[Dorgren]

Hi all,

I am new to this site, directed here through many searches. I have tried my own limited expertise to clean my system including registry and have yet to remove this tricky [bleep]. The uninstaller is not located from control panel. I am no longer redirected to the site on start up but I am redirected every time I open new tab. I appreciate any help that can be provided. I have attached the OTL text file from the scan.

thank you in advance.

Best Regards,

Dorg

Attached Files

•  OTL.Txt   152.74KB   94 downloads

[Advertisements]

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

• Please do not run any tools unless instructed to do so.
  
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
• Please do not attach logs or use code boxes, just copy and paste the text.
  
  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
• Please read every post completely before doing anything.
  
  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
• Please provide feedback about your experience as we go.
  
  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

• Download Security Check by screen317 from here.
• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

• Please download AdwCleaner by Xplode onto your desktop.
  
• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

• Download & SAVE to your Desktop RogueKiller or from here
  
• Quit all programs that you may have started.
• Please disconnect any USB or external drives from the computer before you run this scan!
• For Vista or Windows 7, right-click and select "Run as Administrator to start"
• For Windows XP, double-click to start.
• Wait until Prescan has finished ...
• Then Click on "Scan" button
• Wait until the Status box shows "Scan Finished"
• click on "delete"
• Wait until the Status box shows "Deleting Finished"
• Click on "Report" and copy/paste the content of the Notepad into your next reply.
• The log should be found in RKreport[1].txt on your Desktop
• Exit/Close RogueKiller+

Gringo

[gringo_pr]

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

• Please do not run any tools unless instructed to do so.
  
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
• Please do not attach logs or use code boxes, just copy and paste the text.
  
  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
• Please read every post completely before doing anything.
  
  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
• Please provide feedback about your experience as we go.
  
  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

• Download Security Check by screen317 from here.
• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

• Please download AdwCleaner by Xplode onto your desktop.
  
• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

• Download & SAVE to your Desktop RogueKiller or from here
  
• Quit all programs that you may have started.
• Please disconnect any USB or external drives from the computer before you run this scan!
• For Vista or Windows 7, right-click and select "Run as Administrator to start"
• For Windows XP, double-click to start.
• Wait until Prescan has finished ...
• Then Click on "Scan" button
• Wait until the Status box shows "Scan Finished"
• click on "delete"
• Wait until the Status box shows "Deleting Finished"
• Click on "Report" and copy/paste the content of the Notepad into your next reply.
• The log should be found in RKreport[1].txt on your Desktop
• Exit/Close RogueKiller+

Gringo

[Dorgren]

Security Check Results
Results of screen317's Security Check version 0.99.54
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
AVG2012 successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 30
Java™ SE Development Kit 6 Update 30
Java DB 10.6.2.1
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.0.1.152
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (16.0.2)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgnsx.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````

[Dorgren]

-AdwClearner- Results

# AdwCleaner v2.006 - Logfile created 11/02/2012 at 15:06:26
# Updated 30/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : arabbb - ARABBBHLW
# Boot Mode : Normal
# Running from : C:\Documents and Settings\arabbb\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
Deleted on reboot : C:\TEMP\Zynga
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\arabbb\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\arabbb\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Program Files\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Documents and Settings\arabbb\Application Data\Mozilla\Firefox\Profiles\lu6grp5f.default\prefs.js

Deleted : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AV[...]
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={F8F8CA8D-F4AD-4179-86DF-9445A7F1AE70}&m[...]

-\\ Google Chrome v22.0.1229.94

File : C:\Documents and Settings\arabbb\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [5248 octets] - [02/11/2012 15:06:26]

########## EOF - C:\AdwCleaner[S1].txt - [5308 octets] ##########

[Dorgren]

-RogueKiller- Report

RogueKiller V8.2.1 [10/29/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : arabbb [Admin rights]
Mode : Remove -- Date : 11/02/2012 15:26:10

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> REPLACED (0)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEKT-60PVMT0 +++++
--- User ---
[MBR] 6e665a225aae7fe97e833d7c12a1bae8
[BSP] 3134bc295ad10ef98b2f9e83f24b2e46 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305243 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

[gringo_pr]

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  
• Log from Combofix
• let me know of any problems you may have had
  
• How is the computer doing now?

Gringo

[Dorgren]

