen317's Security Check version 0.99.66
Windows XP Service Pack 3 x86 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Disabled!
Please wait while WMIC compiles updated MOF files.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
P
C
ECHO is off.
C
l
e
a
n
e
r
ECHO is off.
P
r
o
ECHO is off.
A
V
G
ECHO is off.
A
n
t
i
V
i
r
u
s
ECHO is off.
F
r
e
ECHO is off.
E
d
i
t
i
o
n
ECHO is off.
2
0
1
2
ECHO is off.
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.75.0.1300
Java(TM) 6 Update 24
Java version out of Date!
Adobe Flash Player 11.7.700.202
Adobe Reader 10.1.7 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````[/u]
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:: 22% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````[/u]

Corrine · June 19, 2013, 07:12:54 PM

Hi, PeterJ. Welcome to LandzDown Forum.

We will do our best to assist you. However, in order to do so, please follow all instructions provided in the sequence given. Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use. This may cause conflicts with the tools being used in the cleanup process.

If you have questions regarding any of the instructions or problems running any tools, please let us know.

1. Based on the reputation of PC Cleaner Pro, please consider contacting your credit card company. You may be able to get the charges reversed. See WOT for information about PC Cleaner Pro: http://www.mywot.com/en/scorecard/pccleanerpro.com/event-84510#events

2. Can you log on to our account via Safe Mode, ideally Safe Mode with Networking? To do this, turn your computer off and then back on and immediately when you see anything on the screen, start tapping the F8 key on your keyboard. Using the arrow keys on your keyboard, select Safe Mode with Networking and press Enter on your keyboard. Windows will now boot into safe mode with networking and prompt you to login as a user. If so, please see if you get readable DDS logs in Safe Mode.

3. Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!. If you can get to safe mode with networking, please do this with your Admin account. Otherwise, we'll see what happens with your wife's account.

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista - W7 users: Right-click and select "Run As Administrator".
If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension.
Click the Start Scan button. Do not use the computer during the scan!
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the "Scan results - Select action for found objects[/b]" and offer 3 options.
- Ensure SKIP is selected... DO NOT attempt to FIX anything yet!
- Now click on Report to open the log file created by TDSSKiller in your root directory C:\
A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.

PeterJ · June 19, 2013, 09:24:46 PM

Thanks Corinne. Unfortunately I paid for PC Cleaner Pro with my debit card, not a credit card, so doubt I'll see my money again :cry: . I guess I'll just have to write that off and try to learn from it!
Before I respond to your instructions I want you to know that it's 10.20pm here in London. Unless you can respond within say the next hour don't worry about it. I'll just get some beauty sleep and pick this up again in the morning.

So....

>I can't get into my account in Safe Mode with Networking.

>Using my wife's account I have tried DSS again when in Safe Mode with Networking and still don't get readable logs.

> I ran a TDSSKiller scan (again in Safe Mode with Networking) but it found nothing. The log reads:

