bmg

Honorary Members

View Profile See their activity

Posts
129
Joined
May 29, 2011
Last visited
October 28, 2020

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by bmg

Computer Incredibly Slow

bmg replied to bmg's topic in Resolved Malware Removal Logs

What tests should I run with Sea tools? Some say: 'unavailable.' Computer probably worse than ever now...
- December 12, 2012
- 33 replies
Computer Incredibly Slow

bmg replied to bmg's topic in Resolved Malware Removal Logs

Unfortunately, the computer did lock up again. It seems on start up, I can hear the drive accessing data; this is when it happens. After about 15 minutes, it seems to clear itself and works normally...
- December 8, 2012
- 33 replies
Computer Incredibly Slow

bmg replied to bmg's topic in Resolved Malware Removal Logs

I had a problem with the first program not responding, but then it ran. The second found no threats, so I guess everything's OK. I do notice that sometimes things do freeze up, as when signing in to certain sites (ebay), but then it responnds.
- December 7, 2012
- 33 replies
Computer Incredibly Slow

bmg replied to bmg's topic in Resolved Malware Removal Logs

Seems OK at this time. Windows is asking for an update, should this be done?
- December 6, 2012
- 33 replies
Computer Incredibly Slow

bmg replied to bmg's topic in Resolved Malware Removal Logs

Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.06.02 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Susan :: SUSAN-PC [administrator] 12/5/2012 10:44:39 PM mbam-log-2012-12-05 (22-44-39).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 230574 Time elapsed: 10 minute(s), 54 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:58:43 PM, on 12/5/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16455) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe C:\Users\Susan\Desktop\tools\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Google Update Service (gupdate1c988f4c1438e7a) (gupdate1c988f4c1438e7a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 7170 bytes Could not find Bing Bar Platform to delete. Computer seems to be better, but FF does lock up frequently.
- December 6, 2012
- 33 replies
Computer Incredibly Slow

bmg replied to bmg's topic in Resolved Malware Removal Logs

Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.06.02 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Susan :: SUSAN-PC [administrator] 12/5/2012 10:44:39 PM mbam-log-2012-12-05 (22-44-39).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 230574 Time elapsed: 10 minute(s), 54 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:58:43 PM, on 12/5/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16455) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe C:\Users\Susan\Desktop\tools\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Google Update Service (gupdate1c988f4c1438e7a) (gupdate1c988f4c1438e7a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 7170 bytes Could not find Bing Bar Platform to delete. Computer seems to be better, but FF does lock up frequently.
- December 6, 2012
- 33 replies
Computer Incredibly Slow

bmg replied to bmg's topic in Resolved Malware Removal Logs

It does seem to be a lot better after the last posting. Is the problem fixed? Any idea what caused this?
- December 5, 2012
- 33 replies
Computer Incredibly Slow

bmg replied to bmg's topic in Resolved Malware Removal Logs

========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:\Windows\Downloaded Program Files\gp.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Susan\Desktop\tools\cmd.bat deleted successfully. C:\Users\Susan\Desktop\tools\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Default User: Default User User: Public User: Susan User: Timmy Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 41085 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public User: Susan ->Flash cache emptied: 1960313 bytes User: Timmy ->Flash cache emptied: 2081 bytes Total Flash Files Cleaned = 2.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 12052012_164116
- December 5, 2012
- 33 replies
Computer Incredibly Slow

bmg replied to bmg's topic in Resolved Malware Removal Logs

OTL logfile created on: 12/4/2012 3:48:24 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Susan\Desktop\tools Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1013.68 Mb Total Physical Memory | 47.65 Mb Available Physical Memory | 4.70% Memory free 2.24 Gb Paging File | 0.90 Gb Available in Paging File | 40.29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 51.01 Gb Total Space | 2.37 Gb Free Space | 4.64% Space Free | Partition Type: NTFS Drive D: | 51.01 Gb Total Space | 29.97 Gb Free Space | 58.75% Space Free | Partition Type: NTFS Computer Name: SUSAN-PC | User Name: Susan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Susan\Desktop\tools\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () PRC - C:\Acer\Mobility Center\MobilityService.exe () PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe () ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (Automatic LiveUpdate Scheduler) -- c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) SRV - (LiveUpdate) -- c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation) SRV - (AdobeActiveFileMonitor4.0) -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe () ========== Driver Services (SafeList) ========== DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\Susan\AppData\Local\Temp\catchme.sys File not found DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola) DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola) DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.) DRV - (motport) -- C:\Windows\System32\drivers\motport.sys (Motorola) DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola) DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data] IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3707120735-266275477-37861956-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-3707120735-266275477-37861956-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-3707120735-266275477-37861956-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3707120735-266275477-37861956-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-3707120735-266275477-37861956-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-3707120735-266275477-37861956-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-3707120735-266275477-37861956-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3707120735-266275477-37861956-1003\..\SearchScopes\{5C7A7760-A486-443D-90BA-4D69779276FF}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-3707120735-266275477-37861956-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&rlz=1I7GPEA_en IE - HKU\S-1-5-21-3707120735-266275477-37861956-1003\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-acer IE - HKU\S-1-5-21-3707120735-266275477-37861956-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.2: C:\Users\Susan\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/06/20 17:34:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/25 09:20:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/25 09:20:18 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/15 21:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Susan\AppData\Roaming\Mozilla\Extensions [2012/10/28 15:58:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\4m16uaxm.default\extensions [2012/06/15 21:17:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/11/25 09:20:18 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/11/25 09:19:51 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/11/25 09:19:51 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google () CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - default_search_provider: Google () CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com/ O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-3707120735-266275477-37861956-1003\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3707120735-266275477-37861956-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3707120735-266275477-37861956-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3707120735-266275477-37861956-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-3707120735-266275477-37861956-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-3707120735-266275477-37861956-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB3D3FC7-FD8D-462B-BE46-E28B4347A7CF}: DhcpNameServer = 192.168.1.1 68.237.161.12 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Susan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Susan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/12/04 10:54:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/12/04 10:52:06 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/12/04 10:38:12 | 000,000,000 | ---D | C] -- C:\ComboFix [2012/12/03 08:07:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/12/03 08:07:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/12/03 08:07:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/12/03 08:04:03 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/12/03 08:03:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/12/02 21:30:38 | 000,000,000 | ---D | C] -- C:\Users\Susan\Desktop\RK_Quarantine [2012/12/02 17:42:26 | 000,000,000 | ---D | C] -- C:\Users\Susan\Desktop\tools [2012/12/02 16:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar [2012/12/02 16:49:17 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer [2012/12/02 16:49:12 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll [2012/12/02 16:49:12 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll [2012/12/02 16:49:12 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll [2012/12/02 16:40:46 | 000,000,000 | ---D | C] -- C:\Users\Susan\AppData\Local\Windows Live [2012/12/02 16:38:43 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll [2012/12/02 16:24:52 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012/12/02 16:24:50 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012/12/02 16:24:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012/12/02 16:24:50 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012/12/02 16:24:50 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012/12/02 16:24:48 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012/12/02 16:24:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012/12/02 16:24:45 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012/12/02 15:25:11 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll [2012/12/02 15:24:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012/12/02 15:21:39 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012/12/02 15:17:22 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012/12/02 15:17:19 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012/12/01 18:21:40 | 000,000,000 | ---D | C] -- C:\Users\Susan\AppData\Local\Proxure [2012/12/01 18:21:29 | 000,000,000 | ---D | C] -- C:\ProgramData\ClubSanDisk [2012/11/30 16:15:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan [2012/11/30 16:15:20 | 000,000,000 | ---D | C] -- C:\Users\Susan\AppData\Roaming\Canon [2012/11/30 15:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software [2012/11/24 19:38:28 | 000,000,000 | ---D | C] -- C:\Users\Susan\Desktop\Tim's videos [2012/11/24 17:16:20 | 000,000,000 | ---D | C] -- C:\Users\Susan\Desktop\My Pets Pages3_files [2012/11/24 17:16:03 | 000,000,000 | ---D | C] -- C:\Users\Susan\Desktop\My Pets Pages2_files [2012/11/24 17:15:38 | 000,000,000 | ---D | C] -- C:\Users\Susan\Desktop\My Pets Pages1_files [2012/11/15 19:09:13 | 000,000,000 | ---D | C] -- C:\Users\Susan\Desktop\Tim's Comics [2012/11/08 23:38:20 | 000,000,000 | ---D | C] -- C:\Users\Susan\Desktop\CAT STUFF [2012/11/08 11:42:35 | 000,000,000 | ---D | C] -- C:\Users\Susan\AppData\Roaming\Malwarebytes [2012/11/08 11:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/11/08 11:42:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/11/08 11:42:00 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/11/08 11:41:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2008/05/23 12:16:23 | 000,630,784 | ---- | C] (Citrix Online) -- C:\Users\Susan\GoToAssist_chat2way__317_en.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/12/04 16:02:24 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/12/04 15:42:34 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/12/04 15:41:55 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/04 15:41:55 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/12/04 15:41:47 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/12/04 15:41:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/12/04 00:18:03 | 000,103,000 | ---- | M] () -- C:\Users\Susan\Desktop\meinplaidjacketps41.jpg [2012/12/03 20:03:43 | 000,652,090 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/12/03 20:03:43 | 000,122,572 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/12/03 17:11:11 | 000,051,200 | ---- | M] () -- C:\Users\Susan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/12/02 21:01:53 | 000,002,085 | ---- | M] () -- C:\Users\Susan\Desktop\mojo.rtf [2012/12/02 17:30:04 | 000,000,000 | ---- | M] () -- C:\Users\Susan\defogger_reenable [2012/12/02 17:08:42 | 000,454,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/12/02 16:33:08 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2012/12/02 09:27:04 | 000,001,356 | ---- | M] () -- C:\Users\Susan\AppData\Local\d3d9caps.dat [2012/11/29 16:37:45 | 000,091,146 | ---- | M] () -- C:\Users\Susan\Desktop\canon1.JPG [2012/11/29 16:37:11 | 000,081,746 | ---- | M] () -- C:\Users\Susan\Desktop\canon2.JPG [2012/11/29 12:24:52 | 000,041,639 | ---- | M] () -- C:\Users\Susan\Desktop\girlsdressedasappliancesLAElectrical Exposition1936.jpg [2012/11/28 20:57:15 | 000,020,614 | ---- | M] () -- C:\Users\Susan\Desktop\onthebalconyattimsnovember2012.jpg [2012/11/28 20:35:59 | 000,015,121 | ---- | M] () -- C:\Users\Susan\Desktop\meandfranknovember2012.jpg [2012/11/28 19:21:01 | 000,037,918 | ---- | M] () -- C:\Users\Susan\Desktop\petrafranknovember2012.jpg [2012/11/28 19:20:58 | 000,074,118 | ---- | M] () -- C:\Users\Susan\Desktop\ontim'sbalconynovember2012.jpg [2012/11/28 19:20:34 | 000,031,956 | ---- | M] () -- C:\Users\Susan\Desktop\joannafranknovember2012.jpg [2012/11/28 19:20:05 | 000,085,992 | ---- | M] () -- C:\Users\Susan\Desktop\gerilisafranknovember2012.jpg [2012/11/28 19:19:01 | 000,017,961 | ---- | M] () -- C:\Users\Susan\Desktop\bobandfrankattimsnovember2012.jpg [2012/11/28 11:44:12 | 000,016,024 | ---- | M] () -- C:\Users\Susan\Desktop\fatcat.jpg [2012/11/28 11:22:41 | 000,047,322 | ---- | M] () -- C:\Users\Susan\Desktop\sculptor.jpg [2012/11/27 08:02:51 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/11/25 19:19:28 | 000,341,253 | ---- | M] () -- C:\Users\Susan\Desktop\Gangnam_Style.jpg [2012/11/24 17:16:20 | 000,002,328 | ---- | M] () -- C:\Users\Susan\Desktop\My Pets Pages3.htm [2012/11/24 17:16:04 | 000,002,328 | ---- | M] () -- C:\Users\Susan\Desktop\My Pets Pages2.htm [2012/11/24 17:15:39 | 000,002,328 | ---- | M] () -- C:\Users\Susan\Desktop\My Pets Pages1.htm [2012/11/24 15:29:52 | 000,173,380 | ---- | M] () -- C:\Users\Susan\Desktop\momanddadtoppingstreet.jpg [2012/11/18 17:06:35 | 000,003,495 | ---- | M] () -- C:\Users\Susan\Desktop\nato.rtf [2012/11/14 16:34:40 | 000,000,923 | ---- | M] () -- C:\Users\Susan\Desktop\Launch Internet Explorer Browser.lnk [2012/11/10 21:39:10 | 000,006,902 | ---- | M] () -- C:\Users\Susan\Desktop\fleetwoodmaccats.htm [2012/11/10 17:55:32 | 000,053,288 | ---- | M] () -- C:\Users\Susan\Desktop\bunny.jpg [2012/11/10 10:35:16 | 000,026,558 | ---- | M] () -- C:\Users\Susan\Desktop\197293_4388426120914_922624880_n.jpg [2012/11/09 12:10:25 | 000,119,981 | ---- | M] () -- C:\Users\Susan\Desktop\bobin31milbank1132012.jpg [2012/11/09 09:21:43 | 000,070,056 | ---- | M] () -- C:\Users\Susan\Desktop\546889_4199715348682_1102472806_n.jpg [2012/11/08 11:42:14 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/06 01:08:12 | 000,074,535 | ---- | M] () -- C:\Users\Susan\Desktop\121102_gallery_sandyaftermath_rollercoaster_jpg_CROP_article920-large.jpg [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/12/04 00:18:35 | 000,103,000 | ---- | C] () -- C:\Users\Susan\Desktop\meinplaidjacketps41.jpg [2012/12/03 08:07:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/12/03 08:07:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/12/03 08:07:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/12/03 08:07:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/12/03 08:07:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/12/02 20:44:14 | 000,002,085 | ---- | C] () -- C:\Users\Susan\Desktop\mojo.rtf [2012/12/02 17:30:04 | 000,000,000 | ---- | C] () -- C:\Users\Susan\defogger_reenable [2012/11/29 16:33:34 | 000,091,146 | ---- | C] () -- C:\Users\Susan\Desktop\canon1.JPG [2012/11/29 16:33:34 | 000,081,746 | ---- | C] () -- C:\Users\Susan\Desktop\canon2.JPG [2012/11/29 12:30:22 | 000,041,639 | ---- | C] () -- C:\Users\Susan\Desktop\girlsdressedasappliancesLAElectrical Exposition1936.jpg [2012/11/28 22:12:51 | 000,020,614 | ---- | C] () -- C:\Users\Susan\Desktop\onthebalconyattimsnovember2012.jpg [2012/11/28 22:12:19 | 000,015,121 | ---- | C] () -- C:\Users\Susan\Desktop\meandfranknovember2012.jpg [2012/11/28 19:22:18 | 000,037,918 | ---- | C] () -- C:\Users\Susan\Desktop\petrafranknovember2012.jpg [2012/11/28 19:21:57 | 000,074,118 | ---- | C] () -- C:\Users\Susan\Desktop\ontim'sbalconynovember2012.jpg [2012/11/28 19:21:31 | 000,031,956 | ---- | C] () -- C:\Users\Susan\Desktop\joannafranknovember2012.jpg [2012/11/28 19:20:54 | 000,085,992 | ---- | C] () -- C:\Users\Susan\Desktop\gerilisafranknovember2012.jpg [2012/11/28 19:19:26 | 000,017,961 | ---- | C] () -- C:\Users\Susan\Desktop\bobandfrankattimsnovember2012.jpg [2012/11/28 11:46:02 | 000,047,322 | ---- | C] () -- C:\Users\Susan\Desktop\sculptor.jpg [2012/11/28 11:45:14 | 000,016,024 | ---- | C] () -- C:\Users\Susan\Desktop\fatcat.jpg [2012/11/25 19:22:57 | 000,341,253 | ---- | C] () -- C:\Users\Susan\Desktop\Gangnam_Style.jpg [2012/11/24 17:16:19 | 000,002,328 | ---- | C] () -- C:\Users\Susan\Desktop\My Pets Pages3.htm [2012/11/24 17:16:03 | 000,002,328 | ---- | C] () -- C:\Users\Susan\Desktop\My Pets Pages2.htm [2012/11/24 17:15:38 | 000,002,328 | ---- | C] () -- C:\Users\Susan\Desktop\My Pets Pages1.htm [2012/11/24 15:29:51 | 000,173,380 | ---- | C] () -- C:\Users\Susan\Desktop\momanddadtoppingstreet.jpg [2012/11/18 15:54:57 | 000,003,495 | ---- | C] () -- C:\Users\Susan\Desktop\nato.rtf [2012/11/10 21:39:08 | 000,006,902 | ---- | C] () -- C:\Users\Susan\Desktop\fleetwoodmaccats.htm [2012/11/10 17:55:51 | 000,053,288 | ---- | C] () -- C:\Users\Susan\Desktop\bunny.jpg [2012/11/10 10:35:30 | 000,026,558 | ---- | C] () -- C:\Users\Susan\Desktop\197293_4388426120914_922624880_n.jpg [2012/11/09 12:10:43 | 000,119,981 | ---- | C] () -- C:\Users\Susan\Desktop\bobin31milbank1132012.jpg [2012/11/09 09:21:57 | 000,070,056 | ---- | C] () -- C:\Users\Susan\Desktop\546889_4199715348682_1102472806_n.jpg [2012/11/08 11:42:14 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/06 01:08:34 | 000,074,535 | ---- | C] () -- C:\Users\Susan\Desktop\121102_gallery_sandyaftermath_rollercoaster_jpg_CROP_article920-large.jpg [2009/02/08 02:02:17 | 000,031,007 | ---- | C] () -- C:\Users\Susan\AppData\Roaming\UserTile.png [2008/12/14 23:55:45 | 000,001,356 | ---- | C] () -- C:\Users\Susan\AppData\Local\d3d9caps.dat [2008/07/28 21:54:13 | 000,000,632 | RHS- | C] () -- C:\Users\Susan\ntuser.pol [2008/06/04 16:56:21 | 000,051,200 | ---- | C] () -- C:\Users\Susan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Computer starts and I am able to access the net; after 2 or 3 minutes, it locks up very badly. It took 20 minutes just to load this page! (I noticed in the task manager that the physical memory is at 0.) Maybe a system restore would work?
- December 4, 2012
- 33 replies
Computer Incredibly Slow

