Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Malware infection following a moment of madness  (Read 10943 times)

0 Members and 1 Guest are viewing this topic.

whathim

    Topic Starter


    Beginner

    Malware infection following a moment of madness
    « on: November 15, 2012, 05:57:51 AM »
    Computer:
    Dell Vostro 430 running Windows XP Service Pack 3, Comodo firewall, AVG free.

    The moment of madness:
    Yesterday I attempted to download a torrent, something I’ve never done before.  The download insisted on installing what I think was a BitTorrent client.

    What I did next:
    I uninstalled the previously installed BitTorrent client and then followed Steps 1 to 3 here http://www.computerhope.com/forum/index.php/topic,46313.0.html - AdwCleaner and MBAM log files pasted below.

    The symptoms:
    Lots of alerts from Comodo firewall that I haven’t seen before such as datamngrUI.exe trying to connect to Internet – I cancelled each time.

    Google Chrome default search engine setting changed and attempting to change it back on the settings page has no effect.

    Comodo firewall tray icon goes yellow – double click it and it says “Comodo Application Agent is not running” and invites me to run a diagnostic, which reports no problem.  Task Manager says cmdagent.exe and cfp.exe processes are running.

    The symptoms got worse:
    Google Chrome stopped working altogether so I uninstalled it and then tried to reinstall from Internet.  This failed – it just hung and did nothing.

    When I try to run Internet Explorer, Comodo says “DefaultTabStart.exe” is trying to connect.  I block this but then IE fails to load its home page – it just sits there “Connecting”.

    Firefox runs and connects to Internet but after a while it stops responding.

    When I shut down Windows from the Start Button I get a message box saying DATAMN~1 needs to end.  Then Windows says it is saving my settings but just hangs there and I have to switch off manually at the computer power button.

    This morning:
    Windows starts up ok.  I no longer have the Comodo tray icon but Task Manager says cmdagent.exe and cfp.exe processes are running.  I run Comodo from the desktop shortcut and immediately the yellow tray icon reappears – its same as yesterday, “Comodo Application Agent is not running”.

    I fire up Internet Explorer and Comodo says DefaultTabStart.exe is trying to connect.  This time I allow it and IE starts but it opens a search engine page I don’t recognise (I suspect its same as Chrome was showing yesterday).  The search engine works and I can get to the familiar Google search page.  Then I try to open another tab intending to have another go at reinstalling Chrome but I get a red X message box entitled “iexplore.exe Application Error” and message, “The exception unknown software exception (0xc00000fd) occurred in the application at location 0x00dcd240.  Click on OK to terminate the program”.  I have to click OK three times before the message box disappears – IE continues running.  I try again, same result.

    I’m out of my depth here.  I don’t know what to do next and am apprehensive about cause any more damage.  Could some kind soul please give me some guidance?

    Keith

    # AdwCleaner v2.007 - Logfile created 11/14/2012 at 19:44:17
    # Updated 06/11/2012 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : Keith Waters - DELLDESK
    # Boot Mode : Normal
    # Running from : C:\Downloads\Anti Malware\AdwCleaner\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****

    Found : DefaultTabUpdate

    ***** [Files / Folders] *****

    File Found : C:\Documents and Settings\Keith Waters\Application Data\Mozilla\Firefox\Profiles\0uc8mmsq.default\searchplugins\Search_Results.xml
    File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
    File Found : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
    Folder Found : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
    Folder Found : C:\Documents and Settings\All Users\Application Data\boost_interprocess
    Folder Found : C:\Documents and Settings\All Users\Application Data\InstallMate
    Folder Found : C:\Documents and Settings\All Users\Application Data\Premium
    Folder Found : C:\Documents and Settings\All Users\Start Menu\Programs\Media Finder
    Folder Found : C:\Documents and Settings\Keith Waters\Application Data\AVG Secure Search
    Folder Found : C:\Documents and Settings\Keith Waters\Application Data\DefaultTab
    Folder Found : C:\Documents and Settings\Keith Waters\Application Data\Media Finder
    Folder Found : C:\Documents and Settings\Keith Waters\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
    Folder Found : C:\Documents and Settings\Keith Waters\Application Data\Mozilla\Firefox\Profiles\0uc8mmsq.default\extensions\staged
    Folder Found : C:\Documents and Settings\Keith Waters\Local Settings\Application Data\AVG Secure Search
    Folder Found : C:\Documents and Settings\Keith Waters\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
    Folder Found : C:\Program Files\AVG Secure Search
    Folder Found : C:\Program Files\Common Files\AVG Secure Search

    ***** [Registry] *****

    Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\search~1\datamngr\datamngr.dll
    Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\search~1\datamngr\iebho.dll
    Key Found : HKCU\Software\APN DTX
    Key Found : HKCU\Software\AppDataLow\Software\DefaultTab
    Key Found : HKCU\Software\AVG Secure Search
    Key Found : HKCU\Software\DataMngr
    Key Found : HKCU\Software\DataMngr_Toolbar
    Key Found : HKCU\Software\DefaultTab
    Key Found : HKCU\Software\ilivid
    Key Found : HKCU\Software\MediaFinder
    Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\Software\AVG Secure Search
    Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Classes\gencrawler_gc.GenCrawler
    Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Found : HKLM\SOFTWARE\Classes\MF
    Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Found : HKLM\SOFTWARE\Classes\S
    Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Found : HKLM\Software\DataMngr
    Key Found : HKLM\Software\Default Tab
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
    Key Found : HKLM\Software\Iminent
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
    Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Found : HKU\S-1-5-21-3042826270-1079364616-2737687425-1005\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKU\S-1-5-21-3042826270-1079364616-2737687425-1005\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Found : HKU\S-1-5-21-3042826270-1079364616-2737687425-1005\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Media Finder]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
    Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={402DD99C-B492-4911-BE7A-EAD2745BAD57}&mid=8e6fccf6b6a5ab4adbffa3b655bdfe2a-8088c5917818e80873dffa0637d0db34d5525198&lang=en&ds=AVG&pr=fr&d=2012-08-22 19:23:50&v=13.2.0.5&sap=nt

    -\\ Mozilla Firefox v16.0 (en-US)

    Profile name : default
    File : C:\Documents and Settings\Keith Waters\Application Data\Mozilla\Firefox\Profiles\0uc8mmsq.default\prefs.js

    Found : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AV[...]

    -\\ Google Chrome v23.0.1271.64

    File : C:\Documents and Settings\Keith Waters\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [8793 octets] - [14/11/2012 19:44:17]

    ########## EOF - C:\AdwCleaner[R1].txt - [8853 octets] ##########


    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.14.06

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Keith Waters :: DELLDESK [administrator]

    14/11/2012 19:50:44
    mbam-log-2012-11-14 (19-50-44).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 276405
    Time elapsed: 6 minute(s), 11 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 15
    HKCR\CLSID\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} (PUP.Datamngr) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{1FDC0B61-91AC-4157-9B27-CAD9A09AB67E} (PUP.Datamngr) -> Quarantined and deleted successfully.
    HKCR\BrowserConnection.Loader.1 (PUP.Datamngr) -> Quarantined and deleted successfully.
    HKCR\BrowserConnection.Loader (PUP.Datamngr) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Quarantined and deleted successfully.
    HKCR\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKCR\gencrawler_gc.GenCrawler (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKCR\CLSID\{f34c9277-6577-4dff-b2d7-7d58092f272f} (PUP.Datamngr) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Quarantined and deleted successfully.

    Registry Values Detected: 2
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Data: Search-Results Toolbar -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f34c9277-6577-4dff-b2d7-7d58092f272f} (PUP.Datamngr) -> Data:  -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 5
    C:\Program Files\Search Results Toolbar\Datamngr\BrowserConnection.dll (PUP.Datamngr) -> Delete on reboot.
    C:\Documents and Settings\Keith Waters\Application Data\Media Finder\Extensions\gencrawler_gc.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (PUP.Datamngr) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Keith Waters\My Documents\Downloads\SaveAs (1).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Keith Waters\My Documents\Downloads\SaveAs.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.

    (end)

    SuperDave

    • Malware Removal Specialist
    • Moderator


    • Sage
    • Thanked: 842
    • Certifications: List
    • Experience: Expert
    • OS: Windows 8
    Re: Malware infection following a moment of madness
    « Reply #1 on: November 15, 2012, 01:33:59 PM »
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    Remove the Adware:
    • Please close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
    *********************************************
    Download Combofix from any of the links below, and save it to your DESKTOP

    Link 1
    Link 2
    Link 3

    To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.
    • Close any open windows and double click ComboFix.exe to run it.

      You will see the following image:


    Click I Agree to start the program.

    ComboFix will then extract the necessary files and you will see this:



    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

    It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

    If you did not have it installed, you will see the prompt below. Choose YES.



    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



    Click on Yes, to continue scanning for malware.

    When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

    Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

    Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
    Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender

    whathim

      Topic Starter


      Beginner

      Re: Malware infection following a moment of madness
      « Reply #2 on: November 15, 2012, 03:34:23 PM »
      Thanks for replying Dave and thanks for your excellent instructions.

      On my first attempt at running adwCleaner.exe, the run dialog appeared but not the adwCleaner UI.  Task manager showed an adwcleaner.exe process.  I killed this and tried again and this time adwCleaner appeared.  I clicked “Delete” as instructed.  Then downloaded and ran ComboFix after disabling AVG (Comodo alerted several times so I accepted each one).  See both logs below.

      Keith


      # AdwCleaner v2.007 - Logfile created 11/15/2012 at 21:24:52
      # Updated 06/11/2012 by Xplode
      # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
      # User : Keith Waters - DELLDESK
      # Boot Mode : Normal
      # Running from : C:\Downloads\Anti Malware\AdwCleaner\adwcleaner.exe
      # Option [Delete]


      ***** [Services] *****

      Stopped & Deleted : DefaultTabUpdate

      ***** [Files / Folders] *****

      Deleted on reboot : C:\Documents and Settings\Keith Waters\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
      Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
      File Deleted : C:\Documents and Settings\Keith Waters\Application Data\Mozilla\Firefox\Profiles\0uc8mmsq.default\extensions\addon@defaulttab.com.xpi
      File Deleted : C:\Documents and Settings\Keith Waters\Application Data\Mozilla\Firefox\Profiles\0uc8mmsq.default\searchplugins\Search_Results.xml
      File Deleted : C:\Documents and Settings\Keith Waters\Application Data\Mozilla\Firefox\Profiles\0uc8mmsq.default\searchplugins\search-here.xml
      File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
      File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
      Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
      Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
      Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
      Folder Deleted : C:\Documents and Settings\All Users\Application Data\Premium
      Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Media Finder
      Folder Deleted : C:\Documents and Settings\Keith Waters\Application Data\AVG Secure Search
      Folder Deleted : C:\Documents and Settings\Keith Waters\Application Data\DefaultTab
      Folder Deleted : C:\Documents and Settings\Keith Waters\Application Data\Media Finder
      Folder Deleted : C:\Documents and Settings\Keith Waters\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
      Folder Deleted : C:\Documents and Settings\Keith Waters\Local Settings\Application Data\AVG Secure Search
      Folder Deleted : C:\Program Files\AVG Secure Search

      ***** [Registry] *****

      Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\search~1\datamngr\datamngr.dll
      Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\search~1\datamngr\iebho.dll
      Key Deleted : HKCU\Software\APN DTX
      Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
      Key Deleted : HKCU\Software\AVG Secure Search
      Key Deleted : HKCU\Software\DataMngr
      Key Deleted : HKCU\Software\DataMngr_Toolbar
      Key Deleted : HKCU\Software\DefaultTab
      Key Deleted : HKCU\Software\ilivid
      Key Deleted : HKCU\Software\MediaFinder
      Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
      Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
      Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
      Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
      Key Deleted : HKLM\Software\AVG Secure Search
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
      Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
      Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
      Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
      Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
      Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
      Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
      Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
      Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
      Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
      Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
      Key Deleted : HKLM\SOFTWARE\Classes\MF
      Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
      Key Deleted : HKLM\SOFTWARE\Classes\S
      Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
      Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
      Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
      Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
      Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
      Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
      Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
      Key Deleted : HKLM\Software\DataMngr
      Key Deleted : HKLM\Software\Default Tab
      Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
      Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
      Key Deleted : HKLM\Software\Iminent
      Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
      Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
      Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
      Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
      Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
      Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
      Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
      Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
      Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
      Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
      Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
      Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Media Finder]
      Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
      Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
      Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

      ***** [Internet Browsers] *****

      -\\ Internet Explorer v8.0.6001.18702

      Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={402DD99C-B492-4911-BE7A-EAD2745BAD57}&mid=8e6fccf6b6a5ab4adbffa3b655bdfe2a-8088c5917818e80873dffa0637d0db34d5525198&lang=en&ds=AVG&pr=fr&d=2012-08-22 19:23:50&v=13.2.0.5&sap=nt --> hxxp://www.google.com

      -\\ Mozilla Firefox v16.0 (en-US)

      Profile name : default
      File : C:\Documents and Settings\Keith Waters\Application Data\Mozilla\Firefox\Profiles\0uc8mmsq.default\prefs.js

      C:\Documents and Settings\Keith Waters\Application Data\Mozilla\Firefox\Profiles\0uc8mmsq.default\user.js ... Deleted !

      Deleted : user_pref("aol_toolbar.default.homepage.check", false);
      Deleted : user_pref("aol_toolbar.default.search.check", false);
      Deleted : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AV[...]
      Deleted : user_pref("browser.startup.homepage", "hxxp://www.searchnu.com/406");
      Deleted : user_pref("extensions.50a3b30f8a925.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
      Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
      Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
      Deleted : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\":[...]
      Deleted : user_pref("extensions.enabledAddons", "updater@foxstart.com:2.1,{5384767E-00D9-40E9-B72F-9CC39D655D6[...]
      Deleted : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=157&systemid=406&apn[...]
      Deleted : user_pref("sweetim.toolbar.previous.browser.search .defaultenginename", "");
      Deleted : user_pref("sweetim.toolbar.previous.browser.search .selectedEngine", "");
      Deleted : user_pref("sweetim.toolbar.previous.browser.startu p.homepage", "");
      Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
      Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
      Deleted : user_pref("sweetim.toolbar.searchguard.UserRejecte dGuard_DS", "");
      Deleted : user_pref("sweetim.toolbar.searchguard.UserRejecte dGuard_HP", "");
      Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

      -\\ Google Chrome v [Unable to get version]

      File : C:\Documents and Settings\Keith Waters\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

      [OK] File is clean.