22:06:57.0359 0396 TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
22:06:57.0546 0396 ============================================================
22:06:57.0546 0396 Current date / time: 2013/06/19 22:06:57.0546
22:06:57.0546 0396 SystemInfo:
22:06:57.0546 0396
22:06:57.0546 0396 OS Version: 5.1.2600 ServicePack: 3.0
22:06:57.0546 0396 Product type: Workstation
22:06:57.0546 0396 ComputerName: PETER
22:06:57.0546 0396 UserName: All of Us
22:06:57.0546 0396 Windows directory: C:\WINDOWS
22:06:57.0546 0396 System windows directory: C:\WINDOWS
22:06:57.0546 0396 Processor architecture: Intel x86
22:06:57.0546 0396 Number of processors: 1
22:06:57.0546 0396 Page size: 0x1000
22:06:57.0546 0396 Boot type: Safe boot with network
22:06:57.0546 0396 ============================================================
22:07:05.0468 0396 Drive \Device\Harddisk0\DR0 - Size: 0x953C94000 (37.31 Gb), SectorSize: 0x200, Cylinders: 0x1306, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:07:05.0468 0396 Drive \Device\Harddisk1\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:07:05.0500 0396 ============================================================
22:07:05.0500 0396 \Device\Harddisk0\DR0:
22:07:05.0500 0396 MBR partitions:
22:07:05.0500 0396 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A98C86
22:07:05.0500 0396 \Device\Harddisk1\DR2:
22:07:05.0500 0396 MBR partitions:
22:07:05.0500 0396 \Device\Harddisk1\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C41
22:07:05.0500 0396 ============================================================
22:07:05.0531 0396 C: <-> \Device\Harddisk0\DR0\Partition1
22:07:05.0687 0396 F: <-> \Device\Harddisk1\DR2\Partition1
22:07:05.0687 0396 ============================================================
22:07:05.0687 0396 Initialize success
22:07:05.0687 0396 ============================================================
22:07:21.0343 0408 ============================================================
22:07:21.0343 0408 Scan started
22:07:21.0343 0408 Mode: Manual;
22:07:21.0343 0408 ============================================================
22:07:22.0656 0408 ================ Scan system memory ========================
22:07:22.0656 0408 System memory - ok
22:07:22.0656 0408 ================ Scan services =============================
22:07:22.0781 0408 Abiosdsk - ok
22:07:22.0812 0408 abp480n5 - ok
22:07:22.0890 0408 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:07:22.0890 0408 ACPI - ok
22:07:22.0953 0408 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
22:07:22.0968 0408 ACPIEC - ok
22:07:22.0984 0408 Ad-Watch Connect Filter - ok
22:07:23.0015 0408 ADILOADER - ok
22:07:23.0046 0408 adiusbaw - ok
22:07:23.0171 0408 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:07:23.0171 0408 AdobeFlashPlayerUpdateSvc - ok
22:07:23.0203 0408 adpu160m - ok
22:07:23.0250 0408 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
22:07:23.0265 0408 aec - ok
22:07:23.0328 0408 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
22:07:23.0343 0408 AFD - ok
22:07:23.0406 0408 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
22:07:23.0406 0408 agp440 - ok
22:07:23.0437 0408 Aha154x - ok
22:07:23.0468 0408 aic78u2 - ok
22:07:23.0500 0408 aic78xx - ok
22:07:23.0578 0408 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
22:07:23.0578 0408 Alerter - ok
22:07:23.0640 0408 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
22:07:23.0640 0408 ALG - ok
22:07:23.0671 0408 AliIde - ok
22:07:23.0703 0408 amsint - ok
22:07:23.0828 0408 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:07:23.0843 0408 Apple Mobile Device - ok
22:07:23.0937 0408 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
22:07:23.0937 0408 AppMgmt - ok
22:07:23.0968 0408 asc - ok
22:07:24.0000 0408 asc3350p - ok
22:07:24.0031 0408 asc3550 - ok
22:07:24.0171 0408 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:07:24.0328 0408 aspnet_state - ok
22:07:24.0421 0408 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:07:24.0421 0408 AsyncMac - ok
22:07:24.0484 0408 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
22:07:24.0484 0408 atapi - ok
22:07:24.0515 0408 Atdisk - ok
22:07:24.0562 0408 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:07:24.0593 0408 Atmarpc - ok
22:07:24.0671 0408 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
22:07:24.0671 0408 AudioSrv - ok
22:07:24.0734 0408 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
22:07:24.0734 0408 audstub - ok
22:07:25.0000 0408 [ 231B6AD3DB2866BC3FDB9979E6B2B61E ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
22:07:25.0156 0408 AVGIDSAgent - ok
22:07:25.0218 0408 [ EF67527CC2AD77D22AB1405C6470407E ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
22:07:25.0234 0408 AVGIDSDriver - ok
22:07:25.0281 0408 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
22:07:25.0281 0408 AVGIDSFilter - ok
22:07:25.0343 0408 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
22:07:25.0343 0408 AVGIDSHX - ok
22:07:25.0390 0408 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
22:07:25.0390 0408 AVGIDSShim - ok
22:07:25.0437 0408 [ 6671345A6E2669AF1966BAF68EC5620F ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
22:07:25.0453 0408 Avgldx86 - ok
22:07:25.0515 0408 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
22:07:25.0515 0408 Avgmfx86 - ok
22:07:25.0562 0408 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
22:07:25.0578 0408 Avgrkx86 - ok
22:07:25.0640 0408 [ 1647C720358DCC98ACF51E597C461C4D ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
22:07:25.0640 0408 Avgtdix - ok
22:07:25.0703 0408 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
22:07:25.0718 0408 avgwd - ok
22:07:25.0828 0408 [ 41347688046D49CDE0F6D138A534F73D ] BCMModem C:\WINDOWS\system32\DRIVERS\BCMSM.sys
22:07:25.0875 0408 BCMModem - ok
22:07:25.0921 0408 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:07:25.0921 0408 Beep - ok
22:07:26.0015 0408 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
22:07:26.0203 0408 BITS - ok
22:07:26.0265 0408 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
22:07:26.0265 0408 Browser - ok
22:07:26.0328 0408 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
22:07:26.0328 0408 cbidf2k - ok
22:07:26.0406 0408 [ 359E5A91D26D0439933BEF1C29CEDEF7 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe
22:07:26.0421 0408 CCALib8 - ok
22:07:26.0468 0408 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:07:26.0468 0408 CCDECODE - ok
22:07:26.0500 0408 cd20xrnt - ok
22:07:26.0562 0408 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
22:07:26.0578 0408 Cdaudio - ok
22:07:26.0625 0408 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
22:07:26.0625 0408 Cdfs - ok
22:07:26.0656 0408 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:07:26.0656 0408 Cdrom - ok
22:07:26.0687 0408 Changer - ok
22:07:26.0734 0408 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc C:\WINDOWS\System32\cisvc.exe
22:07:26.0734 0408 cisvc - ok
22:07:26.0828 0408 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
22:07:26.0828 0408 ClipSrv - ok
22:07:26.0906 0408 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:07:27.0156 0408 clr_optimization_v2.0.50727_32 - ok
22:07:27.0171 0408 CmdIde - ok
22:07:27.0203 0408 COMSysApp - ok
22:07:27.0265 0408 Cpqarray - ok
22:07:27.0343 0408 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
22:07:27.0343 0408 CryptSvc - ok
22:07:27.0437 0408 [ B459AE4AFCA570088ADDDBE55EABBC92 ] ctsfm2k C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
22:07:27.0437 0408 ctsfm2k - ok
22:07:27.0468 0408 dac2w2k - ok
22:07:27.0500 0408 dac960nt - ok
22:07:27.0562 0408 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:07:27.0578 0408 DcomLaunch - ok
22:07:27.0640 0408 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
22:07:27.0656 0408 Dhcp - ok
22:07:27.0703 0408 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
22:07:27.0703 0408 Disk - ok
22:07:27.0718 0408 dmadmin - ok
22:07:27.0812 0408 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
22:07:27.0828 0408 dmboot - ok
22:07:27.0875 0408 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
22:07:27.0875 0408 dmio - ok
22:07:27.0953 0408 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
22:07:27.0953 0408 dmload - ok
22:07:28.0000 0408 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
22:07:28.0000 0408 dmserver - ok
22:07:28.0046 0408 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
22:07:28.0046 0408 DMusic - ok
22:07:28.0093 0408 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:07:28.0093 0408 Dnscache - ok
22:07:28.0156 0408 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
22:07:28.0171 0408 Dot3svc - ok
22:07:28.0187 0408 dpti2o - ok
22:07:28.0234 0408 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
22:07:28.0234 0408 drmkaud - ok
22:07:28.0312 0408 [ 842C20BA5D00FA40E5A25B20FECD0F57 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:07:28.0328 0408 E100B - ok
22:07:28.0390 0408 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
22:07:28.0390 0408 EapHost - ok
22:07:28.0437 0408 [ EFACD8D57A42A93E244A0DBD357E8CB8 ] EAPPkt C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
22:07:28.0437 0408 EAPPkt - ok
22:07:28.0500 0408 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
22:07:28.0500 0408 ERSvc - ok
22:07:28.0546 0408 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
22:07:28.0578 0408 Eventlog - ok
22:07:28.0703 0408 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
22:07:28.0718 0408 EventSystem - ok
22:07:28.0781 0408 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
22:07:28.0781 0408 Fastfat - ok
22:07:28.0828 0408 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:07:28.0828 0408 FastUserSwitchingCompatibility - ok
22:07:28.0859 0408 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
22:07:28.0859 0408 Fdc - ok
22:07:28.0921 0408 [ B73EC688C29F81F9DA0FCF63682B3ECB ] FilterService C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
22:07:28.0921 0408 FilterService - ok
22:07:29.0000 0408 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
22:07:29.0000 0408 Fips - ok
22:07:29.0031 0408 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:07:29.0031 0408 Flpydisk - ok
22:07:29.0109 0408 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
22:07:29.0109 0408 FltMgr - ok
22:07:29.0234 0408 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:07:29.0250 0408 FontCache3.0.0.0 - ok
22:07:29.0281 0408 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:07:29.0281 0408 Fs_Rec - ok
22:07:29.0328 0408 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:07:29.0328 0408 Ftdisk - ok
22:07:29.0359 0408 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
22:07:29.0359 0408 gameenum - ok
22:07:29.0421 0408 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:07:29.0421 0408 GEARAspiWDM - ok
22:07:29.0500 0408 [ 8CA4DA1FC8C3FB098B1AADDDB111CD28 ] genmcmn C:\WINDOWS\system32\DRIVERS\gmfiltr.sys
22:07:29.0500 0408 genmcmn - ok
22:07:29.0593 0408 [ 5CC2B1D06AC1962AF5FBBCF88D781DD8 ] GoToAssist C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
22:07:29.0593 0408 GoToAssist - ok
22:07:29.0640 0408 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:07:29.0640 0408 Gpc - ok
22:07:29.0750 0408 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
22:07:29.0765 0408 gupdate - ok
22:07:29.0796 0408 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
22:07:29.0796 0408 gupdatem - ok
22:07:29.0937 0408 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:07:29.0937 0408 helpsvc - ok
22:07:29.0984 0408 HidServ - ok
22:07:30.0031 0408 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:07:30.0031 0408 HidUsb - ok
22:07:30.0109 0408 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
22:07:30.0109 0408 hkmsvc - ok
22:07:30.0140 0408 hpn - ok
22:07:30.0171 0408 hpt3xx - ok