ComboFix 12-11-04.01 - arabbb 11/04/2012 15:54:43.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3055.2112 [GMT 9:00]
Running from: c:\documents and settings\arabbb\Desktop\ComboFix.exe
FW: Symantec Endpoint Protection *Enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\arabbb\Local Settings\Temporary Internet Files\PreAB8.tmp
c:\documents and settings\arabbb\Local Settings\Temporary Internet Files\PreAB9.tmp
c:\documents and settings\arabbb\Local Settings\Temporary Internet Files\reggpc.bat
C:\Thumbs.db
c:\windows\Client.ini
c:\windows\system32\amgina.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-04 to 2012-11-04 )))))))))))))))))))))))))))))))
.
.
2012-10-31 02:55 . 2012-10-31 02:55 -------- d-----w- c:\documents and settings\arabbb\Application Data\AVG
2012-10-31 02:54 . 2012-10-31 02:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG
2012-10-31 02:54 . 2012-10-31 02:54 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-10-31 02:43 . 2012-10-31 02:42 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-10-31 02:43 . 2012-11-02 06:20 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-10-31 02:42 . 2012-10-31 02:42 -------- d-----w- c:\windows\system32\drivers\AVG
2012-10-31 02:12 . 2012-10-31 02:12 -------- d-----w- C:\$AVG
2012-10-31 02:12 . 2012-10-31 02:12 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Avg2013
2012-10-31 02:12 . 2012-11-01 04:09 -------- d-----w- c:\program files\AVG
2012-10-31 02:10 . 2012-10-31 02:43 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-10-31 02:10 . 2012-10-31 02:10 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-10-31 02:10 . 2012-10-31 02:10 -------- d-----w- c:\documents and settings\arabbb\Local Settings\Application Data\MFAData
2012-10-31 02:10 . 2012-10-31 02:10 -------- d-----w- c:\documents and settings\arabbb\Local Settings\Application Data\Avg2013
2012-10-30 07:33 . 2012-11-01 00:58 66984 ----a-w- c:\windows\system32\Newtabs_v
2012-10-30 07:33 . 2012-10-30 07:33 -------- d-----w- c:\program files\newtabs
2012-10-19 13:44 . 2012-10-19 13:44 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-10-19 13:44 . 2012-10-19 13:44 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-10-19 13:44 . 2012-10-19 13:44 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-10-19 13:44 . 2012-10-19 13:44 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-10-19 13:44 . 2012-10-19 13:44 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-10-19 13:44 . 2012-10-19 13:44 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-10-19 13:44 . 2012-10-19 13:44 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-10-19 13:43 . 2012-10-19 13:44 -------- d-----w- c:\program files\QuickTime
2012-10-18 03:07 . 2012-10-18 03:07 -------- d-----w- c:\windows\ms
2012-10-10 00:05 . 2012-08-27 07:25 83488 ----a-w- c:\windows\smsrsgenctl.dll
2012-10-10 00:05 . 2012-08-27 07:25 34848 ----a-w- c:\windows\smsrsgen.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-20 18:46 . 2012-09-20 18:46 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys
2012-09-05 08:16 . 2012-09-05 08:16 911 ----a-w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\qecrzmfd.xfe.vbs
2012-08-24 11:42 . 2012-08-24 11:42 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-08-24 06:43 . 2012-09-20 18:46 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2008-08-16 22:42 . 2012-10-29 00:51 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 22:42 . 2012-10-29 00:51 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 22:42 . 2012-10-29 00:51 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 22:42 . 2012-10-29 00:51 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 22:43 . 2012-10-29 00:51 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 22:42 . 2012-10-29 00:51 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 22:42 . 2012-10-29 00:51 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 13:41 . 2012-10-29 00:51 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 13:41 . 2012-10-29 00:51 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 13:41 . 2012-10-29 00:51 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 18:58 . 2012-10-29 00:51 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 22:42 . 2012-10-29 00:51 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2012-10-29 00:51 . 2012-10-29 00:51 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2006-02-28 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-02-28 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-22 1684776]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-04-21 737280]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-12-04 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-12-04 13933160]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800]
"AccessManager"="c:\program files\AccessManager\Client\AccessMgr.exe" [2004-03-04 618496]
"SoDA Startup"="c:\program files\Rational\SoDAWord\Wizards\SodaStartup.exe" [2008-11-14 143360]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-30 2596984]
.
c:\documents and settings\arabbb\Start Menu\Programs\Startup\
Monitor My eRooms (V7).lnk - c:\program files\eRoom 7\ERClient7.exe [2010-12-20 153096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 607584]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2011-12-3 1466384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoStartMenuMyMusic"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"RecycleBinSize"= 10 (0xa)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1409082233-1229272821-725345543-197116\Scripts\Logon\0\0]
"Script"=\\a300sa04\apps01\JCISoftware\Scripts\jcisoftwarecopy.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1409082233-1229272821-725345543-197116\Scripts\Logon\1\0]
"Script"=HOL.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1409082233-1229272821-725345543-197116\Scripts\Logon\2\0]
"Script"=\\ag.na.jci.com\sysvol\ag.na.jci.com\scripts\chgcomputername.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1409082233-1229272821-725345543-233193\Scripts\Logon\0\0]
"Script"=GetNotesInfo.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1409082233-1229272821-725345543-233193\Scripts\Logon\1\0]
"Script"=\\a300sa04\apps01\JCISoftware\Scripts\jcisoftwarecopy.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1409082233-1229272821-725345543-233193\Scripts\Logon\2\0]
"Script"=HOL.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1409082233-1229272821-725345543-233193\Scripts\Logon\3\0]
"Script"=CreateELEFolder.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1409082233-1229272821-725345543-233193\Scripts\Logon\4\0]
"Script"=\\ag.na.jci.com\sysvol\ag.na.jci.com\scripts\chgcomputername.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1409082233-1229272821-725345543-233193\Scripts\Logon\5\0]
"Script"=GetNotesInfo.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Runic Games\\Torchlight 2\\tl2.runic.launcher.exe"=
"c:\\Program Files\\Runic Games\\Torchlight 2\\Torchlight2.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58929:TCP"= 58929:TCP:Pando Media Booster
"58929:UDP"= 58929:UDP:Pando Media Booster
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [9/21/2012 3:45 AM 24896]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/21/2012 3:46 AM 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/14/2012 3:05 AM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/2/2012 3:30 AM 237408]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/21/2012 3:46 AM 301920]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [10/31/2012 11:43 AM 26984]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [8/24/2012 8:42 PM 242240]
R2 AMBroker;Access Manager Configuration Service;c:\program files\AccessManager\Client\AMBroker.exe [3/5/2004 3:57 AM 81920]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [8/13/2012 3:24 AM 5167736]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 IBMHTTPServer6.0;IBM HTTP Server 6.0;c:\progra~1\Rational\common\rwp\IHS\bin\apache.exe [10/6/2011 9:38 PM 20538]
R2 IBMWAS6Service - RWP ReqWeb servlet;IBM WebSphere Application Server V6 - RWP ReqWeb servlet;c:\progra~1\Rational\common\rwp\EMBEDD~1\bin\wasservice.exe [10/6/2011 9:37 PM 69632]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [10/31/2012 11:43 AM 711112]
R3 AESTAud;IDT AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2/11/2011 12:18 AM 113664]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [9/13/2012 3:11 AM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [9/21/2012 3:45 AM 17232]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [10/1/2011 8:47 AM 227896]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [4/24/2010 3:07 AM 167080]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [5/19/2011 12:29 AM 44800]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [5/19/2011 12:33 AM 132352]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [5/19/2011 12:29 AM 58880]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [5/19/2011 12:29 AM 137728]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [4/24/2010 3:12 AM 49152]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/4/2012 2:19 AM 160944]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys --> c:\windows\system32\DRIVERS\motfilt.sys [?]
S3 DAPlugin;Visual Insight DA Plugin;c:\program files\AccessManager\Client\DAPlugin.exe [3/5/2004 3:58 AM 81920]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y5132.sys --> c:\windows\system32\DRIVERS\e1y5132.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys --> c:\windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys --> c:\windows\system32\DRIVERS\motusbdevice.sys [?]
S3 sp_spi_da;Visual Insight Dial Analysis;c:\program files\AccessManager\SMOC\spi_da.exe [4/17/2003 10:59 PM 81920]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1229272821-725345543-233193Core.job
- c:\documents and settings\arabbb\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-24 04:36]
.
2012-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1229272821-725345543-233193UA.job
- c:\documents and settings\arabbb\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-24 04:36]
.
2012-11-04 c:\windows\Tasks\User_Feed_Synchronization-{BC279796-AF70-48C5-8C63-CE50B0B8F30A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://hollandprint.ag.na.jci.com/
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\arabbb\Application Data\Mozilla\Firefox\Profiles\lu6grp5f.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: network.proxy.type - 2
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
HKLM-Run-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe
HKU-Default-RunOnce-WindowsMediaPlayer11_setup - c:\jcitemp-windowsmediaplayer11_setup\WindowsMediaPlayer11_setup.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-Mozilla Firefox 16.0.2 (x86 en-US) - c:\program files\Mozilla Firefox\uninstall\helper.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-04 16:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(5556)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\IDT\WDM\STacSV.exe
c:\windows\System32\SCardSvr.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Rational\common\rwp\IHS\bin\rotatelogs.exe
c:\program files\Rational\common\rwp\IHS\bin\rotatelogs.exe
c:\program files\Rational\common\rwp\IHS\bin\rotatelogs.exe
c:\program files\Rational\common\rwp\IHS\bin\rotatelogs.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\IBM\Lotus\Notes\ntmulti.exe
c:\ora10g2\bin\omtsreco.exe
c:\program files\AccessManager\PMAC\sp_SWIns.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\msiexec.exe
c:\progra~1\Rational\common\rwp\EmbeddedExpress\java\bin\java.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\Canon\Solution Menu EX\CNSEUPDT.EXE
c:\windows\system32\CCM\SmsClrHost.exe
.
**************************************************************************
.
Completion time: 2012-11-04 16:08:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-04 07:08
.
Pre-Run: 243,089,821,696 bytes free
Post-Run: 243,389,349,888 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - EF703CE6AD9E77E260F737638E0714FF

[Dorgren]

So far I have not had any problems with completing the steps. The issues remain however, when I open a new tab in any browser it takes me to V9 and also I can not operate AVG. I cant tell if the beast has been slain yet.