      *************************

      AdwCleaner[R1].txt - [8922 octets] - [14/11/2012 19:44:17]
      AdwCleaner[S1].txt - [10056 octets] - [15/11/2012 21:24:52]

      ########## EOF - C:\AdwCleaner[S1].txt - [10117 octets] ##########


      ComboFix 12-11-15.01 - Keith Waters 15/11/2012  22:03:21.3.8 - x86
      Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3063.2288 [GMT 0:00]
      Running from: c:\documents and settings\Keith Waters\Desktop\ComboFix.exe
      AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
      FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
      .
      .
      (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\0665c25e931c1ac0151b062449e91028\XSAccessor.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\17d0b152e63e6bfe81b4b19588538896\mro.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\19febd96672ffdb7ea244cef36aaa062\Zlib.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\2b1fc61b36a6711ea149b18bf3b41500\Parser.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\38a10ee333cf1a9afec3f0acdf1bbebc\Scan.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\3a8764e0d7c5d453e01d9ad08cf7fb58\IO.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\3b7106dd14676048b10bbb09a990f74c\XS.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\4461f48e31bde5c56b31b973b773de09\List.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\44727051c604ef6b79894b64d4c63832\Expat.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\4f2c03383aab0133b8dc0a3fa2dd92fa\Storable.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\7f177c338672436e01c4f0bdbcf94491\EV.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\7f2598c08178217a0e2c754f3d568f28\Byte.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\8fedeb86a4a984edfc1fb255d4ea965c\XS.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\961b0d62fa52b1dd29c795a822fbf1cf\DBI.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\aff7ee779ea184f884ed432c30a58f5d\Scale.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\b6bd87c968599725b8ab2e5c25d3046a\API.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\b979ace6da01e63d651cce9ee2474fdc\Name.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\bc147d83c7c868eeee67082dcf55430c\File.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\bd5179a413bc0c4b82eedc22c6cab101\re.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\c199d3c1960e7aeeecb599487952bed2\HiRes.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\c19d5e3dc664d9f4ce700001e2621cee\MD5.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\c344fd5536724b2af2e6453833b60203\SHA1.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\c668a322917d32a5ea22894518aa9897\Base64.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\cf5fe81e2f5dcbfecfd0495e1648c991\Unicode.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\d0bf009923f29116535c26d228271d6d\Scan.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\d1c77e404b5c4b954fa537ed63c8fb7b\File.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\dacfd0ab9b5fd029ed8d29e4482b0775\XS.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\e2e81dd6b3e5a36f0bdae076393cc11d\icudt46.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\e2e81dd6b3e5a36f0bdae076393cc11d\icuin46.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\e2e81dd6b3e5a36f0bdae076393cc11d\icuuc46.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\e2e81dd6b3e5a36f0bdae076393cc11d\SQLite.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\e56c61f7248672819579325af3387035\POSIX.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\eb138ef0e4282611dbf485a302784646\LibYAML.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\f233f63b6654362865c7577442edb9e3\Win32.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\fa9e3c814aa32db2ad5f17bdfbc22746\attributes.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-2404\perl514.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-3552\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-3552\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-3552\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-3552\4461f48e31bde5c56b31b973b773de09\List.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-3552\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-3552\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-3552\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-3552\93e7e3d6030f426844228042348210cf\Service.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-3552\bd5179a413bc0c4b82eedc22c6cab101\re.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-3552\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-3552\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-3552\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-3552\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-3552\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-3552\e56c61f7248672819579325af3387035\POSIX.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-3552\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-3552\eb138ef0e4282611dbf485a302784646\LibYAML.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-3552\f233f63b6654362865c7577442edb9e3\Win32.dll
      c:\docume~1\KEITHW~1\LOCALS~1\Temp\pdk-Keith_Waters-3552\perl514.dll
      c:\documents and settings\All Users\Application Data\TEMP
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\0665c25e931c1ac0151b062449e91028\XSAccessor.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\17d0b152e63e6bfe81b4b19588538896\mro.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\19febd96672ffdb7ea244cef36aaa062\Zlib.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\2b1fc61b36a6711ea149b18bf3b41500\Parser.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\38a10ee333cf1a9afec3f0acdf1bbebc\Scan.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\3a8764e0d7c5d453e01d9ad08cf7fb58\IO.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\3b7106dd14676048b10bbb09a990f74c\XS.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\4461f48e31bde5c56b31b973b773de09\List.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\44727051c604ef6b79894b64d4c63832\Expat.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\4f2c03383aab0133b8dc0a3fa2dd92fa\Storable.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\7f177c338672436e01c4f0bdbcf94491\EV.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\7f2598c08178217a0e2c754f3d568f28\Byte.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\8fedeb86a4a984edfc1fb255d4ea965c\XS.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\961b0d62fa52b1dd29c795a822fbf1cf\DBI.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\aff7ee779ea184f884ed432c30a58f5d\Scale.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\b6bd87c968599725b8ab2e5c25d3046a\API.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\b979ace6da01e63d651cce9ee2474fdc\Name.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\bc147d83c7c868eeee67082dcf55430c\File.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\bd5179a413bc0c4b82eedc22c6cab101\re.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\c199d3c1960e7aeeecb599487952bed2\HiRes.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\c19d5e3dc664d9f4ce700001e2621cee\MD5.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\c344fd5536724b2af2e6453833b60203\SHA1.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\c668a322917d32a5ea22894518aa9897\Base64.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\cf5fe81e2f5dcbfecfd0495e1648c991\Unicode.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\d0bf009923f29116535c26d228271d6d\Scan.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\d1c77e404b5c4b954fa537ed63c8fb7b\File.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\dacfd0ab9b5fd029ed8d29e4482b0775\XS.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\e2e81dd6b3e5a36f0bdae076393cc11d\icudt46.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\e2e81dd6b3e5a36f0bdae076393cc11d\icuin46.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\e2e81dd6b3e5a36f0bdae076393cc11d\icuuc46.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\e2e81dd6b3e5a36f0bdae076393cc11d\SQLite.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\e56c61f7248672819579325af3387035\POSIX.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\eb138ef0e4282611dbf485a302784646\LibYAML.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\f233f63b6654362865c7577442edb9e3\Win32.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\fa9e3c814aa32db2ad5f17bdfbc22746\attributes.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-2404\perl514.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-3552\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-3552\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-3552\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-3552\4461f48e31bde5c56b31b973b773de09\List.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-3552\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-3552\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-3552\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-3552\93e7e3d6030f426844228042348210cf\Service.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-3552\bd5179a413bc0c4b82eedc22c6cab101\re.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-3552\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-3552\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-3552\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-3552\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-3552\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-3552\e56c61f7248672819579325af3387035\POSIX.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-3552\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-3552\eb138ef0e4282611dbf485a302784646\LibYAML.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-3552\f233f63b6654362865c7577442edb9e3\Win32.dll
      c:\documents and settings\Keith Waters\Local Settings\temp\pdk-Keith_Waters-3552\perl514.dll
      c:\documents and settings\Keith Waters\WINDOWS
      c:\windows\system32\Cache
      c:\windows\system32\Cache\083b95982dac99d4.fb
      c:\windows\system32\Cache\272512937d9e61a4.fb
      c:\windows\system32\Cache\287204568329e189.fb
      c:\windows\system32\Cache\28bc8f716fd76a47.fb
      c:\windows\system32\Cache\2aafef63cf929d3c.fb
      c:\windows\system32\Cache\2c53092c95605355.fb
      c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
      c:\windows\system32\Cache\32c84fe32bb74d60.fb
      c:\windows\system32\Cache\3917078cb68ec657.fb
      c:\windows\system32\Cache\590ba23ce359fd0c.fb
      c:\windows\system32\Cache\610289e025a3ee9a.fb
      c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
      c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
      c:\windows\system32\Cache\6d03dad1035885d3.fb
      c:\windows\system32\Cache\8702e21ea93407b0.fb
      c:\windows\system32\Cache\99494c55e48696ad.fb
      c:\windows\system32\Cache\a8556537add6dfc5.fb
      c:\windows\system32\Cache\ad10a52aff5e038d.fb
      c:\windows\system32\Cache\bced3609cd4313a9.fb
      c:\windows\system32\Cache\c1fa887b03019701.fb
      c:\windows\system32\Cache\c4d28dca2e7648be.fb
      c:\windows\system32\Cache\d201ef9910cd39de.fb
      c:\windows\system32\Cache\d2e94710a5708128.fb
      c:\windows\system32\Cache\d79b9dfe81484ec4.fb
      c:\windows\system32\Cache\e0de16f883bea794.fb
      c:\windows\system32\Cache\e35a913902aba37b.fb
      c:\windows\system32\Cache\e8db39e39966059c.fb
      c:\windows\system32\Cache\f998975c9cc711ee.fb
      c:\windows\system32\FE05DA0D.dll
      c:\windows\system32\FE05EFED.dll
      c:\windows\system32\FE05F051.dll
      c:\windows\system32\FE05F3D5.dll
      c:\windows\system32\FE05F3D6.dll
      c:\windows\system32\SETCC.tmp
      c:\windows\system32\SETCE.tmp
      c:\windows\system32\SETF7.tmp
      c:\windows\system32\URTTemp
      c:\windows\system32\URTTemp\fusion.dll
      c:\windows\system32\URTTemp\mscoree.dll
      c:\windows\system32\URTTemp\mscoree.dll.local
      c:\windows\system32\URTTemp\mscorsn.dll
      c:\windows\system32\URTTemp\mscorwks.dll
      c:\windows\system32\URTTemp\msvcr71.dll
      c:\windows\system32\URTTemp\regtlib.exe
      .
      .
      (((((((((((((((((((((((((   Files Created from 2012-10-15 to 2012-11-15  )))))))))))))))))))))))))))))))
      .
      .
      2012-11-14 17:14 . 2012-11-14 19:22   --------   d-----w-   c:\documents and settings\Keith Waters\My Downloads
      2012-11-14 17:11 . 2012-11-14 17:20   --------   d-----w-   c:\documents and settings\Keith Waters\Application Data\FreeTorrentViewer
      2012-11-14 16:53 . 2012-11-14 16:53   --------   d-----w-   c:\documents and settings\Keith Waters\Application Data\SpottyFiles
      2012-11-14 16:39 . 2012-11-14 16:39   --------   d-----w-   c:\documents and settings\Keith Waters\Application Data\SwvUpdater
      2012-11-14 15:20 . 2012-11-14 15:20   --------   d-----w-   c:\program files\Gophoto.it
      2012-11-14 15:19 . 2012-11-14 17:31   --------   d-----w-   c:\program files\TornTV.com
      2012-11-14 15:09 . 2012-11-14 15:09   --------   d-----w-   c:\documents and settings\Keith Waters\Application Data\searchresultstb
      2012-11-14 15:09 . 2012-11-14 15:09   --------   d-----w-   c:\documents and settings\Keith Waters\AppData
      2012-11-14 15:05 . 2012-11-14 15:05   --------   d-----w-   c:\program files\MocaFlix
      2012-11-14 15:04 . 2012-11-14 15:09   --------   d-----w-   c:\documents and settings\All Users\Application Data\SaveAs
      2012-11-14 14:56 . 2012-11-14 15:09   --------   d-----w-   c:\documents and settings\Keith Waters\Application Data\ilividtoolbarguid
      2012-11-14 14:56 . 2012-11-14 14:58   --------   d-----w-   c:\program files\Search Results Toolbar
      2012-11-13 16:22 . 2012-11-14 17:54   --------   d-----w-   c:\documents and settings\Keith Waters\Application Data\vlc
      2012-11-13 16:21 . 2012-11-13 16:21   --------   d-----w-   c:\program files\VideoLAN
      2012-10-22 10:51 . 2012-10-22 10:51   --------   d-----w-   c:\program files\IIS Express
      2012-10-19 09:38 . 2012-10-19 09:38   --------   d-----w-   c:\documents and settings\DELLDESK
      2012-10-18 13:37 . 2012-10-18 13:37   --------   d-----w-   c:\program files\Common Files\Java
      2012-10-18 13:27 . 2012-10-18 13:34   --------   d-----w-   C:\PHP
      .
      .
      .
      ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-11-08 10:56 . 2012-08-22 18:23   26984   ----a-w-   c:\windows\system32\drivers\avgtpx86.sys
      2012-11-07 23:38 . 2010-06-01 18:00   99080   ----a-w-   c:\windows\system32\drivers\inspect.sys
      2012-11-07 23:38 . 2010-06-01 18:00   32640   ----a-w-   c:\windows\system32\drivers\CMDHLP.SYS
      2012-11-07 23:38 . 2010-06-04 10:55   497952   ----a-w-   c:\windows\system32\drivers\CMDGUARD.SYS
      2012-11-07 23:38 . 2010-06-01 18:00   18096   ----a-w-   c:\windows\system32\drivers\cmderd.sys
      2012-11-07 23:37 . 2011-10-19 18:58   34024   ----a-w-   c:\windows\system32\cmdcsr.dll
      2012-11-07 23:37 . 2010-06-01 18:00   301264   ----a-w-   c:\windows\system32\guard32.dll
      2012-10-11 13:05 . 2008-04-25 16:16   2405   ----a-w-   c:\windows\_default.pif
      2012-10-09 10:19 . 2012-05-10 09:15   696760   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
      2012-10-09 10:19 . 2011-05-15 09:36   73656   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
      2012-09-29 19:54 . 2010-08-27 07:14   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
      2012-09-24 14:32 . 2012-06-27 21:02   477168   ----a-w-   c:\windows\system32\npdeployJava1.dll
      2012-09-24 14:32 . 2010-04-22 10:28   473072   ----a-w-   c:\windows\system32\deployJava1.dll
      2012-09-24 12:51 . 2012-06-27 21:02   73728   ----a-w-   c:\windows\system32\javacpl.cpl
      2012-08-28 15:14 . 2010-08-31 22:18   43520   ----a-w-   c:\windows\system32\licmgr10.dll
      2012-08-28 15:14 . 2010-02-13 18:00   916992   ----a-w-   c:\windows\system32\wininet.dll
      2012-08-28 15:14 . 2010-08-31 22:18   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
      2012-08-28 12:07 . 2010-08-31 22:18   385024   ----a-w-   c:\windows\system32\html.iec
      2012-08-24 14:43 . 2010-09-07 02:49   301920   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
      2012-08-24 13:53 . 2008-04-14 07:00   177664   ----a-w-   c:\windows\system32\wintrust.dll
      2012-08-20 13:17 . 2009-12-02 06:31   16976   ----a-w-   c:\windows\system32\drivers\dsNcAdpt.sys
      2012-10-16 12:42 . 2011-05-10 08:12   261600   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
      .
      .
      (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
      @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
      [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
      2010-01-18 19:12   86280   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
      @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
      [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
      2010-01-18 19:12   86280   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
      @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
      [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
      2010-01-18 19:12   86280   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
      @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
      [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
      2010-01-18 19:12   86280   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
      @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
      [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
      2010-01-18 19:12   86280   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
      @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
      [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
      2010-01-18 19:12   86280   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
      @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
      [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
      2010-01-18 19:12   86280   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
      @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
      [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
      2010-01-18 19:12   86280   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
      @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
      [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
      2010-01-18 19:12   86280   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
      "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-12 61440]
      "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-04 128232]
      "DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2009-11-12 203776]
      "REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
      "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
      "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
      "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
      "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
      "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
      "WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
      "CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2010-11-26 331264]
      "RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
      "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
      .
      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
      "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
      .
      c:\documents and settings\All Users\Start Menu\Programs\Startup\
      Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe [2010-1-27 53248]
      Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2010-2-14 241664]
      Logitech Media Server Tray Tool.lnk - c:\program files\Squeezebox\SqueezeTray.exe [2011-11-9 3051619]
      Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-7-11 122880]
      Microsoft Office.lnk - c:\program files\Microsoft Office 2000\Office\OSA9.EXE [1999-2-17 65588]
      Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-7-11 61440]
      Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
      WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-11-7 106560]
      .
      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
      "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
      "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2012-06-27 113024]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
      2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
      .
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
      BootExecute   REG_MULTI_SZ      autocheck autochk *\0sprestrt\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
      @=""
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\Dell Remote Access\\ezi_ra.exe"=
      "c:\\Program Files\\Common Files\\Dell\\Advanced Networking Service\\hnm_svc.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
      "c:\\Program Files\\Common Files\\Dell\\VLC\\vlc.exe"=
      "c:\\Program Files\\Common Files\\Common Desktop Agent\\CDASrv.exe"=
      "c:\\Program Files\\Samsung\\Easy Printer Manager\\IDS.Application.exe"=
      "c:\\Program Files\\Samsung\\Easy Printer Manager\\OrderSupplies.exe"=
      "c:\\Program Files\\Samsung\\Easy Printer Manager\\IDSAlert.exe"=
      "c:\\Program Files\\Samsung\\Easy Printer Manager\\CDAS2PC\\CDAS2PC.exe"=
      "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
      "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
      "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
      "c:\\Program Files\\Search Results Toolbar\\Datamngr\\SRTOOL~1\\dtUser.exe"=
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
      "9000:TCP"= 9000:TCP:Logitech Media Server 9000 tcp (UI)
      "9001:TCP"= 9001:TCP:Logitech Media Server 9001 tcp (UI)
      "9002:TCP"= 9002:TCP:Logitech Media Server 9002 tcp (UI)
      "9003:TCP"= 9003:TCP:Logitech Media Server 9003 tcp (UI)
      "9004:TCP"= 9004:TCP:Logitech Media Server 9004 tcp (UI)
      "9005:TCP"= 9005:TCP:Logitech Media Server 9005 tcp (UI)
      "9006:TCP"= 9006:TCP:Logitech Media Server 9006 tcp (UI)
      "9007:TCP"= 9007:TCP:Logitech Media Server 9007 tcp (UI)
      "9008:TCP"= 9008:TCP:Logitech Media Server 9008 tcp (UI)
      "9009:TCP"= 9009:TCP:Logitech Media Server 9009 tcp (UI)
      "9010:TCP"= 9010:TCP:Logitech Media Server 9010 tcp (UI)
      "9100:TCP"= 9100:TCP:Logitech Media Server 9100 tcp (UI)
      "8000:TCP"= 8000:TCP:Logitech Media Server 8000 tcp (UI)
      "10000:TCP"= 10000:TCP:Logitech Media Server 10000 tcp (UI)
      "9090:TCP"= 9090:TCP:Logitech Media Server 9090 tcp (UI)
      "3483:UDP"= 3483:UDP:Logitech Media Server 3483 udp
      "3483:TCP"= 3483:TCP:Logitech Media Server 3483 tcp
      .
      R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 03:50 24896]
      R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 02:48 31952]
      R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 02:48 237408]
      R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07/09/2010 02:49 301920]
      R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [22/08/2012 18:23 26984]
      R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\CMDGUARD.SYS [04/06/2010 10:55 497952]
      R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\CMDHLP.SYS [01/06/2010 18:00 32640]
      R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [17/02/2010 18:25 12880]
      R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 18:41 67664]
      R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [29/06/2010 17:48 116608]
      R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [13/08/2012 02:24 5167736]
      R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14/02/2012 03:53 193288]
      R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [11/06/2012 15:22 193616]
      R2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BACS\BPowMon.exe [12/06/2009 14:23 79168]
      R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [23/12/2010 06:06 5120]
      R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 12:32 139856]
      R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23/12/2011 12:32 24144]
      R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 12:32 17232]
      R3 k57w2k;Broadcom NetLink (TM) Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [28/01/2010 02:31 209960]
      S0 cerc6;cerc6;