22:07:30.0234 0408 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
22:07:30.0281 0408 HTTP - ok
22:07:30.0359 0408 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
22:07:30.0359 0408 HTTPFilter - ok
22:07:30.0390 0408 i2omgmt - ok
22:07:30.0421 0408 i2omp - ok
22:07:30.0468 0408 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:07:30.0468 0408 i8042prt - ok
22:07:30.0640 0408 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:07:30.0640 0408 IDriverT - ok
22:07:30.0796 0408 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:07:30.0875 0408 idsvc - ok
22:07:30.0921 0408 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
22:07:30.0921 0408 Imapi - ok
22:07:30.0984 0408 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\System32\imapi.exe
22:07:30.0984 0408 ImapiService - ok
22:07:31.0031 0408 ini910u - ok
22:07:31.0093 0408 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
22:07:31.0093 0408 IntelIde - ok
22:07:31.0140 0408 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:07:31.0140 0408 intelppm - ok
22:07:31.0187 0408 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
22:07:31.0187 0408 ip6fw - ok
22:07:31.0234 0408 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:07:31.0234 0408 IpFilterDriver - ok
22:07:31.0296 0408 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:07:31.0296 0408 IpInIp - ok
22:07:31.0359 0408 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:07:31.0359 0408 IpNat - ok
22:07:31.0421 0408 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:07:31.0468 0408 iPod Service - ok
22:07:31.0531 0408 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:07:31.0531 0408 IPSec - ok
22:07:31.0593 0408 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
22:07:31.0609 0408 IRENUM - ok
22:07:31.0671 0408 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:07:31.0671 0408 isapnp - ok
22:07:31.0796 0408 [ 5E06A9D23727DAF96FAA796F1135FDCD ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
22:07:31.0812 0408 JavaQuickStarterService - ok
22:07:31.0843 0408 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:07:31.0843 0408 Kbdclass - ok
22:07:31.0906 0408 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:07:31.0906 0408 kbdhid - ok
22:07:31.0968 0408 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
22:07:31.0968 0408 kmixer - ok
22:07:32.0046 0408 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
22:07:32.0046 0408 KSecDD - ok
22:07:32.0187 0408 [ 62CEF3CA80FF1E3AF738DD11E3505DB1 ] KService C:\Program Files\Kontiki\KService.exe
22:07:32.0265 0408 KService - ok
22:07:32.0343 0408 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
22:07:32.0343 0408 lanmanserver - ok
22:07:32.0406 0408 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:07:32.0406 0408 lanmanworkstation - ok
22:07:32.0437 0408 lbrtfdc - ok
22:07:32.0531 0408 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
22:07:32.0531 0408 LmHosts - ok
22:07:32.0593 0408 [ 1A7DB7A00A4B0D8DA24CD691A4547291 ] LVPr2Mon C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
22:07:32.0593 0408 LVPr2Mon - ok
22:07:32.0703 0408 [ 0DDFDCAA92C7F553328DB06BA599BEA9 ] LVPrcSrv C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
22:07:32.0703 0408 LVPrcSrv - ok
22:07:32.0968 0408 [ A240E42A7402E927A71B6E8AA4629B13 ] LVUVC C:\WINDOWS\system32\DRIVERS\lvuvc.sys
22:07:33.0203 0408 LVUVC - ok
22:07:33.0265 0408 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
22:07:33.0281 0408 MBAMProtector - ok
22:07:33.0390 0408 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:07:33.0406 0408 MBAMScheduler - ok
22:07:33.0484 0408 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:07:33.0531 0408 MBAMService - ok
22:07:33.0640 0408 [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
22:07:33.0703 0408 McciCMService - ok
22:07:33.0796 0408 [ 8032C19788025BAB2B157AE0BA90B009 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
22:07:33.0812 0408 MDM - ok
22:07:33.0890 0408 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
22:07:33.0890 0408 Messenger - ok
22:07:33.0953 0408 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
22:07:33.0953 0408 mnmdd - ok
22:07:34.0015 0408 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
22:07:34.0031 0408 mnmsrvc - ok
22:07:34.0078 0408 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
22:07:34.0078 0408 Modem - ok
22:07:34.0156 0408 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
22:07:34.0171 0408 MODEMCSA - ok
22:07:34.0218 0408 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:07:34.0218 0408 Mouclass - ok
22:07:34.0250 0408 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:07:34.0250 0408 mouhid - ok
22:07:34.0296 0408 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
22:07:34.0296 0408 MountMgr - ok
22:07:34.0328 0408 mraid35x - ok
22:07:34.0406 0408 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
22:07:34.0406 0408 MREMP50 - ok
22:07:34.0421 0408 MREMPR5 - ok
22:07:34.0453 0408 MRENDIS5 - ok
22:07:34.0500 0408 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
22:07:34.0500 0408 MRESP50 - ok
22:07:34.0531 0408 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:07:34.0546 0408 MRxDAV - ok
22:07:34.0625 0408 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:07:34.0640 0408 MRxSmb - ok
22:07:34.0703 0408 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
22:07:34.0703 0408 MSDTC - ok
22:07:34.0765 0408 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:07:34.0765 0408 Msfs - ok
22:07:34.0843 0408 [ 877FFD0FB093B80F5ED6BA64D7921881 ] Msikbd2k C:\WINDOWS\system32\DRIVERS\msikbd2k.sys
22:07:34.0843 0408 Msikbd2k - ok
22:07:34.0859 0408 MSIServer - ok
22:07:34.0906 0408 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:07:34.0921 0408 MSKSSRV - ok
22:07:34.0968 0408 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:07:34.0968 0408 MSPCLOCK - ok
22:07:35.0031 0408 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
22:07:35.0046 0408 MSPQM - ok
22:07:35.0093 0408 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:07:35.0093 0408 mssmbios - ok
22:07:35.0140 0408 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
22:07:35.0140 0408 MSTEE - ok
22:07:35.0218 0408 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
22:07:35.0218 0408 Mup - ok
22:07:35.0265 0408 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:07:35.0265 0408 NABTSFEC - ok
22:07:35.0359 0408 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
22:07:35.0406 0408 napagent - ok
22:07:35.0468 0408 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
22:07:35.0468 0408 NDIS - ok
22:07:35.0515 0408 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:07:35.0515 0408 NdisIP - ok
22:07:35.0578 0408 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:07:35.0578 0408 NdisTapi - ok
22:07:35.0625 0408 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:07:35.0625 0408 Ndisuio - ok
22:07:35.0671 0408 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:07:35.0671 0408 NdisWan - ok
22:07:35.0734 0408 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
22:07:35.0750 0408 NDProxy - ok
22:07:35.0781 0408 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
22:07:35.0781 0408 NetBIOS - ok
22:07:35.0843 0408 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:07:35.0843 0408 NetBT - ok
22:07:35.0921 0408 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
22:07:35.0921 0408 NetDDE - ok
22:07:35.0953 0408 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
22:07:35.0953 0408 NetDDEdsdm - ok
22:07:36.0046 0408 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\System32\lsass.exe
22:07:36.0046 0408 Netlogon - ok
22:07:36.0093 0408 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
22:07:36.0093 0408 Netman - ok
22:07:36.0171 0408 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:07:36.0187 0408 NetTcpPortSharing - ok
22:07:36.0234 0408 [ 522215532916836B9CA19EE30658F3C1 ] Nhksrv C:\WINDOWS\Nhksrv.exe
22:07:36.0625 0408 Nhksrv - ok
22:07:36.0703 0408 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
22:07:36.0718 0408 Nla - ok
22:07:36.0765 0408 [ CFE3462A9E94A57DCD9676F6B7FE7F67 ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
22:07:36.0781 0408 nmwcd - ok
22:07:36.0843 0408 [ 8F2A94F991F8C73CEC26B4B5620D1EDC ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys
22:07:36.0843 0408 nmwcdc - ok
22:07:36.0921 0408 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:07:36.0921 0408 Npfs - ok
22:07:36.0984 0408 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
22:07:37.0000 0408 Ntfs - ok
22:07:37.0046 0408 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
22:07:37.0046 0408 NtLmSsp - ok
22:07:37.0125 0408 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
22:07:37.0171 0408 NtmsSvc - ok
22:07:37.0234 0408 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
22:07:37.0234 0408 Null - ok
22:07:37.0359 0408 [ 71DBDC08DF86B80511E72953FA1AD6B0 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:07:37.0453 0408 nv - ok
22:07:37.0515 0408 [ 5ED834603C36414B579979B3A9C90F54 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
22:07:37.0531 0408 NVSvc - ok
22:07:37.0578 0408 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:07:37.0578 0408 NwlnkFlt - ok
22:07:37.0671 0408 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:07:37.0671 0408 NwlnkFwd - ok
22:07:37.0750 0408 [ C720C25B2D0C93DC425155F5B6A707F3 ] ossrv C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
22:07:37.0750 0408 ossrv - ok
22:07:37.0828 0408 [ F051107FF80F132882E71E3A5D302EC1 ] P16X C:\WINDOWS\system32\drivers\P16X.sys
22:07:37.0906 0408 P16X - ok
22:07:37.0968 0408 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
22:07:37.0968 0408 Parport - ok
22:07:38.0015 0408 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
22:07:38.0015 0408 PartMgr - ok
22:07:38.0062 0408 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
22:07:38.0062 0408 ParVdm - ok
22:07:38.0093 0408 pccsmcfd - ok
22:07:38.0140 0408 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
22:07:38.0156 0408 PCI - ok
22:07:38.0171 0408 PCIDump - ok
22:07:38.0203 0408 PCIIde - ok
22:07:38.0265 0408 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
22:07:38.0265 0408 Pcmcia - ok
22:07:38.0296 0408 PDCOMP - ok
22:07:38.0328 0408 PDFRAME - ok
22:07:38.0359 0408 PDRELI - ok
22:07:38.0406 0408 PDRFRAME - ok
22:07:38.0421 0408 perc2 - ok
22:07:38.0453 0408 perc2hib - ok
22:07:38.0578 0408 [ C8A2D6FF660AC601B7BB9A9B16A5C25E ] PfModNT C:\WINDOWS\System32\drivers\PfModNT.sys
22:07:38.0578 0408 PfModNT - ok
22:07:38.0625 0408 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
22:07:38.0625 0408 PlugPlay - ok
22:07:38.0703 0408 [ D0BE72557DE73ACABBAB536496D23115 ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys
22:07:38.0703 0408 Point32 - ok
22:07:38.0750 0408 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
22:07:38.0750 0408 PolicyAgent - ok
22:07:38.0812 0408 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:07:38.0812 0408 PptpMiniport - ok
22:07:38.0843 0408 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
22:07:38.0843 0408 Processor - ok
22:07:38.0875 0408 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:07:38.0875 0408 ProtectedStorage - ok
22:07:38.0937 0408 [ 0E2EB30605CA6ED2509D59AF6A7362B4 ] Ps2 C:\WINDOWS\system32\DRIVERS\PS2.sys
22:07:38.0937 0408 Ps2 - ok
22:07:38.0984 0408 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
22:07:38.0984 0408 PSched - ok
22:07:39.0046 0408 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:07:39.0046 0408 Ptilink - ok
22:07:39.0078 0408 ql1080 - ok
22:07:39.0109 0408 Ql10wnt - ok
22:07:39.0140 0408 ql12160 - ok
22:07:39.0187 0408 ql1240 - ok
22:07:39.0203 0408 ql1280 - ok
22:07:39.0265 0408 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:07:39.0265 0408 RasAcd - ok