[gringo_pr]

Greetings

in which browsers does this happen in?

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
• doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

• Double click the aswMBR.exe icon to run it
• it will ask to download extra definitions - ALLOW IT
• Click the Scan button to start the scan
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

[Dorgren]

TDSSKiller
TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
09:11:19.0714 3024 ============================================================
09:11:19.0714 3024 Current date / time: 2012/11/05 09:11:19.0714
09:11:19.0714 3024 SystemInfo:
09:11:19.0714 3024
09:11:19.0714 3024 OS Version: 5.1.2600 ServicePack: 3.0
09:11:19.0714 3024 Product type: Workstation
09:11:19.0714 3024 ComputerName: ARABBBHLW
09:11:19.0714 3024 UserName: arabbb
09:11:19.0714 3024 Windows directory: C:\WINDOWS
09:11:19.0714 3024 System windows directory: C:\WINDOWS
09:11:19.0714 3024 Processor architecture: Intel x86
09:11:19.0714 3024 Number of processors: 4
09:11:19.0714 3024 Page size: 0x1000
09:11:19.0714 3024 Boot type: Normal boot
09:11:19.0714 3024 ============================================================
09:11:19.0917 3024 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:11:19.0917 3024 ============================================================
09:11:19.0917 3024 \Device\Harddisk0\DR0:
09:11:19.0917 3024 MBR partitions:
09:11:19.0917 3024 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
09:11:19.0917 3024 ============================================================
09:11:19.0964 3024 C: <-> \Device\Harddisk0\DR0\Partition1
09:11:19.0964 3024 ============================================================
09:11:19.0964 3024 Initialize success
09:11:19.0964 3024 ============================================================
09:11:22.0495 2932 ============================================================
09:11:22.0495 2932 Scan started
09:11:22.0495 2932 Mode: Manual;
09:11:22.0495 2932 ============================================================
09:11:23.0573 2932 ================ Scan system memory ========================
09:11:25.0120 2932 System memory - ok
09:11:25.0120 2932 ================ Scan services =============================
09:11:25.0276 2932 Abiosdsk - ok
09:11:25.0276 2932 abp480n5 - ok
09:11:25.0339 2932 [ A0BAABB7D3549460E3F8C5AD6F778683 ] Accelerometer C:\WINDOWS\system32\DRIVERS\Accelerometer.sys
09:11:25.0339 2932 Accelerometer - ok
09:11:25.0385 2932 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:11:25.0401 2932 ACPI - ok
09:11:25.0417 2932 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
09:11:25.0417 2932 ACPIEC - ok
09:11:25.0432 2932 adpu160m - ok
09:11:25.0448 2932 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
09:11:25.0448 2932 aec - ok
09:11:25.0464 2932 [ 822D53766D57C90C437536232ECE9023 ] AESTAud C:\WINDOWS\system32\drivers\AESTAud.sys
09:11:25.0464 2932 AESTAud - ok
09:11:25.0510 2932 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
09:11:25.0510 2932 AFD - ok
09:11:25.0635 2932 [ 6416F9B6B220F0A890525C38235AFAD7 ] AgereModemAudio C:\Program Files\LSI SoftModem\agrsmsvc.exe
09:11:25.0635 2932 AgereModemAudio - ok
09:11:25.0667 2932 [ 07758C2196A62F207F77556311E7459A ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
09:11:25.0698 2932 AgereSoftModem - ok
09:11:25.0698 2932 Aha154x - ok
09:11:25.0714 2932 aic78u2 - ok
09:11:25.0714 2932 aic78xx - ok
09:11:25.0745 2932 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
09:11:25.0745 2932 Alerter - ok
09:11:25.0776 2932 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
09:11:25.0792 2932 ALG - ok
09:11:25.0792 2932 AliIde - ok
09:11:25.0854 2932 [ 5E0516B2DB525CD2D7903B5913C9994E ] AMBroker C:\Program Files\AccessManager\Client\AMBroker.exe
09:11:25.0854 2932 AMBroker - ok
09:11:25.0854 2932 amsint - ok
09:11:25.0964 2932 [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:11:25.0964 2932 Apple Mobile Device - ok
09:11:25.0995 2932 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
09:11:25.0995 2932 AppMgmt - ok
09:11:26.0026 2932 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:11:26.0026 2932 Arp1394 - ok
09:11:26.0026 2932 asc - ok
09:11:26.0026 2932 asc3350p - ok
09:11:26.0042 2932 asc3550 - ok
09:11:26.0120 2932 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:11:26.0120 2932 aspnet_state - ok
09:11:26.0151 2932 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:11:26.0151 2932 AsyncMac - ok
09:11:26.0167 2932 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
09:11:26.0182 2932 atapi - ok
09:11:26.0182 2932 Atdisk - ok
09:11:26.0198 2932 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:11:26.0214 2932 Atmarpc - ok
09:11:26.0229 2932 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
09:11:26.0229 2932 AudioSrv - ok
09:11:26.0276 2932 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
09:11:26.0292 2932 audstub - ok
09:11:26.0432 2932 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\avgidsagent.exe
09:11:26.0542 2932 AVGIDSAgent - ok
09:11:26.0589 2932 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
09:11:26.0589 2932 AVGIDSDriver - ok
09:11:26.0620 2932 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
09:11:26.0620 2932 AVGIDSFilter - ok
09:11:26.0651 2932 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
09:11:26.0651 2932 AVGIDSHX - ok
09:11:26.0667 2932 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
09:11:26.0667 2932 AVGIDSShim - ok
09:11:26.0698 2932 [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
09:11:26.0698 2932 Avgldx86 - ok
09:11:26.0714 2932 [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys
09:11:26.0714 2932 Avglogx - ok
09:11:26.0729 2932 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
09:11:26.0745 2932 Avgmfx86 - ok
09:11:26.0745 2932 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
09:11:26.0745 2932 Avgrkx86 - ok
09:11:26.0776 2932 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
09:11:26.0776 2932 Avgtdix - ok
09:11:26.0807 2932 [ 34F335FEC0D7A7A4D329390B7C7B59B8 ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
09:11:26.0807 2932 avgtp - ok
09:11:26.0823 2932 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
09:11:26.0839 2932 avgwd - ok
09:11:26.0854 2932 [ 71509C9DB1A4B2C05141563FBE3E18A0 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
09:11:26.0854 2932 b57w2k - ok
09:11:26.0870 2932 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
09:11:26.0870 2932 Beep - ok
09:11:26.0917 2932 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
09:11:26.0917 2932 BITS - ok
09:11:26.0979 2932 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:11:26.0979 2932 Bonjour Service - ok
09:11:27.0010 2932 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
09:11:27.0010 2932 Browser - ok
09:11:27.0057 2932 [ 37A82E22AF9FC86C428A5F3C3851DCC1 ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
09:11:27.0057 2932 btaudio - ok
09:11:27.0073 2932 BTCFilterService - ok
09:11:27.0089 2932 [ 2F9F111D31AA3FBBE5781D829A4524E6 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys
09:11:27.0089 2932 BTDriver - ok
09:11:27.0135 2932 [ 9F704F40CD50AE05BBFC492C0342E765 ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
09:11:27.0151 2932 BTKRNL - ok
09:11:27.0198 2932 [ 5624E3C73FD98A7F31FAABE60086CD75 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
09:11:27.0214 2932 btwdins - ok
09:11:27.0245 2932 [ 485020A1E1FC5C51A800CA69C618D881 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys
09:11:27.0245 2932 BTWDNDIS - ok
09:11:27.0260 2932 [ 5922BAE0CD84924B9CD7E6BB515EE070 ] btwmodem C:\WINDOWS\system32\DRIVERS\btwmodem.sys
09:11:27.0260 2932 btwmodem - ok
09:11:27.0292 2932 [ 1166CB501E1C34750A91600579EFEAB3 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
09:11:27.0292 2932 BTWUSB - ok
09:11:27.0307 2932 catchme - ok
09:11:27.0323 2932 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
09:11:27.0323 2932 cbidf2k - ok
09:11:27.0339 2932 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:11:27.0339 2932 CCDECODE - ok
09:11:27.0417 2932 [ A454A9BAA25B8C8E76735DD86BD4B017 ] CcmExec C:\WINDOWS\system32\CCM\CcmExec.exe
09:11:27.0417 2932 CcmExec - ok
09:11:27.0432 2932 cd20xrnt - ok
09:11:27.0464 2932 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
09:11:27.0464 2932 Cdaudio - ok
09:11:27.0464 2932 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
09:11:27.0464 2932 Cdfs - ok
09:11:27.0479 2932 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:11:27.0479 2932 Cdrom - ok
09:11:27.0495 2932 Changer - ok
09:11:27.0510 2932 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
09:11:27.0510 2932 CiSvc - ok
09:11:27.0510 2932 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
09:11:27.0510 2932 ClipSrv - ok
09:11:27.0557 2932 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:11:27.0557 2932 clr_optimization_v2.0.50727_32 - ok
09:11:27.0573 2932 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
09:11:27.0573 2932 CmBatt - ok
09:11:27.0573 2932 CmdIde - ok
09:11:27.0651 2932 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
09:11:27.0651 2932 Com4QLBEx - ok
09:11:27.0682 2932 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
09:11:27.0682 2932 Compbatt - ok
09:11:27.0698 2932 COMSysApp - ok
09:11:27.0714 2932 Cpqarray - ok
09:11:27.0745 2932 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
09:11:27.0745 2932 CryptSvc - ok
09:11:27.0776 2932 [ CB7D7C0E74ADCB7DA96D08EC8DB86062 ] CVirtA C:\WINDOWS\system32\DRIVERS\CVirtA.sys
09:11:27.0776 2932 CVirtA - ok
09:11:27.0870 2932 [ 5CA9CC717FF527A05843CBBB4C9B30FE ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
09:11:27.0885 2932 CVPND - ok
09:11:27.0917 2932 [ B19A5550AB36A2513E75C4D440BD6CAA ] CVPNDRVA C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