      S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [?]
      S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [28/01/2010 02:31 1684736]
      S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [06/05/2011 19:16 1025352]
      S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [11/06/2012 15:22 240208]
      .
      --- Other Services/Drivers In Memory ---
      .
      *NewlyCreated* - WS2IFSL
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2012-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 10:19]
      .
      2012-11-15 c:\windows\Tasks\AmiUpdXp.job
      - c:\documents and settings\Keith Waters\Application Data\SwvUpdater\Updater.exe [2012-11-14 16:38]
      .
      2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 16:00]
      .
      2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 16:00]
      .
      2012-11-15 c:\windows\Tasks\OGALogon.job
      - c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://websearch.mocaflix.com/
      mStart Page = hxxp://websearch.mocaflix.com/
      TCP: DhcpNameServer = 192.168.0.1
      FF - ProfilePath - c:\documents and settings\Keith Waters\Application Data\Mozilla\Firefox\Profiles\0uc8mmsq.default\
      FF - prefs.js: browser.search.defaulturl - hxxp://websearch.mocaflix.com/?l=1&q=
      FF - prefs.js: browser.search.selectedEngine - WebSearch
      FF - ExtSQL: 2012-10-18 14:37; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
      FF - ExtSQL: 2012-11-14 14:57; {f34c9277-6577-4dff-b2d7-7d58092f272f}; c:\documents and settings\Keith Waters\Application Data\Mozilla\Firefox\Profiles\0uc8mmsq.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}
      FF - ExtSQL: 2012-11-14 15:19; torntv@torntv.com; c:\documents and settings\Keith Waters\Application Data\Mozilla\Firefox\Profiles\0uc8mmsq.default\extensions\torntv@torntv.com.xpi
      FF - ExtSQL: 2012-11-14 20:28; 50a3b30f8a879@50a3b30f8a8b2.com; c:\documents and settings\Keith Waters\Application Data\Mozilla\Firefox\Profiles\0uc8mmsq.default\extensions\50a3b30f8a879@50a3b30f8a8b2.com
      FF - ExtSQL: !HIDDEN! 2009-11-03 22:19; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
      FF - ExtSQL: !HIDDEN! 2012-11-14 14:57; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension
      .
      - - - - ORPHANS REMOVED - - - -
      .
      URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
      BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\documents and settings\Keith Waters\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll
      Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
      Toolbar-10 - (no file)
      WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
      HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
      HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
      HKLM-Run-HF_G_Jul - c:\program files\AVG Secure Search\HF_G_Jul.exe
      HKLM-Run-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe
      HKLM-Run-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe
      HKLM-Run-MFARestart - c:\documents and settings\All Users\Application Data\MFAData\pack\avgrunasx.exe
      HKU-Default-RunOnce-tscuninstall - c:\windows\system32\tscupgrd.exe
      AddRemove-1ClickDownload - c:\program files\TornTV.com\uninst.exe
      AddRemove-FreeTorrentViewer - c:\program files\FreeTorrentViewer\uninst.exe
      AddRemove-OptimizerPro - c:\docume~1\ALLUSE~1\APPLIC~1\INSTAL~2\OPTIMI~1\Setup.exe
      .
      .
      .
      **************************************************************************
      .
      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2012-11-15 22:18
      Windows 5.1.2600 Service Pack 3 NTFS
      .
      detected NTDLL code modification:
      ZwClose
      .
      scanning hidden processes ... 
      .
      scanning hidden autostart entries ...
      .
      scanning hidden files ... 
      .
      scan completed successfully
      hidden files: 0
      .
      **************************************************************************
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------
      .
      - - - - - - - > 'winlogon.exe'(1228)
      c:\program files\SUPERAntiSpyware\SASWINLO.DLL
      c:\windows\system32\WININET.dll
      c:\windows\system32\Ati2evxx.dll
      .
      - - - - - - - > 'lsass.exe'(1284)
      c:\windows\system32\guard32.dll
      .
      - - - - - - - > 'explorer.exe'(2480)
      c:\windows\system32\WININET.dll
      c:\windows\system32\guard32.dll
      c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
      c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
      c:\program files\TortoiseSVN\bin\TortoiseStub.dll
      c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
      c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
      c:\windows\system32\ieframe.dll
      c:\windows\system32\webcheck.dll
      c:\windows\system32\WPDShServiceObj.dll
      c:\windows\system32\PortableDeviceTypes.dll
      c:\windows\system32\PortableDeviceApi.dll
      .
      - - - - - - - > 'csrss.exe'(1184)
      c:\windows\system32\cmdcsr.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\progra~1\AVG\AVG2012\avgrsx.exe
      c:\program files\AVG\AVG2012\avgcsrvx.exe
      c:\windows\system32\Ati2evxx.exe
      c:\windows\system32\Ati2evxx.exe
      c:\program files\AVG\AVG2012\avgnsx.exe
      c:\program files\Juniper Networks\Common Files\dsNcService.exe
      c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
      c:\program files\TortoiseSVN\bin\TSVNCache.exe
      c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
      c:\program files\Samsung\Easy Printer Manager\SpoolerComp.exe
      c:\windows\RTHDCPL.EXE
      c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
      c:\program files\Dell Remote Access\ezi_ra.exe
      c:\windows\system32\inetsrv\inetinfo.exe
      c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      c:\program files\CDBurnerXP\NMSAccessU.exe
      c:\progra~1\SQUEEZ~1\server\SQUEEZ~3.EXE
      c:\windows\system32\SearchIndexer.exe
      c:\program files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
      .
      **************************************************************************
      .
      Completion time: 2012-11-15  22:24:50 - machine was rebooted
      ComboFix-quarantined-files.txt  2012-11-15 22:24
      .
      Pre-Run: 284,510,109,696 bytes free
      Post-Run: 286,111,911,936 bytes free
      .
      - - End Of File - - F8F0C7DC740DD7AFEF0376AFCCAAEBD9


      SuperDave

      • Malware Removal Specialist
      • Moderator


      • Sage
      • Thanked: 842
      • Certifications: List
      • Experience: Expert
      • OS: Windows 8
      Re: Malware infection following a moment of madness
      « Reply #3 on: November 15, 2012, 04:13:25 PM »
      Download Security Check by screen317 from one of the following links and save it to your desktop.

      Link 1
      Link 2

      * Double-click Security Check.bat
      * Follow the on-screen instructions inside of the black box.
      * A Notepad document should open automatically called checkup.txt
      * Post the contents of that document in your next reply.

      Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
      **************************************************
      Please download aswMBR.exe ( 511KB ) to your desktop.

      Double click the aswMBR.exe to run it



      Click the "Scan" button to start scan

      Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



      On completion of the scan click save log, save it to your desktop and post in your next reply
      ************************************************
      SysProt Antirootkit

      Download
      SysProt Antirootkit from the link below (you will find it at the bottom
      of the page under attachments, or you can get it from one of the
      mirrors).

      http://sites.google.com/site/sysprotantirootkit/

      Unzip it into a folder on your desktop.
      • Double click Sysprot.exe to start the program.
      • Click on the Log tab.
      • In the Write to log box select the following items.
        • Process << Selected
        • Kernel Modules << Selected
        • SSDT << Selected
        • Kernel Hooks << Selected
        • IRP Hooks << NOT Selected
        • Ports << NOT Selected
        • Hidden Files << Selected
      • At the bottom of the page
        • Hidden Objects Only << Selected
      • Click on the Create Log button on the bottom right.
      • After a few seconds a new window should appear.
      • Select Scan Root Drive. Click on the Start button.
      • When it is complete a new window will appear to indicate that the scan is finished.
      • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
      Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender

      whathim

        Topic Starter


        Beginner

        Re: Malware infection following a moment of madness
        « Reply #4 on: November 15, 2012, 05:40:39 PM »
        As instructed ran SecurityCheck.exe/bat.  There were quite a few Comodo alerts and I accepted all.

        Ran aswMBR as instructed.  Comodo gave a warning of threat to computer detected and offered GeekBuddy to check and clean.  I declined this.  Comodo also said “Cloud Scanner Alert.  A malicious item has been detected, clean or ignore”.  I clicked ignore.

        AswMBR itself offered to download the latest Avast virus definitions for better detection results.  I was wary of this and so declined it – hope I did correctly.

        Then ran SysProt as instructed.

        See all three logs below.