22:07:39.0328 0408 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:07:39.0328 0408 RasAuto - ok
22:07:39.0390 0408 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:07:39.0390 0408 Rasl2tp - ok
22:07:39.0468 0408 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
22:07:39.0484 0408 RasMan - ok
22:07:39.0531 0408 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:07:39.0531 0408 RasPppoe - ok
22:07:39.0562 0408 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
22:07:39.0562 0408 Raspti - ok
22:07:39.0625 0408 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:07:39.0625 0408 Rdbss - ok
22:07:39.0671 0408 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:07:39.0671 0408 RDPCDD - ok
22:07:39.0718 0408 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:07:39.0765 0408 rdpdr - ok
22:07:39.0843 0408 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
22:07:39.0859 0408 RDPWD - ok
22:07:39.0937 0408 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
22:07:39.0953 0408 RDSessMgr - ok
22:07:40.0031 0408 [ 89525CC2DBAD44F7199B9CC188B3F9C5 ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
22:07:40.0031 0408 RealNetworks Downloader Resolver Service - ok
22:07:40.0078 0408 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
22:07:40.0078 0408 redbook - ok
22:07:40.0140 0408 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:07:40.0140 0408 RemoteAccess - ok
22:07:40.0218 0408 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
22:07:40.0218 0408 RemoteRegistry - ok
22:07:40.0312 0408 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
22:07:40.0328 0408 RpcLocator - ok
22:07:40.0390 0408 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
22:07:40.0390 0408 RpcSs - ok
22:07:40.0468 0408 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
22:07:40.0468 0408 RSVP - ok
22:07:40.0562 0408 [ 463B8AC0130ADF01A85DAEBF646B3DB3 ] RTLWUSB C:\WINDOWS\system32\DRIVERS\wg111v2.sys
22:07:40.0562 0408 RTLWUSB - ok
22:07:40.0593 0408 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
22:07:40.0593 0408 SamSs - ok
22:07:40.0671 0408 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
22:07:40.0671 0408 SCardSvr - ok
22:07:40.0765 0408 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:07:40.0781 0408 Schedule - ok
22:07:40.0859 0408 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:07:40.0859 0408 Secdrv - ok
22:07:40.0921 0408 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
22:07:40.0937 0408 seclogon - ok
22:07:40.0984 0408 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
22:07:40.0984 0408 SENS - ok
22:07:41.0031 0408 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
22:07:41.0031 0408 serenum - ok
22:07:41.0093 0408 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
22:07:41.0093 0408 Serial - ok
22:07:41.0171 0408 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
22:07:41.0171 0408 Sfloppy - ok
22:07:41.0265 0408 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
22:07:41.0281 0408 SharedAccess - ok
22:07:41.0328 0408 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:07:41.0328 0408 ShellHWDetection - ok
22:07:41.0359 0408 Simbad - ok
22:07:41.0406 0408 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:07:41.0406 0408 SLIP - ok
22:07:41.0468 0408 Sparrow - ok
22:07:41.0531 0408 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
22:07:41.0531 0408 splitter - ok
22:07:41.0593 0408 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
22:07:41.0593 0408 Spooler - ok
22:07:41.0640 0408 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
22:07:41.0640 0408 sr - ok
22:07:41.0703 0408 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\System32\srsvc.dll
22:07:41.0718 0408 srservice - ok
22:07:41.0812 0408 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:07:41.0828 0408 Srv - ok
22:07:41.0890 0408 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:07:41.0890 0408 SSDPSRV - ok
22:07:41.0968 0408 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
22:07:42.0031 0408 stisvc - ok
22:07:42.0093 0408 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:07:42.0093 0408 streamip - ok
22:07:42.0140 0408 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
22:07:42.0140 0408 swenum - ok
22:07:42.0187 0408 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
22:07:42.0187 0408 swmidi - ok
22:07:42.0218 0408 SwPrv - ok
22:07:42.0281 0408 symc810 - ok
22:07:42.0312 0408 symc8xx - ok
22:07:42.0343 0408 sym_hi - ok
22:07:42.0359 0408 sym_u3 - ok
22:07:42.0421 0408 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
22:07:42.0421 0408 sysaudio - ok
22:07:42.0484 0408 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
22:07:42.0484 0408 SysmonLog - ok
22:07:42.0546 0408 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:07:42.0562 0408 TapiSrv - ok
22:07:42.0640 0408 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:07:42.0671 0408 Tcpip - ok
22:07:42.0750 0408 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
22:07:42.0750 0408 TDPIPE - ok
22:07:42.0781 0408 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
22:07:42.0781 0408 TDTCP - ok
22:07:42.0828 0408 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
22:07:42.0828 0408 TermDD - ok
22:07:42.0906 0408 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
22:07:42.0953 0408 TermService - ok
22:07:43.0000 0408 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
22:07:43.0015 0408 Themes - ok
22:07:43.0062 0408 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
22:07:43.0078 0408 TlntSvr - ok
22:07:43.0109 0408 TosIde - ok
22:07:43.0171 0408 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
22:07:43.0187 0408 TrkWks - ok
22:07:43.0265 0408 [ E266683FC95ABDEC17CD378564E1B54B ] TVICHW32 C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
22:07:43.0265 0408 TVICHW32 - ok
22:07:43.0312 0408 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
22:07:43.0328 0408 Udfs - ok
22:07:43.0359 0408 ultra - ok
22:07:43.0437 0408 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
22:07:43.0453 0408 Update - ok
22:07:43.0515 0408 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
22:07:43.0531 0408 upnphost - ok
22:07:43.0609 0408 [ EC01DA44B090D2651FC032C8B9257232 ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
22:07:43.0609 0408 upperdev - ok
22:07:43.0671 0408 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
22:07:43.0671 0408 UPS - ok
22:07:43.0734 0408 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
22:07:43.0734 0408 USBAAPL - ok
22:07:43.0812 0408 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
22:07:43.0812 0408 usbaudio - ok
22:07:43.0875 0408 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:07:43.0875 0408 usbccgp - ok
22:07:43.0937 0408 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:07:43.0937 0408 usbehci - ok
22:07:44.0000 0408 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:07:44.0000 0408 usbhub - ok
22:07:44.0046 0408 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:07:44.0046 0408 usbprint - ok
22:07:44.0078 0408 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:07:44.0078 0408 usbscan - ok
22:07:44.0140 0408 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\drivers\usbser.sys
22:07:44.0140 0408 usbser - ok
22:07:44.0203 0408 [ 4ABD37CFBD710E64F01F9DA8710C73F7 ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
22:07:44.0203 0408 UsbserFilt - ok
22:07:44.0234 0408 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:07:44.0234 0408 USBSTOR - ok
22:07:44.0281 0408 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:07:44.0281 0408 usbuhci - ok
22:07:44.0328 0408 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
22:07:44.0328 0408 usbvideo - ok
22:07:44.0406 0408 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
22:07:44.0406 0408 VgaSave - ok
22:07:44.0437 0408 ViaIde - ok
22:07:44.0468 0408 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
22:07:44.0468 0408 VolSnap - ok
22:07:44.0546 0408 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
22:07:44.0562 0408 VSS - ok
22:07:44.0640 0408 [ 16409C468CEEE99B6B129FCAA5C0F206 ] vulfnths C:\WINDOWS\System32\Drivers\vulfnth.sys
22:07:44.0640 0408 vulfnths - ok
22:07:44.0687 0408 [ E76FB35E30FB885124479A4A0ACA3923 ] vulfntrs C:\WINDOWS\System32\Drivers\vulfntr.sys
22:07:44.0687 0408 vulfntrs - ok
22:07:44.0750 0408 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\System32\w32time.dll
22:07:44.0765 0408 W32Time - ok
22:07:44.0828 0408 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:07:44.0828 0408 Wanarp - ok
22:07:44.0890 0408 [ DC7F91B2ED24A738C807EA07F298928C ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
22:07:44.0890 0408 wceusbsh - ok
22:07:44.0984 0408 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
22:07:45.0000 0408 Wdf01000 - ok
22:07:45.0031 0408 WDICA - ok
22:07:45.0109 0408 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
22:07:45.0125 0408 wdmaud - ok
22:07:45.0171 0408 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
22:07:45.0171 0408 WebClient - ok
22:07:45.0265 0408 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:07:45.0281 0408 winmgmt - ok
22:07:45.0437 0408 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
22:07:45.0468 0408 WmdmPmSN - ok
22:07:45.0562 0408 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
22:07:45.0593 0408 Wmi - ok
22:07:45.0687 0408 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
22:07:45.0703 0408 WmiApSrv - ok
22:07:45.0828 0408 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
22:07:45.0859 0408 WMPNetworkSvc - ok
22:07:45.0937 0408 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
22:07:45.0937 0408 WpdUsb - ok
22:07:46.0000 0408 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:07:46.0000 0408 WS2IFSL - ok
22:07:46.0078 0408 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
22:07:46.0093 0408 wscsvc - ok
22:07:46.0156 0408 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:07:46.0156 0408 WSTCODEC - ok
22:07:46.0234 0408 [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:07:46.0234 0408 WudfPf - ok
22:07:46.0281 0408 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:07:46.0281 0408 WudfRd - ok
22:07:46.0343 0408 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
22:07:46.0343 0408 WudfSvc - ok
22:07:46.0437 0408 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
22:07:46.0468 0408 WZCSVC - ok
22:07:46.0515 0408 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
22:07:46.0515 0408 xmlprov - ok
22:07:46.0593 0408 ================ Scan global ===============================
22:07:46.0609 0408 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
22:07:46.0671 0408 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
22:07:46.0718 0408 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
22:07:46.0750 0408 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
22:07:46.0750 0408 [Global] - ok
22:07:46.0765 0408 ================ Scan MBR ==================================
22:07:46.0796 0408 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
22:07:47.0015 0408 \Device\Harddisk0\DR0 - ok
22:07:47.0062 0408 [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk1\DR2
22:07:47.0593 0408 \Device\Harddisk1\DR2 - ok
22:07:47.0593 0408 ================ Scan VBR ==================================
22:07:47.0609 0408 [ 1086596E8A679CF460806CED6B8F6DEA ] \Device\Harddisk0\DR0\Partition1
22:07:47.0609 0408 \Device\Harddisk0\DR0\Partition1 - ok
22:07:47.0625 0408 [ FBE638CB666E8ABB5DEA7F454977D62D ] \Device\Harddisk1\DR2\Partition1
22:07:47.0640 0408 \Device\Harddisk1\DR2\Partition1 - ok
22:07:47.0640 0408 ============================================================
22:07:47.0640 0408 Scan finished
22:07:47.0640 0408 ============================================================
22:07:47.0671 0432 Detected object count: 0
22:07:47.0671 0432 Actual detected object count: 0
22:08:05.0750 0392 Deinitialize success