09:11:27.0932 2932 CVPNDRVA - ok
09:11:27.0932 2932 dac2w2k - ok
09:11:27.0932 2932 dac960nt - ok
09:11:27.0964 2932 [ 4679AE837743403A104977D7FE2A7240 ] DAPlugin C:\Program Files\AccessManager\Client\DAPlugin.exe
09:11:27.0964 2932 DAPlugin - ok
09:11:28.0026 2932 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
09:11:28.0026 2932 DcomLaunch - ok
09:11:28.0089 2932 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
09:11:28.0089 2932 Dhcp - ok
09:11:28.0089 2932 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
09:11:28.0089 2932 Disk - ok
09:11:28.0104 2932 dmadmin - ok
09:11:28.0151 2932 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
09:11:28.0167 2932 dmboot - ok
09:11:28.0167 2932 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
09:11:28.0167 2932 dmio - ok
09:11:28.0182 2932 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
09:11:28.0182 2932 dmload - ok
09:11:28.0214 2932 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
09:11:28.0214 2932 dmserver - ok
09:11:28.0245 2932 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
09:11:28.0245 2932 DMusic - ok
09:11:28.0276 2932 [ C86FBF607445BF693450D84B775F168C ] DNE C:\WINDOWS\system32\DRIVERS\dne2000.sys
09:11:28.0276 2932 DNE - ok
09:11:28.0323 2932 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
09:11:28.0323 2932 Dnscache - ok
09:11:28.0354 2932 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
09:11:28.0354 2932 Dot3svc - ok
09:11:28.0370 2932 dpti2o - ok
09:11:28.0385 2932 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
09:11:28.0385 2932 drmkaud - ok
09:11:28.0417 2932 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
09:11:28.0417 2932 dtsoftbus01 - ok
09:11:28.0432 2932 e1express - ok
09:11:28.0448 2932 [ 9F7AE949202F0EF6B17DD3CC5C117AD3 ] e1kexpress C:\WINDOWS\system32\DRIVERS\e1k5132.sys
09:11:28.0464 2932 e1kexpress - ok
09:11:28.0464 2932 e1yexpress - ok
09:11:28.0479 2932 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
09:11:28.0479 2932 EapHost - ok
09:11:28.0557 2932 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
09:11:28.0557 2932 eeCtrl - ok
09:11:28.0573 2932 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
09:11:28.0573 2932 ERSvc - ok
09:11:28.0604 2932 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
09:11:28.0620 2932 Eventlog - ok
09:11:28.0667 2932 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
09:11:28.0667 2932 EventSystem - ok
09:11:28.0698 2932 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
09:11:28.0714 2932 Fastfat - ok
09:11:28.0729 2932 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
09:11:28.0745 2932 FastUserSwitchingCompatibility - ok
09:11:28.0776 2932 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
09:11:28.0776 2932 Fdc - ok
09:11:28.0792 2932 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
09:11:28.0792 2932 Fips - ok
09:11:28.0807 2932 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
09:11:28.0807 2932 Flpydisk - ok
09:11:28.0823 2932 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
09:11:28.0823 2932 FltMgr - ok
09:11:28.0932 2932 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:11:28.0932 2932 FontCache3.0.0.0 - ok
09:11:28.0964 2932 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:11:28.0964 2932 Fs_Rec - ok
09:11:28.0964 2932 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:11:28.0964 2932 Ftdisk - ok
09:11:29.0010 2932 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:11:29.0010 2932 GEARAspiWDM - ok
09:11:29.0057 2932 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:11:29.0057 2932 Gpc - ok
09:11:29.0073 2932 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:11:29.0073 2932 HDAudBus - ok
09:11:29.0104 2932 [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI C:\WINDOWS\system32\DRIVERS\HECI.sys
09:11:29.0120 2932 HECI - ok
09:11:29.0182 2932 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:11:29.0182 2932 helpsvc - ok
09:11:29.0229 2932 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
09:11:29.0229 2932 HidServ - ok
09:11:29.0229 2932 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:11:29.0229 2932 HidUsb - ok
09:11:29.0245 2932 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
09:11:29.0245 2932 hkmsvc - ok
09:11:29.0276 2932 [ 9F620E11B80B74F4DAB50A81A5DF357F ] hpdskflt C:\WINDOWS\system32\DRIVERS\hpdskflt.sys
09:11:29.0276 2932 hpdskflt - ok
09:11:29.0292 2932 hpn - ok
09:11:29.0292 2932 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
09:11:29.0307 2932 HpqKbFiltr - ok
09:11:29.0370 2932 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
09:11:29.0370 2932 hpqwmiex - ok
09:11:29.0432 2932 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
09:11:29.0432 2932 HTTP - ok
09:11:29.0479 2932 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
09:11:29.0479 2932 HTTPFilter - ok
09:11:29.0479 2932 i2omgmt - ok
09:11:29.0479 2932 i2omp - ok
09:11:29.0542 2932 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:11:29.0542 2932 i8042prt - ok
09:11:29.0573 2932 [ F989555F1662581032CCE1578A8FF28E ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
09:11:29.0573 2932 iaStor - ok
09:11:29.0667 2932 [ D49D526D65913C68466A124B36BF8A32 ] IBMHTTPServer6.0 C:\PROGRA~1\Rational\common\rwp\IHS\bin\apache.exe
09:11:29.0667 2932 IBMHTTPServer6.0 - ok
09:11:29.0729 2932 [ 4CBBF9B2593B52CE34EC6E624021A7F3 ] IBMWAS6Service - RWP ReqWeb servlet C:\PROGRA~1\Rational\common\rwp\EMBEDD~1\bin\wasservice.exe
09:11:29.0729 2932 IBMWAS6Service - RWP ReqWeb servlet - ok
09:11:29.0792 2932 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
09:11:29.0807 2932 IDriverT - ok
09:11:29.0870 2932 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:11:29.0901 2932 idsvc - ok
09:11:29.0932 2932 [ 91C5E9F49F32110CED27E2F902FAD607 ] IFXTPM C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
09:11:29.0932 2932 IFXTPM - ok
09:11:29.0964 2932 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
09:11:29.0979 2932 Imapi - ok
09:11:29.0995 2932 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
09:11:29.0995 2932 ImapiService - ok
09:11:30.0026 2932 [ 1E8154841A0A24D6B38778F07831A82B ] Impcd C:\WINDOWS\system32\DRIVERS\Impcd.sys
09:11:30.0026 2932 Impcd - ok
09:11:30.0042 2932 ini910u - ok
09:11:30.0057 2932 IntelIde - ok
09:11:30.0089 2932 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:11:30.0089 2932 intelppm - ok
09:11:30.0120 2932 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
09:11:30.0120 2932 Ip6Fw - ok
09:11:30.0151 2932 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:11:30.0151 2932 IpFilterDriver - ok
09:11:30.0151 2932 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:11:30.0151 2932 IpInIp - ok
09:11:30.0182 2932 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:11:30.0182 2932 IpNat - ok
09:11:30.0260 2932 [ 33642C17C232AA272C68E446A2619899 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:11:30.0276 2932 iPod Service - ok
09:11:30.0339 2932 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:11:30.0339 2932 IPSec - ok
09:11:30.0370 2932 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
09:11:30.0385 2932 IRENUM - ok
09:11:30.0417 2932 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:11:30.0417 2932 isapnp - ok
09:11:30.0479 2932 [ 9AA67569D5257462E230767510B0C815 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
09:11:30.0479 2932 JavaQuickStarterService - ok
09:11:30.0510 2932 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:11:30.0510 2932 Kbdclass - ok
09:11:30.0557 2932 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:11:30.0573 2932 kbdhid - ok
09:11:30.0589 2932 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
09:11:30.0604 2932 kmixer - ok
09:11:30.0620 2932 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
09:11:30.0620 2932 KSecDD - ok
09:11:30.0651 2932 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
09:11:30.0651 2932 lanmanserver - ok
09:11:30.0698 2932 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
09:11:30.0714 2932 lanmanworkstation - ok
09:11:30.0714 2932 lbrtfdc - ok
09:11:30.0776 2932 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
09:11:30.0776 2932 LmHosts - ok
09:11:30.0854 2932 [ 17A7E0F48B9A245BF0B1A48D607944F5 ] MailService C:\Program Files\Rational\ClearQuest\mailservice.exe
09:11:30.0854 2932 MailService - ok
09:11:30.0885 2932 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
09:11:30.0885 2932 Messenger - ok
09:11:30.0932 2932 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
09:11:30.0932 2932 mnmdd - ok
09:11:30.0979 2932 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
09:11:30.0979 2932 mnmsrvc - ok
09:11:31.0010 2932 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
09:11:31.0010 2932 Modem - ok
09:11:31.0010 2932 motccgp - ok
09:11:31.0010 2932 motccgpfl - ok
09:11:31.0026 2932 motmodem - ok
09:11:31.0042 2932 MotoSwitchService - ok
09:11:31.0042 2932 Motousbnet - ok
09:11:31.0057 2932 motusbdevice - ok
09:11:31.0089 2932 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:11:31.0089 2932 Mouclass - ok
09:11:31.0151 2932 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:11:31.0151 2932 mouhid - ok
09:11:31.0167 2932 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
09:11:31.0167 2932 MountMgr - ok
09:11:31.0229 2932 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:11:31.0229 2932 MozillaMaintenance - ok
09:11:31.0229 2932 mraid35x - ok
09:11:31.0276 2932 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:11:31.0292 2932 MRxDAV - ok
09:11:31.0370 2932 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:11:31.0370 2932 MRxSmb - ok
09:11:31.0385 2932 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
09:11:31.0401 2932 MSDTC - ok