        Keith


        Results of screen317's Security Check version 0.99.54 
         Windows XP Service Pack 3 x86   
         Internet Explorer 8 
        ``````````````Antivirus/Firewall Check:``````````````[/u]
         Windows Firewall Disabled! 
        AVG Anti-Virus Free Edition 2012   
         Antivirus up to date! 
        `````````Anti-malware/Other Utilities Check:`````````[/u]
         SUPERAntiSpyware     
         Malwarebytes Anti-Malware version 1.65.1.1000 
         CCleaner     
         Java(TM) 6 Update 37 
         Java version out of Date!
         Adobe Flash Player    11.4.402.287 
         Adobe Reader 9 Adobe Reader out of Date!
         Adobe Reader X (10.1.4)
         Mozilla Firefox (16.0)
        ````````Process Check: objlist.exe by Laurent````````[/u] 
         AVG avgwdsvc.exe
         AVG avgtray.exe
         AVG avgrsx.exe
         AVG avgnsx.exe
         AVG avgemc.exe
         Comodo Firewall cmdagent.exe
         Comodo Firewall cfp.exe
        `````````````````System Health check`````````````````[/u]
         Total Fragmentation on Drive C:: 32% Defragment your hard drive soon! (Do NOT defrag if SSD!)
        ````````````````````End of Log``````````````````````[/u]



        aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
        Run date: 2012-11-16 00:01:00
        -----------------------------
        00:01:00.281    OS Version: Windows 5.1.2600 Service Pack 3
        00:01:00.281    Number of processors: 8 586 0x1E05
        00:01:00.281    ComputerName: DELLDESK  UserName:
        00:01:01.843    Initialze error C0000022 - driver not loaded
        00:08:38.046    Service scanning
        00:08:51.281    Modules scanning
        00:08:51.281    Disk 0 trace - called modules:
        00:08:51.281   
        00:08:51.281    Scan finished successfully
        00:09:44.531    The log file has been saved successfully to "C:\Documents and Settings\Keith Waters\Desktop\Anti-Malware\aswMBR.txt"



        SysProt AntiRootkit v1.0.1.0
        by swatkat

        ******************************************************************************************
        ******************************************************************************************

        No Hidden Processes found

        ******************************************************************************************
        ******************************************************************************************
        Kernel Modules:
        Module Name: Combo-Fix.sys
        Service Name: ---
        Module Base: F74E7000
        Module End: F74F6000
        Hidden: Yes

        Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys
        Service Name: ---
        Module Base: A1381000
        Module End: A145B000
        Hidden: Yes

        Module Name: \??\C:\ComboFix\catchme.sys
        Service Name: catchme
        Module Base: F7887000
        Module End: F788F000
        Hidden: Yes

        Module Name: \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
        Service Name: ---
        Module Base: A4EC3000
        Module End: A4EC5000
        Hidden: Yes

        ******************************************************************************************
        ******************************************************************************************
        SSDT:
        Function Name: ZwAdjustPrivilegesToken
        Address: A16C67E4
        Driver Base: A16BC000
        Driver End: A1733000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        Function Name: ZwConnectPort
        Address: A16C5D90
        Driver Base: A16BC000
        Driver End: A1733000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        Function Name: ZwCreateFile
        Address: A16C644A
        Driver Base: A16BC000
        Driver End: A1733000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        Function Name: ZwCreateKey
        Address: A16C7040
        Driver Base: A16BC000
        Driver End: A1733000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        Function Name: ZwCreateSection
        Address: A16C8C20
        Driver Base: A16BC000
        Driver End: A1733000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        Function Name: ZwCreateSymbolicLinkObject
        Address: A16C8F9E
        Driver Base: A16BC000
        Driver End: A1733000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        Function Name: ZwCreateThread
        Address: A16C577C
        Driver Base: A16BC000
        Driver End: A1733000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        Function Name: ZwDeleteKey
        Address: A16C69D0
        Driver Base: A16BC000
        Driver End: A1733000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        Function Name: ZwDeleteValueKey
        Address: A16C6BE8
        Driver Base: A16BC000
        Driver End: A1733000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        Function Name: ZwDuplicateObject
        Address: A16C5582
        Driver Base: A16BC000
        Driver End: A1733000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        Function Name: ZwEnumerateKey
        Address: A16C782A
        Driver Base: A16BC000
        Driver End: A1733000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        Function Name: ZwEnumerateValueKey
        Address: A16C7A80
        Driver Base: A16BC000
        Driver End: A1733000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        Function Name: ZwLoadDriver
        Address: A16C8652
        Driver Base: A16BC000
        Driver End: A1733000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        Function Name: ZwMakeTemporaryObject
        Address: A16C6058
        Driver Base: A16BC000
        Driver End: A1733000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        Function Name: ZwNotifyChangeKey
        Address: 9EF81004
        Driver Base: 9EF80000
        Driver End: 9EF83000
        Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

        Function Name: ZwNotifyChangeMultipleKeys
        Address: 9EF810D4
        Driver Base: 9EF80000
        Driver End: 9EF83000
        Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

        Function Name: ZwOpenFile
        Address: A16C6626
        Driver Base: A16BC000
        Driver End: A1733000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        Function Name: ZwOpenKey
        Address: A16C7030
        Driver Base: A16BC000
        Driver End: A1733000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        Function Name: ZwOpenProcess
        Address: 9EF80D76
        Driver Base: 9EF80000
        Driver End: 9EF83000
        Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

        Function Name: ZwOpenSection
        Address: A16C62F2
        Driver Base: A16BC000
        Driver End: A1733000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        Function Name: ZwOpenThread
        Address: A16C53B4
        Driver Base: A16BC000
        Driver End: A1733000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        Function Name: ZwQueryKey
        Address: A16C7C8E
        Driver Base: A16BC000
        Driver End: A1733000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        Function Name: ZwQueryMultipleValueKey
        Address: A16C80E2
        Driver Base: A16BC000
        Driver End: A1733000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        Function Name: ZwQueryValueKey
        Address: A3F0F1EA
        Driver Base: A3F0E000
        Driver End: A3F19000
        Driver Name: \??\C:\WINDOWS\system32\drivers\avgtpx86.sys

        Function Name: ZwRenameKey
        Address: A16C75B2
        Driver Base: A16BC000
        Driver End: A1733000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        Function Name: ZwSetSecurityObject
        Address: A16C6E54
        Driver Base: A16BC000
        Driver End: A1733000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        Function Name: ZwSetSystemInformation
        Address: A16C893E
        Driver Base: A16BC000
        Driver End: A1733000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        Function Name: ZwSetValueKey
        Address: A16C730A
        Driver Base: A16BC000
        Driver End: A1733000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        Function Name: ZwShutdownSystem
        Address: A16C5FC2
        Driver Base: A16BC000
        Driver End: A1733000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        Function Name: ZwSystemDebugControl
        Address: A16C61DE
        Driver Base: A16BC000
        Driver End: A1733000
        Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

        Function Name: ZwTerminateProcess
        Address: 9EF80E1E
        Driver Base: 9EF80000
        Driver End: 9EF83000
        Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

        Function Name: ZwTerminateThread
        Address: 9EF80EBA
        Driver Base: 9EF80000
        Driver End: 9EF83000
        Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

        Function Name: ZwWriteVirtualMemory
        Address: 9EF80F56
        Driver Base: 9EF80000
        Driver End: 9EF83000
        Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

        ******************************************************************************************
        ******************************************************************************************
        No Kernel Hooks found

        ******************************************************************************************
        ******************************************************************************************
        Hidden files/folders:
        Object: C:\Documents and Settings\Keith Waters\Desktop\My Printer\Samsung ML-3310ND\Samsung ML-3310ND - Printer - B-W - duplex - laser - Legal, A4 - 1200 dpi x 1200 dpi - up to 31 ppm - capacity- 300 sheets - USB, 10-100Base-TX- Amazon.co.uk- Computers & Accessor
        Status: Hidden

        Object: C:\MyDocuments\Busty\Macromastia\Isabelle Lanthier\9598d0793fa61272 - ??t???af? (2).jpg
        Status: Hidden

        Object: C:\MyDocuments\Busty\Macromastia\Isabelle Lanthier\9598d0793fa61272 - ??t???af? - ??t???af?.jpg
        Status: Hidden

        Object: C:\MyDocuments\Japan\Mlle\OPPAI[????] ???????????????? ??????? (ppmd019).url
        Status: Hidden

        Object: C:\Personal\www\jpg\macromastia\174377_100002373177675_2554687_n - ??t???af?.jpg
        Status: Hidden

        Object: C:\Personal\www\jpg\macromastia\225225_213375692019373_100000408302028_749412_4007924_n - ??t???af? - ??t???af?.jpg
        Status: Hidden

        Object: C:\Personal\www\jpg\macromastia\9598d0793fa61272 - ??t???af? (2).jpg
        Status: Hidden

        Object: C:\Personal\www\jpg\macromastia\9598d0793fa61272 - ??t???af? - ??t???af?.jpg
        Status: Hidden

        Object: C:\Personal\www\jpg\macromastia\F2.large - ??t???af?.jpg
        Status: Hidden

        Object: C:\Personal\www\jpg\macromastia\figure_MSD_222_2 - ??t???af? - ??t???af?.jpg
        Status: Hidden

        Object: C:\Personal\www\jpg\macromastia\??t???af? ap? 2107.jpg
        Status: Hidden

        Object: C:\Qoobox\BackEnv\AppData.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Cache.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Cookies.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Desktop.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Favorites.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\History.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Music.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\NetHood.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Personal.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Pictures.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Programs.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Recent.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\SendTo.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\SetPath.bat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\StartUp.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\SysPath.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Templates.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\VikPev00
        Status: Access denied

        SuperDave

        • Malware Removal Specialist
        • Moderator


        • Sage
        • Thanked: 842
        • Certifications: List
        • Experience: Expert
        • OS: Windows 8
        Re: Malware infection following a moment of madness
        « Reply #5 on: November 15, 2012, 07:42:47 PM »
        Quote
        Comodo gave a warning of threat to computer detected and offered GeekBuddy to check and clean.  I declined this.  Comodo also said “Cloud Scanner Alert.  A malicious item has been detected, clean or ignore”.  I clicked ignore.
        Good. I don't know what's up with Comodo give you those messages. If it keeps doing, you should choose anther firewall.

        Update Your Java (JRE)

        Old versions of Java have vulnerabilities that malware can use to infect your system.


        First Verify your Java Version

        If there are any other version(s) installed then update now.

        Get the new version (if needed)

        If your version is out of date install the newest version of the Sun Java Runtime Environment.

        Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

        Be sure to close ALL open web browsers before starting the installation.

        Remove any old versions

        1. Download JavaRa and unzip the file to your Desktop.
        2. Open JavaRA.exe and choose Remove Older Versions
        3. Once complete exit JavaRA.

        Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
        ***********************************************
        Quote
        Total Fragmentation on Drive C:: 32% Defragment your hard drive soon! (Do NOT defrag if SSD!)
        You should defrag your harddrive soon. SSD means Solid State Drive.
        You need to run aswMBR again and allow Avast to load. It requires this to run the scan.


        • Download RogueKiller on the desktop
        • Close all the running programs
        • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
        • Otherwise just double-click on RogueKiller.exe
        • Pre-scan will start. Let it finish.
        • Click on SCAN button.
        • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
        • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
        Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender

        whathim

          Topic Starter


          Beginner

          Re: Malware infection following a moment of madness
          « Reply #6 on: November 16, 2012, 02:58:35 AM »
          When computer shut down last night a total of 9 updates auto-installed.

          This morning, got green tick from Verify Java Version– “You have recommended Java installation (Version 6 Update 37)”

          When I ran JavaRa as instructed, it crashed and showed the usual error-reporting dialog, “JavaRa has encountered a problem and needs to close.  We are sorry for the inconvenience”.

          Reran aswMBR as instructed.  Again, Comodo gave a warning of threat to computer detected and offered GeekBuddy to check and clean.  As before, I declined this.  Comodo also again said “Cloud Scanner Alert.  A malicious item has been detected, clean or ignore” and as before I clicked ignore.

          This time I accepted the offer to download the latest Avast virus definitions.  Please see log below.  Bit puzzled as to why the log says “Initialize error C0000022 – driver not loaded” just before the download and “AVAST engine download error: 0” just after”.

          Just after downloading RogueKiller.exe from the link you gave, Comodo said, “Threat detected.” with the following info.

          Threat name: IDP.Trojan.97AC54E5
          Category: Malware
          Description: This is a known piece of Malware (malicious software).  It is recommended that you quarantine this threat.

          I declined quarantine and clicked “Allow”.

          When I ran RogueKiller, Comodo again gave a lot of alerts, which I skipped to allow it to run.  Please see report below.

          Keith


          aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
          Run date: 2012-11-16 09:18:32
          -----------------------------
          09:18:32.234    OS Version: Windows 5.1.2600 Service Pack 3
          09:18:32.234    Number of processors: 8 586 0x1E05
          09:18:32.234    ComputerName: DELLDESK  UserName:
          09:18:49.500    Initialze error C0000022 - driver not loaded
          09:20:03.718    AVAST engine download error: 0
          09:26:48.546    Service scanning
          09:27:02.500    Modules scanning
          09:27:02.500    Disk 0 trace - called modules:
          09:27:02.500   
          09:27:02.500    Scan finished successfully
          09:27:53.578    The log file has been saved successfully to "C:\Documents and Settings\Keith Waters\Desktop\Anti-Malware\aswMBR#02.txt"


          RogueKiller V8.2.3 [11/07/2012] by Tigzy
          mail: tigzyRK<at>gmail<dot>com
          Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
          Website: http://tigzy.geekstogo.com/roguekiller.php
          Blog: http://tigzyrk.blogspot.com

          Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
          Started in : Normal mode
          User : Keith Waters [Admin rights]
          Mode : Scan -- Date : 11/16/2012 09:49:09

          ¤¤¤ Bad processes : 0 ¤¤¤

          ¤¤¤ Registry Entries : 3 ¤¤¤
          [TASK][SUSP PATH] AmiUpdXp.job : C:\Documents and Settings\Keith Waters\Application Data\SwvUpdater\Updater.exe  -> FOUND
          [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
          [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

          ¤¤¤ Particular Files / Folders: ¤¤¤

          ¤¤¤ Driver : [NOT LOADED] ¤¤¤

          ¤¤¤ HOSTS File: ¤¤¤
          --> C:\WINDOWS\system32\drivers\etc\hosts

          127.0.0.1       localhost


          ¤¤¤ MBR Check: ¤¤¤

          +++++ PhysicalDrive0:  +++++
          --- User ---
          [MBR] d91721c50bb0d70937009e54fb278258
          [BSP] 33011a5e6af84273cc2c64e92fc9f6b2 : Windows Vista MBR Code
          Partition table:
          0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 94 Mo
          1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 192780 | Size: 476843 Mo
          Error reading LL1 MBR!
          Error reading LL2 MBR!

          Finished : << RKreport[1]_S_11162012_02d0949.txt >>
          RKreport[1]_S_11162012_02d0949.txt

          SuperDave

          • Malware Removal Specialist
          • Moderator


          • Sage
          • Thanked: 842
          • Certifications: List
          • Experience: Expert
          • OS: Windows 8
          Re: Malware infection following a moment of madness
          « Reply #7 on: November 16, 2012, 07:10:16 AM »
          How's your computer running now?