Corrine · June 20, 2013, 01:38:08 AM

Its actually good that TDSSKiller didn't find anything, Peter. You can delete it from the computer. Unfortunately, 139d2e78.exe is a trojan downloader. Although original variants are old, in researching it, I see that there are new variants, which is likely what has infected your account.

Please follow the instructions at here for running Windows Defender Offline. You will need a writable CD or DVD or a USB stick so you can "write" (save) Windows Defender Offline to it and boot your computer from that media to scan. Note that it will be a "boot scan", which means you will start the computer with the CD/DVD or USB in the computer.

In the event that does not allow you to provide the logs, since you use AVG as your antivirus solution, please follow the instructions for running the AVG Rescue CD.

PeterJ · June 20, 2013, 01:16:50 PM

OK. I've tried booting Windows Defender from a USB stick but with no success. I'm only given 4 options to boot from: Normal, Diskette Drive, Harddisk Drive C , and IDE CD-ROM Device. And yes, I did make sure I'd downloaded the 32 bit version.

I then tried to do it from a CD. Tried many times on different CD's but the best I ver got was a screen with a blue 'windows' graphic on t, followed by the message "Your computer needs to restart. Hold down the power button. Ref 0x0000005D "

I then tried creating an AVG Rescue CD, but can't get that to boot either . Again I tried it several times on different CD's (burned using Nero). I don't even get the blue windows graphic with this one. I've wasted a whole morning it seems :(

BTW I have discovered that my wife's account does have admin rights.

I also tried re-installing DDS but I'm still not getting logs with readable text - which I notice is being created in 'AuotCAD Script'.

Pete

Corrine · June 20, 2013, 01:38:26 PM

Ok, since your wife's account has admin rights, that gives us a different avenue.

Please follow these instructions carefully.

Download ComboFix from here.

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.

Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications.

Now, please run ComboFix:

Note: If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
Double-click ComboFix.exe on your desktop and follow the prompts.
As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click "Yes" to continue scanning for malware.

When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply.

PeterJ · June 20, 2013, 03:30:40 PM

I've run CombiFix - log below.

I had to do it twice as the first time it was interrupted near the end by a message from AVG and it didn't produce a log file .

The AVG message said it had detected a threat ('REGT.EXE') and I was asked to quarantine it (or ignore it, which I didn't want to do). I think this is probably because I had disabled AVG for 15 mins so I think it may have restarted at this point, before CombiFix had finished. Combifex then sent a message to say 'REGT is not recognised', or something like that.

So I disabled AVG again and re-ran CombiFix. Log follows.