bmg replied to bmg's topic in Resolved Malware Removal Logs

ComboFix 12-12-02.01 - Susan 12/04/2012 10:41:47.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1014.307 [GMT -5:00] Running from: C:\Users\Susan\Desktop\tools\ComboFix.exe Command switches used :: C:\Users\Susan\Desktop\tools\CFScript.txt AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ((((((((((((((((((((((((( Files Created from 2012-11-04 to 2012-12-04 ))))))))))))))))))))))))))))))) 2012-12-04 15:52:06 . 2012-12-04 15:52:06 -------- d-----w- C:\Users\Timmy\AppData\Local\temp 2012-12-04 15:52:06 . 2012-12-04 15:52:06 -------- d-----w- C:\Users\Default\AppData\Local\temp 2012-12-04 14:32:30 . 2012-12-04 14:32:30 29904 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FE9D48B1-6940-45BD-8DCB-C7D695C8D4CD}\MpKsl41a6bb94.sys 2012-12-03 21:21:08 . 2012-10-23 11:04:18 740840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B40C6C1E-0B5C-4801-BB54-F324876E9598}\gapaengine.dll 2012-12-03 21:19:19 . 2012-11-08 18:00:47 6812136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FE9D48B1-6940-45BD-8DCB-C7D695C8D4CD}\mpengine.dll 2012-12-03 13:34:10 . 2012-11-08 18:00:47 6812136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-12-02 21:49:41 . 2012-12-02 21:49:41 -------- d-----w- C:\Program Files\MSN Toolbar 2012-12-02 21:49:17 . 2012-12-02 21:50:14 -------- d-----w- C:\Program Files\Bing Bar Installer 2012-12-02 21:49:12 . 2009-09-04 22:44:40 69464 ----a-w- C:\Windows\system32\XAPOFX1_3.dll 2012-12-02 21:49:12 . 2009-09-04 22:44:40 515416 ----a-w- C:\Windows\system32\XAudio2_5.dll 2012-12-02 21:49:12 . 2009-09-04 22:29:34 453456 ----a-w- C:\Windows\system32\d3dx10_42.dll 2012-12-02 21:47:10 . 2012-12-02 21:47:11 469256 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\930b3ca71cdd0d62c\InstallManager_WLE_WLE.exe 2012-12-02 21:46:15 . 2012-12-02 21:46:15 15712 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\732db4871cdd0d61f\MeshBetaRemover.exe 2012-12-02 21:45:17 . 2012-12-02 21:45:17 94040 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\5114e2671cdd0d618\DSETUP.dll 2012-12-02 21:45:17 . 2012-12-02 21:45:17 525656 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\5114e2671cdd0d618\DXSETUP.exe 2012-12-02 21:45:17 . 2012-12-02 21:45:17 1691480 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\5114e2671cdd0d618\dsetup32.dll 2012-12-02 21:45:14 . 2012-12-02 21:45:14 525656 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\4dd15fc71cdd0d617\DXSETUP.exe 2012-12-02 21:45:14 . 2012-12-02 21:45:14 1691480 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\4dd15fc71cdd0d617\dsetup32.dll 2012-12-02 21:45:13 . 2012-12-02 21:45:14 94040 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\4dd15fc71cdd0d617\DSETUP.dll 2012-12-02 21:40:46 . 2012-12-02 21:40:46 -------- d-----w- C:\Users\Susan\AppData\Local\Windows Live 2012-12-02 21:38:43 . 2009-08-04 08:02:24 754688 ----a-w- C:\Windows\system32\webservices.dll 2012-12-02 20:25:11 . 2012-09-25 16:19:41 75776 ----a-w- C:\Windows\system32\synceng.dll 2012-12-02 20:24:59 . 2012-06-02 00:02:32 985088 ----a-w- C:\Windows\system32\crypt32.dll 2012-12-02 20:24:59 . 2012-06-02 00:02:32 133120 ----a-w- C:\Windows\system32\cryptsvc.dll 2012-12-02 20:24:56 . 2012-06-02 00:02:32 98304 ----a-w- C:\Windows\system32\cryptnet.dll 2012-12-02 20:24:14 . 2012-08-24 15:53:29 172544 ----a-w- C:\Windows\system32\wintrust.dll 2012-12-02 20:24:08 . 2012-09-13 13:28:08 2048 ----a-w- C:\Windows\system32\tzres.dll 2012-12-02 20:21:39 . 2012-10-12 14:29:30 2047488 ----a-w- C:\Windows\system32\win32k.sys 2012-12-02 20:17:22 . 2012-08-29 11:27:41 3602816 ----a-w- C:\Windows\system32\ntkrnlpa.exe 2012-12-02 20:17:19 . 2012-08-29 11:27:41 3550080 ----a-w- C:\Windows\system32\ntoskrnl.exe 2012-12-01 23:21:40 . 2012-12-01 23:21:40 -------- d-----w- C:\Users\Susan\AppData\Local\Proxure 2012-12-01 23:21:29 . 2012-12-01 23:21:31 -------- d-----w- C:\ProgramData\ClubSanDisk 2012-11-30 21:15:20 . 2012-11-30 21:15:20 -------- d--h--w- C:\ProgramData\CanonIJScan 2012-11-30 21:15:20 . 2012-11-30 21:15:20 -------- d-----w- C:\Users\Susan\AppData\Roaming\Canon 2012-11-25 14:20:18 . 2012-11-25 14:20:18 73696 ----a-w- C:\Program Files\Mozilla Firefox\breakpadinjector.dll 2012-11-08 16:42:35 . 2012-11-08 16:42:35 -------- d-----w- C:\Users\Susan\AppData\Roaming\Malwarebytes 2012-11-08 16:42:06 . 2012-11-08 16:42:06 -------- d-----w- C:\ProgramData\Malwarebytes 2012-11-08 16:42:00 . 2012-09-30 00:54:26 22856 ----a-w- C:\Windows\system32\drivers\mbam.sys 2012-11-08 16:41:59 . 2012-11-08 16:42:24 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2012-10-23 11:04:18 . 2011-09-15 20:46:46 740840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-10-09 00:27:16 . 2012-03-31 17:50:30 73656 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl 2012-10-09 00:27:16 . 2012-03-31 17:50:30 696760 ----a-w- C:\Windows\system32\FlashPlayerApp.exe 2012-11-25 14:20:18 . 2012-06-16 02:17:43 266720 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-01-03 10:00:48 39472 ----a-w- C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-07 07:20:31 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="C:\Program Files\Microsoft Security Client\msseces.exe" [2012-09-12 22:19:44 947176] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher] 2007-11-19 22:17:40 1261568 ----a-w- C:\Program Files\Acer\Acer Assist\launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration] 2007-11-26 18:21:22 3387392 ----a-w- C:\Program Files\Acer\Acer Registration\ACE1.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-02 15:07:56 843712 ----a-r- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2005-09-09 05:18:10 57344 ----a-w- C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-01-04 03:51:18 37296 ----a-w- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2012-02-23 15:38:24 59240 ----a-w- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-02-21 01:28:32 59240 ----a-w- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader] 2008-01-03 09:55:48 521776 ----a-w- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-21 02:25:11 125952 ----a-w- C:\Windows\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2008-02-12 01:13:02 166424 ----a-w- C:\Windows\System32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2008-02-12 01:13:12 141848 ----a-w- C:\Windows\System32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater] 2011-10-11 17:49:14 1179648 ----a-w- C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-03-06 23:05:34 421736 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] 2007-10-11 20:06:20 62760 ------w- C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] 2008-01-07 23:51:46 858632 ----a-w- C:\PROGRA~1\LAUNCH~1\LManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments] 2012-02-23 16:30:40 59240 ----a-w- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2009-07-26 21:44:34 3883856 ----a-w- C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2008-02-12 01:13:08 133656 ----a-w- C:\Windows\System32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 18:28:52 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2008-01-22 22:23:28 81920 ------w- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2008-01-08 00:25:14 4853760 ----a-w- C:\Windows\RtHDVCpl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel] 2007-11-21 02:15:58 1826816 ----a-w- C:\Windows\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-02-07 07:20:31 39408 ----a-w- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart] 2007-09-07 19:35:10 102400 ----a-w- C:\Program Files\Synaptics\SynTP\SynTPStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2009-06-20 22:34:25 198160 ----a-w- C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-21 02:23:32 1008184 ----a-w- C:\Program Files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-21 02:25:33 202240 ----a-w- C:\Program Files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WPCUMI] 2006-11-02 12:35:35 176128 ----a-w- C:\Windows\System32\wpcumi.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 --- Other Services/Drivers In Memory --- *NewlyCreated* - MPKSL41A6BB94 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache Contents of the 'Scheduled Tasks' folder 2012-12-04 C:\Windows\Tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 17:50:33 . 2012-10-09 00:27:17] 2011-12-10 C:\Windows\Tasks\Google Software Updater.job - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-07 07:20:19 . 2011-12-10 18:34:14] 2012-12-04 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-07 07:21:51 . 2009-02-07 07:21:39] 2012-12-04 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-07 07:21:51 . 2009-02-07 07:21:39] ------- Supplementary Scan ------- uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://en.us.acer.yahoo.com uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: C:\Windows\system32\wpclsp.dll TCP: DhcpNameServer = 192.168.1.1 68.237.161.12 FF - ProfilePath - C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\4m16uaxm.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 0 Computer still pretty slow; especially when on the net.
- December 4, 2012
- 33 replies
Computer Incredibly Slow