          I'd like to scan your machine with ESET OnlineScan

          •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
          ESET OnlineScan
          •Click the button.
          •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
          • Click on to download the ESET Smart Installer. Save it to your desktop.
          • Double click on the icon on your desktop.
          •Check
          •Click the button.
          •Accept any security warnings from your browser.
          •Check
          •Push the Start button.
          •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
          •When the scan completes, push
          •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
          •Push the button.
          •Push
          A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
          Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender

          whathim

            Topic Starter


            Beginner

            Re: Malware infection following a moment of madness
            « Reply #8 on: November 16, 2012, 12:13:15 PM »
            Computer certainly seems to be behaving better, although I haven’t given it much of a workout yet.  Both IE and Firefox seem to be behaving correctly.  Also the Comodo tray icon is no longer turning alert-yellow as it was before.  I have yet to reinstall Chrome.  I haven’t defragged the HD yet.  Should I do that now or wait till after our checks and scans?

            Following your instructions to run ESET OnlineScan, I noticed that at the step “Check ‘Scan archives’”, there is another check box entitled “Remove found threats” that is already checked.  I suspected you might have intended a scan rather than a scan-and-clean so I unchecked “Remove found threats”.  As the scan has been running I’m beginning to doubt my decision.  An apology if incorrect and I will repeat the scan if required.

            Please see list of found threats and log below.

            Keith

            C:\Documents and Settings\All Users\Application Data\SaveAs\50a3b30f8aa09.ocx   Win32/Adware.MultiPlug.D application
            C:\Documents and Settings\Keith Waters\My Documents\My Videos\iLividSetupV1.exe   Win32/Toolbar.SearchSuite application
            C:\Downloads\RegistryBooster\registrybooster.exe   a variant of Win32/RegistryBooster application
            C:\Downloads\VLCMediaPlayer\VLCMediaPlayer.exe   a variant of Win32/Somoto.A application
            C:\Program Files\MocaFlix\sprotector.dll   Win32/SProtector application
            C:\Program Files\Search Results Toolbar\Datamngr\datamngr.dll   a variant of Win32/Toolbar.SearchSuite application
            C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe   a variant of Win32/Toolbar.SearchSuite.A application
            C:\Program Files\Search Results Toolbar\Datamngr\DnsBHO.dll   a variant of Win32/Toolbar.SearchSuite application
            C:\Program Files\Search Results Toolbar\Datamngr\IEBHO.dll   a variant of Win32/Toolbar.SearchSuite application
            C:\TBas\PETZOLD\CHAPT06\CONNECT.EXE   a variant of Win32/Kryptik.AFAX trojan


            ESETSmartInstaller@High as CAB hook log:
            OnlineScanner.ocx - registred OK
            # version=7
            # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
            # OnlineScanner.ocx=1.0.0.6583
            # api_version=3.0.2
            # EOSSerial=b49c503ff64e1442b2beb97d9536dde8
            # end=finished
            # remove_checked=false
            # archives_checked=true
            # unwanted_checked=true
            # unsafe_checked=false
            # antistealth_checked=true
            # utc_time=2012-11-16 07:03:32
            # local_time=2012-11-16 07:03:32 (+0000, GMT Standard Time)
            # country="United Kingdom"
            # lang=1033
            # osver=5.1.2600 NT Service Pack 3
            # compatibility_mode=1024 16777175 100 0 33780114 33780114 0 0
            # compatibility_mode=3073 16777213 80 71 434779 2847661 0 0
            # compatibility_mode=8192 67108863 100 0 3940 3940 0 0
            # scanned=391920
            # found=10
            # cleaned=0
            # scan_time=12554
            C:\Documents and Settings\All Users\Application Data\SaveAs\50a3b30f8aa09.ocx   Win32/Adware.MultiPlug.D application (unable to clean)   00000000000000000000000000000000   I
            C:\Documents and Settings\Keith Waters\My Documents\My Videos\iLividSetupV1.exe   Win32/Toolbar.SearchSuite application (unable to clean)   00000000000000000000000000000000   I
            C:\Downloads\RegistryBooster\registrybooster.exe   a variant of Win32/RegistryBooster application (unable to clean)   00000000000000000000000000000000   I
            C:\Downloads\VLCMediaPlayer\VLCMediaPlayer.exe   a variant of Win32/Somoto.A application (unable to clean)   00000000000000000000000000000000   I
            C:\Program Files\MocaFlix\sprotector.dll   Win32/SProtector application (unable to clean)   00000000000000000000000000000000   I
            C:\Program Files\Search Results Toolbar\Datamngr\datamngr.dll   a variant of Win32/Toolbar.SearchSuite application (unable to clean)   00000000000000000000000000000000   I
            C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe   a variant of Win32/Toolbar.SearchSuite.A application (unable to clean)   00000000000000000000000000000000   I
            C:\Program Files\Search Results Toolbar\Datamngr\DnsBHO.dll   a variant of Win32/Toolbar.SearchSuite application (unable to clean)   00000000000000000000000000000000   I
            C:\Program Files\Search Results Toolbar\Datamngr\IEBHO.dll   a variant of Win32/Toolbar.SearchSuite application (unable to clean)   00000000000000000000000000000000   I
            C:\TBas\PETZOLD\CHAPT06\CONNECT.EXE   a variant of Win32/Kryptik.AFAX trojan (unable to clean)   00000000000000000000000000000000   I



            SuperDave

            • Malware Removal Specialist
            • Moderator


            • Sage
            • Thanked: 842
            • Certifications: List
            • Experience: Expert
            • OS: Windows 8
            Re: Malware infection following a moment of madness
            « Reply #9 on: November 16, 2012, 01:25:48 PM »
            Quote
            I haven’t defragged the HD yet.  Should I do that now or wait till after our checks and scans?
            Ok, do it anytime.
            Please do the ESET scan again and post the log.

            Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender

            whathim

              Topic Starter


              Beginner

              Re: Malware infection following a moment of madness
              « Reply #10 on: November 16, 2012, 04:49:40 PM »
              Reran ESET OnlineScan this time leaving “Remove found threats” checked.  Please see list of found threats and log below.

              Keith

              C:\Documents and Settings\All Users\Application Data\SaveAs\50a3b30f8aa09.ocx   Win32/Adware.MultiPlug.D application   cleaned by deleting - quarantined
              C:\Documents and Settings\Keith Waters\My Documents\My Videos\iLividSetupV1.exe   Win32/Toolbar.SearchSuite application   cleaned by deleting - quarantined
              C:\Downloads\RegistryBooster\registrybooster.exe   a variant of Win32/RegistryBooster application   cleaned by deleting - quarantined
              C:\Downloads\VLCMediaPlayer\VLCMediaPlayer.exe   a variant of Win32/Somoto.A application   cleaned by deleting - quarantined
              C:\Program Files\MocaFlix\sprotector.dll   Win32/SProtector application   cleaned by deleting - quarantined
              C:\Program Files\Search Results Toolbar\Datamngr\datamngr.dll   a variant of Win32/Toolbar.SearchSuite application   cleaned by deleting - quarantined
              C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe   a variant of Win32/Toolbar.SearchSuite.A application   cleaned by deleting - quarantined
              C:\Program Files\Search Results Toolbar\Datamngr\DnsBHO.dll   a variant of Win32/Toolbar.SearchSuite application   cleaned by deleting - quarantined
              C:\Program Files\Search Results Toolbar\Datamngr\IEBHO.dll   a variant of Win32/Toolbar.SearchSuite application   cleaned by deleting - quarantined
              C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP159\A0048876.ocx   Win32/Adware.MultiPlug.D application   cleaned by deleting - quarantined
              C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP159\A0048877.exe   a variant of Win32/RegistryBooster application   cleaned by deleting - quarantined
              C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP159\A0048878.exe   a variant of Win32/Somoto.A application   cleaned by deleting - quarantined
              C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP159\A0048879.dll   Win32/SProtector application   cleaned by deleting - quarantined
              C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP159\A0048880.dll   a variant of Win32/Toolbar.SearchSuite application   cleaned by deleting - quarantined
              C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP159\A0048881.exe   a variant of Win32/Toolbar.SearchSuite.A application   cleaned by deleting - quarantined
              C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP159\A0048882.dll   a variant of Win32/Toolbar.SearchSuite application   cleaned by deleting - quarantined
              C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP159\A0048883.dll   a variant of Win32/Toolbar.SearchSuite application   cleaned by deleting - quarantined
              C:\TBas\PETZOLD\CHAPT06\CONNECT.EXE   a variant of Win32/Kryptik.AFAX trojan   cleaned by deleting - quarantined


              ESETSmartInstaller@High as CAB hook log:
              OnlineScanner.ocx - registred OK
              # version=7
              # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
              # OnlineScanner.ocx=1.0.0.6583
              # api_version=3.0.2
              # EOSSerial=b49c503ff64e1442b2beb97d9536dde8
              # end=finished
              # remove_checked=false
              # archives_checked=true
              # unwanted_checked=true
              # unsafe_checked=false
              # antistealth_checked=true
              # utc_time=2012-11-16 07:03:32
              # local_time=2012-11-16 07:03:32 (+0000, GMT Standard Time)
              # country="United Kingdom"
              # lang=1033
              # osver=5.1.2600 NT Service Pack 3
              # compatibility_mode=1024 16777175 100 0 33780114 33780114 0 0
              # compatibility_mode=3073 16777213 80 71 434779 2847661 0 0
              # compatibility_mode=8192 67108863 100 0 3940 3940 0 0
              # scanned=391920
              # found=10
              # cleaned=0
              # scan_time=12554
              C:\Documents and Settings\All Users\Application Data\SaveAs\50a3b30f8aa09.ocx   Win32/Adware.MultiPlug.D application (unable to clean)   00000000000000000000000000000000   I
              C:\Documents and Settings\Keith Waters\My Documents\My Videos\iLividSetupV1.exe   Win32/Toolbar.SearchSuite application (unable to clean)   00000000000000000000000000000000   I
              C:\Downloads\RegistryBooster\registrybooster.exe   a variant of Win32/RegistryBooster application (unable to clean)   00000000000000000000000000000000   I
              C:\Downloads\VLCMediaPlayer\VLCMediaPlayer.exe   a variant of Win32/Somoto.A application (unable to clean)   00000000000000000000000000000000   I
              C:\Program Files\MocaFlix\sprotector.dll   Win32/SProtector application (unable to clean)   00000000000000000000000000000000   I
              C:\Program Files\Search Results Toolbar\Datamngr\datamngr.dll   a variant of Win32/Toolbar.SearchSuite application (unable to clean)   00000000000000000000000000000000   I
              C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe   a variant of Win32/Toolbar.SearchSuite.A application (unable to clean)   00000000000000000000000000000000   I
              C:\Program Files\Search Results Toolbar\Datamngr\DnsBHO.dll   a variant of Win32/Toolbar.SearchSuite application (unable to clean)   00000000000000000000000000000000   I
              C:\Program Files\Search Results Toolbar\Datamngr\IEBHO.dll   a variant of Win32/Toolbar.SearchSuite application (unable to clean)   00000000000000000000000000000000   I
              C:\TBas\PETZOLD\CHAPT06\CONNECT.EXE   a variant of Win32/Kryptik.AFAX trojan (unable to clean)   00000000000000000000000000000000   I
              # version=7
              # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
              # OnlineScanner.ocx=1.0.0.6583
              # api_version=3.0.2
              # EOSSerial=b49c503ff64e1442b2beb97d9536dde8
              # end=finished
              # remove_checked=true
              # archives_checked=true
              # unwanted_checked=true
              # unsafe_checked=false
              # antistealth_checked=true
              # utc_time=2012-11-16 11:40:58
              # local_time=2012-11-16 11:40:58 (+0000, GMT Standard Time)
              # country="United Kingdom"
              # lang=1033
              # osver=5.1.2600 NT Service Pack 3
              # compatibility_mode=1024 16777175 100 0 33798384 33798384 0 0
              # compatibility_mode=3073 16777213 80 71 453049 2865931 0 0
              # compatibility_mode=8192 67108863 100 0 22210 22210 0 0
              # scanned=391976
              # found=18
              # cleaned=18
              # scan_time=10929
              C:\Documents and Settings\All Users\Application Data\SaveAs\50a3b30f8aa09.ocx   Win32/Adware.MultiPlug.D application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
              C:\Documents and Settings\Keith Waters\My Documents\My Videos\iLividSetupV1.exe   Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
              C:\Downloads\RegistryBooster\registrybooster.exe   a variant of Win32/RegistryBooster application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
              C:\Downloads\VLCMediaPlayer\VLCMediaPlayer.exe   a variant of Win32/Somoto.A application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
              C:\Program Files\MocaFlix\sprotector.dll   Win32/SProtector application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
              C:\Program Files\Search Results Toolbar\Datamngr\datamngr.dll   a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
              C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe   a variant of Win32/Toolbar.SearchSuite.A application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
              C:\Program Files\Search Results Toolbar\Datamngr\DnsBHO.dll   a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
              C:\Program Files\Search Results Toolbar\Datamngr\IEBHO.dll   a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
              C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP159\A0048876.ocx   Win32/Adware.MultiPlug.D application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
              C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP159\A0048877.exe   a variant of Win32/RegistryBooster application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
              C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP159\A0048878.exe   a variant of Win32/Somoto.A application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
              C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP159\A0048879.dll   Win32/SProtector application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
              C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP159\A0048880.dll   a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
              C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP159\A0048881.exe   a variant of Win32/Toolbar.SearchSuite.A application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
              C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP159\A0048882.dll   a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
              C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP159\A0048883.dll   a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
              C:\TBas\PETZOLD\CHAPT06\CONNECT.EXE   a variant of Win32/Kryptik.AFAX trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C

              SuperDave

              • Malware Removal Specialist
              • Moderator


              • Sage
              • Thanked: 842
              • Certifications: List
              • Experience: Expert
              • OS: Windows 8
              Re: Malware infection following a moment of madness
              « Reply #11 on: November 17, 2012, 12:20:34 PM »
              • Download TDSSKiller and save it to your Desktop.
              • Extract its contents to your desktop.
              • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.



              • If an infected file is detected, the default action will be Cure, click on Continue.



              • If a suspicious file is detected, the default action will be Skip, click on Continue.



              • It may ask you to reboot the computer to complete the process. Click on Reboot Now.