09:11:31.0401 2932 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
09:11:31.0401 2932 Msfs - ok
09:11:31.0417 2932 MSIServer - ok
09:11:31.0448 2932 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:11:31.0448 2932 MSKSSRV - ok
09:11:31.0464 2932 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:11:31.0464 2932 MSPCLOCK - ok
09:11:31.0479 2932 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
09:11:31.0479 2932 MSPQM - ok
09:11:31.0510 2932 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:11:31.0510 2932 mssmbios - ok
09:11:31.0542 2932 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
09:11:31.0542 2932 MSTEE - ok
09:11:31.0604 2932 [ 7DB7D43561FB4C426AEF308462062196 ] Multi-user Cleanup Service C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
09:11:31.0604 2932 Multi-user Cleanup Service - ok
09:11:31.0620 2932 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
09:11:31.0635 2932 Mup - ok
09:11:31.0635 2932 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:11:31.0635 2932 NABTSFEC - ok
09:11:31.0667 2932 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
09:11:31.0682 2932 napagent - ok
09:11:31.0729 2932 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120920.017\NAVENG.SYS
09:11:31.0729 2932 NAVENG - ok
09:11:31.0776 2932 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120920.017\NAVEX15.SYS
09:11:31.0807 2932 NAVEX15 - ok
09:11:31.0854 2932 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
09:11:31.0854 2932 NDIS - ok
09:11:31.0885 2932 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:11:31.0885 2932 NdisIP - ok
09:11:31.0932 2932 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:11:31.0932 2932 NdisTapi - ok
09:11:31.0948 2932 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:11:31.0948 2932 Ndisuio - ok
09:11:31.0979 2932 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:11:31.0979 2932 NdisWan - ok
09:11:32.0010 2932 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
09:11:32.0010 2932 NDProxy - ok
09:11:32.0026 2932 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
09:11:32.0026 2932 NetBIOS - ok
09:11:32.0026 2932 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
09:11:32.0042 2932 NetBT - ok
09:11:32.0057 2932 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
09:11:32.0057 2932 NetDDE - ok
09:11:32.0057 2932 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
09:11:32.0057 2932 NetDDEdsdm - ok
09:11:32.0120 2932 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
09:11:32.0120 2932 Netlogon - ok
09:11:32.0135 2932 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
09:11:32.0135 2932 Netman - ok
09:11:32.0167 2932 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:11:32.0167 2932 NetTcpPortSharing - ok
09:11:32.0292 2932 [ 3BC15801F7B9DD2D16897A38A962CE56 ] NETw5x32 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
09:11:32.0464 2932 NETw5x32 - ok
09:11:32.0495 2932 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:11:32.0495 2932 NIC1394 - ok
09:11:32.0557 2932 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
09:11:32.0573 2932 Nla - ok
09:11:32.0573 2932 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
09:11:32.0573 2932 Npfs - ok
09:11:32.0589 2932 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
09:11:32.0604 2932 Ntfs - ok
09:11:32.0620 2932 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
09:11:32.0620 2932 NtLmSsp - ok
09:11:32.0635 2932 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
09:11:32.0651 2932 NtmsSvc - ok
09:11:32.0667 2932 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
09:11:32.0667 2932 Null - ok
09:11:32.0698 2932 [ 68C890DDB21028CB1EA5551B47B29E1B ] nusb3hub C:\WINDOWS\system32\DRIVERS\nusb3hub.sys
09:11:32.0698 2932 nusb3hub - ok
09:11:32.0714 2932 [ 2CF970C1A9E05D3B91039C2DD4471C0E ] nusb3xhc C:\WINDOWS\system32\DRIVERS\nusb3xhc.sys
09:11:32.0714 2932 nusb3xhc - ok
09:11:32.0932 2932 [ 6AD9EE567A67C010DFAE9F25D172A0AA ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:11:33.0167 2932 nv - ok
09:11:33.0198 2932 [ 50ACB7253D1104E5917E15A0670D63D5 ] NVHDA C:\WINDOWS\system32\drivers\nvhda32.sys
09:11:33.0198 2932 NVHDA - ok
09:11:33.0229 2932 [ C0798084837E229BFC42A77313CF0EAE ] nvsvc C:\WINDOWS\system32\nvsvc32.exe
09:11:33.0229 2932 nvsvc - ok
09:11:33.0260 2932 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:11:33.0260 2932 NwlnkFlt - ok
09:11:33.0260 2932 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:11:33.0276 2932 NwlnkFwd - ok
09:11:33.0339 2932 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:11:33.0354 2932 odserv - ok
09:11:33.0401 2932 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:11:33.0401 2932 ohci1394 - ok
09:11:33.0448 2932 OracleMTSRecoveryService - ok
09:11:33.0479 2932 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:11:33.0479 2932 ose - ok
09:11:33.0510 2932 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
09:11:33.0510 2932 Parport - ok
09:11:33.0526 2932 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
09:11:33.0526 2932 PartMgr - ok
09:11:33.0526 2932 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
09:11:33.0526 2932 ParVdm - ok
09:11:33.0526 2932 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
09:11:33.0542 2932 PCI - ok
09:11:33.0542 2932 PCIDump - ok
09:11:33.0557 2932 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
09:11:33.0557 2932 PCIIde - ok
09:11:33.0557 2932 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
09:11:33.0573 2932 Pcmcia - ok
09:11:33.0573 2932 PDCOMP - ok
09:11:33.0589 2932 PDFRAME - ok
09:11:33.0589 2932 PDRELI - ok
09:11:33.0604 2932 PDRFRAME - ok
09:11:33.0620 2932 perc2 - ok
09:11:33.0620 2932 perc2hib - ok
09:11:33.0667 2932 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
09:11:33.0667 2932 PlugPlay - ok
09:11:33.0682 2932 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
09:11:33.0682 2932 PolicyAgent - ok
09:11:33.0698 2932 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:11:33.0698 2932 PptpMiniport - ok
09:11:33.0745 2932 [ 2A4514A9233D35A355F569FF8B8F6240 ] prepdrvr C:\WINDOWS\system32\CCM\prepdrv.sys
09:11:33.0745 2932 prepdrvr - ok
09:11:33.0745 2932 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
09:11:33.0745 2932 ProtectedStorage - ok
09:11:33.0792 2932 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
09:11:33.0792 2932 PSched - ok
09:11:33.0792 2932 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:11:33.0792 2932 Ptilink - ok
09:11:33.0807 2932 ql1080 - ok
09:11:33.0807 2932 Ql10wnt - ok
09:11:33.0823 2932 ql12160 - ok
09:11:33.0823 2932 ql1240 - ok
09:11:33.0839 2932 ql1280 - ok
09:11:33.0870 2932 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:11:33.0870 2932 RasAcd - ok
09:11:33.0901 2932 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
09:11:33.0917 2932 RasAuto - ok
09:11:33.0917 2932 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
09:11:33.0917 2932 Rasirda - ok
09:11:33.0917 2932 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:11:33.0917 2932 Rasl2tp - ok
09:11:33.0948 2932 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
09:11:33.0964 2932 RasMan - ok
09:11:33.0964 2932 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:11:33.0964 2932 RasPppoe - ok
09:11:33.0979 2932 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
09:11:33.0979 2932 Raspti - ok
09:11:33.0995 2932 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:11:33.0995 2932 Rdbss - ok
09:11:34.0010 2932 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:11:34.0010 2932 RDPCDD - ok
09:11:34.0026 2932 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:11:34.0026 2932 rdpdr - ok
09:11:34.0073 2932 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
09:11:34.0073 2932 RDPWD - ok
09:11:34.0104 2932 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
09:11:34.0104 2932 RDSessMgr - ok
09:11:34.0104 2932 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
09:11:34.0104 2932 redbook - ok
09:11:34.0151 2932 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
09:11:34.0151 2932 RemoteAccess - ok
09:11:34.0182 2932 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
09:11:34.0182 2932 RemoteRegistry - ok
09:11:34.0214 2932 [ DF672613FBBCD58C38BB0BC2694BCFB0 ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
09:11:34.0229 2932 rimmptsk - ok
09:11:34.0245 2932 [ 9BFB54D3559F2FF7301271D29D383564 ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
09:11:34.0245 2932 rimsptsk - ok
09:11:34.0260 2932 [ 470FC46E2989F6606043C1C5365B15FD ] rismc32 C:\WINDOWS\system32\DRIVERS\rismc32.sys
09:11:34.0260 2932 rismc32 - ok
09:11:34.0276 2932 [ DCB87DA83CC1010CBC9FC4DC9E395BBC ] rismxdp C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
09:11:34.0276 2932 rismxdp - ok
09:11:34.0307 2932 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
09:11:34.0323 2932 RpcLocator - ok
09:11:34.0339 2932 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
09:11:34.0339 2932 RpcSs - ok
09:11:34.0385 2932 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
09:11:34.0385 2932 RSVP - ok
09:11:34.0417 2932 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
09:11:34.0417 2932 SamSs - ok
09:11:34.0432 2932 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
09:11:34.0448 2932 SCardSvr - ok
09:11:34.0479 2932 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
09:11:34.0479 2932 Schedule - ok
09:11:34.0542 2932 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
09:11:34.0542 2932 sdbus - ok
09:11:34.0573 2932 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:11:34.0573 2932 Secdrv - ok
09:11:34.0589 2932 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
09:11:34.0604 2932 seclogon - ok
09:11:34.0604 2932 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
09:11:34.0604 2932 SENS - ok