bmg replied to bmg's topic in Resolved Malware Removal Logs

Here are the new logs: 16:13:13.0578 2988 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 16:13:15.0637 2988 ============================================================ 16:13:15.0637 2988 Current date / time: 2012/12/03 16:13:15.0637 16:13:15.0637 2988 SystemInfo: 16:13:15.0637 2988 16:13:15.0637 2988 OS Version: 6.0.6002 ServicePack: 2.0 16:13:15.0637 2988 Product type: Workstation 16:13:15.0637 2988 ComputerName: SUSAN-PC 16:13:15.0637 2988 UserName: Susan 16:13:15.0637 2988 Windows directory: C:\Windows 16:13:15.0637 2988 System windows directory: C:\Windows 16:13:15.0637 2988 Processor architecture: Intel x86 16:13:15.0637 2988 Number of processors: 2 16:13:15.0637 2988 Page size: 0x1000 16:13:15.0637 2988 Boot type: Normal boot 16:13:15.0637 2988 ============================================================ 16:13:31.0627 2988 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 16:13:31.0924 2988 ============================================================ 16:13:31.0924 2988 \Device\Harddisk0\DR0: 16:13:31.0986 2988 MBR partitions: 16:13:31.0986 2988 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x6607000 16:13:31.0986 2988 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x798F800, BlocksNum 0x6604800 16:13:31.0986 2988 ============================================================ 16:13:32.0173 2988 C: <-> \Device\Harddisk0\DR0\Partition1 16:13:32.0345 2988 D: <-> \Device\Harddisk0\DR0\Partition2 16:13:32.0860 2988 ============================================================ 16:13:32.0860 2988 Initialize success 16:13:32.0860 2988 ============================================================ 16:13:45.0745 2540 ============================================================ 16:13:45.0745 2540 Scan started 16:13:45.0745 2540 Mode: Manual; 16:13:45.0745 2540 ============================================================ 16:14:07.0008 2540 ================ Scan system memory ======================== 16:14:07.0008 2540 System memory - ok 16:14:07.0008 2540 ================ Scan services ============================= 16:14:10.0128 2540 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys 16:14:10.0347 2540 ACPI - ok 16:14:11.0361 2540 [ 2486C8E3F14496341E90CF2AB8BC82ED ] AdobeActiveFileMonitor4.0 C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe 16:14:22.0312 2540 AdobeActiveFileMonitor4.0 - ok 16:14:22.0749 2540 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 16:14:22.0889 2540 AdobeFlashPlayerUpdateSvc - ok 16:14:23.0217 2540 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 16:14:23.0310 2540 adp94xx - ok 16:14:23.0404 2540 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys 16:14:23.0419 2540 adpahci - ok 16:14:23.0466 2540 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 16:14:23.0513 2540 adpu160m - ok 16:14:23.0607 2540 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 16:14:23.0841 2540 adpu320 - ok 16:14:23.0981 2540 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 16:14:24.0028 2540 AeLookupSvc - ok 16:14:24.0215 2540 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys 16:14:24.0309 2540 AFD - ok 16:14:24.0465 2540 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys 16:14:24.0480 2540 agp440 - ok 16:14:24.0527 2540 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 16:14:24.0714 2540 aic78xx - ok 16:14:24.0777 2540 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 16:14:24.0839 2540 ALG - ok 16:14:24.0870 2540 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys 16:14:24.0933 2540 aliide - ok 16:14:25.0042 2540 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys 16:14:25.0089 2540 amdagp - ok 16:14:25.0104 2540 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys 16:14:25.0120 2540 amdide - ok 16:14:25.0198 2540 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 16:14:25.0213 2540 AmdK7 - ok 16:14:25.0245 2540 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 16:14:25.0245 2540 AmdK8 - ok 16:14:25.0338 2540 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 16:14:25.0369 2540 Appinfo - ok 16:14:25.0806 2540 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 16:14:25.0837 2540 Apple Mobile Device - ok 16:14:25.0900 2540 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys 16:14:25.0931 2540 arc - ok 16:14:25.0962 2540 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys 16:14:25.0962 2540 arcsas - ok 16:14:26.0025 2540 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 16:14:26.0040 2540 AsyncMac - ok 16:14:26.0087 2540 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys 16:14:26.0103 2540 atapi - ok 16:14:26.0321 2540 [ 2846F5EE802889D500FCF5CC48B28381 ] athr C:\Windows\system32\DRIVERS\athr.sys 16:14:26.0555 2540 athr - ok 16:14:26.0961 2540 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 16:14:27.0335 2540 AudioEndpointBuilder - ok 16:14:27.0787 2540 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll 16:14:27.0787 2540 Audiosrv - ok 16:14:28.0770 2540 [ 7C813EB232C7AEFA627A12A104DDA221 ] Automatic LiveUpdate Scheduler c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe 16:14:29.0207 2540 Automatic LiveUpdate Scheduler - ok 16:14:29.0940 2540 [ FD49555C8235ABE2C6F22AF62EDB694E ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 16:14:30.0377 2540 b57nd60x - ok 16:14:31.0719 2540 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe 16:14:31.0968 2540 BcmSqlStartupSvc - ok 16:14:32.0062 2540 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 16:14:32.0093 2540 Beep - ok 16:14:32.0265 2540 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll 16:14:32.0358 2540 BFE - ok 16:14:32.0499 2540 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll 16:14:32.0577 2540 BITS - ok 16:14:32.0623 2540 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 16:14:32.0639 2540 blbdrive - ok 16:14:32.0717 2540 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys 16:14:32.0779 2540 bowser - ok 16:14:32.0889 2540 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 16:14:32.0904 2540 BrFiltLo - ok 16:14:33.0013 2540 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 16:15:27.0426 2540 BrFiltUp - ok 16:15:27.0582 2540 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 16:15:27.0629 2540 Browser - ok 16:15:27.0723 2540 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 16:15:27.0832 2540 Brserid - ok 16:15:27.0925 2540 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 16:15:27.0972 2540 BrSerWdm - ok 16:15:28.0222 2540 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 16:15:28.0269 2540 BrUsbMdm - ok 16:15:28.0331 2540 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 16:15:28.0518 2540 BrUsbSer - ok 16:15:28.0799 2540 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 16:15:28.0846 2540 BTHMODEM - ok 16:15:30.0063 2540 catchme - ok 16:15:30.0172 2540 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 16:15:30.0234 2540 cdfs - ok 16:15:30.0421 2540 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 16:15:30.0562 2540 cdrom - ok 16:15:30.0780 2540 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll 16:15:30.0827 2540 CertPropSvc - ok 16:15:30.0936 2540 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys 16:15:31.0014 2540 circlass - ok 16:15:31.0248 2540 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys 16:15:31.0451 2540 CLFS - ok 16:15:32.0590 2540 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 16:15:33.0619 2540 clr_optimization_v2.0.50727_32 - ok 16:15:34.0711 2540 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 16:15:35.0211 2540 clr_optimization_v4.0.30319_32 - ok 16:15:35.0242 2540 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 16:15:35.0554 2540 CmBatt - ok 16:15:35.0616 2540 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys 16:15:35.0757 2540 cmdide - ok 16:15:36.0022 2540 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 16:15:36.0178 2540 Compbatt - ok 16:15:36.0287 2540 COMSysApp - ok 16:15:36.0459 2540 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 16:15:36.0568 2540 crcdisk - ok 16:15:36.0661 2540 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys 16:15:36.0708 2540 Crusoe - ok 16:15:36.0942 2540 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll 16:15:37.0005 2540 CryptSvc - ok 16:15:37.0363 2540 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll 16:15:37.0675 2540 DcomLaunch - ok 16:15:38.0112 2540 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys 16:15:38.0221 2540 DfsC - ok 16:15:39.0329 2540 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe 16:15:40.0795 2540 DFSR - ok 16:15:41.0279 2540 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll 16:15:41.0419 2540 Dhcp - ok 16:15:41.0591 2540 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys 16:15:41.0622 2540 disk - ok 16:15:41.0887 2540 [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys 16:15:41.0919 2540 DKbFltr - ok 16:15:42.0090 2540 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll 16:15:42.0246 2540 Dnscache - ok 16:15:42.0340 2540 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll 16:15:42.0449 2540 dot3svc - ok 16:15:42.0605 2540 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 16:15:42.0683 2540 DPS - ok 16:15:42.0855 2540 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 16:15:42.0933 2540 drmkaud - ok 16:15:43.0213 2540 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 16:15:43.0385 2540 DXGKrnl - ok 16:15:43.0525 2540 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 16:15:43.0619 2540 E1G60 - ok 16:15:43.0822 2540 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 16:15:43.0853 2540 EapHost - ok 16:15:44.0103 2540 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys 16:15:44.0227 2540 Ecache - ok 16:15:45.0241 2540 [ 668DCA122FFC7F10BECA6055E15FFABD ] eDataSecurity Service C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe 16:15:45.0335 2540 eDataSecurity Service - ok 16:15:45.0756 2540 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 16:15:45.0850 2540 ehRecvr - ok 16:15:45.0959 2540 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe 16:15:46.0021 2540 ehSched - ok 16:15:46.0146 2540 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll 16:15:46.0193 2540 ehstart - ok 16:15:46.0411 2540 [ E28516FED46251119ADDAF4CF33BA401 ] eLockService C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe 16:15:48.0907 2540 eLockService - ok 16:15:49.0063 2540 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys 16:15:49.0126 2540 elxstor - ok 16:15:49.0235 2540 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll 16:15:49.0360 2540 EMDMgmt - ok 16:15:49.0516 2540 [ 44E8E86CEEB0D9F0F934B5EDC21E0444 ] eNet Service C:\Acer\Empowering Technology\eNet\eNet Service.exe 16:15:52.0792 2540 eNet Service - ok 16:15:53.0088 2540 [ 59FCCAF915BA89DD98CADF08DA91AFEE ] eRecoveryService C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe 16:15:53.0759 2540 eRecoveryService - ok 16:15:53.0837 2540 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys 16:15:53.0915 2540 ErrDev - ok 16:15:54.0211 2540 [ A9745687A57CDD71237915859ABA8DAC ] eSettingsService C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe 16:15:54.0399 2540 eSettingsService - ok 16:15:54.0633 2540 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll 16:15:54.0742 2540 EventSystem - ok 16:15:54.0898 2540 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys 16:15:55.0007 2540 exfat - ok 16:15:55.0163 2540 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys 16:15:55.0272 2540 fastfat - ok 16:15:55.0444 2540 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 16:15:55.0506 2540 fdc - ok 16:15:55.0647 2540 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 16:15:55.0678 2540 fdPHost - ok 16:15:55.0771 2540 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 16:15:55.0787 2540 FDResPub - ok 16:15:55.0818 2540 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 16:15:55.0834 2540 FileInfo - ok 16:15:55.0865 2540 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 16:15:55.0896 2540 Filetrace - ok 16:15:55.0959 2540 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 16:15:56.0021 2540 flpydisk - ok 16:15:56.0193 2540 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 16:15:56.0395 2540 FltMgr - ok 16:15:56.0676 2540 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll 16:15:56.0863 2540 FontCache - ok 16:15:57.0051 2540 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 16:15:57.0253 2540 FontCache3.0.0.0 - ok 16:15:57.0394 2540 [ B74B0578FD1D3F897E95F2A2B69EA051 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 16:15:57.0519 2540 fssfltr - ok 16:15:57.0987 2540 [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe 16:15:58.0392 2540 fsssvc - ok 16:15:58.0455 2540 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 16:15:58.0533 2540 Fs_Rec - ok 16:15:58.0626 2540 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 16:15:58.0767 2540 gagp30kx - ok 16:15:58.0860 2540 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 16:15:58.0938 2540 GEARAspiWDM - ok 16:15:59.0344 2540 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll 16:15:59.0765 2540 gpsvc - ok 16:16:00.0327 2540 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c988f4c1438e7a C:\Program Files\Google\Update\GoogleUpdate.exe 16:16:00.0545 2540 gupdate1c988f4c1438e7a - ok 16:16:00.0685 2540 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 16:16:00.0685 2540 gupdatem - ok 16:16:01.0138 2540 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 16:16:01.0403 2540 gusvc - ok 16:16:01.0684 2540 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 16:16:01.0855 2540 HdAudAddService - ok 16:16:02.0043 2540 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 16:16:02.0058 2540 HDAudBus - ok 16:16:02.0089 2540 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 16:16:02.0136 2540 HidBth - ok 16:16:02.0183 2540 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys 16:16:02.0199 2540 HidIr - ok 16:16:02.0245 2540 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll 16:16:02.0261 2540 hidserv - ok 16:16:02.0308 2540 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 16:16:02.0323 2540 HidUsb - ok 16:16:02.0386 2540 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 16:16:02.0417 2540 hkmsvc - ok 16:16:02.0464 2540 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 16:16:02.0495 2540 HpCISSs - ok 16:16:02.0604 2540 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS 16:16:02.0745 2540 HSFHWAZL - ok 16:16:02.0885 2540 [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys 16:16:03.0057 2540 HSF_DPV - ok 16:16:03.0259 2540 [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys 16:16:03.0291 2540 HSXHWAZL - ok 16:16:03.0400 2540 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys 16:16:03.0431 2540 HTTP - ok 16:16:03.0509 2540 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys 16:16:03.0509 2540 i2omp - ok 16:16:03.0634 2540 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 16:16:03.0665 2540 i8042prt - ok 16:16:03.0712 2540 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 16:16:03.0727 2540 iaStorV - ok 16:16:03.0837 2540 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 16:16:03.0993 2540 idsvc - ok 16:16:04.0882 2540 [ 9378D57E2B96C0A185D844770AD49948 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys 16:16:05.0007 2540 igfx - ok 16:16:05.0038 2540 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 16:16:05.0053 2540 iirsp - ok 16:16:05.0147 2540 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll 16:16:05.0163 2540 IKEEXT - ok 16:16:05.0287 2540 [ C6E5276C00EBDEB096BB5EF4B797D1B6 ] int15 C:\Windows\system32\drivers\int15.sys 16:16:05.0381 2540 int15 - ok 16:16:05.0553 2540 [ B795745F7E51AA20D46753EC5A811ACA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 16:16:05.0833 2540 IntcAzAudAddService - ok 16:16:05.0865 2540 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys 16:16:05.0880 2540 intelide - ok 16:16:05.0911 2540 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 16:16:05.0911 2540 intelppm - ok 16:16:05.0943 2540 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 16:16:05.0958 2540 IPBusEnum - ok 16:16:06.0005 2540 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 16:16:06.0021 2540 IpFilterDriver - ok 16:16:06.0099 2540 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 16:16:06.0161 2540 iphlpsvc - ok 16:16:06.0161 2540 IpInIp - ok 16:16:06.0208 2540 