              • Click the Report button and copy/paste the contents of it into your next reply
              Note:It will also create a log in the C:\ directory..
              Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender

              whathim

                Topic Starter


                Beginner

                Re: Malware infection following a moment of madness
                « Reply #12 on: November 17, 2012, 01:55:24 PM »
                Thanks for these latest instructions.  I ran TDSSKiller and it found no issues at all.  The log is below.

                Earlier today I noticed a few odd things with the computer.

                While left unattended, a message box had appeared saying, “jusched.exe has encountered a problem and needs to close.  We are sorry for the inconvenience.”.

                I ran MS Defrag.  When finished it said there were files that could not be defragmented and the “before and after” graphic didn’t look much improved (report is below, although it does not list any files!).

                When I tried to search for a file, the Windows Search utility doesn’t display properly as shown in attached image.  The Search form is all crunched up and when I scroll to the bottom there is no Search “puppy” option as there was before.  Then when I try to search for file “whatever” I get ‘Nothing found for query “” because the folder c:\ is not indexed‘.

                Later, after hunting around but not finding any settings etc. to change, I tried again.  This time I no longer get the “Nothing found…” message when I launch Search from Windows Explorer but I still get it from Start>Search as shown in the attached image.  The Search form is still not displaying properly though.  Could a Windows system file be corrupted perhaps?

                Reinstalled Google Chrome.  When ran first time it gave “Could not open user profile”.  I have cured this by removing old profile and creating a new one.