09:11:34.0620 2932 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
09:11:34.0620 2932 Serenum - ok
09:11:34.0635 2932 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
09:11:34.0635 2932 Serial - ok
09:11:34.0682 2932 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
09:11:34.0682 2932 Sfloppy - ok
09:11:34.0714 2932 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
09:11:34.0729 2932 SharedAccess - ok
09:11:34.0745 2932 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
09:11:34.0745 2932 ShellHWDetection - ok
09:11:34.0745 2932 Simbad - ok
09:11:34.0823 2932 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
09:11:34.0823 2932 SkypeUpdate - ok
09:11:34.0839 2932 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:11:34.0839 2932 SLIP - ok
09:11:34.0870 2932 [ 707647A1AA0EDB6CBEF61B0C75C28ED3 ] SMCIRDA C:\WINDOWS\system32\DRIVERS\smcirda.sys
09:11:34.0870 2932 SMCIRDA - ok
09:11:34.0901 2932 [ 4B4AB78E866BBECF93F6EABC3270178A ] smsmdd C:\WINDOWS\system32\DRIVERS\smsmdm.sys
09:11:34.0901 2932 smsmdd - ok
09:11:34.0901 2932 smstsmgr - ok
09:11:34.0948 2932 [ EF1F7335F0285599438A2E713CE8772A ] SP Software Installer C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
09:11:34.0948 2932 SP Software Installer - ok
09:11:34.0948 2932 Sparrow - ok
09:11:34.0995 2932 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
09:11:34.0995 2932 splitter - ok
09:11:35.0057 2932 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
09:11:35.0057 2932 Spooler - ok
09:11:35.0089 2932 [ 570861636E49AC292051D102CD1379E1 ] sp_spi_da C:\Program Files\AccessManager\SMOC\spi_da.exe
09:11:35.0089 2932 sp_spi_da - ok
09:11:35.0120 2932 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
09:11:35.0120 2932 sr - ok
09:11:35.0151 2932 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
09:11:35.0151 2932 srservice - ok
09:11:35.0214 2932 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
09:11:35.0214 2932 Srv - ok
09:11:35.0245 2932 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
09:11:35.0245 2932 SSDPSRV - ok
09:11:35.0276 2932 [ 03F6CF42A1DB74290448CDE668578C87 ] STacSV C:\Program Files\IDT\WDM\STacSV.exe
09:11:35.0276 2932 STacSV - ok
09:11:35.0323 2932 [ C24C14D1463375C1C028848B12A70A5E ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
09:11:35.0339 2932 STHDA - ok
09:11:35.0370 2932 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
09:11:35.0370 2932 stisvc - ok
09:11:35.0385 2932 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:11:35.0385 2932 streamip - ok
09:11:35.0401 2932 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
09:11:35.0417 2932 swenum - ok
09:11:35.0432 2932 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
09:11:35.0432 2932 swmidi - ok
09:11:35.0432 2932 SwPrv - ok
09:11:35.0448 2932 symc810 - ok
09:11:35.0464 2932 symc8xx - ok
09:11:35.0510 2932 [ C9480E5D9D7C19AD3B66692234519A4E ] Symmpi C:\WINDOWS\system32\DRIVERS\symmpi.sys
09:11:35.0510 2932 Symmpi - ok
09:11:35.0510 2932 sym_hi - ok
09:11:35.0526 2932 sym_u3 - ok
09:11:35.0557 2932 [ 916A6435B54BD87C65950425AED642B7 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
09:11:35.0573 2932 SynTP - ok
09:11:35.0589 2932 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
09:11:35.0589 2932 sysaudio - ok
09:11:35.0620 2932 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
09:11:35.0620 2932 SysmonLog - ok
09:11:35.0635 2932 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
09:11:35.0651 2932 TapiSrv - ok
09:11:35.0698 2932 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:11:35.0714 2932 Tcpip - ok
09:11:35.0729 2932 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
09:11:35.0729 2932 TDPIPE - ok
09:11:35.0745 2932 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
09:11:35.0745 2932 TDTCP - ok
09:11:35.0776 2932 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
09:11:35.0776 2932 TermDD - ok
09:11:35.0792 2932 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
09:11:35.0807 2932 TermService - ok
09:11:35.0823 2932 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
09:11:35.0823 2932 Themes - ok
09:11:35.0823 2932 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
09:11:35.0839 2932 TlntSvr - ok
09:11:35.0839 2932 TosIde - ok
09:11:35.0870 2932 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
09:11:35.0885 2932 TrkWks - ok
09:11:35.0901 2932 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
09:11:35.0917 2932 Udfs - ok
09:11:35.0917 2932 ultra - ok
09:11:35.0932 2932 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
09:11:35.0932 2932 Update - ok
09:11:35.0979 2932 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
09:11:35.0979 2932 upnphost - ok
09:11:35.0979 2932 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
09:11:35.0995 2932 UPS - ok
09:11:36.0042 2932 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
09:11:36.0042 2932 USBAAPL - ok
09:11:36.0057 2932 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:11:36.0057 2932 usbccgp - ok
09:11:36.0073 2932 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:11:36.0073 2932 usbehci - ok
09:11:36.0073 2932 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:11:36.0089 2932 usbhub - ok
09:11:36.0120 2932 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:11:36.0120 2932 usbprint - ok
09:11:36.0167 2932 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:11:36.0167 2932 usbscan - ok
09:11:36.0198 2932 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:11:36.0198 2932 usbstor - ok
09:11:36.0214 2932 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:11:36.0214 2932 usbuhci - ok
09:11:36.0229 2932 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
09:11:36.0229 2932 usbvideo - ok
09:11:36.0260 2932 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
09:11:36.0260 2932 VgaSave - ok
09:11:36.0260 2932 ViaIde - ok
09:11:36.0307 2932 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
09:11:36.0307 2932 VolSnap - ok
09:11:36.0354 2932 [ D658E49302C382B88C8E9A08E20B2E82 ] vsdatant C:\WINDOWS\system32\vsdatant.sys
09:11:36.0354 2932 vsdatant - ok
09:11:36.0385 2932 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
09:11:36.0385 2932 VSS - ok
09:11:36.0432 2932 [ 7DB85B78309C05C9F06F469ED976DC9E ] vToolbarUpdater13.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
09:11:36.0448 2932 vToolbarUpdater13.2.0 - ok
09:11:36.0479 2932 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
09:11:36.0479 2932 W32Time - ok
09:11:36.0542 2932 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:11:36.0542 2932 Wanarp - ok
09:11:36.0589 2932 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
09:11:36.0589 2932 Wdf01000 - ok
09:11:36.0604 2932 WDICA - ok
09:11:36.0620 2932 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
09:11:36.0620 2932 wdmaud - ok
09:11:36.0651 2932 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
09:11:36.0651 2932 WebClient - ok
09:11:36.0745 2932 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
09:11:36.0760 2932 winmgmt - ok
09:11:36.0807 2932 [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
09:11:36.0807 2932 WinUSB - ok
09:11:36.0823 2932 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
09:11:36.0823 2932 WmdmPmSN - ok
09:11:36.0885 2932 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
09:11:36.0901 2932 Wmi - ok
09:11:36.0948 2932 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
09:11:36.0948 2932 WmiAcpi - ok
09:11:36.0948 2932 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:11:36.0964 2932 WmiApSrv - ok
09:11:37.0073 2932 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
09:11:37.0104 2932 WMPNetworkSvc - ok
09:11:37.0135 2932 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
09:11:37.0135 2932 WpdUsb - ok
09:11:37.0151 2932 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:11:37.0151 2932 WS2IFSL - ok
09:11:37.0182 2932 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
09:11:37.0182 2932 wscsvc - ok
09:11:37.0214 2932 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:11:37.0214 2932 WSTCODEC - ok
09:11:37.0245 2932 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
09:11:37.0260 2932 wuauserv - ok
09:11:37.0276 2932 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:11:37.0276 2932 WudfPf - ok
09:11:37.0276 2932 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:11:37.0276 2932 WudfRd - ok
09:11:37.0307 2932 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
09:11:37.0323 2932 WudfSvc - ok
09:11:37.0354 2932 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
09:11:37.0370 2932 WZCSVC - ok
09:11:37.0401 2932 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
09:11:37.0401 2932 xmlprov - ok
09:11:37.0432 2932 ================ Scan global ===============================
09:11:37.0464 2932 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
09:11:37.0495 2932 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
09:11:37.0510 2932 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
09:11:37.0542 2932 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
09:11:37.0542 2932 [Global] - ok
09:11:37.0542 2932 ================ Scan MBR ==================================
09:11:37.0573 2932 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
09:11:38.0151 2932 \Device\Harddisk0\DR0 - ok
09:11:38.0151 2932 ================ Scan VBR ==================================
09:11:38.0167 2932 [ 50A26FC9D9EE9744F6F370BB98803DBD ] \Device\Harddisk0\DR0\Partition1
09:11:38.0167 2932 \Device\Harddisk0\DR0\Partition1 - ok
09:11:38.0167 2932 ============================================================
09:11:38.0167 2932 Scan finished
09:11:38.0167 2932 ============================================================
09:11:38.0182 4788 Detected object count: 0
09:11:38.0182 4788 Actual detected object count: 0