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 16:16:06.0223 2540 IPMIDRV - ok 16:16:06.0239 2540 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 16:16:06.0255 2540 IPNAT - ok 16:16:06.0473 2540 [ CE004777B92DEA56FE14EC900D20BAA4 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 16:16:06.0535 2540 iPod Service - ok 16:16:06.0598 2540 [ E50A95179211B12946F7E035D60AF560 ] irda C:\Windows\system32\DRIVERS\irda.sys 16:16:06.0629 2540 irda - ok 16:16:06.0660 2540 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 16:16:06.0676 2540 IRENUM - ok 16:16:06.0894 2540 [ CBB0D940221A281BCFEAEA695BD1CDA5 ] Irmon C:\Windows\System32\irmon.dll 16:16:06.0941 2540 Irmon - ok 16:16:06.0988 2540 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys 16:16:07.0003 2540 isapnp - ok 16:16:07.0144 2540 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 16:16:07.0237 2540 iScsiPrt - ok 16:16:07.0362 2540 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 16:16:07.0409 2540 iteatapi - ok 16:16:07.0456 2540 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 16:16:07.0471 2540 iteraid - ok 16:16:07.0534 2540 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 16:16:07.0549 2540 kbdclass - ok 16:16:07.0596 2540 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 16:16:07.0612 2540 kbdhid - ok 16:16:07.0705 2540 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe 16:16:07.0721 2540 KeyIso - ok 16:16:07.0877 2540 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 16:16:07.0955 2540 KSecDD - ok 16:16:08.0049 2540 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 16:16:08.0189 2540 KtmRm - ok 16:16:08.0251 2540 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll 16:16:08.0283 2540 LanmanServer - ok 16:16:08.0423 2540 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 16:16:08.0532 2540 LanmanWorkstation - ok 16:16:08.0844 2540 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe 16:16:09.0016 2540 LightScribeService - ok 16:16:09.0250 2540 [ 63ED50A6ED61829C2DEF5B733D258A05 ] LiveUpdate c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE 16:16:09.0468 2540 LiveUpdate - ok 16:16:09.0515 2540 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 16:16:09.0515 2540 lltdio - ok 16:16:09.0562 2540 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 16:16:09.0562 2540 lltdsvc - ok 16:16:09.0593 2540 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 16:16:09.0593 2540 lmhosts - ok 16:16:09.0640 2540 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 16:16:09.0655 2540 LSI_FC - ok 16:16:09.0687 2540 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 16:16:09.0702 2540 LSI_SAS - ok 16:16:09.0733 2540 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 16:16:09.0765 2540 LSI_SCSI - ok 16:16:09.0811 2540 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 16:16:09.0827 2540 luafv - ok 16:16:09.0858 2540 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 16:16:09.0858 2540 Mcx2Svc - ok 16:16:09.0889 2540 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys 16:16:09.0905 2540 mdmxsdk - ok 16:16:09.0967 2540 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys 16:16:09.0967 2540 megasas - ok 16:16:10.0014 2540 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys 16:16:10.0045 2540 MegaSR - ok 16:16:10.0092 2540 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 16:16:10.0092 2540 MMCSS - ok 16:16:10.0155 2540 MobilityService - ok 16:16:10.0217 2540 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 16:16:10.0233 2540 Modem - ok 16:16:10.0264 2540 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 16:16:10.0264 2540 monitor - ok 16:16:10.0326 2540 [ 201BFC4EF8B33D02D133FBF6535E515B ] motccgp C:\Windows\system32\DRIVERS\motccgp.sys 16:16:10.0342 2540 motccgp - ok 16:16:10.0420 2540 [ D0242A3832EB7C97801BB25889561E23 ] motccgpfl C:\Windows\system32\DRIVERS\motccgpfl.sys 16:16:10.0467 2540 motccgpfl - ok 16:16:10.0560 2540 [ FE80C18BA448DDD76B7BEAD9EB203D37 ] motmodem C:\Windows\system32\DRIVERS\motmodem.sys 16:16:10.0591 2540 motmodem - ok 16:16:10.0716 2540 [ FE80C18BA448DDD76B7BEAD9EB203D37 ] motport C:\Windows\system32\DRIVERS\motport.sys 16:16:10.0732 2540 motport - ok 16:16:10.0825 2540 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 16:16:10.0841 2540 mouclass - ok 16:16:10.0903 2540 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 16:16:10.0919 2540 mouhid - ok 16:16:10.0966 2540 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 16:16:10.0981 2540 MountMgr - ok 16:16:11.0293 2540 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 16:16:11.0340 2540 MozillaMaintenance - ok 16:16:11.0403 2540 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 16:16:11.0418 2540 MpFilter - ok 16:16:11.0465 2540 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys 16:16:11.0465 2540 mpio - ok 16:16:11.0964 2540 MpKsl6ed833b0 - ok 16:16:12.0073 2540 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 16:16:12.0120 2540 mpsdrv - ok 16:16:12.0276 2540 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll 16:16:12.0307 2540 MpsSvc - ok 16:16:12.0339 2540 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 16:16:12.0339 2540 Mraid35x - ok 16:16:12.0385 2540 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 16:16:12.0385 2540 MRxDAV - ok 16:16:12.0432 2540 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 16:16:12.0432 2540 mrxsmb - ok 16:16:12.0448 2540 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 16:16:12.0448 2540 mrxsmb10 - ok 16:16:12.0479 2540 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 16:16:12.0479 2540 mrxsmb20 - ok 16:16:12.0495 2540 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys 16:16:12.0495 2540 msahci - ok 16:16:12.0541 2540 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys 16:16:12.0541 2540 msdsm - ok 16:16:12.0557 2540 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 16:16:12.0573 2540 MSDTC - ok 16:16:12.0588 2540 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 16:16:12.0588 2540 Msfs - ok 16:16:12.0666 2540 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 16:16:12.0666 2540 msisadrv - ok 16:16:12.0729 2540 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 16:16:12.0744 2540 MSiSCSI - ok 16:16:12.0744 2540 msiserver - ok 16:16:12.0791 2540 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 16:16:12.0791 2540 MSKSSRV - ok 16:16:12.0869 2540 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe 16:16:12.0869 2540 MsMpSvc - ok 16:16:12.0885 2540 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 16:16:12.0885 2540 MSPCLOCK - ok 16:16:12.0916 2540 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 16:16:12.0916 2540 MSPQM - ok 16:16:12.0963 2540 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 16:16:12.0978 2540 MsRPC - ok 16:16:13.0009 2540 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 16:16:13.0025 2540 mssmbios - ok 16:16:13.0119 2540 MSSQL$MSSMLBIZ - ok 16:16:13.0228 2540 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe 16:16:13.0243 2540 MSSQLServerADHelper - ok 16:16:13.0306 2540 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 16:16:13.0306 2540 MSTEE - ok 16:16:13.0368 2540 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys 16:16:13.0368 2540 Mup - ok 16:16:13.0415 2540 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll 16:16:13.0431 2540 napagent - ok 16:16:13.0493 2540 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 16:16:13.0509 2540 NativeWifiP - ok 16:16:13.0743 2540 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys 16:16:14.0070 2540 NDIS - ok 16:16:14.0164 2540 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 16:16:14.0164 2540 NdisTapi - ok 16:16:14.0211 2540 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 16:16:14.0211 2540 Ndisuio - ok 16:16:14.0273 2540 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 16:16:14.0273 2540 NdisWan - ok 16:16:14.0289 2540 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 16:16:14.0289 2540 NDProxy - ok 16:16:14.0320 2540 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 16:16:14.0335 2540 NetBIOS - ok 16:16:14.0382 2540 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 16:16:14.0398 2540 netbt - ok 16:16:14.0429 2540 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe 16:16:14.0445 2540 Netlogon - ok 16:16:14.0491 2540 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 16:16:14.0507 2540 Netman - ok 16:16:14.0523 2540 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 16:16:14.0538 2540 netprofm - ok 16:16:14.0601 2540 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 16:16:14.0616 2540 NetTcpPortSharing - ok 16:16:15.0849 2540 [ 35D5458D9A1B26B2005ABFFBF4C1C5E7 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys 16:16:17.0112 2540 NETw3v32 - ok 16:16:17.0175 2540 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 16:16:17.0206 2540 nfrd960 - ok 16:16:17.0284 2540 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 16:16:17.0315 2540 NisDrv - ok 16:16:17.0518 2540 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe 16:16:17.0611 2540 NisSrv - ok 16:16:17.0814 2540 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 16:16:17.0877 2540 NlaSvc - ok 16:16:17.0939 2540 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys 16:16:17.0955 2540 Npfs - ok 16:16:18.0017 2540 [ 6D8D2E5652FC2442C810C5D8BE784148 ] NSCIRDA C:\Windows\system32\DRIVERS\nscirda.sys 16:16:18.0033 2540 NSCIRDA - ok 16:16:18.0064 2540 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 16:16:18.0079 2540 nsi - ok 16:16:18.0126 2540 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 16:16:18.0189 2540 nsiproxy - ok 16:16:18.0501 2540 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 16:16:18.0688 2540 Ntfs - ok 16:16:18.0766 2540 [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys 16:16:19.0187 2540 NTIDrvr - ok 16:16:19.0234 2540 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 16:16:19.0249 2540 ntrigdigi - ok 16:16:19.0421 2540 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 16:16:19.0483 2540 Null - ok 16:16:19.0546 2540 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys 16:16:19.0593 2540 nvraid - ok 16:16:19.0624 2540 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys 16:16:19.0639 2540 nvstor - ok 16:16:19.0702 2540 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 16:16:19.0764 2540 nv_agp - ok 16:16:19.0764 2540 NwlnkFlt - ok 16:16:19.0780 2540 NwlnkFwd - ok 16:16:19.0998 2540 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 16:16:20.0123 2540 odserv - ok 16:16:20.0185 2540 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 16:16:20.0217 2540 ohci1394 - ok 16:16:20.0310 2540 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 16:16:20.0373 2540 ose - ok 16:16:20.0529 2540 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll 16:16:20.0607 2540 p2pimsvc - ok 16:16:20.0700 2540 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll 16:16:20.0700 2540 p2psvc - ok 16:16:20.0763 2540 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 16:16:20.0778 2540 Parport - ok 16:16:20.0825 2540 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys 16:16:20.0825 2540 partmgr - ok 16:16:20.0841 2540 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 16:16:20.0841 2540 Parvdm - ok 16:16:20.0872 2540 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 16:16:20.0887 2540 PcaSvc - ok 16:16:20.0919 2540 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys 16:16:20.0934 2540 pci - ok 16:16:20.0950 2540 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys 16:16:20.0950 2540 pciide - ok 16:16:21.0012 2540 [ 3BB2244F343B610C29C98035504C9B75 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 16:16:21.0012 2540 pcmcia - ok 16:16:21.0262 2540 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 16:16:21.0324 2540 PEAUTH - ok 16:16:21.0574 2540 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 16:16:21.0605 2540 pla - ok 16:16:21.0667 2540 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll 16:16:21.0855 2540 PlugPlay - ok 16:16:21.0979 2540 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 16:16:21.0995 2540 PNRPAutoReg - ok 16:16:22.0011 2540 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll 16:16:22.0026 2540 PNRPsvc - ok 16:16:22.0073 2540 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 16:16:22.0104 2540 PolicyAgent - ok 16:16:22.0151 2540 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 16:16:22.0151 2540 PptpMiniport - ok 16:16:22.0213 2540 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys 16:16:22.0245 2540 Processor - ok 16:16:22.0354 2540 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll 16:16:22.0369 2540 ProfSvc - ok 16:16:22.0416 2540 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe 16:16:22.0416 2540 ProtectedStorage - ok 16:16:22.0463 2540 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys 16:16:22.0525 2540 PSched - ok 16:16:22.0572 2540 [ 18DE162F9B83079C24CD96F59292F5ED ] PSDFilter C:\Windows\system32\DRIVERS\psdfilter.sys 16:16:22.0572 2540 PSDFilter - ok 16:16:22.0650 2540 [ BC1457A28E76AB3106D43802AC22A627 ] PSDNServ C:\Windows\system32\DRIVERS\PSDNServ.sys 16:16:22.0681 2540 PSDNServ - ok 16:16:22.0713 2540 [ AC151E5B0943304E368C98EC78B5FC4F ] psdvdisk C:\Windows\system32\DRIVERS\PSDVdisk.sys 16:16:22.0713 2540 psdvdisk - ok 16:16:22.0775 2540 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys 16:16:22.0791 2540 PxHelp20 - ok 16:16:22.0869 2540 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 16:16:22.0931 2540 ql2300 - ok 16:16:22.0962 2540 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 16:16:22.0962 2540 ql40xx - ok 16:16:23.0009 2540 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll 16:16:23.0009 2540 QWAVE - ok 16:16:23.0056 2540 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 16:16:23.0056 2540 QWAVEdrv - ok 16:16:23.0087 2540 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 16:16:23.0103 2540 RasAcd - ok 16:16:23.0118 2540 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 16:16:23.0134 2540 RasAuto - ok 16:16:23.0149 2540 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 16:16:23.0149 2540 Rasl2tp - ok 16:16:23.0181 2540 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll 16:16:23.0212 2540 RasMan - ok 16:16:23.0259 2540 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 16:16:23.0290 2540 RasPppoe - ok 16:16:23.0337 2540 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 16:16:23.0368 2540 RasSstp - ok 16:16:23.0415 2540 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 16:16:23.0415 2540 rdbss - ok 16:16:23.0446 2540 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 16:16:23.0461 2540 RDPCDD - ok 16:16:23.0493 2540 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 16:16:23.0493 2540 rdpdr - ok 16:16:23.0524 2540 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 16:16:23.0524 2540 RDPENCDD - ok 16:16:23.0571 2540 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 16:16:23.0586 2540 RDPWD - ok 16:16:23.0617 2540 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 16:16:23.0617 2540 RemoteAccess - ok 16:16:23.0680 2540 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll 16:16:23.0711 2540 RemoteRegistry - ok 16:16:23.0742 2540 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 16:16:23.0758 2540 RpcLocator - ok 16:16:24.0210 2540 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll 16:16:24.0210 2540 RpcSs - ok 16:16:24.0241 2540 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 16:16:24.0257 2540 rspndr - ok 16:16:24.0273 2540 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe 16:16:24.0273 2540 SamSs - ok 16:16:24.0288 2540 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 16:16:24.0304 2540 sbp2port - ok 16:16:24.0366 2540 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll 16:16:24.0382 2540 SCardSvr - ok 16:16:24.0522 2540 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll 16:16:24.0585 2540 Schedule - ok 16:16:24.0631 2540 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll 16:16:24.0631 2540 SCPolicySvc - ok 16:16:24.0694 2540 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys 16:16:24.0694 2540 sdbus - ok 16:16:24.0725 2540 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 16:16:24.0756 2540 SDRSVC - ok 16:16:24.0975 2540 [ 16A252022535B680046F6E34E136D378 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 16:16:25.0084 2540 SeaPort - ok 16:16:25.0115 2540 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 16:16:25.0131 2540 