                Keith





                20:34:24.0906 5008  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
                20:34:25.0390 5008  ============================================================
                20:34:25.0390 5008  Current date / time: 2012/11/17 20:34:25.0390
                20:34:25.0390 5008  SystemInfo:
                20:34:25.0390 5008 
                20:34:25.0390 5008  OS Version: 5.1.2600 ServicePack: 3.0
                20:34:25.0390 5008  Product type: Workstation
                20:34:25.0390 5008  ComputerName: DELLDESK
                20:34:25.0390 5008  UserName: Keith Waters
                20:34:25.0390 5008  Windows directory: C:\WINDOWS
                20:34:25.0390 5008  System windows directory: C:\WINDOWS
                20:34:25.0390 5008  Processor architecture: Intel x86
                20:34:25.0390 5008  Number of processors: 8
                20:34:25.0390 5008  Page size: 0x1000
                20:34:25.0390 5008  Boot type: Normal boot
                20:34:25.0390 5008  ============================================================
                20:34:26.0109 5008  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
                20:34:26.0109 5008  ============================================================
                20:34:26.0109 5008  \Device\Harddisk0\DR0:
                20:34:26.0109 5008  MBR partitions:
                20:34:26.0109 5008  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2F10C, BlocksNum 0x3A355B35
                20:34:26.0109 5008  ============================================================
                20:34:26.0156 5008  C: <-> \Device\Harddisk0\DR0\Partition1
                20:34:26.0156 5008  ============================================================
                20:34:26.0156 5008  Initialize success
                20:34:26.0156 5008  ============================================================
                20:35:13.0109 4688  ============================================================
                20:35:13.0109 4688  Scan started
                20:35:13.0109 4688  Mode: Manual;
                20:35:13.0109 4688  ============================================================
                20:35:13.0218 4688  ================ Scan system memory ========================
                20:35:13.0218 4688  System memory - ok
                20:35:13.0218 4688  ================ Scan services =============================
                20:35:13.0281 4688  [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
                20:35:13.0281 4688  !SASCORE - ok
                20:35:13.0390 4688  Abiosdsk - ok
                20:35:13.0421 4688  [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
                20:35:13.0421 4688  abp480n5 - ok
                20:35:13.0468 4688  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
                20:35:13.0468 4688  ACPI - ok
                20:35:13.0500 4688  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
                20:35:13.0500 4688  ACPIEC - ok
                20:35:13.0562 4688  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
                20:35:13.0562 4688  AdobeFlashPlayerUpdateSvc - ok
                20:35:13.0593 4688  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
                20:35:13.0593 4688  adpu160m - ok
                20:35:13.0625 4688  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
                20:35:13.0625 4688  aec - ok
                20:35:13.0671 4688  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
                20:35:13.0671 4688  AFD - ok
                20:35:13.0703 4688  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
                20:35:13.0703 4688  agp440 - ok
                20:35:13.0718 4688  [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
                20:35:13.0718 4688  agpCPQ - ok
                20:35:13.0734 4688  [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
                20:35:13.0750 4688  Aha154x - ok
                20:35:13.0750 4688  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
                20:35:13.0765 4688  aic78u2 - ok
                20:35:13.0781 4688  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
                20:35:13.0781 4688  aic78xx - ok
                20:35:13.0812 4688  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
                20:35:13.0828 4688  Alerter - ok
                20:35:13.0859 4688  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
                20:35:13.0859 4688  ALG - ok
                20:35:13.0890 4688  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
                20:35:13.0890 4688  AliIde - ok
                20:35:13.0890 4688  [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
                20:35:13.0890 4688  alim1541 - ok
                20:35:13.0921 4688  [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt         C:\WINDOWS\system32\drivers\Ambfilt.sys
                20:35:13.0953 4688  Ambfilt - ok
                20:35:13.0968 4688  [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
                20:35:13.0968 4688  amdagp - ok
                20:35:13.0968 4688  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
                20:35:13.0968 4688  amsint - ok
                20:35:14.0000 4688  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
                20:35:14.0000 4688  AppMgmt - ok
                20:35:14.0015 4688  [ 62D318E9A0C8FC9B780008E724283707 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
                20:35:14.0015 4688  asc - ok
                20:35:14.0062 4688  [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
                20:35:14.0062 4688  asc3350p - ok
                20:35:14.0093 4688  [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
                20:35:14.0093 4688  asc3550 - ok
                20:35:14.0187 4688  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
                20:35:14.0218 4688  aspnet_state - ok
                20:35:14.0234 4688  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
                20:35:14.0234 4688  AsyncMac - ok
                20:35:14.0281 4688  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
                20:35:14.0281 4688  atapi - ok
                20:35:14.0281 4688  Atdisk - ok
                20:35:14.0312 4688  [ 1635A809B90EAC3C0A844249E9A35856 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
                20:35:14.0328 4688  Ati HotKey Poller - ok
                20:35:14.0421 4688  [ 7452AB1A89F43785D20A10066BC3B73A ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
                20:35:14.0484 4688  ati2mtag - ok
                20:35:14.0531 4688  [ D9BC8892B9440A2551B8148C57AA039E ] AtiHdmiService  C:\WINDOWS\system32\drivers\AtiHdmi.sys
                20:35:14.0546 4688  AtiHdmiService - ok
                20:35:14.0562 4688  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
                20:35:14.0562 4688  Atmarpc - ok
                20:35:14.0593 4688  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
                20:35:14.0593 4688  AudioSrv - ok
                20:35:14.0593 4688  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
                20:35:14.0593 4688  audstub - ok
                20:35:14.0718 4688  [ 124D235185004F699FAF115EBD85733E ] AVG Security Toolbar Service C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
                20:35:14.0734 4688  AVG Security Toolbar Service - ok
                20:35:14.0875 4688  [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent     C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
                20:35:14.0890 4688  AVGIDSAgent - ok
                20:35:14.0937 4688  [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver    C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
                20:35:14.0937 4688  AVGIDSDriver - ok
                20:35:14.0968 4688  [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter    C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
                20:35:14.0968 4688  AVGIDSFilter - ok
                20:35:14.0984 4688  [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX        C:\WINDOWS\system32\DRIVERS\avgidshx.sys
                20:35:14.0984 4688  AVGIDSHX - ok
                20:35:15.0031 4688  [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim      C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
                20:35:15.0031 4688  AVGIDSShim - ok
                20:35:15.0046 4688  [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86        C:\WINDOWS\system32\DRIVERS\avgldx86.sys
                20:35:15.0046 4688  Avgldx86 - ok
                20:35:15.0062 4688  [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86        C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
                20:35:15.0062 4688  Avgmfx86 - ok
                20:35:15.0078 4688  [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86        C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
                20:35:15.0078 4688  Avgrkx86 - ok
                20:35:15.0109 4688  [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix         C:\WINDOWS\system32\DRIVERS\avgtdix.sys
                20:35:15.0125 4688  Avgtdix - ok
                20:35:15.0156 4688  [ 57D83B82117C2DDB9D7E9AEA691CEDFC ] avgtp           C:\WINDOWS\system32\drivers\avgtpx86.sys
                20:35:15.0171 4688  avgtp - ok
                20:35:15.0203 4688  [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd           C:\Program Files\AVG\AVG2012\avgwdsvc.exe
                20:35:15.0203 4688  avgwd - ok
                20:35:15.0234 4688  [ 5C68AC6F3E5B3E6D6A78E97D05E42C3A ] BASFND          C:\Program Files\Broadcom\BACS\BASFND.sys
                20:35:15.0234 4688  BASFND - ok
                20:35:15.0343 4688  [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc           C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
                20:35:15.0359 4688  BBSvc - ok
                20:35:15.0390 4688  [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate        C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
                20:35:15.0406 4688  BBUpdate - ok
                20:35:15.0453 4688  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
                20:35:15.0453 4688  Beep - ok
                20:35:15.0515 4688  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
                20:35:15.0625 4688  BITS - ok
                20:35:15.0640 4688  [ 7C9F9F819EA17016E6C7BF387A0E0883 ] BPowMon         C:\Program Files\Broadcom\BACS\BPowMon.exe
                20:35:15.0640 4688  BPowMon - ok
                20:35:15.0671 4688  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
                20:35:15.0671 4688  Browser - ok
                20:35:15.0703 4688  catchme - ok
                20:35:15.0718 4688  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
                20:35:15.0718 4688  cbidf - ok
                20:35:15.0734 4688  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
                20:35:15.0734 4688  cbidf2k - ok
                20:35:15.0750 4688  [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
                20:35:15.0750 4688  cd20xrnt - ok
                20:35:15.0781 4688  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
                20:35:15.0781 4688  Cdaudio - ok
                20:35:15.0812 4688  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
                20:35:15.0812 4688  Cdfs - ok
                20:35:15.0843 4688  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
                20:35:15.0843 4688  Cdrom - ok
                20:35:15.0843 4688  cerc6 - ok
                20:35:15.0843 4688  Changer - ok
                20:35:15.0875 4688  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
                20:35:15.0875 4688  CiSvc - ok
                20:35:15.0875 4688  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
                20:35:15.0875 4688  ClipSrv - ok
                20:35:15.0968 4688  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
                20:35:16.0000 4688  clr_optimization_v2.0.50727_32 - ok
                20:35:16.0046 4688  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
                20:35:16.0062 4688  clr_optimization_v4.0.30319_32 - ok
                20:35:16.0171 4688  [ 2A2D72271844C52F004901A60312B96A ] cmdAgent        C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
                20:35:16.0171 4688  cmdAgent - ok
                20:35:16.0218 4688  [ 9181CC4D007ADBE21DB9A11BFECAFEF5 ] cmdGuard        C:\WINDOWS\system32\DRIVERS\cmdguard.sys
                20:35:16.0218 4688  cmdGuard - ok
                20:35:16.0234 4688  [ C5A9FB50E8CA7FD99F256255FEE71580 ] cmdHlp          C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
                20:35:16.0234 4688  cmdHlp - ok
                20:35:16.0265 4688  [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
                20:35:16.0265 4688  CmdIde - ok
                20:35:16.0265 4688  COMSysApp - ok
                20:35:16.0281 4688  [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
                20:35:16.0281 4688  Cpqarray - ok
                20:35:16.0312 4688  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
                20:35:16.0312 4688  CryptSvc - ok
                20:35:16.0328 4688  [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
                20:35:16.0328 4688  dac2w2k - ok
                20:35:16.0359 4688  [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
                20:35:16.0359 4688  dac960nt - ok
                20:35:16.0390 4688  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
                20:35:16.0406 4688  DcomLaunch - ok
                20:35:16.0437 4688  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
                20:35:16.0453 4688  Dhcp - ok
                20:35:16.0468 4688  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
                20:35:16.0484 4688  Disk - ok
                20:35:16.0484 4688  dmadmin - ok
                20:35:16.0500 4688  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
                20:35:16.0515 4688  dmboot - ok
                20:35:16.0515 4688  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\DRIVERS\dmio.sys
                20:35:16.0515 4688  dmio - ok
                20:35:16.0531 4688  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
                20:35:16.0531 4688  dmload - ok
                20:35:16.0562 4688  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
                20:35:16.0562 4688  dmserver - ok
                20:35:16.0609 4688  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
                20:35:16.0609 4688  DMusic - ok
                20:35:16.0640 4688  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
                20:35:16.0640 4688  Dnscache - ok
                20:35:16.0656 4688  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
                20:35:16.0671 4688  Dot3svc - ok
                20:35:16.0687 4688  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
                20:35:16.0687 4688  dpti2o - ok
                20:35:16.0718 4688  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
                20:35:16.0718 4688  drmkaud - ok
                20:35:16.0750 4688  [ 79D48920063220D5E0C55C5964234099 ] dsNcAdpt        C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
                20:35:16.0750 4688  dsNcAdpt - ok
                20:35:16.0812 4688  [ F383B60E7468D613990F8ACA59269573 ] dsNcService     C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
                20:35:16.0828 4688  dsNcService - ok
                20:35:16.0859 4688  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
                20:35:16.0859 4688  EapHost - ok
                20:35:16.0875 4688  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
                20:35:16.0875 4688  ERSvc - ok
                20:35:16.0906 4688  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
                20:35:16.0921 4688  Eventlog - ok
                20:35:16.0953 4688  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
                20:35:16.0953 4688  EventSystem - ok
                20:35:17.0000 4688  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
                20:35:17.0000 4688  Fastfat - ok
                20:35:17.0031 4688  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
                20:35:17.0031 4688  FastUserSwitchingCompatibility - ok
                20:35:17.0078 4688  [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax             C:\WINDOWS\system32\fxssvc.exe
                20:35:17.0078 4688  Fax - ok
                20:35:17.0125 4688  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
                20:35:17.0125 4688  Fdc - ok
                20:35:17.0156 4688  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
                20:35:17.0156 4688  Fips - ok
                20:35:17.0187 4688  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
                20:35:17.0187 4688  Flpydisk - ok
                20:35:17.0218 4688  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
                20:35:17.0218 4688  FltMgr - ok
                20:35:17.0265 4688  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
                20:35:17.0265 4688  Fs_Rec - ok
                20:35:17.0296 4688  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
                20:35:17.0296 4688  Ftdisk - ok
                20:35:17.0312 4688  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
                20:35:17.0328 4688  Gpc - ok
                20:35:17.0359 4688  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
                20:35:17.0359 4688  gupdate - ok
                20:35:17.0359 4688  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
                20:35:17.0359 4688  gupdatem - ok
                20:35:17.0406 4688  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
                20:35:17.0406 4688  HDAudBus - ok
                20:35:17.0468 4688  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
                20:35:17.0484 4688  helpsvc - ok
                20:35:17.0500 4688  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
                20:35:17.0500 4688  HidServ - ok
                20:35:17.0546 4688  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
                20:35:17.0546 4688  hidusb - ok
                20:35:17.0578 4688  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
                20:35:17.0578 4688  hkmsvc - ok
                20:35:17.0625 4688  [ 853BABC289F2B46F8150DF0E0CF0B537 ] hnmsvc          C:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
                20:35:17.0640 4688  hnmsvc - ok
                20:35:17.0640 4688  [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
                20:35:17.0656 4688  hpn - ok
                20:35:17.0671 4688  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
                20:35:17.0671 4688  HTTP - ok
                20:35:17.0703 4688  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
                20:35:17.0718 4688  HTTPFilter - ok
                20:35:17.0734 4688  [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
                20:35:17.0734 4688  i2omgmt - ok
                20:35:17.0765 4688  [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
                20:35:17.0765 4688  i2omp - ok
                20:35:17.0781 4688  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
                20:35:17.0781 4688  i8042prt - ok
                20:35:17.0843 4688  [ 0E899D0DB39617AA0B2F992E7E95B5EB ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
                20:35:17.0843 4688  IAANTMON - ok
                20:35:17.0875 4688  [ 01446278D4563B3013C92830AE6CBB26 ] iaStor          C:\WINDOWS\system32\DRIVERS\iaStor.sys
                20:35:17.0875 4688  iaStor - ok
                20:35:17.0953 4688  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
                20:35:17.0968 4688  idsvc - ok
                20:35:18.0031 4688  [ DB3C22745C0DA4666F3BE31F1AF36B2F ] IISADMIN        C:\WINDOWS\system32\inetsrv\inetinfo.exe
                20:35:18.0031 4688  IISADMIN - ok
                20:35:18.0031 4688  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
                20:35:18.0031 4688  Imapi - ok
                20:35:18.0078 4688  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
                20:35:18.0093 4688  ImapiService - ok
                20:35:18.0125 4688  [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
                20:35:18.0125 4688  ini910u - ok
                20:35:18.0140 4688  [ E1DF634BEC066B3D4FFE437BCB78C282 ] Inspect         C:\WINDOWS\system32\DRIVERS\inspect.sys
                20:35:18.0140 4688  Inspect - ok
                20:35:18.0250 4688  [ 0CACDCBBC8E6F11E2865C47BFC509848 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
                20:35:18.0359 4688  IntcAzAudAddService - ok
                20:35:18.0375 4688  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
                20:35:18.0375 4688  IntelIde - ok
                20:35:18.0421 4688  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
                20:35:18.0421 4688  intelppm - ok
                20:35:18.0453 4688  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
                20:35:18.0453 4688  Ip6Fw - ok
                20:35:18.0500 4688  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
                20:35:18.0500 4688  IpFilterDriver - ok
                20:35:18.0531 4688  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
                20:35:18.0531 4688  IpInIp - ok
                20:35:18.0562 4688  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
                20:35:18.0562 4688  IpNat - ok
                20:35:18.0578 4688  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
                20:35:18.0578 4688  IPSec - ok
                20:35:18.0593 4688  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
                20:35:18.0593 4688  IRENUM - ok
                20:35:18.0625 4688  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
                20:35:18.0625 4688  isapnp - ok
                20:35:18.0640 4688  [ 997190701BD80DD0F4412ED202CC7816 ] k57w2k          C:\WINDOWS\system32\DRIVERS\k57xp32.sys
                20:35:18.0640 4688  k57w2k - ok
                20:35:18.0656 4688  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
                20:35:18.0656 4688  Kbdclass - ok
                20:35:18.0703 4688  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
                20:35:18.0703 4688  kbdhid - ok
                20:35:18.0750 4688  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
                20:35:18.0750 4688  kmixer - ok
                20:35:18.0765 4688  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
                20:35:18.0765 4688  KSecDD - ok
                20:35:18.0796 4688  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
                20:35:18.0796 4688  LanmanServer - ok
                20:35:18.0828 4688  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
                20:35:18.0843 4688  lanmanworkstation - ok
                20:35:18.0843 4688  lbrtfdc - ok
                20:35:18.0859 4688  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
                20:35:18.0859 4688  LmHosts - ok
                20:35:18.0906 4688  [ A2AE666CEE860BABE7FA6F1662B71737 ] MASPINT         C:\WINDOWS\system32\drivers\MASPINT.sys
                20:35:18.0906 4688  MASPINT - ok
                20:35:18.0968 4688  [ 6CAB6542CCF3B5F1BB86D2CB6EED1E48 ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                20:35:18.0968 4688  MDM - ok
                20:35:19.0015 4688  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
                20:35:19.0015 4688  Messenger - ok
                20:35:19.0031 4688  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
                20:35:19.0031 4688  mnmdd - ok
                20:35:19.0046 4688  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
                20:35:19.0062 4688  mnmsrvc - ok
                20:35:19.0062 4688  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
                20:35:19.0062 4688  Modem - ok
                20:35:19.0093 4688  [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt         C:\WINDOWS\system32\drivers\Monfilt.sys
                20:35:19.0109 4688  Monfilt - ok
                20:35:19.0140 4688  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
                20:35:19.0140 4688  Mouclass - ok
                20:35:19.0187 4688  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
                20:35:19.0187 4688  mouhid - ok
                20:35:19.0234 4688  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
                20:35:19.0234 4688  MountMgr - ok
                20:35:19.0265 4688  [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
                20:35:19.0265 4688  mraid35x - ok
                20:35:19.0265 4688  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
                20:35:19.0265 4688  MRxDAV - ok
                20:35:19.0312 4688  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
                20:35:19.0312 4688  MRxSmb - ok
                20:35:19.0328 4688  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
                20:35:19.0328 4688  MSDTC - ok
                20:35:19.0343 4688  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
                20:35:19.0343 4688  Msfs - ok
                20:35:19.0343 4688  MSIServer - ok
                20:35:19.0359 4688  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
                20:35:19.0359 4688  MSKSSRV - ok
                20:35:19.0375 4688  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
                20:35:19.0375 4688  MSPCLOCK - ok
                20:35:19.0406 4688  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
                20:35:19.0406 4688  MSPQM - ok
                20:35:19.0453 4688  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
                20:35:19.0453 4688  mssmbios - ok
                20:35:19.0546 4688  MSSQL$SQLEXPRESS - ok
                20:35:19.0593 4688  MSSQLSERVER - ok
                20:35:19.0625 4688  [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
                20:35:19.0625 4688  MSSQLServerADHelper - ok
                20:35:19.0796 4688  [ 70E994D23895DF6B1EE1E70145299FCF ] msvsmon90       c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe
                20:35:19.0875 4688  msvsmon90 - ok
                20:35:19.0906 4688  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
                20:35:19.0921 4688  Mup - ok
                20:35:19.0953 4688  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
                20:35:19.0953 4688  napagent - ok
                20:35:19.0984 4688  NasPmService - ok
                20:35:20.0015 4688  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
                20:35:20.0031 4688  NDIS - ok
                20:35:20.0031 4688  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
                20:35:20.0031 4688  NdisTapi - ok
                20:35:20.0046 4688  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
                20:35:20.0046 4688  Ndisuio - ok
                20:35:20.0062 4688  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
                20:35:20.0078 4688  NdisWan - ok
                20:35:20.0093 4688  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
                20:35:20.0093 4688  NDProxy - ok
                20:35:20.0109 4688  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
                20:35:20.0109 4688  NetBIOS - ok
                20:35:20.0140 4688  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
                20:35:20.0140 4688  NetBT - ok
                20:35:20.0171 4688  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
                20:35:20.0187 4688  NetDDE - ok
                20:35:20.0187 4688  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
                20:35:20.0187 4688  NetDDEdsdm - ok
                20:35:20.0234 4688  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
                20:35:20.0234 4688  Netlogon - ok
                20:35:20.0234 4688  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
                20:35:20.0234 4688  Netman - ok
                20:35:20.0281 4688  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
                20:35:20.0296 4688  NetTcpPortSharing - ok
                20:35:20.0343 4688  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
                20:35:20.0343 4688  Nla - ok
                20:35:20.0406 4688  [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess       C:\Program Files\CDBurnerXP\NMSAccessU.exe
                20:35:20.0406 4688  NMSAccess - ok
                20:35:20.0406 4688  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
                20:35:20.0406 4688  Npfs - ok
                20:35:20.0421 4688  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
                20:35:20.0421 4688  Ntfs - ok
                20:35:20.0437 4688  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
                20:35:20.0437 4688  NtLmSsp - ok
                20:35:20.0468 4688  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
                20:35:20.0484 4688  NtmsSvc - ok
                20:35:20.0515 4688  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
                20:35:20.0515 4688  Null - ok
                20:35:20.0546 4688  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
                20:35:20.0546 4688  NwlnkFlt - ok
                20:35:20.0562 4688  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
                20:35:20.0562 4688  NwlnkFwd - ok
                20:35:20.0593 4688  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
                20:35:20.0593 4688  ose - ok
                20:35:20.0609 4688  [ 9D80E0BE979C3EDAF2863F23B88F4DE6 ] Packet          C:\WINDOWS\system32\DRIVERS\packet.sys
                20:35:20.0609 4688  Packet - ok
                20:35:20.0640 4688  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
                20:35:20.0640 4688  Parport - ok
                20:35:20.0640 4688  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
                20:35:20.0640 4688  PartMgr - ok
                20:35:20.0656 4688  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
                20:35:20.0656 4688  ParVdm - ok
                20:35:20.0703 4688  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
                20:35:20.0703 4688  PCI - ok
                20:35:20.0703 4688  PCIDump - ok
                20:35:20.0718 4688  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
                20:35:20.0718 4688  PCIIde - ok
                20:35:20.0750 4688  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
                20:35:20.0750 4688  Pcmcia - ok
                20:35:20.0750 4688  PDCOMP - ok
                20:35:20.0765 4688  PDFRAME - ok
                20:35:20.0765 4688  PDRELI - ok
                20:35:20.0765 4688  PDRFRAME - ok
                20:35:20.0781 4688  [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
                20:35:20.0781 4688  perc2 - ok
                20:35:20.0796 4688  [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
                20:35:20.0796 4688  perc2hib - ok
                20:35:20.0828 4688  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
                20:35:20.0828 4688  PlugPlay - ok
                20:35:20.0828 4688  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
                20:35:20.0828 4688  PolicyAgent - ok
                20:35:20.0828 4688  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
                20:35:20.0843 4688  PptpMiniport - ok
                20:35:20.0843 4688  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
                20:35:20.0843 4688  ProtectedStorage - ok
                20:35:20.0843 4688  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
                20:35:20.0843 4688  PSched - ok
                20:35:20.0843 4688  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
                20:35:20.0843 4688  Ptilink - ok
                20:35:20.0875 4688  [ 03E0FE281823BA64B3782F5B38950E73 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
                20:35:20.0890 4688  PxHelp20 - ok
                20:35:20.0906 4688  [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
                20:35:20.0906 4688  ql1080 - ok
                20:35:20.0953 4688  [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
                20:35:20.0953 4688  Ql10wnt - ok
                20:35:20.0984 4688  [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
                20:35:20.0984 4688  ql12160 - ok
                20:35:21.0015 4688  [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
                20:35:21.0015 4688  ql1240 - ok
                20:35:21.0031 4688  [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
                20:35:21.0031 4688  ql1280 - ok
                20:35:21.0046 4688  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
                20:35:21.0046 4688  RasAcd - ok
                20:35:21.0078 4688  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
                20:35:21.0093 4688  RasAuto - ok
                20:35:21.0109 4688  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
                20:35:21.0109 4688  Rasl2tp - ok
                20:35:21.0125 4688  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
                20:35:21.0125 4688  RasMan - ok
                20:35:21.0125 4688  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
                20:35:21.0125 4688  RasPppoe - ok
                20:35:21.0140 4688  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
                20:35:21.0140 4688  Raspti - ok
                20:35:21.0156 4688  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
                20:35:21.0171 4688  Rdbss - ok
                20:35:21.0203 4688  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
                20:35:21.0203 4688  RDPCDD - ok
                20:35:21.0203 4688  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
                20:35:21.0203 4688  rdpdr - ok
                20:35:21.0265 4688  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
                20:35:21.0281 4688  RDPWD - ok
                20:35:21.0296 4688  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
                20:35:21.0296 4688  RDSessMgr - ok
                20:35:21.0328 4688  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
                20:35:21.0328 4688  redbook - ok
                20:35:21.0375 4688  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
                20:35:21.0375 4688  RemoteAccess - ok
                20:35:21.0390 4688  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
                20:35:21.0390 4688  RemoteRegistry - ok
                20:35:21.0421 4688  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
                20:35:21.0421 4688  RpcLocator - ok
                20:35:21.0437 4688  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
                20:35:21.0437 4688  RpcSs - ok
                20:35:21.0484 4688  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
                20:35:21.0484 4688  RSVP - ok
                20:35:21.0500 4688  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
                20:35:21.0500 4688  SamSs - ok
                20:35:21.0578 4688  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
                20:35:21.0578 4688  SASDIFSV - ok
                20:35:21.0578 4688  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
                20:35:21.0593 4688  SASKUTIL - ok
                20:35:21.0609 4688  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
                20:35:21.0609 4688  SCardSvr - ok
                20:35:21.0640 4688  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
                20:35:21.0640 4688  Schedule - ok
                20:35:21.0656 4688  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
                20:35:21.0656 4688  Secdrv - ok
                20:35:21.0687 4688  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
                20:35:21.0687 4688  seclogon - ok
                20:35:21.0718 4688  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
                20:35:21.0734 4688  SENS - ok
                20:35:21.0734 4688  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
                20:35:21.0734 4688  Serenum - ok
                20:35:21.0734 4688  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
                20:35:21.0734 4688  Serial - ok
                20:35:21.0781 4688  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
                20:35:21.0781 4688  Sfloppy - ok
                20:35:21.0796 4688  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
                20:35:21.0812 4688  SharedAccess - ok
                20:35:21.0828 4688  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
                20:35:21.0828 4688  ShellHWDetection - ok
                20:35:21.0828 4688  Simbad - ok
                20:35:21.0859 4688  [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
                20:35:21.0859 4688  sisagp - ok
                20:35:21.0890 4688  [ DB3C22745C0DA4666F3BE31F1AF36B2F ] SMTPSVC         C:\WINDOWS\system32\inetsrv\inetinfo.exe
                20:35:21.0890 4688  SMTPSVC - ok
                20:35:21.0937 4688  [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
                20:35:21.0937 4688  Sparrow - ok
                20:35:21.0968 4688  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
                20:35:21.0968 4688  splitter - ok
                20:35:22.0000 4688  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
                20:35:22.0000 4688  Spooler - ok
                20:35:22.0015 4688  [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser      c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
                20:35:22.0031 4688  SQLBrowser - ok
                20:35:22.0062 4688  [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
                20:35:22.0062 4688  SQLWriter - ok
                20:35:22.0078 4688  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
                20:35:22.0078 4688  sr - ok
                20:35:22.0125 4688  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
                20:35:22.0125 4688  srservice - ok
                20:35:22.0140 4688  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
                20:35:22.0156 4688  Srv - ok
                20:35:22.0171 4688  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
                20:35:22.0171 4688  SSDPSRV - ok
                20:35:22.0203 4688  [ EF3458337D7341A05169CEFC73709264 ] SSPORT          C:\WINDOWS\system32\Drivers\SSPORT.sys
                20:35:22.0203 4688  SSPORT - ok
                20:35:22.0234 4688  [ F92254B0BCFCD10CAAC7BCCC7CB7F467 ] StarOpen        C:\WINDOWS\system32\drivers\StarOpen.sys
                20:35:22.0234 4688  StarOpen - ok
                20:35:22.0281 4688  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
                20:35:22.0281 4688  stisvc - ok
                20:35:22.0328 4688  [ E476C66713C842F58E61A95826ED1D57 ] stllssvr        c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
                20:35:22.0328 4688  stllssvr - ok
                20:35:22.0359 4688  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
                20:35:22.0359 4688  swenum - ok
                20:35:22.0406 4688  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
                20:35:22.0406 4688  swmidi - ok
                20:35:22.0406 4688  SwPrv - ok
                20:35:22.0453 4688  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
                20:35:22.0453 4688  symc810 - ok
                20:35:22.0468 4688  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
                20:35:22.0468 4688  symc8xx - ok
                20:35:22.0515 4688  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
                20:35:22.0515 4688  sym_hi - ok
                20:35:22.0546 4688  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
                20:35:22.0546 4688  sym_u3 - ok
                20:35:22.0593 4688  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
                20:35:22.0593 4688  sysaudio - ok
                20:35:22.0640 4688  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
                20:35:22.0640 4688  SysmonLog - ok
                20:35:22.0656 4688  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
                20:35:22.0671 4688  TapiSrv - ok
                20:35:22.0687 4688  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
                20:35:22.0687 4688  Tcpip - ok
                20:35:22.0718 4688  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
                20:35:22.0718 4688  TDPIPE - ok
                20:35:22.0718 4688  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
                20:35:22.0718 4688  TDTCP - ok
                20:35:22.0734 4688  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
                20:35:22.0734 4688  TermDD - ok
                20:35:22.0765 4688  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
                20:35:22.0765 4688  TermService - ok
                20:35:22.0781 4688  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
                20:35:22.0781 4688  Themes - ok
                20:35:22.0812 4688  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
                20:35:22.0828 4688  TlntSvr - ok
                20:35:22.0843 4688  [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
                20:35:22.0843 4688  TosIde - ok
                20:35:22.0875 4688  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
                20:35:22.0890 4688  TrkWks - ok
                20:35:22.0906 4688  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
                20:35:22.0921 4688  Udfs - ok
                20:35:22.0937 4688  [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
                20:35:22.0937 4688  ultra - ok
                20:35:22.0968 4688  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
                20:35:22.0968 4688  Update - ok
                20:35:23.0015 4688  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
                20:35:23.0015 4688  upnphost - ok
                20:35:23.0046 4688  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
                20:35:23.0046 4688  UPS - ok
                20:35:23.0078 4688  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
                20:35:23.0078 4688  usbccgp - ok
                20:35:23.0093 4688  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
                20:35:23.0093 4688  usbehci - ok
                20:35:23.0093 4688  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
                20:35:23.0109 4688  usbhub - ok
                20:35:23.0156 4688  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
                20:35:23.0156 4688  usbprint - ok
                20:35:23.0187 4688  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
                20:35:23.0187 4688  usbscan - ok
                20:35:23.0203 4688  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
                20:35:23.0203 4688  USBSTOR - ok
                20:35:23.0218 4688  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
                20:35:23.0218 4688  usbuhci - ok
                20:35:23.0250 4688  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
                20:35:23.0250 4688  VgaSave - ok
                20:35:23.0250 4688  [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
                20:35:23.0250 4688  viaagp - ok
                20:35:23.0281 4688  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
                20:35:23.0281 4688  ViaIde - ok
                20:35:23.0312 4688  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
                20:35:23.0312 4688  VolSnap - ok
                20:35:23.0328 4688  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
                20:35:23.0328 4688  VSS - ok
                20:35:23.0328 4688  vToolbarUpdater13.2.0 - ok
                20:35:23.0375 4688  [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time         C:\WINDOWS\system32\w32time.dll
                20:35:23.0375 4688  w32time - ok
                20:35:23.0390 4688  [ DB3C22745C0DA4666F3BE31F1AF36B2F ] W3SVC           C:\WINDOWS\system32\inetsrv\inetinfo.exe
                20:35:23.0390 4688  W3SVC - ok
                20:35:23.0390 4688  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
                20:35:23.0390 4688  Wanarp - ok
                20:35:23.0390 4688  WDICA - ok
                20:35:23.0406 4688  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
                20:35:23.0406 4688  wdmaud - ok
                20:35:23.0421 4688  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
                20:35:23.0421 4688  WebClient - ok
                20:35:23.0515 4688  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
                20:35:23.0515 4688  winmgmt - ok
                20:35:23.0546 4688  [ 18F347402DA544A780949B8FDF83351B ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
                20:35:23.0578 4688  WinRM - ok
                20:35:23.0593 4688  [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
                20:35:23.0593 4688  WmdmPmSN - ok
                20:35:23.0640 4688  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
                20:35:23.0640 4688  Wmi - ok
                20:35:23.0687 4688  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
                20:35:23.0687 4688  WmiAcpi - ok
                20:35:23.0734 4688  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
                20:35:23.0750 4688  WmiApSrv - ok
                20:35:23.0812 4688  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
                20:35:23.0812 4688  WMPNetworkSvc - ok
                20:35:23.0890 4688  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
                20:35:23.0890 4688  WPFFontCache_v0400 - ok
                20:35:23.0937 4688  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
                20:35:23.0937 4688  WS2IFSL - ok
                20:35:23.0984 4688  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
                20:35:23.0984 4688  wscsvc - ok
                20:35:23.0984 4688  WSearch - ok
                20:35:24.0031 4688  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
                20:35:24.0031 4688  wuauserv - ok
                20:35:24.0046 4688  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
                20:35:24.0062 4688  WudfPf - ok
                20:35:24.0093 4688  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
                20:35:24.0093 4688  WudfRd - ok
                20:35:24.0109 4688  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
                20:35:24.0109 4688  WudfSvc - ok
                20:35:24.0140 4688  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
                20:35:24.0140 4688  WZCSVC - ok
                20:35:24.0187 4688  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
                20:35:24.0187 4688  xmlprov - ok
                20:35:24.0203 4688  ================ Scan global ===============================
                20:35:24.0250 4688  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
                20:35:24.0281 4688  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
                20:35:24.0296 4688  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
                20:35:24.0296 4688  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
                20:35:24.0312 4688  [Global] - ok
                20:35:24.0312 4688  ================ Scan MBR ==================================
                20:35:24.0328 4688  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
                20:35:24.0562 4688  \Device\Harddisk0\DR0 - ok
                20:35:24.0562 4688  ================ Scan VBR ==================================
                20:35:24.0562 4688  [ D3B0AD59BBCB3F34EA41601089F1F176 ] \Device\Harddisk0\DR0\Partition1
                20:35:24.0578 4688  \Device\Harddisk0\DR0\Partition1 - ok
                20:35:24.0578 4688  ============================================================
                20:35:24.0578 4688  Scan finished
                20:35:24.0578 4688  ============================================================
                20:35:24.0578 6512  Detected object count: 0
                20:35:24.0578 6512  Actual detected object count: 0
                20:41:12.0328 3900  Deinitialize success