[Dorgren]

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-11-05 09:14:47
-----------------------------
09:14:47.135 OS Version: Windows 5.1.2600 Service Pack 3
09:14:47.135 Number of processors: 4 586 0x2505
09:14:47.135 ComputerName: ARABBBHLW UserName: arabbb
09:14:47.995 Initialize success
09:23:46.120 AVAST engine defs: 12110401
09:23:54.260 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:23:54.276 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
09:23:54.307 Disk 0 MBR read successfully
09:23:54.323 Disk 0 MBR scan
09:23:54.370 Disk 0 Windows VISTA default MBR code
09:23:54.385 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305243 MB offset 2048
09:23:54.417 Disk 0 scanning sectors +625139712
09:23:54.526 Disk 0 scanning C:\WINDOWS\system32\drivers
09:24:05.729 Service scanning
09:24:25.526 Modules scanning
09:24:32.510 Disk 0 trace - called modules:
09:24:32.589 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll iaStor.sys
09:24:32.604 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad3b9f0]
09:24:32.635 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> [0x8ad3b020]
09:24:32.667 5 hpdskflt.sys[b83394e6] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a6e9028]
09:24:33.823 AVAST engine scan C:\WINDOWS
09:24:37.979 AVAST engine scan C:\WINDOWS\system32
09:26:49.042 AVAST engine scan C:\WINDOWS\system32\drivers
09:27:07.167 AVAST engine scan C:\Documents and Settings\arabbb
09:39:14.495 AVAST engine scan C:\Documents and Settings\All Users
09:40:50.932 Scan finished successfully
09:43:04.151 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\arabbb\Desktop\MBR.dat"
09:43:04.198 The log file has been saved successfully to "C:\Documents and Settings\arabbb\Desktop\aswMBR.txt"