ComboFix 13-06-20.01 - All of Us 20/06/2013 16:03:38.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.674 [GMT 1:00]
Running from: c:\documents and settings\All of Us\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All of Us\Application Data\alot\Button_0\Button_0.xml
c:\documents and settings\All of Us\Application Data\alot\Button_0\Button_0.xml.backup
c:\documents and settings\All of Us\Application Data\alot\Button_1\Button_1.xml
c:\documents and settings\All of Us\Application Data\alot\Button_1\Button_1.xml.backup
c:\documents and settings\All of Us\Application Data\alot\Button_2\Button_2.xml
c:\documents and settings\All of Us\Application Data\alot\Button_2\Button_2.xml.backup
c:\documents and settings\All of Us\Application Data\alot\Button_3\Button_3.xml
c:\documents and settings\All of Us\Application Data\alot\Button_3\Button_3.xml.backup
c:\documents and settings\All of Us\Application Data\alot\Button_4\Button_4.xml
c:\documents and settings\All of Us\Application Data\alot\Button_4\Button_4.xml.backup
c:\documents and settings\All of Us\Application Data\alot\Button_5\Button_5.xml
c:\documents and settings\All of Us\Application Data\alot\Button_5\Button_5.xml.backup
c:\documents and settings\All of Us\Application Data\alot\Button_6\Button_6.xml
c:\documents and settings\All of Us\Application Data\alot\Button_6\Button_6.xml.backup
c:\documents and settings\All of Us\Application Data\alot\Button_7\Button_7.xml
c:\documents and settings\All of Us\Application Data\alot\Button_7\Button_7.xml.backup
c:\documents and settings\All of Us\Application Data\alot\configurator\configurator.xml
c:\documents and settings\All of Us\Application Data\alot\configurator\configurator.xml.backup
c:\documents and settings\All of Us\Application Data\alot\contextMenu\contextMenu.xml
c:\documents and settings\All of Us\Application Data\alot\contextMenu\contextMenu.xml.backup
c:\documents and settings\All of Us\Application Data\alot\products\products.xml
c:\documents and settings\All of Us\Application Data\alot\products\products.xml.backup
c:\documents and settings\All of Us\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html
c:\documents and settings\All of Us\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp
c:\documents and settings\All of Us\Application Data\alot\Resources\Button_0\images\alot_logo_button.png
c:\documents and settings\All of Us\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp
c:\documents and settings\All of Us\Application Data\alot\Resources\Button_1\images\alot_search_button.png
c:\documents and settings\All of Us\Application Data\alot\Resources\Button_2\images\default_1008_alot_map_widget_default.bmp
c:\documents and settings\All of Us\Application Data\alot\Resources\Button_2\images\default_1008_alot_map_widget_default.png
c:\documents and settings\All of Us\Application Data\alot\Resources\Button_3\images\default_1182_alot_map_guides.bmp
c:\documents and settings\All of Us\Application Data\alot\Resources\Button_3\images\default_1182_alot_map_guides.png
c:\documents and settings\All of Us\Application Data\alot\Resources\Button_4\images\clear.png
c:\documents and settings\All of Us\Application Data\alot\Resources\Button_4\images\cloudy.png
c:\documents and settings\All of Us\Application Data\alot\Resources\Button_4\images\default_1007_alot_weather_widget.bmp
c:\documents and settings\All of Us\Application Data\alot\Resources\Button_4\images\default_1007_alot_weather_widget.png
c:\documents and settings\All of Us\Application Data\alot\Resources\Button_4\images\mcloud.png
c:\documents and settings\All of Us\Application Data\alot\Resources\Button_4\images\nclear.png
c:\documents and settings\All of Us\Application Data\alot\Resources\Button_4\images\nmcloud.png
c:\documents and settings\All of Us\Application Data\alot\Resources\Button_4\images\pcloud.png
c:\documents and settings\All of Us\Application Data\alot\Resources\Button_4\images\rain.png
c:\documents and settings\All of Us\Application Data\alot\Resources\Button_4\images\shower.png
c:\documents and settings\All of Us\Application Data\alot\Resources\Button_5\images\default_1272_alot_map_travel.bmp
c:\documents and settings\All of Us\Application Data\alot\Resources\Button_5\images\default_1272_alot_map_travel.png
c:\documents and settings\All of Us\Application Data\alot\Resources\Button_6\images\default_1273_alot_map_guides.bmp
c:\documents and settings\All of Us\Application Data\alot\Resources\Button_6\images\default_1273_alot_map_guides.png
c:\documents and settings\All of Us\Application Data\alot\Resources\Button_7\images\default_1596_alot_mrkt_typewriter.bmp
c:\documents and settings\All of Us\Application Data\alot\Resources\Button_7\images\default_1596_alot_mrkt_typewriter.png
c:\documents and settings\All of Us\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp
c:\documents and settings\All of Us\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png
c:\documents and settings\All of Us\Application Data\alot\Resources\Shared\domains.dat
c:\documents and settings\All of Us\Application Data\alot\Resources\Shared\images\alot_brand.png
c:\documents and settings\All of Us\Application Data\alot\Resources\Shared\images\alot_splitter.png
c:\documents and settings\All of Us\Application Data\alot\Resources\Shared\images\spinner.bmp
c:\documents and settings\All of Us\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
c:\documents and settings\All of Us\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
c:\documents and settings\All of Us\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
c:\documents and settings\All of Us\Application Data\alot\Resources\Shared\images\widget_caption.bmp
c:\documents and settings\All of Us\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp
c:\documents and settings\All of Us\Application Data\alot\Resources\Shared\images\widget_error_close.bmp
c:\documents and settings\All of Us\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp
c:\documents and settings\All of Us\Application Data\alot\TimerManager\TimerManager.xml
c:\documents and settings\All of Us\Application Data\alot\TimerManager\TimerManager.xml.backup
c:\documents and settings\All of Us\Application Data\alot\toolbar.xml
c:\documents and settings\All of Us\Application Data\alot\toolbar.xml.backup
c:\documents and settings\All of Us\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
c:\documents and settings\All of Us\Application Data\alot\Updater\Updater.xml
c:\documents and settings\All of Us\Application Data\alot\Updater\Updater.xml.backup
c:\documents and settings\All of Us\GoToAssistDownloadHelper.exe
c:\documents and settings\All of Us\System\win_qs8.jqx
c:\windows\system32\c.bat
F:\Setup.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_npf
.
.
((((((((((((((((((((((((( Files Created from 2013-05-20 to 2013-06-20 )))))))))))))))))))))))))))))))
.
.
2013-06-20 14:49 . 2008-04-14 00:11   21504   -c--a-w-   c:\windows\system32\dllcache\hidserv.dll
2013-06-20 10:27 . 2008-05-02 13:25   465920   -c----w-   c:\windows\system32\dllcache\imapi2fs.dll
2013-06-20 10:27 . 2008-05-02 13:25   465920   ------w-   c:\windows\system32\imapi2fs.dll
2013-06-20 10:27 . 2008-05-02 13:25   317952   -c----w-   c:\windows\system32\dllcache\imapi2.dll
2013-06-20 10:27 . 2008-05-02 13:25   317952   ------w-   c:\windows\system32\imapi2.dll
2013-06-19 09:53 . 2013-06-19 09:53   --------   dc----w-   C:\Configuration
2013-06-18 07:46 . 2013-06-18 07:46   --------   d-----w-   c:\program files\Uniblue
2013-06-18 07:33 . 2013-06-18 07:33   --------   d-----w-   c:\windows\system32\wbem\Repository
2013-06-18 06:20 . 2013-06-18 06:20   --------   d-----w-   c:\documents and settings\All of Us\Local Settings\Application Data\Citrix
2013-05-29 20:22 . 2013-05-29 20:22   --------   d-----w-   c:\documents and settings\All of Us\SyncFolder
2013-05-29 19:59 . 2013-06-19 09:21   --------   d-----w-   c:\program files\MyPC Backup
2013-05-29 19:59 . 2013-06-18 20:48   5404880   ----a-w-   c:\documents and settings\All Users\Application Data\pclunst.exe
2013-05-29 19:59 . 2013-06-19 07:33   --------   d-----w-   c:\documents and settings\All Users\Application Data\PC1Data
2013-05-29 13:42 . 2013-05-29 19:14   --------   d-----w-   c:\program files\Webroot
2013-05-25 08:52 . 2013-05-25 08:52   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2013-05-25 08:52 . 2013-04-04 13:50   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 09:02 . 2012-12-13 15:58   692104   -c--a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-05-15 09:02 . 2011-06-04 07:33   71048   -c--a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-16 22:17 . 2004-01-08 15:23   920064   ----a-w-   c:\windows\system32\wininet.dll
2013-04-16 22:17 . 2001-08-23 12:00   43520   ------w-   c:\windows\system32\licmgr10.dll
2013-04-16 22:17 . 2001-08-23 12:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2013-04-12 23:28 . 2004-08-04 05:59   385024   ------w-   c:\windows\system32\html.iec
2013-04-11 02:18 . 2010-09-07 02:49   302368   -c--a-w-   c:\windows\system32\drivers\avgtdix.sys
2013-04-10 01:31 . 2001-08-23 12:00   1876352   ----a-w-   c:\windows\system32\win32k.sys
2013-04-02 07:58 . 2003-03-18 22:14   499712   -c--a-w-   c:\windows\system32\msvcp71.dll
2013-04-02 07:58 . 2003-02-21 04:42   348160   -c--a-w-   c:\windows\system32\msvcr71.dll
2007-12-24 08:03 . 2007-12-24 08:03   2293848   -c--a-w-   c:\program files\FLV PlayerFCSetup.exe
2007-10-13 22:44 . 2007-10-13 22:44   55088   -c--a-w-   c:\program files\MFInstall.exe
2007-02-13 07:01 . 2007-02-13 07:01   5727280   -c--a-w-   c:\program files\Firefox Setup 2.0.0.1.exe
2006-06-26 19:36 . 2006-06-26 19:36   3963304   -c--a-w-   c:\program files\MSASYNC.EXE
2005-10-15 07:38 . 2005-10-15 07:38   9624128   -c--a-w-   c:\program files\NapsterSetup-GB-3.1.1.8.exe
2005-06-26 22:22 . 2005-06-26 22:22   761344   -c--a-w-   c:\program files\ESS4CLEAR.exe
2005-01-21 00:53 . 2005-12-25 13:17   45056   -c----r-   c:\program files\SetAttrib.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\documents and settings\All of Us\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2012-05-19 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 461584]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WG111v2 Smart Wizard Wireless Setting.lnk - c:\program files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2007-2-10 745472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideShutdownScripts"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-10-07 22:05   16680   ----a-w-   c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ     autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Documents and Settings\\All of Us\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\BearShare Applications\\MediaBar\\Datamngr\\ToolBar\\dtUser.exe"=
"c:\\Program Files\\iMesh Applications\\MediaBar\\Datamngr\\ToolBar\\dtUser.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 04:50 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 03:48 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 03:48 250080]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07/09/2010 03:49 302368]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [02/11/2012 04:51 5174392]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14/02/2012 04:53 193288]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/02/2007 14:18 66048]
R2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [24/02/2005 10:43 28672]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 13:32 142176]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23/12/2011 13:32 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 13:32 17232]
R3 Msikbd2k;DellTouch;c:\windows\system32\drivers\Msikbd2k.sys [24/02/2005 10:43 6942]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [25/05/2013 09:52 22856]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [10/02/2007 14:18 167808]
S4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [25/05/2013 09:52 418376]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [25/05/2013 09:52 701512]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [06/03/2013 02:21 39056]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://login.live.com/login.srf?id=2&vv=700&lc=1033
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: bbc.co.uk\www
Trusted Zone: hotmail.com\www
Trusted Zone: tiscali.co.uk\www
TCP: DhcpNameServer = 192.168.0.1
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKU-Default-Run-NTSF MICROSOFT SYSTEM - fylez.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-20 16:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(908)
c:\program files\Citrix\GoToAssist\570\G2AWinLogon.dll
.
- - - - - - - > 'explorer.exe'(2884)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-06-20 16:17:16
ComboFix-quarantined-files.txt 2013-06-20 15:17
.
Pre-Run: 8,145,833,984 bytes free
Post-Run: 8,117,256,192 bytes free
.
- - End Of File - - 46F4E9DD3EAD14ACB4B93CB47D3F2411
8F558EB6672622401DA993E1E865C861

Corrine · June 20, 2013, 05:07:06 PM

Is there any change to your user account?

That log does not show any signs of the 139d2378.exe file. However, seeing the file association for .scr set to AutoCADScriptFile is a likely explanation as to why you had problems with DDS.scr. Please try the alternate version from here as the additional information will be helpful.

PeterJ · June 20, 2013, 07:01:13 PM

Here's dds.txt. Do you want Attach as well?