secdrv - ok 16:16:25.0177 2540 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 16:16:25.0193 2540 seclogon - ok 16:16:25.0271 2540 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll 16:16:25.0287 2540 SENS - ok 16:16:25.0349 2540 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys 16:16:25.0380 2540 Serenum - ok 16:16:25.0427 2540 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys 16:16:25.0458 2540 Serial - ok 16:16:25.0552 2540 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 16:16:25.0567 2540 sermouse - ok 16:16:25.0614 2540 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll 16:16:25.0692 2540 SessionEnv - ok 16:16:25.0723 2540 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 16:16:25.0739 2540 sffdisk - ok 16:16:25.0755 2540 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 16:16:25.0770 2540 sffp_mmc - ok 16:16:25.0801 2540 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 16:16:25.0801 2540 sffp_sd - ok 16:16:25.0833 2540 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 16:16:25.0879 2540 sfloppy - ok 16:16:25.0957 2540 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll 16:16:26.0004 2540 SharedAccess - ok 16:16:26.0067 2540 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 16:16:26.0113 2540 ShellHWDetection - ok 16:16:26.0160 2540 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys 16:16:26.0176 2540 sisagp - ok 16:16:26.0207 2540 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 16:16:26.0269 2540 SiSRaid2 - ok 16:16:26.0316 2540 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 16:16:26.0347 2540 SiSRaid4 - ok 16:16:27.0237 2540 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe 16:16:28.0765 2540 slsvc - ok 16:16:28.0812 2540 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll 16:16:28.0828 2540 SLUINotify - ok 16:16:28.0906 2540 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys 16:16:28.0999 2540 Smb - ok 16:16:29.0077 2540 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 16:16:29.0093 2540 SNMPTRAP - ok 16:16:29.0155 2540 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 16:16:29.0171 2540 spldr - ok 16:16:29.0265 2540 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe 16:16:29.0311 2540 Spooler - ok 16:16:29.0374 2540 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe 16:16:29.0421 2540 SQLBrowser - ok 16:16:29.0499 2540 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 16:16:29.0514 2540 SQLWriter - ok 16:16:29.0608 2540 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys 16:16:29.0951 2540 srv - ok 16:16:30.0045 2540 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 16:16:30.0138 2540 srv2 - ok 16:16:30.0154 2540 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 16:16:30.0294 2540 srvnet - ok 16:16:30.0435 2540 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 16:16:30.0528 2540 SSDPSRV - ok 16:16:30.0669 2540 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 16:16:30.0747 2540 SstpSvc - ok 16:16:30.0934 2540 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll 16:16:31.0027 2540 stisvc - ok 16:16:31.0105 2540 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 16:16:31.0121 2540 swenum - ok 16:16:31.0230 2540 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll 16:16:31.0308 2540 swprv - ok 16:16:31.0355 2540 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 16:16:31.0371 2540 Symc8xx - ok 16:16:31.0386 2540 SymIMMP - ok 16:16:31.0433 2540 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 16:16:31.0433 2540 Sym_hi - ok 16:16:31.0480 2540 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 16:16:31.0558 2540 Sym_u3 - ok 16:16:31.0792 2540 [ C5F25D490D0915732508FD421BF76D93 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 16:16:31.0901 2540 SynTP - ok 16:16:32.0213 2540 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll 16:16:32.0400 2540 SysMain - ok 16:16:32.0478 2540 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 16:16:32.0541 2540 TabletInputService - ok 16:16:32.0650 2540 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll 16:16:32.0665 2540 TapiSrv - ok 16:16:32.0712 2540 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 16:16:32.0743 2540 TBS - ok 16:16:32.0868 2540 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip C:\Windows\system32\drivers\tcpip.sys 16:16:33.0009 2540 Tcpip - ok 16:16:33.0133 2540 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 16:16:33.0133 2540 Tcpip6 - ok 16:16:33.0258 2540 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 16:16:33.0336 2540 tcpipreg - ok 16:16:33.0430 2540 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 16:16:33.0523 2540 TDPIPE - ok 16:16:33.0570 2540 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 16:16:33.0586 2540 TDTCP - ok 16:16:33.0664 2540 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 16:16:33.0695 2540 tdx - ok 16:16:33.0773 2540 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 16:16:33.0804 2540 TermDD - ok 16:16:34.0023 2540 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll 16:16:34.0179 2540 TermService - ok 16:16:34.0288 2540 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll 16:16:34.0288 2540 Themes - ok 16:16:34.0319 2540 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 16:16:34.0319 2540 THREADORDER - ok 16:16:34.0397 2540 [ 78213F01CE781F93180BEF5EB5B3AD81 ] tifm21 C:\Windows\system32\drivers\tifm21.sys 16:16:34.0506 2540 tifm21 - ok 16:16:34.0631 2540 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 16:16:34.0662 2540 TrkWks - ok 16:16:34.0834 2540 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 16:16:34.0927 2540 TrustedInstaller - ok 16:16:35.0021 2540 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 16:16:35.0037 2540 tssecsrv - ok 16:16:35.0146 2540 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 16:16:35.0161 2540 tunmp - ok 16:16:35.0317 2540 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 16:16:35.0349 2540 tunnel - ok 16:16:35.0427 2540 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys 16:16:35.0692 2540 uagp35 - ok 16:16:35.0785 2540 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 16:16:35.0910 2540 udfs - ok 16:16:36.0113 2540 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 16:16:36.0253 2540 UI0Detect - ok 16:16:36.0316 2540 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 16:16:36.0347 2540 uliagpkx - ok 16:16:36.0503 2540 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys 16:16:36.0706 2540 uliahci - ok 16:16:36.0737 2540 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 16:16:36.0846 2540 UlSata - ok 16:16:36.0940 2540 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 16:16:37.0080 2540 ulsata2 - ok 16:16:37.0143 2540 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 16:16:37.0189 2540 umbus - ok 16:16:37.0377 2540 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll 16:16:37.0642 2540 upnphost - ok 16:16:37.0735 2540 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys 16:16:37.0813 2540 USBAAPL - ok 16:16:37.0938 2540 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 16:16:38.0001 2540 usbaudio - ok 16:16:38.0188 2540 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 16:16:38.0266 2540 usbccgp - ok 16:16:38.0313 2540 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 16:16:38.0406 2540 usbcir - ok 16:16:38.0484 2540 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 16:16:38.0547 2540 usbehci - ok 16:16:38.0640 2540 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 16:16:38.0718 2540 usbhub - ok 16:16:38.0734 2540 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys 16:16:38.0765 2540 usbohci - ok 16:16:38.0827 2540 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 16:16:38.0905 2540 usbprint - ok 16:16:39.0093 2540 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 16:16:39.0124 2540 usbscan - ok 16:16:39.0233 2540 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 16:16:39.0249 2540 USBSTOR - ok 16:16:39.0295 2540 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 16:16:39.0311 2540 usbuhci - ok 16:16:39.0373 2540 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 16:16:39.0420 2540 usbvideo - ok 16:16:39.0467 2540 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll 16:16:39.0529 2540 UxSms - ok 16:16:39.0654 2540 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe 16:16:39.0717 2540 vds - ok 16:16:39.0982 2540 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 16:16:40.0013 2540 vga - ok 16:16:40.0060 2540 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 16:16:40.0091 2540 VgaSave - ok 16:16:40.0122 2540 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys 16:16:40.0138 2540 viaagp - ok 16:16:40.0169 2540 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys 16:16:40.0185 2540 ViaC7 - ok 16:16:40.0231 2540 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys 16:16:40.0325 2540 viaide - ok 16:16:40.0356 2540 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 16:16:40.0403 2540 volmgr - ok 16:16:40.0543 2540 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 16:16:40.0559 2540 volmgrx - ok 16:16:40.0621 2540 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys 16:16:40.0715 2540 volsnap - ok 16:16:40.0809 2540 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 16:16:40.0824 2540 vsmraid - ok 16:16:41.0199 2540 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe 16:16:41.0511 2540 VSS - ok 16:16:41.0698 2540 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll 16:16:41.0869 2540 W32Time - ok 16:16:41.0932 2540 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 16:16:42.0057 2540 WacomPen - ok 16:16:42.0088 2540 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 16:16:42.0166 2540 Wanarp - ok 16:16:42.0181 2540 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 16:16:42.0181 2540 Wanarpv6 - ok 16:16:42.0384 2540 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll 16:16:42.0681 2540 wcncsvc - ok 16:16:42.0930 2540 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 16:16:43.0008 2540 WcsPlugInService - ok 16:16:43.0086 2540 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys 16:16:43.0133 2540 Wd - ok 16:16:43.0367 2540 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 16:16:43.0585 2540 Wdf01000 - ok 16:16:43.0944 2540 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 16:16:44.0069 2540 WdiServiceHost - ok 16:16:44.0100 2540 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 16:16:44.0116 2540 WdiSystemHost - ok 16:16:44.0272 2540 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll 16:16:44.0412 2540 WebClient - ok 16:16:44.0490 2540 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll 16:16:44.0631 2540 Wecsvc - ok 16:16:44.0677 2540 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 16:16:44.0693 2540 wercplsupport - ok 16:16:44.0740 2540 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll 16:16:44.0740 2540 WerSvc - ok 16:16:44.0833 2540 [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys 16:16:44.0849 2540 winachsf - ok 16:16:44.0911 2540 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 16:16:44.0911 2540 WinDefend - ok 16:16:44.0927 2540 WinHttpAutoProxySvc - ok 16:16:45.0208 2540 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 16:16:45.0239 2540 Winmgmt - ok 16:16:45.0333 2540 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll 16:16:45.0411 2540 WinRM - ok 16:16:45.0582 2540 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll 16:16:45.0738 2540 Wlansvc - ok 16:16:45.0816 2540 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 16:16:45.0816 2540 WmiAcpi - ok 16:16:45.0863 2540 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 16:16:45.0879 2540 wmiApSrv - ok 16:16:46.0081 2540 [ C8F8AAC50B5B0BF821AB7D7126056B30 ] WMIService C:\Acer\Empowering Technology\ePower\ePowerSvc.exe 16:16:46.0253 2540 WMIService - ok 16:16:46.0393 2540 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 16:16:46.0425 2540 WMPNetworkSvc - ok 16:16:46.0471 2540 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll 16:16:46.0487 2540 WPCSvc - ok 16:16:46.0534 2540 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 16:16:46.0534 2540 WPDBusEnum - ok 16:16:46.0939 2540 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 16:16:46.0986 2540 WPFFontCache_v0400 - ok 16:16:47.0033 2540 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 16:16:47.0033 2540 ws2ifsl - ok 16:16:47.0080 2540 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll 16:16:47.0080 2540 wscsvc - ok 16:16:47.0095 2540 WSearch - ok 16:16:47.0704 2540 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 16:16:48.0593 2540 wuauserv - ok 16:16:48.0718 2540 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 16:16:48.0733 2540 WUDFRd - ok 16:16:48.0780 2540 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll 16:16:48.0780 2540 wudfsvc - ok 16:16:48.0811 2540 [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys 16:16:48.0827 2540 XAudio - ok 16:16:48.0843 2540 [ 15A317674A08DF26BE65164D959E9203 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe 16:16:48.0858 2540 XAudioService - ok 16:16:48.0889 2540 ================ Scan global =============================== 16:16:48.0921 2540 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 16:16:49.0045 2540 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 16:16:49.0186 2540 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 16:16:49.0373 2540 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe 16:16:49.0529 2540 [Global] - ok 16:16:49.0529 2540 ================ Scan MBR ================================== 16:16:49.0560 2540 [ 6FC6F9186C07BCA94E140F63BFE6E9B4 ] \Device\Harddisk0\DR0 16:16:52.0649 2540 \Device\Harddisk0\DR0 - ok 16:16:52.0649 2540 ================ Scan VBR ================================== 16:16:52.0711 2540 [ FB95C996A2839268CACF09F575D8CCEE ] \Device\Harddisk0\DR0\Partition1 16:16:52.0711 2540 \Device\Harddisk0\DR0\Partition1 - ok 16:16:52.0743 2540 [ CC6A76751862957A4B8924BD592C8CA8 ] \Device\Harddisk0\DR0\Partition2 16:16:52.0789 2540 \Device\Harddisk0\DR0\Partition2 - ok 16:16:52.0789 2540 ============================================================ 16:16:52.0789 2540 Scan finished 16:16:52.0789 2540 ============================================================ 16:16:52.0805 3404 Detected object count: 0 16:16:52.0805 3404 Actual detected object count: 0 16:17:13.0787 2616 Deinitialize success aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2012-12-03 16:30:42 ----------------------------- 16:30:42.751 OS Version: Windows 6.0.6002 Service Pack 2 16:30:42.751 Number of processors: 2 586 0xF0D 16:30:42.751 ComputerName: SUSAN-PC UserName: Susan 16:30:46.573 Initialize success 16:31:10.285 AVAST engine defs: 12120300 16:31:18.069 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 16:31:18.069 Disk 0 Vendor: WDC_WD1200BEVS-22UST0 01.01A01 Size: 114473MB BusType: 3 16:31:18.085 Disk 0 MBR read successfully 16:31:18.085 Disk 0 MBR scan 16:31:18.272 Disk 0 unknown MBR code 16:31:18.303 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 10000 MB offset 2048 16:31:18.428 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 52238 MB offset 20482048 16:31:18.522 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 52233 MB offset 127465472 16:31:18.584 Disk 0 scanning sectors +234438656 16:31:18.771 Disk 0 scanning C:\Windows\system32\drivers 16:31:59.565 Service scanning 16:33:14.072 Modules scanning 16:34:16.690 Disk 0 trace - called modules: 16:34:16.737 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys 16:34:16.737 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84d142e0] 16:34:16.753 3 CLASSPNP.SYS[8699f8b3] -> nt!IofCallDriver -> [0x84b67a70] 16:34:16.753 5 acpi.sys[806976bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x84b69030] 16:34:17.704 AVAST engine scan C:\Windows 16:34:31.635 AVAST engine scan C:\Windows\system32 16:41:10.113 AVAST engine scan C:\Windows\system32\drivers 16:41:37.398 AVAST engine scan C:\Users\Susan 16:50:56.705 AVAST engine scan C:\ProgramData 16:54:16.993 Scan finished successfully 16:56:53.087 Disk 0 MBR has been saved successfully to "C:\Users\Susan\Desktop\tools\MBR.dat" 16:56:53.134 The log file has been saved successfully to "C:\Users\Susan\Desktop\tools\aswMBR.txt" Computer is at it's worst now; minutes just to open a folder; FF and IE keep hanging. Had to run MBR twice to get it ti scan; first time it said 'scan error.'
- December 3, 2012
- 33 replies
Computer Incredibly Slow