[Dorgren]

It is weird I have not seen any negative effects from this so far. However in each browser, IE, Mozilla, and Chrome new tabs open a V9 page. Even if I click on a saved page that should open a webpage in a new tab it goes to v9 instead. It starts opening the mozilla start page but then redirects.

[gringo_pr]

Hello

I want you to reset firefox back to defaults, to do this I need you to do this

• At the top of the Firefox window, click the "Firefox" button,
• go over to the "Help" sub-menu
  
  • (on Windows XP, click the Help menu at the top of the Firefox window) and select "Troubleshooting Information".
• Click the "Reset Firefox" button in the upper-right corner of the Troubleshooting Information page.
• click "Reset Firefox" in the confirmation window that opens.
• Firefox will close and be reset. When it's done. Click "Finish" and Firefox will open.

restart the computer and check firefox for me now

Gringo

[Dorgren]

Hi Gringo,

Almost there. I reset Firefox and the V9 went away. That lead me to being unable to reach the internet. I found on my phone how to reset winsock by going to CMD. netsh\Winsock\Reset catalog. That got me back on the internet however it is only when I use my wireless. If I am wired in with wireless off I can not reach the internet. I really appreciate your help so far it will lead me to donate for sure. Do you have any idea how to get my LAN connection to work again. Kind of helpful for my docking station at work.

Thanks

Dorgren

[Dorgren]

oh additional information. I can access some https while connected via LAN and only http while in wireless. HTTPS does not work on wireless and HTTP does not work while on LAN