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by All of Us at 19:53:29 on 2013-06-20
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.490 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Documents and Settings\All of Us\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://login.live.com/login.srf?id=2&vv=700&lc=1033
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll
BHO: EWPBrowseObject Class: {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - c:\program files\canon\easy-webprint\Toolband.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [Spotify Web Helper] "c:\documents and settings\all of us\application data\spotify\data\SpotifyWebHelper.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wg111v~1.lnk - c:\program files\netgear\wg111v2 configuration utility\RtlWake.exe
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-System: HideShutdownScripts = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{942D3D83-9953-4E89-B7F4-CD01E1AD0915} : DHCPNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: ShellHook Class - {88485281-8b4b-4f8d-9ede-82e29a064277} - c:\program files\markany\contentsafer\MACSMANAGER.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 250080]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 302368]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-2-10 66048]
R2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [2005-2-24 28672]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 142176]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 Msikbd2k;DellTouch;c:\windows\system32\drivers\Msikbd2k.sys [2005-2-24 6942]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-11-2 5174392]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-5-25 22856]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2007-2-10 167808]
S4 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-5-25 418376]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-5-25 701512]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-3-6 39056]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile="c:\windows\notepad.exe" "%1"
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office10\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2013-06-20 14:49:33   21504   -c--a-w-   c:\windows\system32\dllcache\hidserv.dll
2013-06-20 14:34:31   --------   dcsha-r-   C:\cmdcons
2013-06-20 14:32:34   98816   ----a-w-   c:\windows\sed.exe
2013-06-20 14:32:34   256000   ----a-w-   c:\windows\PEV.exe
2013-06-20 14:32:34   208896   ----a-w-   c:\windows\MBR.exe
2013-06-20 10:27:16   465920   -c----w-   c:\windows\system32\dllcache\imapi2fs.dll
2013-06-20 10:27:16   465920   ------w-   c:\windows\system32\imapi2fs.dll
2013-06-20 10:27:16   317952   -c----w-   c:\windows\system32\dllcache\imapi2.dll
2013-06-20 10:27:16   317952   ------w-   c:\windows\system32\imapi2.dll
2013-06-19 09:53:26   --------   dc----w-   C:\Configuration
2013-06-18 07:46:55   --------   d-----w-   c:\program files\Uniblue
2013-06-18 07:33:27   --------   d-----w-   c:\windows\system32\wbem\repository\FS
2013-06-18 07:33:26   --------   d-----w-   c:\windows\system32\wbem\Repository
2013-06-18 06:20:22   --------   d-----w-   c:\documents and settings\all of us\local settings\application data\Citrix
2013-05-29 20:22:46   --------   d-----w-   c:\documents and settings\all of us\SyncFolder
2013-05-29 19:59:55   --------   d-----w-   c:\program files\MyPC Backup
2013-05-29 19:59:03   5404880   ----a-w-   c:\documents and settings\all users\application data\pclunst.exe
2013-05-29 19:59:00   --------   d-----w-   c:\documents and settings\all users\application data\PC1Data
2013-05-29 13:42:36   --------   d-----w-   c:\program files\Webroot
2013-05-25 08:52:41   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-05-25 08:52:41   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2013-05-15 09:02:31   71048   -c--a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 09:02:31   692104   -c--a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-04-16 22:17:15   920064   ----a-w-   c:\windows\system32\wininet.dll
2013-04-16 22:17:14   43520   ------w-   c:\windows\system32\licmgr10.dll
2013-04-16 22:17:14   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2013-04-12 23:28:55   385024   ------w-   c:\windows\system32\html.iec
2013-04-11 02:18:40   302368   -c--a-w-   c:\windows\system32\drivers\avgtdix.sys
2013-04-10 01:31:19   1876352   ----a-w-   c:\windows\system32\win32k.sys
2013-04-02 07:58:42   499712   -c--a-w-   c:\windows\system32\msvcp71.dll
2013-04-02 07:58:42   348160   -c--a-w-   c:\windows\system32\msvcr71.dll
2007-12-24 08:03:22   2293848   -c--a-w-   c:\program files\FLV PlayerFCSetup.exe
2007-10-13 22:44:21   55088   -c--a-w-   c:\program files\MFInstall.exe
2007-02-13 07:01:55   5727280   -c--a-w-   c:\program files\Firefox Setup 2.0.0.1.exe
2006-06-26 19:36:08   3963304   -c--a-w-   c:\program files\MSASYNC.EXE
2005-10-15 07:38:31   9624128   -c--a-w-   c:\program files\NapsterSetup-GB-3.1.1.8.exe
2005-06-26 22:22:57   761344   -c--a-w-   c:\program files\ESS4CLEAR.exe
2005-01-21 00:53:22   45056   -c----r-   c:\program files\SetAttrib.exe
.
============= FINISH: 19:55:42.95 ===============

Corrine · June 20, 2013, 08:26:24 PM

Yes, please copy/paste Attach.txt.

Was DDS run from your account or your wife's account?

PeterJ · June 20, 2013, 08:59:16 PM

Soory, I forgot say that no, I still can't get into my account. I'm still using my wife's ...

.

DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 23/02/2005 17:15:29
System Uptime: 20/06/2013 19:45:51 (0 hours ago)
.
Motherboard: Dell Computer Corp. | |
Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz | Microprocessor | 2651/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 7.55 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 466 GiB total, 451.3 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: C-DillaCdaC11BA
Device ID: ROOT\LEGACY_C-DILLACDAC11BA\0000
Manufacturer:
Name: C-DillaCdaC11BA
PNP Device ID: ROOT\LEGACY_C-DILLACDAC11BA\0000
Service:
.
==== System Restore Points ===================
.
RP1791: 27/03/2013 07:45:49 - System Checkpoint
RP1792: 28/03/2013 08:37:35 - System Checkpoint
RP1793: 04/04/2013 08:54:06 - System Checkpoint
RP1794: 10/04/2013 10:40:19 - System Checkpoint
RP1795: 10/04/2013 16:25:47 - Software Distribution Service 3.0
RP1796: 12/04/2013 15:24:11 - System Checkpoint
RP1797: 15/04/2013 14:43:02 - System Checkpoint
RP1798: 17/04/2013 09:39:34 - System Checkpoint
RP1799: 20/04/2013 10:58:39 - System Checkpoint
RP1800: 21/04/2013 23:07:54 - System Checkpoint
RP1801: 23/04/2013 09:45:17 - System Checkpoint
RP1802: 25/04/2013 22:26:06 - System Checkpoint
RP1803: 29/04/2013 09:34:59 - System Checkpoint
RP1804: 02/05/2013 09:41:47 - System Checkpoint
RP1805: 03/05/2013 08:31:01 - Printer Driver CUSTPDF Writer Installed
RP1806: 03/05/2013 11:52:19 - Removed greenstreet Publisher 4 Home Edition
RP1807: 05/05/2013 18:20:11 - System Checkpoint
RP1808: 07/05/2013 20:22:55 - System Checkpoint
RP1809: 08/05/2013 20:50:32 - System Checkpoint
RP1810: 15/05/2013 06:26:05 - System Checkpoint
RP1811: 15/05/2013 15:52:54 - Software Distribution Service 3.0
RP1812: 18/05/2013 08:49:55 - System Checkpoint
RP1813: 20/05/2013 15:02:47 - System Checkpoint
RP1814: 24/05/2013 10:54:07 - System Checkpoint
RP1815: 30/05/2013 12:58:50 - System Checkpoint
RP1816: 03/06/2013 15:02:45 - System Checkpoint
RP1817: 17/06/2013 11:40:23 - System Checkpoint
RP1818: 18/06/2013 08:32:35 - Restore Operation
RP1819: 18/06/2013 08:50:01 - Restore Operation
RP1820: 19/06/2013 09:13:34 - System Checkpoint
RP1821: 20/06/2013 10:46:22 - Removed Windows Media Player Firefox Plugin
RP1822: 20/06/2013 11:31:16 - Installed Windows XP KB932716-v2.
.
==== Installed Programs ======================
.
4oD
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop 6.0
Adobe Reader X (10.1.7)
Adobe Shockwave Player 11
Adobe SVG Viewer
Ahead Nero Burning ROM
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaImpression 2
AVG 2012
AVS Screen Capture version 2.0.1
AVS Update Manager 1.0
AVS Video Editor 6
AVS Video Recorder 2.5
AVS4YOU Software Navigator 1.4
BCM V.92 56K Modem
BearShare
BT Broadband Desktop Help
BT Broadband Support Tools
Canon MP Navigator EX 1.2
Canon MP160 User Registration
Canon MP190 series MP Drivers
Canon MP190 series User Registration
Canon Utilities CameraWindow DC 8
Canon Utilities ImageBrowser EX
Canon Utilities My Printer
Canon Utilities PhotoStitch
Canon Utilities Solution Menu
Citrix Web Client
Compatibility Pack for the 2007 Office system
CyberTweak Version 1.3 Final
Dan Elwell's Broadband Speed Test
Easy-WebPrint
ecobutton
EmoDio
FinePix Studio
FinePixViewer Resource
FinePixViewer Ver.5.5
Free PDF to Word Doc Converter v1.1
Google Earth Plug-in
Google Update Helper
GoToAssist Corporate
greenstreet Publisher 4 Home Edition
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB932716-v2)
Intel(R) PRO Ethernet Adapter and Software
iTunes
Java Auto Updater
Java(TM) 6 Update 24
Juniper Networks, Inc. Setup Client Activex Control
Logitech Webcam Software
Logitech Webcam Software Driver Package
Malwarebytes Anti-Malware version 1.75.0.1300
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 5.5
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Project 2000
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nokia Connectivity Cable Driver
Nokia Ovi Suite
NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers
OGA Notifier 2.0.0048.0
OLYMPUS CAMEDIA Master 4.2
Ovi Desktop Sync Engine
OviMPlatform
PC Pitstop Optimize 1.0v
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
ScanSoft OmniPage SE 4.0
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Segoe UI
SmartFTP Client
Sound Blaster Live!
Spotify
Uniblue DriverScanner
Uniblue PowerSuite
Uniblue RegistryBooster
Uniblue SpeedUpMyPC
Uninstall Startup Inspector
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB971029)
WebFldrs XP
WG111v2 Configuration Utility
Wincore MediaBar
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinZip
.
==== Event Viewer Messages From Past Week ========
.
20/06/2013 15:53:17, error: Service Control Manager [7023] - The Help and Support service terminated with the following error: The specified module could not be found.
20/06/2013 15:31:49, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
20/06/2013 10:19:23, error: Print [19] - Sharing printer failed + 1722, Printer Canon MP190 series Printer share name Canon MP190 series Printer.
19/06/2013 14:56:12, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL
19/06/2013 14:56:12, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
19/06/2013 14:56:12, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
19/06/2013 14:55:51, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
18/06/2013 09:08:31, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
18/06/2013 08:00:45, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 Fips intelppm
18/06/2013 08:00:25, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
18/06/2013 06:38:59, error: Service Control Manager [7001] - The Fast User Switching Compatibility service depends on the Terminal Services service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
18/06/2013 06:38:59, error: Service Control Manager [7000] - The General Purpose USB Driver (adildr.sys) service failed to start due to the following error: The system cannot find the file specified.
17/06/2013 19:46:46, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
16/06/2013 10:54:07, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
.
==== End Of File ===========================

Corrine · June 20, 2013, 10:59:08 PM

Thank you, Peter.