                ---------------------------------------

                MS Defrag report:

                Volume OS (C:)
                    Volume size                                = 466 GB
                    Cluster size                               = 4 KB
                    Used space                                 = 203 GB
                    Free space                                 = 262 GB
                    Percent free space                         = 56 %

                Volume fragmentation
                    Total fragmentation                        = 26 %
                    File fragmentation                         = 53 %
                    Free space fragmentation                   = 0 %

                File fragmentation
                    Total files                                = 392,876
                    Average file size                          = 739 KB
                    Total fragmented files                     = 3,279
                    Total excess fragments                     = 281,872
                    Average fragments per file                 = 1.71

                Pagefile fragmentation
                    Pagefile size                &nb<

                SuperDave

                • Malware Removal Specialist
                • Moderator


                • Sage
                • Thanked: 842
                • Certifications: List
                • Experience: Expert
                • OS: Windows 8
                Re: Malware infection following a moment of madness
                « Reply #13 on: November 17, 2012, 07:32:56 PM »
                Something is blocking those infections from being deleted by ESET.
                Please do this even if you don't have the OS disk.


                Do you have an XP CD?

                If so, place it in your CD ROM drive and follow the instructions below:
                •Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
                *Let this run undisturbed until the window with the blue  progress bar goes away
                SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.
                Please let me know what happens.

                Save these instructions so you can have access to them while in Safe Mode.

                Please click here to download AVP Tool by Kaspersky.
                • Save it to your desktop.
                • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
                • Double click the setup file to run it.
                • Click Next to continue.
                • Accept the License agreement and click on next.
                • It will, by default, install it to your desktop folder. Click Next.
                • It will then open a box There will be a tab that says Automatic scan.
                • Under Automatic scan make sure these are checked.
                • Hidden Startup Objects
                • System Memory
                • Disk Boot Sectors.
                • My Computer.
                • Also any other drives (Removable that you may have)
                Leave the rest of the settings as they appear as default.
                •Then click on Scan at the to right hand Corner.
                •It will automatically Neutralize any objects found.
                •If some objects are left un-neutralized then click the button that says Neutralize all
                •If it says it cannot be neutralized then choose the delete option when prompted.
                •After that is done click on the reports button at the bottom and save it to file name it Kas.
                •Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

                Note: This tool will self uninstall when you close it so please save the log before closing it.
                Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender

                whathim

                  Topic Starter


                  Beginner

                  Re: Malware infection following a moment of madness
                  « Reply #14 on: November 18, 2012, 09:35:13 AM »
                  This morning after starting computer I again got a message box saying, “jusched.exe has encountered a problem and needs to close.  We are sorry for the inconvenience.”.

                  I do have the XP CD so I placed it in the drive and ran SFC as instructed.  All I saw was a progress bar entitled “Windows File Protection”, which steadily ran to completion with no apparent incident.  Would it have told me if it had detected a discrepancy?

                  Installed and ran the Kaspersky AVP Tool.  Under the Automatic scan tab there were no checkboxes immediately apparent.  I had to click a gear wheel icon that then allowed access to settings under the categories “Scan scope”, “Security level” and “Action”.  The checkboxes you listed were under Scan scope.

                  A few times while running, the tool popped up a message saying a particular file is password protected.  The message did not ask, or wait, for me to respond but it did have “More details”, which I didn’t click (the message disappears quickly).

                  On completion, the tool said, “no threats detected”.  It confused me a bit when saving the report as it popped up a modal dialog entitled simply “Save” with no explanatory text, a blank uneditable text field and an unclickable OK button.  After a delay it vanished.

                  Shortly after rebooting into normal XP I again got the “jusched.exe crashed” message box.  I looked in the saved report and found no list of detected threats.  I’ve copy/pasted the first few lines from the start of the report here.

                  Automatic Scan: completed 8 minutes ago   (events: 1781794, objects: 1758971, time: 02:17:36)   
                  18/11/2012 15:57:41   Task completed         
                  18/11/2012 15:57:41   OK   C:\Workarea\ihs\Zstuff\slog\_messing_about\WindowsFormsApplication1\WindowsFormsApplication1\Web References\refwsfma\.svn\text-base\wsfma.wsdl.svn-base      
                  18/11/2012 15:57:41   OK   C:\Workarea\ihs\Zstuff\slog\_messing_about\WindowsFormsApplication1\WindowsFormsApplication1\Web References\refwsfma\.svn\text-base\wsfma.disco.svn-base      
                  18/11/2012 15:57:41   OK   C:\Workarea\ihs\Zstuff\slog\_messing_about\WindowsFormsApplication1\WindowsFormsApplication1\Web References\refwsfma\.svn\text-base\Reference.map.svn-base      
                  18/11/2012 15:57:41   OK   C:\Workarea\ihs\Zstuff\slog\_messing_about\WindowsFormsApplication1\WindowsFormsApplication1\Web References\refwsfma\.svn\text-base\Reference.cs.svn-base      
                  18/11/2012 15:57:41   OK   C:\Workarea\ihs\Zstuff\slog\_messing_about\WindowsFormsApplication1\WindowsFormsApplication1\Web References\refwsfma\.svn\text-base\FmaInput.datasource.svn-base      


                  ps.  I’ve just noticed that AVG was showing me I’m not fully protected – “Identity Protection” disabled.  I clicked its “Fix” button and now it is showing that I am protected (with “All security features are working correctly and are up to date”) but has popped up a message saying, “Could not finish automatic state repair.  We weren’t able to fix one or more components”.  Bit contradictory, eh?
                  « Last Edit: November 18, 2012, 09:50:33 AM by whathim »