Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

TR/Agent.ae.86 [Solved]

Started by fairway76 , Jun 21 2012 04:16 AM

  • This topic is locked This topic is locked

#1
fairway76
Posted 21 June 2012 - 04:16 AM

fairway76

    Member

  • Member
  • PipPip
  • 17 posts
Hi,

My computer has Avira antivirus installed and I run updates and a scan everyday. About ten minutes ago it kept flashing up saying that it had found the TR/Agent.ae.86 virus and whether I wanted to quarantine it, which I did. It then told me to re-start my computer, which I did.

Now when it loads up it saya that the Avira Realtime protection is stopped and I can't start it again (it just takes me to the help section if I click on it) and also that I have Windows Security Alerts that automatic update is turned off (which I can't start again)

Help would be very much appreciated. I have posted the OTL Log below:

OTL logfile created on: 21/06/2012 11:02:12 - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Documents and Settings\Administrator\Desktop\Virus Removal
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.93 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 72.17% Memory free
3.78 Gb Paging File | 3.33 Gb Available in Paging File | 88.19% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 207.72 Gb Free Space | 89.20% Space Free | Partition Type: NTFS

Computer Name: NRCOMP | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/21 10:42:58 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\Virus Removal\OTL.exe
PRC - [2012/06/21 10:21:22 | 003,905,408 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/05/08 09:15:07 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/08 09:15:07 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/08 09:15:07 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/11/14 12:02:04 | 000,435,672 | ---- | M] (TomTom) -- C:\Program Files\MyTomTom 3\MyTomTomSA.exe
PRC - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2009/03/10 23:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/08/01 09:47:20 | 000,053,248 | ---- | M] (HP) -- C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
PRC - [2008/07/19 11:40:58 | 002,054,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2008/07/19 11:40:54 | 000,773,144 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
PRC - [2008/07/19 11:40:52 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/07 16:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2007/11/28 02:42:14 | 000,185,896 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2007/11/28 02:42:12 | 000,093,736 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2007/11/28 02:40:42 | 000,298,536 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2003/11/20 20:01:08 | 000,525,824 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Compaq\SetRefresh\SetRefresh.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 09:25:07 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/14 09:24:58 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/14 09:24:56 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\7a53d68ad544f8e9edfdbd5a90a48fd3\System.Deployment.ni.dll
MOD - [2012/05/14 10:07:58 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012/05/14 09:08:54 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/14 09:08:23 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a644ec04e18202b60f9d828bc207972b\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2012/05/14 09:07:48 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/14 09:07:43 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/14 09:07:40 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/14 09:07:31 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/05/08 09:15:07 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/11/14 12:02:08 | 000,202,712 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterProxy.dll
MOD - [2011/11/14 12:02:06 | 000,063,960 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterBase.dll
MOD - [2011/11/14 12:01:52 | 007,964,160 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtGui4.dll
MOD - [2011/11/14 12:01:52 | 002,648,064 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtXmlPatterns4.dll
MOD - [2011/11/14 12:01:52 | 002,302,464 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtCore4.dll
MOD - [2011/11/14 12:01:52 | 000,980,480 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtNetwork4.dll
MOD - [2011/11/14 12:01:52 | 000,357,888 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtXml4.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2008/08/01 09:47:02 | 000,102,400 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\HPFaxUtilities.dll
MOD - [2008/08/01 09:47:00 | 000,552,960 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\Alerts.dll
MOD - [2008/08/01 09:46:36 | 000,593,920 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\HPAppTools.dll
MOD - [2008/08/01 09:46:30 | 000,126,976 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\HPToolkit.dll
MOD - [2008/08/01 09:46:30 | 000,069,632 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\AppConstants.dll
MOD - [2008/08/01 09:46:30 | 000,040,960 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\Enumeration.dll
MOD - [2008/08/01 09:46:28 | 000,016,384 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\HPStreamsInterface.dll
MOD - [2008/08/01 09:46:26 | 000,069,632 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\HPTools.dll
MOD - [2008/07/31 14:37:06 | 000,086,016 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\NativeUtils.dll
MOD - [2007/11/28 02:41:06 | 000,114,688 | ---- | M] () -- C:\WINDOWS\system32\aicext.dll
MOD - [2007/08/14 14:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 14:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 14:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Installer\{E2372732-9C10-DE05-ABA7-D4C88B895BCD}\syshost.exe /service -- (syshost32)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/05/08 09:15:07 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/08 09:15:07 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2008/07/19 11:40:58 | 002,054,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel®
SRV - [2008/07/19 11:40:52 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel®
SRV - [2008/04/08 18:12:50 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/04/07 16:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007/11/28 02:42:14 | 000,185,896 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/05/08 09:15:07 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/08 09:15:07 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/19 17:56:50 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/06/17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/07/19 11:40:46 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2008/06/05 12:58:18 | 000,144,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel®
DRV - [2008/05/24 01:54:38 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2008/03/28 11:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2007/12/18 10:46:34 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2004/08/04 01:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/04 01:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/04 01:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/04 01:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/04 01:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/04 01:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/04 01:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/04 01:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/04 01:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/04 01:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/04 01:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/04 01:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/04 01:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/04 01:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/04 01:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {D4D58EDE-06B9-48AC-BA74-C6927E571AF4}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{D4D58EDE-06B9-48AC-BA74-C6927E571AF4}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{F981DF2B-2701-4506-9C0A-4E9B6C1F727A}: "URL" = http://slirsredirect...hpcmdtie7-en-gb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\SearchScopes,DefaultScope = {D4D58EDE-06B9-48AC-BA74-C6927E571AF4}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{D4D58EDE-06B9-48AC-BA74-C6927E571AF4}: "URL" = http://www.google.co...GGHP_en-GBGB438
IE - HKCU\..\SearchScopes\{F981DF2B-2701-4506-9C0A-4E9B6C1F727A}: "URL" = http://slirsredirect...hpcmdtie7-en-gb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)


[2011/07/07 14:21:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/07/07 14:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\nmbn4uc1.default\extensions
[2011/07/07 14:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\nmbn4uc1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/07 14:22:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\nmbn4uc1.default\extensions\staged-xpis

O1 HOSTS File: ([2011/11/22 10:35:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-GB\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1260466450515 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1271949628296 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 195.97.231.31
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3375EADC-D658-4213-A3A1-15C68035A72B}: DhcpNameServer = 208.67.222.222 195.97.231.31
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8435D69D-C618-4C62-8C0C-6BD45B3DF1F6}: DhcpNameServer = 192.168.10.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\ackpbsc: DllName - (C:\WINDOWS\system32\ackpbsc.dll) - C:\WINDOWS\system32\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - (C:\Program Files\ActivIdentity\ActivClient\acunlock.dll) - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========


========== Files - Modified Within 30 Days ==========

[2012/06/21 11:02:26 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/21 11:00:40 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/21 11:00:40 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2012/06/21 11:00:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/21 11:00:27 | 2073,288,704 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/21 10:56:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/21 10:29:23 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/21 10:08:03 | 000,065,408 | ---- | M] () -- C:\WINDOWS\System32\drivers\5cb9c23ab71a924a.sys
[2012/06/21 09:50:43 | 000,001,772 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Default.rdp
[2012/06/14 11:23:28 | 000,375,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/14 09:24:09 | 000,466,160 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/14 09:24:09 | 000,079,920 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/14 09:20:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2012/06/21 10:08:03 | 000,065,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\5cb9c23ab71a924a.sys
[2012/02/16 10:15:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/21 16:22:01 | 000,183,183 | ---- | C] () -- C:\WINDOWS\hppins11.dat.temp
[2011/11/21 16:22:01 | 000,006,091 | ---- | C] () -- C:\WINDOWS\hppmdl11.dat.temp
[2011/07/11 12:23:08 | 000,000,608 | -HS- | C] () -- C:\WINDOWS\System32\winzvprt5.sys
[2011/07/11 12:20:48 | 000,015,104 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbscan.sys
[2011/07/11 12:19:36 | 000,000,665 | R--- | C] () -- C:\WINDOWS\System32\hppapr11.dat
[2011/07/11 12:19:25 | 000,000,177 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2011/07/11 12:19:07 | 000,000,717 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2011/07/11 12:17:34 | 000,032,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2011/07/11 12:17:25 | 000,025,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbprint.sys
[2011/07/11 12:15:01 | 000,174,128 | ---- | C] () -- C:\WINDOWS\hppins11.dat
[2011/07/11 12:15:01 | 000,006,091 | ---- | C] () -- C:\WINDOWS\hppmdl11.dat
[2011/07/07 14:21:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