bmg replied to bmg's topic in Resolved Malware Removal Logs

Hi, Here is the log: ComboFix 12-12-02.01 - Susan 12/03/2012 8:11.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1014.304 [GMT -5:00] Running from: c:\users\Susan\Desktop\tools\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-11-03 to 2012-12-03 ))))))))))))))))))))))))))))))) . . 2012-12-03 13:23 . 2012-12-03 13:23 -------- d-----w- c:\users\Timmy\AppData\Local\temp 2012-12-03 13:23 . 2012-12-03 13:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-03 13:04 . 2012-12-03 13:04 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A92AD9D1-AB44-4074-A08D-1E4FF885A781}\MpKsl3bcc8d87.sys 2012-12-02 21:49 . 2012-12-02 21:49 -------- d-----w- c:\program files\MSN Toolbar 2012-12-02 21:49 . 2012-12-02 21:50 -------- d-----w- c:\program files\Bing Bar Installer 2012-12-02 21:49 . 2009-09-04 22:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2012-12-02 21:49 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll 2012-12-02 21:49 . 2009-09-04 22:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll 2012-12-02 21:47 . 2012-12-02 21:47 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\930b3ca71cdd0d62c\InstallManager_WLE_WLE.exe 2012-12-02 21:46 . 2012-12-02 21:46 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\732db4871cdd0d61f\MeshBetaRemover.exe 2012-12-02 21:45 . 2012-12-02 21:45 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\5114e2671cdd0d618\DSETUP.dll 2012-12-02 21:45 . 2012-12-02 21:45 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\5114e2671cdd0d618\DXSETUP.exe 2012-12-02 21:45 . 2012-12-02 21:45 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\5114e2671cdd0d618\dsetup32.dll 2012-12-02 21:45 . 2012-12-02 21:45 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\4dd15fc71cdd0d617\DXSETUP.exe 2012-12-02 21:45 . 2012-12-02 21:45 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\4dd15fc71cdd0d617\dsetup32.dll 2012-12-02 21:45 . 2012-12-02 21:45 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\4dd15fc71cdd0d617\DSETUP.dll 2012-12-02 21:40 . 2012-12-02 21:40 -------- d-----w- c:\users\Susan\AppData\Local\Windows Live 2012-12-02 21:38 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll 2012-12-02 20:29 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A92AD9D1-AB44-4074-A08D-1E4FF885A781}\mpengine.dll 2012-12-02 20:25 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll 2012-12-02 20:24 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll 2012-12-02 20:24 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-12-02 20:24 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-12-02 20:24 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-12-02 20:24 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-02 20:21 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-12-02 20:17 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-12-02 20:17 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-12-01 23:21 . 2012-12-01 23:21 -------- d-----w- c:\users\Susan\AppData\Local\Proxure 2012-12-01 23:21 . 2012-12-01 23:21 -------- d-----w- c:\programdata\ClubSanDisk 2012-11-30 21:15 . 2012-11-30 21:15 -------- d--h--w- c:\programdata\CanonIJScan 2012-11-30 21:15 . 2012-11-30 21:15 -------- d-----w- c:\users\Susan\AppData\Roaming\Canon 2012-11-30 13:17 . 2012-10-23 11:04 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D753958D-F814-4244-8F6F-C52B44F68A76}\gapaengine.dll 2012-11-30 13:10 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-25 14:20 . 2012-11-25 14:20 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll 2012-11-08 16:42 . 2012-11-08 16:42 -------- d-----w- c:\users\Susan\AppData\Roaming\Malwarebytes 2012-11-08 16:42 . 2012-11-08 16:42 -------- d-----w- c:\programdata\Malwarebytes 2012-11-08 16:42 . 2012-09-30 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-08 16:41 . 2012-11-08 16:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-09 00:27 . 2012-03-31 17:50 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-09 00:27 . 2012-03-31 17:50 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-25 14:20 . 2012-06-16 02:17 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-01-03 10:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-07 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher] 2007-11-19 22:17 1261568 ----a-w- c:\program files\Acer\Acer Assist\launcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration] 2007-11-26 18:21 3387392 ----a-w- c:\program files\Acer\Acer Registration\ACE1.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-02 15:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2005-09-09 05:18 57344 ----a-w- c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-01-04 03:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2012-02-23 15:38 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-02-21 01:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader] 2008-01-03 09:55 521776 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2008-02-12 01:13 166424 ----a-w- c:\windows\System32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2008-02-12 01:13 141848 ----a-w- c:\windows\System32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater] 2011-10-11 17:49 1179648 ----a-w- c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-03-06 23:05 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] 2007-10-11 20:06 62760 ------w- c:\program files\CyberLink\PowerDVD\Language\Language.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] 2008-01-07 23:51 858632 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments] 2012-02-23 16:30 59240 ----a-w- c:\program files\Common Files\Apple\Internet Services\ubd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2008-02-12 01:13 133656 ----a-w- c:\windows\System32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 18:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2008-01-22 22:23 81920 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2008-01-08 00:25 4853760 ----a-w- c:\windows\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel] 2007-11-21 02:15 1826816 ----a-w- c:\windows\SkyTel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-02-07 07:20 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart] 2007-09-07 19:35 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2009-06-20 22:34 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WPCUMI] 2006-11-02 12:35 176128 ----a-w- c:\windows\System32\wpcumi.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSL3BCC8D87 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2012-12-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 00:27] . 2011-12-10 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-07 18:34] . 2012-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 07:21] . 2012-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 07:21] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://en.us.acer.yahoo.com uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: c:\windows\system32\wpclsp.dll TCP: DhcpNameServer = 192.168.1.1 68.237.161.12 FF - ProfilePath - c:\users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\4m16uaxm.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . HKLM-Run-eRecoveryService - (no file) AddRemove-{2EEEC858-21F8-419B-8FE2-820621BFFCD7} - c:\program files\Runtime Software\GetDataBack\Uninstall.exe AddRemove-{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F} - c:\program files\Runtime Software\GetDataBack for NTFS\Uninstall.exe . . . ************************************************************************** scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(1868) c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll . Completion time: 2012-12-03 08:27:20 ComboFix-quarantined-files.txt 2012-12-03 13:27 . Pre-Run: 2,231,488,512 bytes free Post-Run: 2,814,287,872 bytes free . - - End Of File - - FE59BB4CBF24F026B988BFCECB28848D Computer still very sluggish; slightly better on some functions, but overall no real improvement.
- December 3, 2012
- 33 replies
Computer Incredibly Slow