Below is a list of programs to be uninstalled, with a brief explanation why:

Bearshare is a P2P program. With P2P file sharing, what means do you have of identifying or authenticating the source of the download? In addition, a file can be distributed among many hosts, and peers will provide for download the sections that they have already downloaded. This results in the distinct possibility of a distribution method in which malicious bits are mixed with with good files.
Java has had critical security updates and will need to be updated if it is really needed. At this point, let's just uninstall the old version.
I hope you haven't run Uniblue or PC Pitstop Optimize as programs of this nature tend to do more harm than good and tend to damage the registry.

Please uninstall:

BearShare
Java(TM) 6 Update 24
PC Pitstop Optimize 1.0v
Uniblue DriverScanner
Uniblue PowerSuite
Uniblue RegistryBooster
Uniblue SpeedUpMyPC

We'll get to Adobe Reader later. First, let's take a look at a different set of logs. After removing the above, restart the computer and please download the 32-bit version of Farbar Recovery Scan Tool and save it to your desktop.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

PeterJ · June 21, 2013, 08:25:55 AM

Thanks.

I have uninstalled Bearshare (which I haven't used for a couple of years) but it still appears in my Add or Remove programs list.

I have uninstalled PC Pitstop Optimize

I can't uninstall Java (TM) 6 Update 24. I get a message to say 'Windows Installer Service cannot be accessed'.

I tried to uninstall all the Uniblue programs but for each of them I get a message to say ' \(program name)\unins000.msg is missing. Cannot uninstall ' Except for Powersuite for which the message reads '\PowerSuite\unins0000.dat does not exist.'

One other thing: For many years I've been unable to remove the program called greenstreet Publisher 4 Home Edition.

Corrine · June 21, 2013, 09:45:39 PM

Hi, Peter.

Please use JavaRa to remove Java. Use the "Remove JRE" option. It is available from here: http://singularlabs.com/software/javara/ Since most people do not need Java these days, we'll get back to whether or not you need to install the current version later. My goal here is to get the vulnerable/potentially dangerous programs off your computer.

Let's see if we can take care of those files with ComboFix. Be patient if it takes a bit to process them.

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK). Copy/Paste all of the text present inside the code box below:

Code Select


Folder::
c:\program files\greenstreet Publisher 4 Home Edition
c:\program files\Uniblue DriverScanner
c:\program files\Uniblue PowerSuite
c:\program files\Uniblue RegistryBooster
c:\program files\Uniblue SpeedUpMyPC

Save this as CFScript.txt and place it on your desktop.
Close any open browsers.
Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

After that, please follow the instructions above for Farbar's Recovery Scan Tool.

PeterJ · June 22, 2013, 07:33:20 AM

OK here's the lates ComboFix log...

ComboFix 13-06-22.01 - All of Us 22/06/2013 8:12.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.638 [GMT 1:00]
Running from: c:\documents and settings\All of Us\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\All of Us\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2013-05-22 to 2013-06-22 )))))))))))))))))))))))))))))))
.
.
2013-06-21 07:28 . 2013-06-21 07:28   --------   d-----w-   c:\documents and settings\All of Us\Local Settings\Application Data\PackageAware
2013-06-20 14:49 . 2008-04-14 00:11   21504   -c--a-w-   c:\windows\system32\dllcache\hidserv.dll
2013-06-20 10:27 . 2008-05-02 13:25   465920   -c----w-   c:\windows\system32\dllcache\imapi2fs.dll
2013-06-20 10:27 . 2008-05-02 13:25   465920   ------w-   c:\windows\system32\imapi2fs.dll
2013-06-20 10:27 . 2008-05-02 13:25   317952   -c----w-   c:\windows\system32\dllcache\imapi2.dll
2013-06-20 10:27 . 2008-05-02 13:25   317952   ------w-   c:\windows\system32\imapi2.dll
2013-06-19 09:53 . 2013-06-19 09:53   --------   dc----w-   C:\Configuration
2013-06-18 07:46 . 2013-06-18 07:46   --------   d-----w-   c:\program files\Uniblue
2013-06-18 07:33 . 2013-06-18 07:33   --------   d-----w-   c:\windows\system32\wbem\Repository
2013-06-18 06:20 . 2013-06-18 06:20   --------   d-----w-   c:\documents and settings\All of Us\Local Settings\Application Data\Citrix
2013-05-29 20:22 . 2013-05-29 20:22   --------   d-----w-   c:\documents and settings\All of Us\SyncFolder
2013-05-29 19:59 . 2013-06-19 09:21   --------   d-----w-   c:\program files\MyPC Backup
2013-05-29 19:59 . 2013-06-18 20:48   5404880   ----a-w-   c:\documents and settings\All Users\Application Data\pclunst.exe
2013-05-29 19:59 . 2013-06-19 07:33   --------   d-----w-   c:\documents and settings\All Users\Application Data\PC1Data
2013-05-29 13:42 . 2013-05-29 19:14   --------   d-----w-   c:\program files\Webroot
2013-05-25 08:52 . 2013-05-25 08:52   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2013-05-25 08:52 . 2013-04-04 13:50   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 09:02 . 2012-12-13 15:58   692104   -c--a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-05-15 09:02 . 2011-06-04 07:33   71048   -c--a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-07 22:30 . 2004-01-08 15:23   920064   ----a-w-   c:\windows\system32\wininet.dll
2013-05-07 22:30 . 2001-08-23 12:00   43520   ------w-   c:\windows\system32\licmgr10.dll
2013-05-07 22:30 . 2001-08-23 12:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2013-05-07 21:53 . 2004-08-04 05:59   385024   ------w-   c:\windows\system32\html.iec
2013-05-03 01:26 . 2001-08-23 12:00   2193536   ----a-w-   c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2001-08-17 13:48   2070144   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2013-04-11 02:18 . 2010-09-07 02:49   302368   -c--a-w-   c:\windows\system32\drivers\avgtdix.sys
2013-04-10 01:31 . 2001-08-23 12:00   1876352   ----a-w-   c:\windows\system32\win32k.sys
2013-04-02 07:58 . 2003-03-18 22:14   499712   -c--a-w-   c:\windows\system32\msvcp71.dll
2013-04-02 07:58 . 2003-02-21 04:42   348160   -c--a-w-   c:\windows\system32\msvcr71.dll
2007-12-24 08:03 . 2007-12-24 08:03   2293848   -c--a-w-   c:\program files\FLV PlayerFCSetup.exe
2007-10-13 22:44 . 2007-10-13 22:44   55088   -c--a-w-   c:\program files\MFInstall.exe
2007-02-13 07:01 . 2007-02-13 07:01   5727280   -c--a-w-   c:\program files\Firefox Setup 2.0.0.1.exe
2006-06-26 19:36 . 2006-06-26 19:36   3963304   -c--a-w-   c:\program files\MSASYNC.EXE
2005-10-15 07:38 . 2005-10-15 07:38   9624128   -c--a-w-   c:\program files\NapsterSetup-GB-3.1.1.8.exe
2005-06-26 22:22 . 2005-06-26 22:22   761344   -c--a-w-   c:\program files\ESS4CLEAR.exe
2005-01-21 00:53 . 2005-12-25 13:17   45056   -c----r-   c:\program files\SetAttrib.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\documents and settings\All of Us\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2012-05-19 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 461584]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WG111v2 Smart Wizard Wireless Setting.lnk - c:\program files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2007-2-10 745472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideShutdownScripts"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ     autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Documents and Settings\\All of Us\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\BearShare Applications\\MediaBar\\Datamngr\\ToolBar\\dtUser.exe"=
"c:\\Program Files\\iMesh Applications\\MediaBar\\Datamngr\\ToolBar\\dtUser.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 04:50 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 03:48 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 03:48 250080]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07/09/2010 03:49 302368]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [02/11/2012 04:51 5174392]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14/02/2012 04:53 193288]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/02/2007 14:18 66048]
R2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [24/02/2005 10:43 28672]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 13:32 142176]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23/12/2011 13:32 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 13:32 17232]
R3 Msikbd2k;DellTouch;c:\windows\system32\drivers\Msikbd2k.sys [24/02/2005 10:43 6942]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [25/05/2013 09:52 22856]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [10/02/2007 14:18 167808]
S4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [25/05/2013 09:52 418376]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [25/05/2013 09:52 701512]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [06/03/2013 02:21 39056]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://login.live.com/login.srf?id=2&vv=700&lc=1033
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: bbc.co.uk\www
Trusted Zone: hotmail.com\www
Trusted Zone: tiscali.co.uk\www
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-22 08:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3212)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-06-22 08:26:02
ComboFix-quarantined-files.txt 2013-06-22 07:25
ComboFix2.txt 2013-06-22 07:00
ComboFix3.txt 2013-06-20 15:17
.
Pre-Run: 7,921,274,880 bytes free
Post-Run: 7,927,902,208 bytes free
.
- - End Of File - - E1AF95C4B1E1864C7D5694859C97AFDC
8F558EB6672622401DA993E1E865C861