========== LOP Check ==========

[2009/06/23 10:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2012/04/12 15:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2011/11/15 12:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/11/15 13:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\INFECTED
[2011/11/15 13:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LOGFILES
[2011/11/15 13:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\REPORTS
[2009/03/26 16:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2012/06/21 11:00:40 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



< End of report >

And here is the Extras Log:

OTL Extras logfile created on: 21/06/2012 11:02:12 - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Documents and Settings\Administrator\Desktop\Virus Removal
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.93 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 72.17% Memory free
3.78 Gb Paging File | 3.33 Gb Available in Paging File | 88.19% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 207.72 Gb Free Space | 89.20% Space Free | Partition Type: NTFS

Computer Name: NRCOMP | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" = C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\HP Color LaserJet CM1312 MFP Series\hppfaxnc2.exe" = C:\Program Files\HP\HP Color LaserJet CM1312 MFP Series\hppfaxnc2.exe:*:Enabled:HP Networked Printer Installer -- (Hewlett-Packard Co.)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{22E4CA5B-3829-4C61-9A9C-E4729C96C133}" = hppscanCM1312
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 29
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3865D924-89FD-4D9B-A276-5938A397FFC4}" = hppFaxUtilityCM1312
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4D106AEC-ED45-4F6E-BD99-C88C8E75857F}" = hppManualsCM1312
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{545C0721-295B-498B-B306-FBAFE01FC319}" = hppSendFaxCM1312
"{583EDB12-4CEA-48B5-A7BA-88069DD47BA2}" = hppQFolderCM1312
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6D70B0D8-63D0-4D88-A0DF-97818C4595B1}" = hppCLJCM1312
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75DEC63E-92C6-403C-ABDF-8AEFEC61C704}" = hppFaxDrvCM1312
"{766D1E50-816B-417A-B8F7-3BC0B4A1913D}" = hppPQVideoCM1312
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{8A6BB58D-82A9-4FC7-B65F-A4EA87A4C138}" = Microsoft Online Services Sign-in Assistant
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8EEDB90E-6ABC-42bb-AD4C-39DEE05E3EEA}" = HP Color LaserJet CM1312 MFP Series 3.1
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSSUB_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSSUB_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Office Subscription (English) 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91140000-011D-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus Subscription 2010
"{91140000-011D-0000-0000-0000000FF1CE}_Office14.PROPLUSSUB_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A651EC5E-A4FB-4AA6-B542-3F7ECB08D119}" = hppScanToCM1312
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B95350D0-DA64-468E-9DD0-308C78409538}" = hppTLBXFXCM1312
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel® Network Connections 13.1.33.0
"{E92BCB17-FD2B-4AE3-882D-7C91B382AA66}" = hpzTLBXFX
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F7F7FE98-9D77-449B-A4EB-6F527AD1CCB4}" = hppusgCM1312
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AOL Toolbar" = AOL Toolbar 5.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"HDMI" = Intel® Graphics Media Accelerator Driver
"HECI" = Intel® Management Engine Interface
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MESOL" = Intel® Active Management Technology
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MyTomTom" = MyTomTom 3.1.0.530
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office14.PROPLUSSUB" = Microsoft Office Professional Plus 2010
"PDF Complete" = PDF Complete
"Shop for HP Supplies" = Shop for HP Supplies
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 18/06/2012 04:08:43 | Computer Name = NRCOMP | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.6.1, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

Error - 19/06/2012 05:49:55 | Computer Name = NRCOMP | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.6.1, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

Error - 19/06/2012 12:20:09 | Computer Name = NRCOMP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module shockwave 3d asset.x32, version 11.6.3.633, fault address 0x000e8b5f.

Error - 20/06/2012 04:21:35 | Computer Name = NRCOMP | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.6.1, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

Error - 21/06/2012 04:27:46 | Computer Name = NRCOMP | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.6.1, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

Error - 21/06/2012 05:16:34 | Computer Name = NRCOMP | Source = Avira Antivirus | ID = 4122
Description = Unable to load file AVGDLL_Init(avgntflt). Returned error code: 0xffffffff

Error - 21/06/2012 05:18:25 | Computer Name = NRCOMP | Source = Avira Antivirus | ID = 4122
Description = Unable to load file AVGDLL_Init(avgntflt). Returned error code: 0xffffffff

Error - 21/06/2012 05:21:32 | Computer Name = NRCOMP | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.6.1, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

Error - 21/06/2012 06:00:46 | Computer Name = NRCOMP | Source = Avira Antivirus | ID = 4122
Description = Unable to load file AVGDLL_Init(avgntflt). Returned error code: 0xffffffff

Error - 21/06/2012 06:05:44 | Computer Name = NRCOMP | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.6.1, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

[ System Events ]
Error - 21/06/2012 05:18:16 | Computer Name = NRCOMP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ssmdrv

Error - 21/06/2012 05:18:34 | Computer Name = NRCOMP | Source = Service Control Manager | ID = 7024
Description = The Avira Realtime Protection service terminated with service-specific
error 307 (0x133).

Error - 21/06/2012 05:28:17 | Computer Name = NRCOMP | Source = Service Control Manager | ID = 7000
Description = The MBAMSwissArmy service failed to start due to the following error:
%%31

Error - 21/06/2012 05:29:31 | Computer Name = NRCOMP | Source = Service Control Manager | ID = 7000
Description = The MBAMSwissArmy service failed to start due to the following error:
%%31

Error - 21/06/2012 05:29:46 | Computer Name = NRCOMP | Source = Service Control Manager | ID = 7000
Description = The MBAMSwissArmy service failed to start due to the following error:
%%31

Error - 21/06/2012 05:29:56 | Computer Name = NRCOMP | Source = Service Control Manager | ID = 7000
Description = The MBAMSwissArmy service failed to start due to the following error:
%%31

Error - 21/06/2012 06:00:46 | Computer Name = NRCOMP | Source = Service Control Manager | ID = 7000
Description = The avgntflt service failed to start due to the following error: %%31

Error - 21/06/2012 06:01:04 | Computer Name = NRCOMP | Source = Service Control Manager | ID = 7024
Description = The Avira Realtime Protection service terminated with service-specific
error 307 (0x133).

Error - 21/06/2012 06:02:25 | Computer Name = NRCOMP | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 21/06/2012 06:02:25 | Computer Name = NRCOMP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ssmdrv


< End of report >

Thanks for your help in advance!


Nick
  • 0

Advertisements

#2
Essexboy
Posted 21 June 2012 - 11:46 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi I will need to look a little deeper before I start in earnest

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Installer\{E2372732-9C10-DE05-ABA7-D4C88B895BCD}\syshost.exe /service -- (syshost32)
    O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.

    :Files
    ipconfig /flushdns /c
    C:\WINDOWS\Installer\{E2372732-9C10-DE05-ABA7-D4C88B895BCD}

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


THEN

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
fairway76
Posted 22 June 2012 - 02:24 AM

fairway76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi Essexboy,

Thanks very much for your reply and help.

I have done as you instructed and here are the two Logs.