bmg replied to bmg's topic in Resolved Malware Removal Logs

Thanks for answering; here are the logs: Results of screen317's Security Check version 0.99.56 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 Adobe Flash Player 11.4.402.287 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox 15.0.1 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Empowering Technology eSettings Service capuserv.exe Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 9 % Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log`````````````````````` # AdwCleaner v2.011 - Logfile created 12/02/2012 at 21:18:30 # Updated 02/12/2012 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (32 bits) # User : Susan - SUSAN-PC # Boot Mode : Normal # Running from : C:\Users\Susan\Desktop\tools\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Program Files\Free Offers from Freeze.com Folder Deleted : C:\ProgramData\WeCareReminder Folder Deleted : C:\Users\Susan\AppData\Local\APN Folder Deleted : C:\Users\Susan\AppData\LocalLow\FunWebProducts Folder Deleted : C:\Users\Susan\AppData\LocalLow\MyWebSearch Folder Deleted : C:\Users\Susan\AppData\LocalLow\Toolbar4 ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\Cr_Installer Key Deleted : HKCU\Software\Headlight Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP Key Deleted : HKCU\Software\wecarereminder Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\Software\Iminent Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16455 [OK] Registry is clean. -\\ Mozilla Firefox v15.0.1 (en-US) Profile name : default File : C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\4m16uaxm.default\prefs.js [OK] File is clean. -\\ Google Chrome v [unable to get version] File : C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [2449 octets] - [02/12/2012 21:18:30] ########## EOF - C:\AdwCleaner[s1].txt - [2509 octets] ########## RogueKiller V8.3.1 [Dec 2 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User : Susan [Admin rights] Mode : Remove -- Date : 12/02/2012 22:01:38 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD1200BEVS-22UST0 ATA Device +++++ --- User --- [MBR] f7ec1c56969e7ff5dfc1b1aaba115b99 [bSP] d0e1a921311b0af0f84048260540329c : Acer tatooed MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10000 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20482048 | Size: 52238 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 127465472 | Size: 52233 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[3]_D_12022012_02d2201.txt >> RKreport[1]_S_12022012_02d2156.txt ; RKreport[2]_D_12022012_02d2158.txt ; RKreport[3]_D_12022012_02d2201.txt
- December 3, 2012
- 33 replies
Computer Incredibly Slow

bmg posted a topic in Resolved Malware Removal Logs

After browsing the net last night, this morning my computer is locking up very badly. The MB scan took 8 minutes to start and was not able to complete. It took close to an hour before I had to shut it. Two more attempts were unsuccessful, but I did get it to complete in safe mode with no problems. Finally was able to scan in regular mode. (FF always 'not responding.') Here are the logs: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16455 Run by Susan at 17:41:57 on 2012-12-02 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1014.243 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\SLsvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe C:\Acer\Empowering Technology\eNet\eNet Service.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Acer\Mobility Center\MobilityService.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe C:\Acer\Empowering Technology\ePower\ePowerSvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchProtocolHost.exe c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://en.us.acer.yahoo.com mDefault_Page_URL = hxxp://en.us.acer.yahoo.com uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - <orphaned> BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - c:\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [eRecoveryService] <no file> uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} LSP: c:\windows\system32\wpclsp.dll DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.1.1 68.237.161.12 TCP: Interfaces\{AB3D3FC7-FD8D-462B-BE46-E28B4347A7CF} : DHCPNameServer = 192.168.1.1 68.237.161.12 Notify: igfxcui - igfxdev.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ================= FIREFOX =================== . FF - ProfilePath - c:\users\susan\appdata\roaming\mozilla\firefox\profiles\4m16uaxm.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\users\susan\appdata\local\yahoo!\browserplus\2.9.2\plugins\npybrowserplus_2.9.2.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2012-6-18 374648] S2 gupdate1c988f4c1438e7a;Google Update Service (gupdate1c988f4c1438e7a);c:\program files\google\update\GoogleUpdate.exe [2009-2-7 133104] S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-11-15 54632] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320] S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 99272] . =============== Created Last 30 ================ . 2012-12-02 21:49:41 -------- d-----w- c:\program files\MSN Toolbar 2012-12-02 21:49:17 -------- d-----w- c:\program files\Bing Bar Installer 2012-12-02 21:49:12 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2012-12-02 21:49:12 515416 ----a-w- c:\windows\system32\XAudio2_5.dll 2012-12-02 21:49:12 453456 ----a-w- c:\windows\system32\d3dx10_42.dll 2012-12-02 21:47:10 469256 ----a-w- c:\program files\common files\windows live\.cache\930b3ca71cdd0d62c\InstallManager_WLE_WLE.exe 2012-12-02 21:46:15 15712 ----a-w- c:\program files\common files\windows live\.cache\732db4871cdd0d61f\MeshBetaRemover.exe 2012-12-02 21:45:17 94040 ----a-w- c:\program files\common files\windows live\.cache\5114e2671cdd0d618\DSETUP.dll 2012-12-02 21:45:17 525656 ----a-w- c:\program files\common files\windows live\.cache\5114e2671cdd0d618\DXSETUP.exe 2012-12-02 21:45:17 1691480 ----a-w- c:\program files\common files\windows live\.cache\5114e2671cdd0d618\dsetup32.dll 2012-12-02 21:45:14 525656 ----a-w- c:\program files\common files\windows live\.cache\4dd15fc71cdd0d617\DXSETUP.exe 2012-12-02 21:45:14 1691480 ----a-w- c:\program files\common files\windows live\.cache\4dd15fc71cdd0d617\dsetup32.dll 2012-12-02 21:45:13 94040 ----a-w- c:\program files\common files\windows live\.cache\4dd15fc71cdd0d617\DSETUP.dll 2012-12-02 21:40:46 -------- d-----w- c:\users\susan\appdata\local\Windows Live 2012-12-02 21:38:43 754688 ----a-w- c:\windows\system32\webservices.dll 2012-12-02 20:29:42 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a92ad9d1-ab44-4074-a08d-1e4ff885a781}\mpengine.dll 2012-12-02 20:25:11 75776 ----a-w- c:\windows\system32\synceng.dll 2012-12-02 20:24:59 985088 ----a-w- c:\windows\system32\crypt32.dll 2012-12-02 20:24:59 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-12-02 20:24:56 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-12-02 20:24:14 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-12-02 20:24:08 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-02 20:21:39 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-12-02 20:17:22 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-12-02 20:17:19 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-12-01 23:21:40 -------- d-----w- c:\users\susan\appdata\local\Proxure 2012-12-01 23:21:29 -------- d-----w- c:\programdata\ClubSanDisk 2012-11-30 21:15:20 -------- d--h--w- c:\programdata\CanonIJScan 2012-11-30 13:17:41 740840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d753958d-f814-4244-8f6f-c52b44f68a76}\gapaengine.dll 2012-11-30 13:10:52 6812136 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2012-11-25 14:20:18 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll 2012-11-08 16:42:35 -------- d-----w- c:\users\susan\appdata\roaming\Malwarebytes 2012-11-08 16:42:06 -------- d-----w- c:\programdata\Malwarebytes 2012-11-08 16:42:00 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-08 16:41:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware . ==================== Find3M ==================== . 2012-10-09 00:27:16 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-09 00:27:16 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-08 07:56:24 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-10-08 07:48:03 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-10-08 07:47:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-10-08 07:44:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-10-08 07:43:21 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-10-08 07:40:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb . ============= FINISH: 17:52:46.79 =============== Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.02.02 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Susan :: SUSAN-PC [administrator] 12/2/2012 7:12:40 PM mbam-log-2012-12-02 (19-12-40).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 227579 Time elapsed: 20 minute(s), 13 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Attach.zip
- December 3, 2012
- 33 replies
Blue Screen Keeps Appearing

bmg posted a topic in Resolved Malware Removal Logs

As of yesterday, the blue screen is appearing whenever I try to access the internet through FF and Chrome and MB. A safe mode scan with MB comes up empty. A normal mode MB scan brings up the blue screen. Also Eset cannot complete in safe nor normal mode (saying a page file canot be opened.) Here are the DDS logs: dds.txt attach.txt
- July 29, 2012
- 1 reply
Mbamservice Question

bmg replied to bmg's topic in General Windows PC Help

Thanks - here are the logs: dds.txt attach.txt
- July 24, 2012
- 9 replies
Mbamservice Question

bmg replied to bmg's topic in General Windows PC Help

I did run the McAfee tool, but there is NO trace of Lavasoft anywhere that I can see. Not in the start menu programs, the control panel nor the c:program files folder. How can I remove what I cannot find?
- July 24, 2012
- 9 replies
Mbamservice Question

bmg replied to bmg's topic in General Windows PC Help

Thanks, McAfee in not listed in the Control Panel remove programs window. Should I still run the McAfee uninstaller? Also, should the entire Lavasoft program be removed, or just the Ad-Watch portion?
- July 23, 2012
- 9 replies
Mbamservice Question