First the OTL Log:

OTL logfile created on: 22/06/2012 09:10:27 - Run 2
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Documents and Settings\Administrator\Desktop\Virus Removal
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.93 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 70.62% Memory free
3.78 Gb Paging File | 3.31 Gb Available in Paging File | 87.54% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 209.14 Gb Free Space | 89.80% Space Free | Partition Type: NTFS

Computer Name: NRCOMP | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/21 10:42:58 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\Virus Removal\OTL.exe
PRC - [2012/06/21 10:21:22 | 003,905,408 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/05/08 09:15:07 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/08 09:15:07 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/11/14 12:02:04 | 000,435,672 | ---- | M] (TomTom) -- C:\Program Files\MyTomTom 3\MyTomTomSA.exe
PRC - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2008/08/01 09:47:20 | 000,053,248 | ---- | M] (HP) -- C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
PRC - [2008/07/19 11:40:58 | 002,054,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2008/07/19 11:40:54 | 000,773,144 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
PRC - [2008/07/19 11:40:52 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/07 16:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2007/11/28 02:42:14 | 000,185,896 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2007/11/28 02:42:12 | 000,093,736 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2007/11/28 02:40:42 | 000,298,536 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/22 09:10:19 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/06/22 09:10:19 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/06/14 09:25:07 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/14 09:24:58 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/14 09:24:56 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\7a53d68ad544f8e9edfdbd5a90a48fd3\System.Deployment.ni.dll
MOD - [2012/05/14 10:07:58 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012/05/14 09:08:54 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/14 09:08:23 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a644ec04e18202b60f9d828bc207972b\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2012/05/14 09:07:48 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/14 09:07:43 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/14 09:07:40 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/14 09:07:31 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/05/08 09:15:07 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/11/21 11:03:27 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/11/14 12:02:08 | 000,202,712 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterProxy.dll
MOD - [2011/11/14 12:02:06 | 000,063,960 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterBase.dll
MOD - [2011/11/14 12:01:52 | 007,964,160 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtGui4.dll
MOD - [2011/11/14 12:01:52 | 002,648,064 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtXmlPatterns4.dll
MOD - [2011/11/14 12:01:52 | 002,302,464 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtCore4.dll
MOD - [2011/11/14 12:01:52 | 000,980,480 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtNetwork4.dll
MOD - [2011/11/14 12:01:52 | 000,357,888 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtXml4.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2008/08/01 09:47:02 | 000,102,400 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\HPFaxUtilities.dll
MOD - [2008/08/01 09:47:00 | 000,552,960 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\Alerts.dll
MOD - [2008/08/01 09:46:36 | 000,593,920 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\HPAppTools.dll
MOD - [2008/08/01 09:46:30 | 000,126,976 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\HPToolkit.dll
MOD - [2008/08/01 09:46:30 | 000,069,632 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\AppConstants.dll
MOD - [2008/08/01 09:46:30 | 000,040,960 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\Enumeration.dll
MOD - [2008/08/01 09:46:28 | 000,016,384 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\HPStreamsInterface.dll
MOD - [2008/08/01 09:46:26 | 000,069,632 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\HPTools.dll
MOD - [2008/07/31 14:37:06 | 000,086,016 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\NativeUtils.dll
MOD - [2007/11/28 02:41:06 | 000,114,688 | ---- | M] () -- C:\WINDOWS\system32\aicext.dll
MOD - [2007/08/14 14:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 14:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 14:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/05/08 09:15:07 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/08 09:15:07 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2008/07/19 11:40:58 | 002,054,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel®
SRV - [2008/07/19 11:40:52 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel®
SRV - [2008/04/08 18:12:50 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/04/07 16:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007/11/28 02:42:14 | 000,185,896 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/05/08 09:15:07 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/08 09:15:07 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/19 17:56:50 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/06/17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/07/19 11:40:46 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2008/06/05 12:58:18 | 000,144,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel®
DRV - [2008/05/24 01:54:38 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2008/03/28 11:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2007/12/18 10:46:34 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2004/08/04 01:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/04 01:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/04 01:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/04 01:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/04 01:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/04 01:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/04 01:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/04 01:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/04 01:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/04 01:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/04 01:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/04 01:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/04 01:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/04 01:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/04 01:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {D4D58EDE-06B9-48AC-BA74-C6927E571AF4}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{D4D58EDE-06B9-48AC-BA74-C6927E571AF4}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{F981DF2B-2701-4506-9C0A-4E9B6C1F727A}: "URL" = http://slirsredirect...hpcmdtie7-en-gb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\SearchScopes,DefaultScope = {D4D58EDE-06B9-48AC-BA74-C6927E571AF4}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{D4D58EDE-06B9-48AC-BA74-C6927E571AF4}: "URL" = http://www.google.co...GGHP_en-GBGB438
IE - HKCU\..\SearchScopes\{F981DF2B-2701-4506-9C0A-4E9B6C1F727A}: "URL" = http://slirsredirect...hpcmdtie7-en-gb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)


[2011/07/07 14:21:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/07/07 14:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\nmbn4uc1.default\extensions
[2011/07/07 14:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\nmbn4uc1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/07 14:22:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\nmbn4uc1.default\extensions\staged-xpis

O1 HOSTS File: ([2012/06/22 08:59:57 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-GB\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1260466450515 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1271949628296 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 195.97.231.31
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3375EADC-D658-4213-A3A1-15C68035A72B}: DhcpNameServer = 208.67.222.222 195.97.231.31
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8435D69D-C618-4C62-8C0C-6BD45B3DF1F6}: DhcpNameServer = 192.168.10.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\ackpbsc: DllName - (C:\WINDOWS\system32\ackpbsc.dll) - C:\WINDOWS\system32\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - (C:\Program Files\ActivIdentity\ActivClient\acunlock.dll) - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/22 08:59:55 | 000,000,000 | ---D | C] -- C:\_OTL

========== Files - Modified Within 30 Days ==========

[2012/06/22 09:10:14 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/22 09:08:40 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/22 09:08:40 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2012/06/22 09:08:27 | 2073,288,704 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/22 09:08:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/22 08:59:57 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/06/22 08:56:16 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/21 17:18:10 | 000,001,772 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Default.rdp
[2012/06/21 10:29:23 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/21 10:08:03 | 000,065,408 | ---- | M] () -- C:\WINDOWS\System32\drivers\5cb9c23ab71a924a.sys
[2012/06/14 11:23:28 | 000,375,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/14 09:24:09 | 000,466,160 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/14 09:24:09 | 000,079,920 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/14 09:20:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2012/06/21 10:08:03 | 000,065,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\5cb9c23ab71a924a.sys
[2012/02/16 10:15:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/21 16:22:01 | 000,183,183 | ---- | C] () -- C:\WINDOWS\hppins11.dat.temp
[2011/11/21 16:22:01 | 000,006,091 | ---- | C] () -- C:\WINDOWS\hppmdl11.dat.temp
[2011/07/11 12:23:08 | 000,000,608 | -HS- | C] () -- C:\WINDOWS\System32\winzvprt5.sys
[2011/07/11 12:20:48 | 000,015,104 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbscan.sys
[2011/07/11 12:19:36 | 000,000,665 | R--- | C] () -- C:\WINDOWS\System32\hppapr11.dat
[2011/07/11 12:19:25 | 000,000,177 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2011/07/11 12:19:07 | 000,000,717 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2011/07/11 12:17:34 | 000,032,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2011/07/11 12:17:25 | 000,025,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbprint.sys
[2011/07/11 12:15:01 | 000,174,128 | ---- | C] () -- C:\WINDOWS\hppins11.dat
[2011/07/11 12:15:01 | 000,006,091 | ---- | C] () -- C:\WINDOWS\hppmdl11.dat
[2011/07/07 14:21:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

========== LOP Check ==========

[2009/06/23 10:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2012/04/12 15:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2011/11/15 12:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/11/15 13:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\INFECTED
[2011/11/15 13:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LOGFILES
[2011/11/15 13:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\REPORTS
[2009/03/26 16:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2012/06/22 09:08:40 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



< End of report >


Now the aswMBR Log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-22 09:20:58
-----------------------------
09:20:58.390 OS Version: Windows 5.1.2600 Service Pack 3
09:20:58.390 Number of processors: 2 586 0x170A
09:20:58.390 ComputerName: NRCOMP UserName:
09:20:58.406 Initialze error C0000001 - driver not loaded
09:21:02.531 AVAST engine defs: 12062101
09:21:11.828 Service scanning
09:21:12.531 Modules scanning
09:21:12.531 Disk 0 trace - called modules:
09:21:12.531
09:21:12.531 AVAST engine scan C:\WINDOWS
09:21:12.546 AVAST engine scan C:\WINDOWS\system32
09:21:12.562 AVAST engine scan C:\WINDOWS\system32\drivers
09:21:12.562 AVAST engine scan C:\Documents and Settings\Administrator
09:21:12.578 AVAST engine scan C:\Documents and Settings\All Users
09:21:12.578 Scan finished successfully
09:21:27.390 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\Virus Removal\aswMBR.txt"


Cheers
  • 0

#4
Essexboy
Posted 22 June 2012 - 06:41 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Not happy with the aswMBR result

On completion could you let me know whether Avira now works

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.
  • 0

#5
fairway76
Posted 22 June 2012 - 07:24 AM

fairway76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi Essexboy,

Avira still doesn't start although it now comes up saying "start pending" but stops before it completes.

I installed and run the TDSSKiller (when I ran it to load up it got to 40% and then said it failed to load driver but I could click continue and it opened up and allowed me to scan).

After the scan it gave me options to remove to quarantine, delete or skip. I chose skip. It found 6 threats, please see the log below:

14:25:19.0421 3328 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
14:25:19.0531 3328 ============================================================
14:25:19.0531 3328 Current date / time: 2012/06/22 14:25:19.0531
14:25:19.0531 3328 SystemInfo:
14:25:19.0531 3328
14:25:19.0531 3328 OS Version: 5.1.2600 ServicePack: 3.0
14:25:19.0531 3328 Product type: Workstation
14:25:19.0531 3328 ComputerName: NRCOMP
14:25:19.0531 3328 UserName: Administrator
14:25:19.0531 3328 Windows directory: C:\WINDOWS
14:25:19.0531 3328 System windows directory: C:\WINDOWS
14:25:19.0531 3328 Processor architecture: Intel x86
14:25:19.0531 3328 Number of processors: 2
14:25:19.0531 3328 Page size: 0x1000
14:25:19.0531 3328 Boot type: Normal boot
14:25:19.0531 3328 ============================================================
14:25:23.0031 3328 !crdlk
14:25:23.0046 3328 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
14:25:23.0062 3328 ============================================================
14:25:23.0062 3328 \Device\Harddisk0\DR0:
14:25:23.0062 3328 MBR partitions:
14:25:23.0062 3328 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
14:25:23.0062 3328 ============================================================
14:25:23.0093 3328 C: <-> \Device\Harddisk0\DR0\Partition0
14:25:23.0093 3328 ============================================================
14:25:23.0093 3328 Initialize success
14:25:23.0093 3328 ============================================================
14:25:30.0046 1724 ============================================================
14:25:30.0046 1724 Scan started
14:25:30.0046 1724 Mode: Manual; SigCheck; TDLFS;
14:25:30.0046 1724 ============================================================
14:25:30.0421 1724 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
14:25:30.0609 1724 !SASCORE - ok
14:25:30.0656 1724 Suspicious service (NoAccess): 5cb9c23ab71a924a
14:25:30.0812 1724 5cb9c23ab71a924a (3bfb192a5263b16f2dd8c10c4fc3b4d3) C:\WINDOWS\System32\Drivers\5cb9c23ab71a924a.sys
14:25:30.0812 1724 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\5cb9c23ab71a924a.sys. md5: 3bfb192a5263b16f2dd8c10c4fc3b4d3
14:25:30.0859 1724 5cb9c23ab71a924a ( LockedService.Multi.Generic ) - warning
14:25:30.0859 1724 5cb9c23ab71a924a - detected LockedService.Multi.Generic (1)
14:25:30.0859 1724 Abiosdsk - ok
14:25:30.0875 1724 abp480n5 - ok
14:25:30.0921 1724 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
14:25:32.0093 1724 ac97intc - ok
14:25:32.0171 1724 accoca (2e20d1a28d6b7759b0431ae6bfae788f) C:\Program Files\ActivIdentity\ActivClient\accoca.exe
14:25:32.0203 1724 accoca - ok
14:25:32.0250 1724 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:25:32.0421 1724 ACPI - ok
14:25:32.0468 1724 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:25:32.0546 1724 ACPIEC - ok
14:25:32.0578 1724 ADIHdAudAddService (d220921b28944d157efb92db1150d0e3) C:\WINDOWS\system32\drivers\ADIHdAud.sys
14:25:32.0625 1724 ADIHdAudAddService - ok
14:25:32.0687 1724 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
14:25:32.0765 1724 adpu160m - ok
14:25:32.0843 1724 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys
14:25:32.0859 1724 AEAudio - ok
14:25:32.0875 1724 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:25:32.0968 1724 aec - ok
14:25:33.0015 1724 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:25:33.0078 1724 AFD - ok
14:25:33.0093 1724 Aha154x - ok
14:25:33.0156 1724 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
14:25:33.0265 1724 aic78u2 - ok
14:25:33.0281 1724 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
14:25:33.0375 1724 aic78xx - ok
14:25:33.0406 1724 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
14:25:33.0531 1724 Alerter - ok
14:25:33.0562 1724 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
14:25:33.0593 1724 ALG - ok
14:25:33.0609 1724 AliIde - ok
14:25:33.0625 1724 amsint - ok
14:25:33.0703 1724 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files\Avira\AntiVir Desktop\sched.exe
14:25:33.0734 1724 AntiVirSchedulerService - ok
14:25:33.0765 1724 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
14:25:33.0765 1724 AntiVirService - ok
14:25:33.0828 1724 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
14:25:33.0875 1724 AppMgmt - ok
14:25:33.0890 1724 asc - ok
14:25:33.0890 1724 asc3350p - ok
14:25:33.0906 1724 asc3550 - ok
14:25:34.0015 1724 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:25:34.0062 1724 aspnet_state - ok
14:25:34.0140 1724 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:25:34.0281 1724 AsyncMac - ok
14:25:34.0296 1724 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:25:34.0375 1724 atapi - ok
14:25:34.0390 1724 Atdisk - ok
14:25:34.0406 1724 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:25:34.0484 1724 Atmarpc - ok
14:25:34.0562 1724 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
14:25:34.0640 1724 AudioSrv - ok
14:25:34.0687 1724 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:25:34.0750 1724 audstub - ok
14:25:34.0796 1724 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
14:25:34.0812 1724 avgntflt - ok
14:25:34.0843 1724 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
14:25:34.0843 1724 avipbb - ok
14:25:34.0859 1724 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
14:25:34.0875 1724 avkmgr - ok
14:25:34.0890 1724 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:25:34.0968 1724 Beep - ok
14:25:35.0031 1724 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
14:25:35.0140 1724 BITS - ok
14:25:35.0218 1724 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
14:25:35.0296 1724 Browser - ok
14:25:35.0312 1724 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:25:35.0406 1724 cbidf2k - ok
14:25:35.0406 1724 cd20xrnt - ok
14:25:35.0453 1724 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:25:35.0531 1724 Cdaudio - ok
14:25:35.0578 1724 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:25:35.0671 1724 Cdfs - ok
14:25:35.0703 1724 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:25:35.0812 1724 Cdrom - ok
14:25:35.0828 1724 Changer - ok
14:25:35.0859 1724 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
14:25:35.0953 1724 CiSvc - ok
14:25:36.0000 1724 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
14:25:36.0093 1724 ClipSrv - ok
14:25:36.0187 1724 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:25:36.0218 1724 clr_optimization_v2.0.50727_32 - ok
14:25:36.0250 1724 CmdIde - ok
14:25:36.0265 1724 COMSysApp - ok
14:25:36.0281 1724 Cpqarray - ok
14:25:36.0328 1724 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
14:25:36.0437 1724 CryptSvc - ok
14:25:36.0453 1724 dac2w2k - ok
14:25:36.0453 1724 dac960nt - ok
14:25:36.0500 1724 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
14:25:36.0609 1724 DcomLaunch - ok
14:25:36.0687 1724 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
14:25:36.0796 1724 Dhcp - ok
14:25:36.0828 1724 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:25:36.0921 1724 Disk - ok
14:25:36.0937 1724 dmadmin - ok
14:25:36.0968 1724 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:25:37.0156 1724 dmboot - ok
14:25:37.0171 1724 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:25:37.0250 1724 dmio - ok
14:25:37.0281 1724 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:25:37.0359 1724 dmload - ok
14:25:37.0406 1724 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
14:25:37.0484 1724 dmserver - ok
14:25:37.0515 1724 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:25:37.0593 1724 DMusic - ok
14:25:37.0640 1724 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
14:25:37.0671 1724 Dnscache - ok
14:25:37.0750 1724 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
14:25:37.0828 1724 Dot3svc - ok
14:25:37.0859 1724 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
14:25:37.0937 1724 dpti2o - ok
14:25:37.0953 1724 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:25:38.0031 1724 drmkaud - ok
14:25:38.0078 1724 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:25:38.0156 1724 E100B - ok
14:25:38.0218 1724 e1kexpress (d60759140694150360bbefd9cab7c920) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
14:25:38.0218 1724 e1kexpress - ok
14:25:38.0265 1724 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
14:25:38.0375 1724 EapHost - ok
14:25:38.0421 1724 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
14:25:38.0531 1724 ERSvc - ok
14:25:38.0578 1724 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:25:38.0625 1724 Eventlog - ok
14:25:38.0687 1724 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
14:25:38.0703 1724 EventSystem - ok
14:25:38.0750 1724 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:25:38.0859 1724 Fastfat - ok
14:25:38.0906 1724 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:25:38.0953 1724 FastUserSwitchingCompatibility - ok
14:25:38.0984 1724 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:25:39.0078 1724 Fdc - ok
14:25:39.0109 1724 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:25:39.0187 1724 Fips - ok
14:25:39.0203 1724 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:25:39.0281 1724 Flpydisk - ok
14:25:39.0312 1724 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:25:39.0390 1724 FltMgr - ok
14:25:39.0515 1724 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:25:39.0515 1724 FontCache3.0.0.0 - ok
14:25:39.0593 1724 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:25:39.0671 1724 Fs_Rec - ok
14:25:39.0703 1724 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:25:39.0781 1724 Ftdisk - ok
14:25:39.0812 1724 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:25:39.0875 1724 Gpc - ok
14:25:40.0000 1724 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:25:40.0015 1724 gupdate - ok
14:25:40.0031 1724 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:25:40.0046 1724 gupdatem - ok
14:25:40.0062 1724 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:25:40.0093 1724 gusvc - ok
14:25:40.0109 1724 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:25:40.0265 1724 HDAudBus - ok
14:25:40.0312 1724 HECI (e4a123ad734a3731d29ebd3a01b3e535) C:\WINDOWS\system32\DRIVERS\HECI.sys
14:25:40.0343 1724 HECI - ok
14:25:40.0437 1724 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:25:40.0515 1724 helpsvc - ok
14:25:40.0531 1724 HidServ - ok
14:25:40.0562 1724 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:25:40.0640 1724 HidUsb - ok
14:25:40.0687 1724 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
14:25:40.0781 1724 hkmsvc - ok
14:25:40.0796 1724 hpn - ok
14:25:40.0890 1724 hpqcxs08 (f50f7984fdd151edd8a70a8dbd9e2a44) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
14:25:40.0921 1724 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
14:25:40.0921 1724 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
14:25:40.0937 1724 hpqddsvc (df446ba625cc441617843e87798ce048) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
14:25:40.0953 1724 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
14:25:40.0953 1724 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
14:25:41.0000 1724 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:25:41.0031 1724 HTTP - ok
14:25:41.0078 1724 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