bmg replied to bmg's topic in General Windows PC Help

Thanks; here are the logs: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_33 Run by tim at 15:09:39 on 2012-07-23 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1053 [GMT -4:00] . AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe svchost.exe svchost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\system32\astsrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\VERIZONDM\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\Wacom_Tablet.exe C:\Program Files\VERIZONDM\bin\tgsrvc.exe C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe C:\WINDOWS\system32\Wacom_Tablet.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\VERIZONDM\bin\sprtcmd.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\wscntfy.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe" BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: SecureBrowsing bho: {7632abca-b104-4fbc-9c70-419c4147061b} - c:\program files\m86security secure browsing\SecureBrowsing.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Finjan Secure Browsing: {b99f805c-f0b1-48ea-8c8b-753bfcbed913} - c:\program files\m86security secure browsing\SecureBrowsing.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [VERIZONDM] "c:\program files\verizondm\bin\sprtcmd.exe" /P VERIZONDM mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm IE: Download with IDM - c:\program files\internet download manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{072C6390-BCC0-47BD-A0E4-6F33CC63A30C} : DhcpNameServer = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\tim\application data\mozilla\firefox\profiles\uxsjyzcm.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/ FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q= FF - prefs.js: network.proxy.type - 0 FF - component: c:\documents and settings\tim\application data\idm\idmmzcc5\components\idmmzcc.dll FF - plugin: c:\documents and settings\tim\local settings\application data\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\tabletplugins\npwacom.dll FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true . ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-8-15 64512] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-6-14 612184] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-6-14 337880] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-6-29 242240] R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2010-11-30 108448] R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-27 214024] R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2011-5-18 21464] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-5-15 98392] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-6-14 20696] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-6-14 44768] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-29 655944] R2 PD91Agent;PD91Agent;c:\program files\raxco\perfectdisk2008\PD91Agent.exe [2008-9-9 693512] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-5-18 69976] R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2011-2-1 206120] R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-1-30 4463400] R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2011-2-1 185640] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-29 22344] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 250056] S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [2010-7-3 29184] S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-1-1 79816] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-1-1 35272] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-1-1 34248] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-1-1 40552] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120] S3 PD91Engine;PD91Engine;c:\program files\raxco\perfectdisk2008\PD91Engine.exe [2008-9-9 906504] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-1-28 16168] . =============== Created Last 30 ================ . 2012-07-21 23:10:32 -------- d-----w- c:\program files\PhotomatixPro4 2012-07-14 17:26:06 -------- d-----w- c:\documents and settings\tim\application data\.minecraft 2012-07-11 18:58:47 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll 2012-07-11 18:58:46 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll 2012-06-29 23:31:31 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2012-06-29 23:30:31 -------- d-----w- c:\program files\DAEMON Tools Lite 2012-06-29 23:06:25 -------- d-----w- c:\program files\TorrentSearch 2012-06-29 23:05:56 -------- d-----w- c:\program files\intellidownload . ==================== Find3M ==================== . 2012-07-12 08:25:22 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-12 08:25:22 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-14 21:52:45 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-06-14 21:52:44 476936 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-06-14 21:52:44 472840 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll 2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll 2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec 2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll 2007-12-17 13:43:00 27648 --sh--w- c:\windows\system32\Smab0.dll 2008-02-04 19:26:34 151040 --sh--w- c:\windows\system32\VistaUltm.dll . ============= FINISH: 15:12:24.60 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 12/31/2008 2:15:21 PM System Uptime: 7/23/2012 2:52:25 PM (1 hours ago) . Motherboard: Dell Inc. | | Processor: Intel® Pentium® M processor 1.60GHz | Microprocessor | 399/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 56 GiB total, 5.737 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318} Description: CD-ROM Drive Device ID: DTSOFTBUS&REV1\DTCDROM&REV1\1&2D12BED1&0&00 Manufacturer: (Standard CD-ROM drives) Name: DTSOFT Virtual CdRom Device PNP Device ID: DTSOFTBUS&REV1\DTCDROM&REV1\1&2D12BED1&0&00 Service: cdrom . ==== System Restore Points =================== . RP319: 6/7/2012 10:19:35 PM - System Checkpoint RP320: 6/8/2012 10:36:30 PM - System Checkpoint RP321: 6/9/2012 10:53:52 PM - System Checkpoint RP322: 6/10/2012 11:52:12 PM - System Checkpoint RP323: 6/12/2012 12:26:51 AM - System Checkpoint RP324: 6/12/2012 7:09:07 PM - Restore Operation RP325: 6/12/2012 8:03:24 PM - Removed ESET NOD32 Antivirus RP326: 6/12/2012 8:18:21 PM - Installed ESET NOD32 Antivirus RP327: 6/12/2012 9:22:45 PM - Software Distribution Service 3.0 RP328: 6/13/2012 3:00:29 AM - Software Distribution Service 3.0 RP329: 6/14/2012 3:51:19 AM - System Checkpoint RP330: 6/14/2012 3:23:59 PM - Removed ESET NOD32 Antivirus RP331: 6/14/2012 3:39:42 PM - avast! Free Antivirus Setup RP332: 6/14/2012 5:50:09 PM - Removed Java™ 6 Update 31 RP333: 6/14/2012 5:52:27 PM - Installed Java™ 6 Update 33 RP334: 6/15/2012 7:35:17 PM - System Checkpoint RP335: 6/16/2012 8:41:30 PM - System Checkpoint RP336: 6/17/2012 10:55:38 PM - System Checkpoint RP337: 6/18/2012 11:18:21 PM - System Checkpoint RP338: 6/19/2012 11:53:59 PM - System Checkpoint RP339: 6/20/2012 11:58:17 PM - System Checkpoint RP340: 6/22/2012 12:56:36 AM - System Checkpoint RP341: 6/23/2012 8:50:35 AM - System Checkpoint RP342: 6/24/2012 10:59:23 AM - System Checkpoint RP343: 6/25/2012 6:33:52 PM - System Checkpoint RP344: 6/26/2012 9:51:17 PM - System Checkpoint RP345: 6/27/2012 10:33:46 PM - System Checkpoint RP346: 6/28/2012 11:25:57 PM - System Checkpoint RP347: 6/30/2012 9:46:32 AM - System Checkpoint RP348: 7/1/2012 1:16:29 PM - System Checkpoint RP349: 7/2/2012 11:00:24 PM - System Checkpoint RP350: 7/4/2012 11:19:47 AM - System Checkpoint RP351: 7/5/2012 10:59:53 PM - System Checkpoint RP352: 7/7/2012 12:57:04 AM - System Checkpoint RP353: 7/8/2012 12:11:36 PM - System Checkpoint RP354: 7/9/2012 3:42:41 PM - System Checkpoint RP355: 7/10/2012 4:48:56 PM - System Checkpoint RP356: 7/11/2012 3:01:16 AM - Software Distribution Service 3.0 RP357: 7/12/2012 3:52:26 AM - System Checkpoint RP358: 7/13/2012 1:35:33 PM - System Checkpoint RP359: 7/14/2012 3:48:21 PM - System Checkpoint RP360: 7/15/2012 10:33:58 PM - System Checkpoint RP361: 7/16/2012 10:36:21 PM - System Checkpoint RP362: 7/17/2012 10:55:24 PM - System Checkpoint RP363: 7/18/2012 10:55:55 PM - System Checkpoint RP364: 7/19/2012 11:06:25 PM - System Checkpoint RP365: 7/20/2012 11:08:59 PM - System Checkpoint RP366: 7/21/2012 11:50:50 PM - System Checkpoint RP367: 7/23/2012 12:03:54 AM - System Checkpoint . ==== Installed Programs ====================== . . 7-Zip 9.20 ABBYY FineReader 6.0 Sprint Acrobat.com Adobe AIR Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Audition 3.0 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Default Language CS3 Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Fonts All Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe PDF Library Files Adobe Photoshop CS3 Adobe Photoshop CS5 Adobe Photoshop Lightroom 3 Adobe Reader 9.5.1 Adobe Setup Adobe Shockwave Player 11.6 Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 ALPS Touch Pad Driver Apple Application Support Apple Software Update ATI - Software Uninstall Utility ATI Control Panel ATI Display Driver avast! Free Antivirus Broadcom 440x 10/100 Integrated Controller C-Major Audio Canon iP5200R Canon Setup Utility 2.0 Canon Utilities Easy-PhotoPrint EX Color Efex Pro 3.0 Wacom Edition 6 Conexant D110 MDC V.92 Modem DAEMON Tools Lite DAEMON Tools Toolbar Data Lifeguard Diagnostic for Windows Descreen 5.0 beta 9 plug-in for Adobe Photoshop (32 bit) Easy Outlook Express Repair 1.2 Epson Copy Utility 3.5 EPSON Perf V700-V750 Guide EPSON Scan ESPNMotion FileZilla Client 3.2.8 FLV Player 2.0 (build 25) GemMaster Mystic Genuine Fractals 6.0.8 Professional Edition getPlus® for Adobe GoToAssist 8.0.0.514 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) Image Trends' ShineOff Plug-In 2.1.5 Imagenomic Portraiture 2.3 Plug-in (build 2308) Intel® PROSet/Wireless Software Internet Download Manager Java Auto Updater Java™ 6 Update 33 K-Lite Codec Pack 4.4.5 (Standard) M86Security Secure Browsing Malwarebytes Anti-Malware version 1.62.0.1300 mCore mDriver mDrWiFi mHlpDell Microsoft .NET Framework 1.0 Hotfix (KB2572066) Microsoft .NET Framework 1.0 Hotfix (KB2604042) Microsoft .NET Framework 1.0 Hotfix (KB2656378) Microsoft .NET Framework 1.0 Hotfix (KB953295) Microsoft .NET Framework 1.0 Hotfix (KB979904) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 mIWA mLogView mMHouse Mozilla Firefox 14.0.1 (x86 en-US) Mozilla Maintenance Service mPfMgr mPfWiz mProSafe mSCfg mSSO MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MSXML 6 Service Pack 2 (KB954459) mWlsSafe mWMI mZConfig Nero 7 Premium Nero Mega Plugin Pack NTREGOPT 1.1j OptiCAL Otto PDF Settings PDF Settings CS5 PerfectDisk 2008 Professional PhotoFrame 4.0.3 Professional Edition Photomatix Pro version 3.2 Photomatix Pro version 4.2.3 PhotoRescue Advanced PC 2.1.694 QuickSet QuickTime Real Alternative 1.9.0 Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2183461) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360131) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2416400) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2482017) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2497640) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2530548) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544521) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2559049) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2586448) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618444) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB963027) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969897) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972260) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974455) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB976325) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982381) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Silver Efex Pro SilverFast 8.0.1r5 (32bit) SilverFast Epson-SE 6.6.2r5 Splash Lite Spybot - Search & Destroy Spybot - Search & Destroy 1.4 SUPER © Version 2008.bld.25 (Feb 5, 2008) swMSM TablEdit 2.69 TEFView 2.69 Totally MAD Uninstall Mystical Unity Web Player Unity Web Player (All users) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition Update for Windows Internet Explorer 8 (KB2598845) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2718704) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update for Windows XP (KB976749) Update for Windows XP (KB978207) Update for Windows XP (KB980182) Velvia Vision Verizon Download Manager Verizon High Speed Internet Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 Viveza VLC media player 0.9.9 Vz In Home Agent Wacom Tablet WD Diagnostics WebFldrs XP WebTablet IE Plugin WebTablet Netscape Plugin WinASO Registry Optimizer 4.6.2 Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Media Player Firefox Plugin Windows XP Media Center Edition 2005 KB973768 Windows XP Service Pack 3 WinRAR archiver WinZip 12.1 Yahoo! Detect Yahoo! Messenger . ==== End Of File ===========================
- July 23, 2012
- 9 replies
Mbamservice Question

bmg posted a topic in General Windows PC Help

Hi, My computer seems to be locking up lately and maxing out at 100% usage. When I check the task manager, I see mbamservice.exe is taking up 101+k; is this normal and should it be running all the time? Thanks
- July 22, 2012
- 9 replies
Java Installed, But Refuses To Work

bmg replied to bmg's topic in General Windows PC Help

Thanks - I tried what was posted, but still no success...
- July 14, 2012
- 3 replies
Cannot access "JAVA" in Control Panel; get error message?

bmg replied to Eagleeye's topic in General Windows PC Help

I've had this same problem, tried all of the above, and still no success...
- July 14, 2012
- 11 replies
Java Installed, But Refuses To Work

bmg posted a topic in General Windows PC Help

I have noticed, after many games not working properly, that Java isnot working on my computer. I have the latest version, and it shows up in control panel, but in all the browsers I'm using, it's not operating. IE, Chrome and FF 3 all say it's not enabled, but the settings confirm it is enabled. FF in particular closes down whenever I access the Java testing site. Any help would be appreciated.
- July 14, 2012
- 3 replies
XP Crashing After Nod32 Update

bmg replied to bmg's topic in Malwarebytes for Windows Support Forum

After upgrading the NOD32 version 5 on Monday, whenever I plug-in my external hard drives, the system becomes locked. There is no way to open any files or folders, the taskbar is unavailable, and I have to shut-down using the power button. Your 'fix' does work, but as a graphic artist who needs the PS scratch disk on another drive for best results, this is a major issue for me. I had liked NOD32 for the past year, but this is unacceptable for me to continue working this way. I wonder if I go back to version 4 everything would be OK. I came here for info, not knowing it was connected in any way with MB - go figure...
- June 14, 2012
- 7 replies
XP Crashing After Nod32 Update

bmg replied to bmg's topic in Malwarebytes for Windows Support Forum

So when is this solution to become available - soon, or in the distant future?
- June 13, 2012
- 7 replies

Events

Profiles

Forums

Everything posted by bmg

Important Information