14:25:41.0187 1724 HTTPFilter - ok
14:25:41.0203 1724 i2omgmt - ok
14:25:41.0218 1724 i2omp - ok
14:25:41.0250 1724 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:25:41.0390 1724 i8042prt - ok
14:25:41.0437 1724 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
14:25:41.0578 1724 i81x - ok
14:25:41.0640 1724 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
14:25:41.0796 1724 iAimFP0 - ok
14:25:41.0812 1724 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
14:25:41.0968 1724 iAimFP1 - ok
14:25:41.0968 1724 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
14:25:42.0046 1724 iAimFP2 - ok
14:25:42.0062 1724 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
14:25:42.0140 1724 iAimFP3 - ok
14:25:42.0140 1724 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
14:25:42.0234 1724 iAimFP4 - ok
14:25:42.0250 1724 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
14:25:42.0343 1724 iAimFP5 - ok
14:25:42.0359 1724 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
14:25:42.0437 1724 iAimFP6 - ok
14:25:42.0437 1724 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
14:25:42.0531 1724 iAimFP7 - ok
14:25:42.0562 1724 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
14:25:42.0625 1724 iAimTV0 - ok
14:25:42.0640 1724 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
14:25:42.0718 1724 iAimTV1 - ok
14:25:42.0734 1724 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
14:25:42.0796 1724 iAimTV3 - ok
14:25:42.0812 1724 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
14:25:42.0890 1724 iAimTV4 - ok
14:25:42.0906 1724 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
14:25:42.0968 1724 iAimTV5 - ok
14:25:42.0984 1724 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
14:25:43.0062 1724 iAimTV6 - ok
14:25:43.0250 1724 ialm (00cd8ece5983c6175a78230653ffdbf1) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
14:25:43.0406 1724 ialm - ok
14:25:43.0546 1724 iaStor (707c1692214b1c290271067197f075f6) C:\WINDOWS\system32\DRIVERS\iaStor.sys
14:25:43.0562 1724 iaStor - ok
14:25:43.0734 1724 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:25:43.0812 1724 idsvc - ok
14:25:43.0890 1724 IFXTPM (91c5e9f49f32110ced27e2f902fad607) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
14:25:43.0937 1724 IFXTPM - ok
14:25:44.0000 1724 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:25:44.0156 1724 Imapi - ok
14:25:44.0203 1724 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
14:25:44.0265 1724 ImapiService - ok
14:25:44.0281 1724 ini910u - ok
14:25:44.0343 1724 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:25:44.0421 1724 IntelIde - ok
14:25:44.0484 1724 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:25:44.0546 1724 intelppm - ok
14:25:44.0578 1724 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:25:44.0656 1724 Ip6Fw - ok
14:25:44.0671 1724 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:25:44.0750 1724 IpFilterDriver - ok
14:25:44.0765 1724 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:25:44.0843 1724 IpInIp - ok
14:25:44.0875 1724 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:25:44.0953 1724 IpNat - ok
14:25:44.0968 1724 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:25:45.0046 1724 IPSec - ok
14:25:45.0078 1724 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:25:45.0125 1724 IRENUM - ok
14:25:45.0156 1724 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:25:45.0234 1724 isapnp - ok
14:25:45.0312 1724 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
14:25:45.0328 1724 IviRegMgr - ok
14:25:45.0437 1724 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
14:25:45.0453 1724 JavaQuickStarterService - ok
14:25:45.0468 1724 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:25:45.0546 1724 Kbdclass - ok
14:25:45.0578 1724 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:25:45.0656 1724 kmixer - ok
14:25:45.0703 1724 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:25:45.0750 1724 KSecDD - ok
14:25:45.0796 1724 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
14:25:45.0828 1724 lanmanserver - ok
14:25:45.0906 1724 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
14:25:45.0937 1724 lanmanworkstation - ok
14:25:45.0953 1724 lbrtfdc - ok
14:25:46.0046 1724 LightScribeService (abf90fc5a127f481219b873c1b8dfc1c) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
14:25:46.0062 1724 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
14:25:46.0062 1724 LightScribeService - detected UnsignedFile.Multi.Generic (1)
14:25:46.0109 1724 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
14:25:46.0250 1724 LmHosts - ok
14:25:46.0328 1724 LMS (c53421d74cf583f430fa78473ba4f9f1) C:\Program Files\Intel\AMT\LMS.exe
14:25:46.0343 1724 LMS - ok
14:25:46.0390 1724 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
14:25:46.0546 1724 Messenger - ok
14:25:46.0656 1724 Microsoft SharePoint Workspace Audit Service - ok
14:25:46.0703 1724 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:25:46.0843 1724 mnmdd - ok
14:25:46.0875 1724 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
14:25:46.0968 1724 mnmsrvc - ok
14:25:47.0000 1724 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:25:47.0078 1724 Modem - ok
14:25:47.0093 1724 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:25:47.0171 1724 Mouclass - ok
14:25:47.0218 1724 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:25:47.0312 1724 mouhid - ok
14:25:47.0328 1724 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:25:47.0406 1724 MountMgr - ok
14:25:47.0421 1724 mraid35x - ok
14:25:47.0437 1724 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:25:47.0515 1724 MRxDAV - ok
14:25:47.0546 1724 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:25:47.0593 1724 MRxSmb - ok
14:25:47.0656 1724 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
14:25:47.0734 1724 MSDTC - ok
14:25:47.0796 1724 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:25:47.0875 1724 Msfs - ok
14:25:47.0890 1724 MSIServer - ok
14:25:47.0906 1724 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:25:48.0015 1724 MSKSSRV - ok
14:25:48.0171 1724 msoidsvc (49aab9d55319db55a7d36167656d412a) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
14:25:48.0234 1724 msoidsvc - ok
14:25:48.0390 1724 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:25:48.0500 1724 MSPCLOCK - ok
14:25:48.0562 1724 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:25:48.0718 1724 MSPQM - ok
14:25:48.0734 1724 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:25:48.0890 1724 mssmbios - ok
14:25:48.0937 1724 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:25:48.0953 1724 Mup - ok
14:25:49.0015 1724 NAL (03ca886ba148b6b9996be1368ddc3fc0) C:\WINDOWS\system32\Drivers\iqvw32.sys
14:25:49.0015 1724 NAL - ok
14:25:49.0078 1724 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
14:25:49.0171 1724 napagent - ok
14:25:49.0218 1724 NDIS (8716356e49a665bdc7b114725b60a456) C:\WINDOWS\system32\drivers\NDIS.sys
14:25:49.0250 1724 NDIS - ok
14:25:49.0296 1724 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:25:49.0312 1724 NdisTapi - ok
14:25:49.0359 1724 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:25:49.0437 1724 Ndisuio - ok
14:25:49.0500 1724 NdisWan (5526cfebb619f7f763bd6a2e1b618078) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:25:49.0515 1724 NdisWan - ok
14:25:49.0593 1724 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:25:49.0640 1724 NDProxy - ok
14:25:49.0718 1724 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll
14:25:49.0734 1724 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:25:49.0734 1724 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:25:49.0750 1724 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:25:49.0890 1724 NetBIOS - ok
14:25:49.0937 1724 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:25:50.0062 1724 NetBT - ok
14:25:50.0109 1724 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:25:50.0187 1724 NetDDE - ok
14:25:50.0203 1724 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:25:50.0265 1724 NetDDEdsdm - ok
14:25:50.0312 1724 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:25:50.0375 1724 Netlogon - ok
14:25:50.0421 1724 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
14:25:50.0500 1724 Netman - ok
14:25:50.0656 1724 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:25:50.0671 1724 NetTcpPortSharing - ok
14:25:50.0734 1724 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
14:25:50.0750 1724 Nla - ok
14:25:50.0781 1724 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:25:50.0859 1724 Npfs - ok
14:25:50.0906 1724 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:25:51.0015 1724 Ntfs - ok
14:25:51.0015 1724 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:25:51.0109 1724 NtLmSsp - ok
14:25:51.0171 1724 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
14:25:51.0281 1724 NtmsSvc - ok
14:25:51.0312 1724 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:25:51.0406 1724 Null - ok
14:25:51.0437 1724 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:25:51.0546 1724 NwlnkFlt - ok
14:25:51.0578 1724 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:25:51.0671 1724 NwlnkFwd - ok
14:25:51.0765 1724 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:25:51.0781 1724 ose - ok
14:25:51.0984 1724 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:25:52.0171 1724 osppsvc - ok
14:25:52.0343 1724 osubsvc (cb4440b56fd4993b4e8ccdb39baa23e6) C:\Program Files\Common Files\Microsoft Shared\OFFICE14\osa.exe
14:25:52.0375 1724 osubsvc - ok
14:25:52.0546 1724 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
14:25:52.0703 1724 P3 - ok
14:25:52.0750 1724 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:25:52.0828 1724 Parport - ok
14:25:52.0890 1724 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:25:52.0953 1724 PartMgr - ok
14:25:52.0984 1724 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:25:53.0062 1724 ParVdm - ok
14:25:53.0078 1724 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:25:53.0156 1724 PCI - ok
14:25:53.0171 1724 PCIDump - ok
14:25:53.0218 1724 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:25:53.0281 1724 PCIIde - ok
14:25:53.0296 1724 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:25:53.0390 1724 Pcmcia - ok
14:25:53.0390 1724 PDCOMP - ok
14:25:53.0437 1724 pdfcDispatcher - ok
14:25:53.0453 1724 PDFRAME - ok
14:25:53.0468 1724 PDRELI - ok
14:25:53.0484 1724 PDRFRAME - ok
14:25:53.0500 1724 perc2 - ok
14:25:53.0515 1724 perc2hib - ok
14:25:53.0562 1724 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:25:53.0578 1724 PlugPlay - ok
14:25:53.0640 1724 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll
14:25:53.0656 1724 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:25:53.0656 1724 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:25:53.0703 1724 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:25:53.0765 1724 PolicyAgent - ok
14:25:53.0812 1724 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:25:53.0890 1724 PptpMiniport - ok
14:25:53.0890 1724 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:25:53.0968 1724 ProtectedStorage - ok
14:25:53.0968 1724 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:25:54.0062 1724 PSched - ok
14:25:54.0078 1724 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:25:54.0156 1724 Ptilink - ok
14:25:54.0203 1724 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:25:54.0203 1724 PxHelp20 - ok
14:25:54.0234 1724 ql1080 - ok
14:25:54.0234 1724 Ql10wnt - ok
14:25:54.0250 1724 ql12160 - ok
14:25:54.0265 1724 ql1240 - ok
14:25:54.0265 1724 ql1280 - ok
14:25:54.0312 1724 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:25:54.0390 1724 RasAcd - ok
14:25:54.0421 1724 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
14:25:54.0515 1724 RasAuto - ok
14:25:54.0531 1724 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:25:54.0609 1724 Rasl2tp - ok
14:25:54.0671 1724 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
14:25:54.0750 1724 RasMan - ok
14:25:54.0750 1724 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:25:54.0828 1724 RasPppoe - ok
14:25:54.0859 1724 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:25:54.0937 1724 Raspti - ok
14:25:54.0968 1724 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:25:55.0046 1724 Rdbss - ok
14:25:55.0062 1724 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:25:55.0125 1724 RDPCDD - ok
14:25:55.0187 1724 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:25:55.0250 1724 rdpdr - ok
14:25:55.0296 1724 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
14:25:55.0359 1724 RDPWD - ok
14:25:55.0406 1724 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
14:25:55.0468 1724 RDSessMgr - ok
14:25:55.0515 1724 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:25:55.0593 1724 redbook - ok
14:25:55.0656 1724 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
14:25:55.0718 1724 RemoteAccess - ok
14:25:55.0781 1724 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
14:25:55.0859 1724 RemoteRegistry - ok
14:25:56.0046 1724 RoxMediaDB10 (5c13017fc008f8492d03143634a479ce) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
14:25:56.0093 1724 RoxMediaDB10 - ok
14:25:56.0156 1724 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
14:25:56.0250 1724 RpcLocator - ok
14:25:56.0328 1724 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
14:25:56.0343 1724 RpcSs - ok
14:25:56.0390 1724 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
14:25:56.0531 1724 RSVP - ok
14:25:56.0578 1724 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:25:56.0640 1724 SamSs - ok
14:25:56.0765 1724 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:25:56.0765 1724 SASDIFSV - ok
14:25:56.0781 1724 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
14:25:56.0781 1724 SASKUTIL - ok
14:25:56.0828 1724 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
14:25:56.0906 1724 SCardSvr - ok
14:25:56.0984 1724 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
14:25:57.0062 1724 Schedule - ok
14:25:57.0156 1724 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:25:57.0218 1724 Secdrv - ok
14:25:57.0281 1724 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
14:25:57.0406 1724 seclogon - ok
14:25:57.0421 1724 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
14:25:57.0500 1724 SENS - ok
14:25:57.0546 1724 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:25:57.0609 1724 serenum - ok
14:25:57.0625 1724 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:25:57.0703 1724 Serial - ok
14:25:57.0765 1724 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys
14:25:57.0781 1724 SFAUDIO - ok
14:25:57.0828 1724 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:25:57.0906 1724 Sfloppy - ok
14:25:57.0968 1724 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
14:25:58.0031 1724 SharedAccess - ok
14:25:58.0093 1724 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:25:58.0109 1724 ShellHWDetection - ok
14:25:58.0125 1724 Simbad - ok
14:25:58.0140 1724 Sparrow - ok
14:25:58.0156 1724 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:25:58.0234 1724 splitter - ok
14:25:58.0281 1724 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
14:25:58.0312 1724 Spooler - ok
14:25:58.0343 1724 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:25:58.0390 1724 sr - ok
14:25:58.0453 1724 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
14:25:58.0500 1724 srservice - ok
14:25:58.0562 1724 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:25:58.0593 1724 Srv - ok
14:25:58.0640 1724 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
14:25:58.0703 1724 SSDPSRV - ok
14:25:58.0765 1724 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
14:25:58.0781 1724 ssmdrv - ok
14:25:58.0859 1724 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
14:25:59.0000 1724 stisvc - ok
14:25:59.0109 1724 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
14:25:59.0125 1724 stllssvr - ok
14:25:59.0171 1724 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:25:59.0250 1724 swenum - ok
14:25:59.0265 1724 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:25:59.0343 1724 swmidi - ok
14:25:59.0343 1724 SwPrv - ok
14:25:59.0437 1724 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
14:25:59.0500 1724 symc810 - ok
14:25:59.0515 1724 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
14:25:59.0593 1724 symc8xx - ok
14:25:59.0625 1724 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
14:25:59.0703 1724 sym_hi - ok
14:25:59.0718 1724 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
14:25:59.0796 1724 sym_u3 - ok
14:25:59.0843 1724 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:25:59.0906 1724 sysaudio - ok
14:25:59.0953 1724 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
14:26:00.0046 1724 SysmonLog - ok
14:26:00.0062 1724 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
14:26:00.0140 1724 TapiSrv - ok
14:26:00.0187 1724 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:26:00.0203 1724 Tcpip - ok
14:26:00.0234 1724 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:26:00.0296 1724 TDPIPE - ok
14:26:00.0328 1724 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:26:00.0406 1724 TDTCP - ok
14:26:00.0421 1724 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:26:00.0500 1724 TermDD - ok
14:26:00.0562 1724 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
14:26:00.0640 1724 TermService - ok
14:26:00.0687 1724 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:26:00.0687 1724 Themes - ok
14:26:00.0718 1724 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
14:26:00.0765 1724 TlntSvr - ok
14:26:00.0781 1724 TosIde - ok
14:26:00.0843 1724 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
14:26:00.0921 1724 TrkWks - ok
14:26:00.0968 1724 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:26:01.0046 1724 Udfs - ok
14:26:01.0078 1724 ultra - ok
14:26:01.0140 1724 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
14:26:01.0171 1724 UMWdf - ok
14:26:01.0312 1724 UNS (769777b4578fe507c32156f981c638d5) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
14:26:01.0390 1724 UNS - ok
14:26:01.0562 1724 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
14:26:01.0640 1724 upnphost - ok
14:26:01.0703 1724 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
14:26:01.0859 1724 UPS - ok
14:26:01.0968 1724 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:26:02.0109 1724 usbccgp - ok
14:26:02.0171 1724 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:26:02.0312 1724 usbehci - ok
14:26:02.0359 1724 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:26:02.0500 1724 usbhub - ok
14:26:02.0578 1724 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:26:02.0734 1724 usbprint - ok
14:26:02.0781 1724 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:26:02.0906 1724 usbscan - ok
14:26:02.0968 1724 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:26:03.0046 1724 USBSTOR - ok
14:26:03.0062 1724 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:26:03.0140 1724 usbuhci - ok
14:26:03.0203 1724 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
14:26:03.0265 1724 usb_rndisx - ok
14:26:03.0296 1724 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:26:03.0375 1724 VgaSave - ok
14:26:03.0421 1724 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
14:26:03.0500 1724 ViaIde - ok
14:26:03.0531 1724 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:26:03.0593 1724 VolSnap - ok
14:26:03.0640 1724 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
14:26:03.0687 1724 VSS - ok
14:26:03.0718 1724 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
14:26:03.0796 1724 W32Time - ok
14:26:03.0828 1724 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:26:03.0906 1724 Wanarp - ok
14:26:03.0906 1724 WDICA - ok
14:26:03.0953 1724 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:26:04.0031 1724 wdmaud - ok
14:26:04.0078 1724 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
14:26:04.0156 1724 WebClient - ok
14:26:04.0265 1724 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
14:26:04.0343 1724 winmgmt - ok
14:26:04.0406 1724 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\mspmsnsv.dll
14:26:04.0437 1724 WmdmPmSN - ok
14:26:04.0531 1724 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
14:26:04.0562 1724 Wmi - ok
14:26:04.0593 1724 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
14:26:04.0687 1724 WmiAcpi - ok
14:26:04.0750 1724 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:26:04.0828 1724 WmiApSrv - ok
14:26:04.0890 1724 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
14:26:04.0968 1724 wscsvc - ok
14:26:04.0984 1724 WSearch - ok
14:26:05.0000 1724 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
14:26:05.0078 1724 wuauserv - ok
14:26:05.0125 1724 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
14:26:05.0203 1724 WZCSVC - ok
14:26:05.0234 1724 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
14:26:05.0312 1724 xmlprov - ok
14:26:05.0359 1724 MBR (0x1B8) (4975bdbeda8a3afb2aeadefc06ce9e12) \Device\Harddisk0\DR0
14:26:05.0703 1724 \Device\Harddisk0\DR0 - ok
14:26:05.0718 1724 Boot (0x1200) (57fa64867ca66352aaf76deb2ac7ae1c) \Device\Harddisk0\DR0\Partition0
14:26:05.0718 1724 \Device\Harddisk0\DR0\Partition0 - ok
14:26:05.0718 1724 ============================================================
14:26:05.0718 1724 Scan finished
14:26:05.0718 1724 ============================================================
14:26:05.0828 0184 Detected object count: 6
14:26:05.0828 0184 Actual detected object count: 6
14:26:16.0546 0184 5cb9c23ab71a924a ( LockedService.Multi.Generic ) - skipped by user
14:26:16.0546 0184 5cb9c23ab71a924a ( LockedService.Multi.Generic ) - User select action: Skip
14:26:16.0546 0184 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
14:26:16.0546 0184 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:26:16.0546 0184 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:26:16.0546 0184 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:26:16.0546 0184 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
14:26:16.0546 0184 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:26:16.0546 0184 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:26:16.0546 0184 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:26:16.0546 0184 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:26:16.0546 0184 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip


Cheers

Edited by fairway76, 22 June 2012 - 07:28 AM.

  • 0

#6
Essexboy
Posted 22 June 2012 - 07:39 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK we will look at a repair of Avira once I have removed the last bit from this

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Allow the installation of the recovery console

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#7
fairway76
Posted 22 June 2012 - 08:15 AM

fairway76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi Essexboy,

I have run the ComboFix and the log is below:

ComboFix 12-06-21.03 - Administrator 22/06/2012 14:59:36.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1977.1491 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\5cb9c23ab71a924a.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_5cb9c23ab71a924a
-------\Service_5cb9c23ab71a924a
.
.
((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 )))))))))))))))))))))))))))))))
.
.
2012-06-22 07:59 . 2012-06-22 07:59 -------- d-----w- C:\_OTL
2012-06-13 15:42 . 2012-05-11 14:42 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 14:19 . 2009-03-26 15:36 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 14:19 . 2009-03-26 15:36 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 14:19 . 2004-08-04 07:56 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 14:19 . 2004-08-04 07:56 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 14:19 . 2004-08-04 07:56 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 14:19 . 2009-12-10 16:57 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 14:19 . 2009-03-26 15:36 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 14:19 . 2004-08-04 07:56 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 14:19 . 2004-08-04 07:56 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 14:19 . 2004-08-04 07:56 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 14:19 . 2009-03-26 15:36 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 14:19 . 2004-08-04 07:56 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 14:19 . 2004-08-04 07:56 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 14:18 . 2011-05-24 08:13 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 14:18 . 2011-05-24 08:13 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 14:18 . 2009-08-06 18:23 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2004-08-04 07:56 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-04 07:56 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2004-08-04 06:17 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2004-08-04 07:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 14:42 . 2004-08-04 07:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 11:38 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2012-05-08 08:15 . 2011-11-15 13:00 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-08 08:15 . 2011-11-15 13:00 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-04 13:16 . 2004-08-04 06:20 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2006-02-28 09:00 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2004-08-04 08:01 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-12 12:49 . 2011-08-01 10:58 17816 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSOIdentityCRL\production\msoidconfig.dll
2012-04-04 14:56 . 2011-11-15 09:19 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-01 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-21 3905408]
"MyTomTomSA.exe"="c:\program files\MyTomTom 3\MyTomTomSA.exe" [2011-11-14 435672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-07-19 773144]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-04-07 318488]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-11-28 298536]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-05-23 197904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-01 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-01 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-01 141848]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2008-08-01 53248]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-05 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"OfficeSubscriptionAgent"="c:\program files\Common Files\Microsoft Shared\OFFICE14\osaui.exe" [2011-11-16 932160]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2009-6-23 197904]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-11-28 01:41 109568 ----a-w- c:\windows\system32\ackpbsc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-11-28 01:40 286720 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mstsc.exe"=
"c:\\Program Files\\HP\\HP Color LaserJet CM1312 MFP Series\\hppfaxnc2.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [26/03/2009 22:13 24064]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [15/11/2011 14:00 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 00:38 116608]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [28/11/2007 02:42 185896]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [15/11/2011 13:15 86224]
R2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [28/09/2011 12:32 1589152]
R2 osubsvc;Microsoft Office 2010 Subscription Agent;c:\program files\Common Files\Microsoft Shared\OFFICE14\osa.exe [16/11/2011 14:57 493384]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [26/03/2009 23:11 576024]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [26/03/2009 23:07 2054680]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [26/03/2009 22:52 144480]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [26/03/2009 22:10 44800]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [19/11/2009 04:23 4640000]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [01/07/2011 13:25 136176]
S3 CFcatchme;CFcatchme;\??\c:\combofix\CFcatchme.sys --> c:\combofix\CFcatchme.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [01/07/2011 13:25 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12/06/2011 11:15 31125880]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [08/04/2008 18:12 1112560]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 10:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-01 12:25]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-01 12:25]
.
2012-06-22 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-GB\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 208.67.222.222 195.97.231.31
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-22 15:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1163765230-883671085-333756272-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ec,9b,b4,73,38,ae,9a,43,b2,dc,20,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5c,89,f1,0b,81,d3,78,49,99,12,f6,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ec,9b,b4,73,38,ae,9a,43,b2,dc,20,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(688)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\accrypto.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\MFC80.DLL
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\asphatrc.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\windows\system32\aicext.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\acunlockrc.dll
.
- - - - - - - > 'explorer.exe'(892)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
.
**************************************************************************
.
Completion time: 2012-06-22 15:11:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-22 14:11
.
Pre-Run: 224,280,633,344 bytes free
Post-Run: 224,286,093,312 bytes free
.
- - End Of File - - 74C58FA335F1C1A868AD5C65DD1707B9


After this was run, Avira is now showing that it is active. I think it always was as when ComboFix started to run it said that Avira was active but i couldn't switch it off as it was showing as inactive!!

I think it all seems to be OK now.

Thanks so much for your help, I really appreciate your help!
  • 0

#8
Essexboy
Posted 22 June 2012 - 08:29 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that looks good, could you now update and then run Malwarebytes please. Posting the resultant log along with any outstanding problems
  • 0

#9
fairway76
Posted 22 June 2012 - 08:47 AM

fairway76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi Essexboy,

I'm just in the middle of a system scan with the (now opened) Avira.

Do you want me to stop that and run Malwarebytes or wait till it finishes?

Cheers
  • 0

#10
Essexboy
Posted 22 June 2012 - 08:48 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No we will hang on until it finishes... It wil give Avira some exercise :lol:
  • 0

Advertisements

#11
fairway76
Posted 22 June 2012 - 10:11 AM

fairway76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi Essexboy,

Avira ran and found 11 threats which were all the TR/Agent.ae.86 which I quarantined.

I then ran the Malwarebytes and the log is below:-


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.22.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: NRCOMP [administrator]

22/06/2012 17:04:14
mbam-log-2012-06-22 (17-04-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202109
Time elapsed: 5 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


How does this look??

Cheers
  • 0

#12
Essexboy
Posted 22 June 2012 - 11:19 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Let me guess the locations were Qoobox and OTL_moved files


Is the system behaving properly now before I remove my tools and tidy up ?
  • 0

#13
fairway76
Posted 25 June 2012 - 03:45 AM

fairway76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi Essexboy,

The system seems to be working fine now.

Thanks for all of your help.

What do I need to do now?

Cheers
  • 0

#14
Essexboy
Posted 25 June 2012 - 06:40 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#15
fairway76
Posted 25 June 2012 - 06:53 AM

fairway76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Thanks Essexboy,

I will let you know if I have any more problems.

I appreciate all of your help!!

:thumbsup:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP