Jump to content

Recommended Posts

This computer has been living at a small business that my wife and I own. I recently built a new computer to replace it and brought this one home. I didn't really use it at work but when I played with it here I have observed all sorts of abnormal behavior. It seems to be running very slow. It hangs and locks up for no good reason. Online, this computer is very slow! I understand that it is older and maybe I'm spoiled with newer computers but it kept reminding me of dialup days of long ago. The computer is a Dell Dimension 4550 with a 1.8GHz pentium 4 processor and 1.5Gs of memory. I decided to scan for malware today and ran both Malwarebytes and Superantispyware. I had previously run Avast antivirus scan which turned up nothing. I had problems with both antispyware programs and ended up uninstalling Malwarebytes antispyware v. 1.42 and installing v. 1.52. I ran a scan but didn't stay to watch it. when I returned the program had closed and there were no current logs for the new install. I did this twice but both times I wasn't there when it finished and no logs either time. I had trouble updating both antispyware programs but was eventually able to update the newer version of Malwarebytes and Superantispyware. I got 2 error messages when trying to update Malwarebytes: 732(0,0) on v. 1.42 and 11004,0 no address found on v. 1.52. I actually hope that I have some sort of malware cause I need to use this computer until I can afford to build another and it is SO slow!

Thanks for looking,

Urge

dds.txt

attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please do the following:

  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

Link to post
Share on other sites

OK, I ran mbam-clean.exe, reinstalled the latest Malwarebytes' Anti-Malware, updated it and set exclusions. I then ran a scan. I had errands to do so I left and when I came back I was looking at my desktop. I opened mbam and looked for the log file but it was empty. In the settings tab these entries are both checked...

Automatically save log file after scan completes.

Open log file immediately after saving.

Is this a sign of some malware interfering with mbam?

When I was setting the exclusions in Avast's File System Shield these entries were already there:

?:\PageFile.sys

*\System.da?

*\User.da?

*.fon

*.txt

*.log

*.ini

*\Bootstrap.dat

*\firefox\profiles\*sessionstore*.js

R and W were checked for all except-*\firefox\profiles\*sessionstore*.js

which had only W checked. Is this normal? What next?

Urge

Link to post
Share on other sites

OK, I updated mbam and ran a quick scan. Here are the results:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8399

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

12/19/2011 6:31:51 PM

mbam-log-2011-12-19 (18-31-51).txt

Scan type: Quick scan

Objects scanned: 196255

Time elapsed: 6 minute(s), 45 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Urge

Link to post
Share on other sites

I installed and ran everything, here are the logs.

ComboFix 11-12-23.01 - Bill 12/23/2011 10:45:59.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1134 [GMT -5:00]

Running from: c:\documents and settings\Bill\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Bill\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk

c:\windows\system32\default_user_class.dat.LOG

c:\windows\system32\oobe\isperror

c:\windows\system32\oobe\isperror\ispcnerr.htm

c:\windows\system32\oobe\isperror\ispdtone.htm

c:\windows\system32\oobe\isperror\isphdshk.htm

c:\windows\system32\oobe\isperror\ispins.htm

c:\windows\system32\oobe\isperror\ispnoanw.htm

c:\windows\system32\oobe\isperror\isppberr.htm

c:\windows\system32\oobe\isperror\ispphbsy.htm

c:\windows\system32\oobe\isperror\ispsbusy.htm

.

.

((((((((((((((((((((((((( Files Created from 2011-11-23 to 2011-12-23 )))))))))))))))))))))))))))))))

.

.

2011-12-22 15:49 . 2011-12-22 15:56 -------- d-----w- c:\program files\Ultimate Defrag

2011-12-14 16:32 . 2011-12-14 16:32 -------- d-----w- c:\documents and settings\Bill\Application Data\Malwarebytes

2011-12-14 16:31 . 2011-12-14 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-12-14 16:30 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-08 21:17 . 2011-12-08 21:17 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2011-12-08 14:20 . 2011-12-08 14:20 -------- d-----w- c:\documents and settings\Bill\Application Data\Panasonic

2011-12-07 21:14 . 2011-12-07 21:14 -------- d-----w- c:\documents and settings\Bill\Application Data\SUPERAntiSpyware.com

2011-12-07 16:22 . 2011-12-07 16:22 -------- d-----w- c:\documents and settings\Bill\Local Settings\Application Data\Supremus Corporation

2011-12-06 00:25 . 2011-12-06 00:27 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe

2011-12-06 00:22 . 2011-12-06 00:22 -------- d-----w- c:\documents and settings\Bill\Local Settings\Application Data\Help

2011-12-05 23:56 . 2011-12-05 23:56 -------- d-----w- c:\documents and settings\Bill\Application Data\Windows Search

2011-12-05 23:36 . 2011-08-17 21:32 468480 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2011-12-05 23:36 . 2011-08-17 21:32 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll

2011-12-05 23:36 . 2011-08-17 21:32 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll

2011-12-05 23:36 . 2011-08-17 21:32 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2011-12-05 23:36 . 2011-08-17 21:32 63488 -c----w- c:\windows\system32\dllcache\icardie.dll

2011-12-05 23:36 . 2011-08-17 12:21 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe

2011-12-05 23:36 . 2010-07-05 20:32 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat

2011-12-05 23:36 . 2011-08-17 21:32 6076416 -c----w- c:\windows\system32\dllcache\ieframe.dll

2011-12-05 23:24 . 2011-12-05 23:24 -------- d-----w- c:\windows\ServicePackFiles

2011-12-05 23:11 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-12-05 23:11 . 2011-12-05 23:11 -------- d-----w- c:\program files\UPHClean

2011-12-05 23:06 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2011-12-05 23:05 . 2010-05-06 17:17 21496 ----a-w- c:\windows\system32\wucltui.dll.mui

2011-12-05 23:05 . 2010-05-06 17:17 44536 ----a-w- c:\windows\system32\wups2.dll

2011-12-05 23:05 . 2010-05-06 17:17 17400 ----a-w- c:\windows\system32\wuaueng.dll.mui

2011-12-05 23:05 . 2010-05-06 17:17 14840 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2011-12-05 23:05 . 2010-05-06 17:17 14840 ----a-w- c:\windows\system32\wuapi.dll.mui

2011-12-05 22:59 . 2009-11-27 17:11 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll

2011-12-05 22:58 . 2009-11-27 16:07 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll

2011-12-05 22:58 . 2009-11-27 16:07 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll

2011-12-05 22:54 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys

2011-12-05 22:50 . 2009-09-06 07:09 126976 -c----w- c:\windows\system32\dllcache\ftpsvc2.dll

2011-12-05 22:42 . 2010-12-09 13:42 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2011-12-05 22:42 . 2010-12-09 13:38 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2011-12-05 22:42 . 2010-12-09 13:07 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2011-12-05 22:40 . 2008-09-30 06:19 57344 -c----w- c:\windows\system32\dllcache\uexfat.dll

2011-12-05 22:40 . 2008-09-30 06:19 57344 ------w- c:\windows\system32\uexfat.dll

2011-12-05 22:40 . 2008-09-29 10:21 133632 -c----w- c:\windows\system32\dllcache\exfat.sys

2011-12-05 22:40 . 2008-09-29 10:21 133632 ------w- c:\windows\system32\drivers\exfat.sys

2011-12-05 22:39 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2011-12-05 22:37 . 2008-05-02 13:25 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll

2011-12-05 22:37 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll

2011-12-05 22:37 . 2008-05-02 13:25 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll

2011-12-05 22:37 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll

2011-12-05 22:37 . 2008-05-02 10:49 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys

2011-12-05 22:36 . 2011-12-08 14:51 -------- d-----w- c:\program files\Windows Desktop Search

2011-12-05 22:34 . 2011-12-05 22:34 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

2011-12-05 22:33 . 2004-09-12 14:17 61440 ----a-w- c:\windows\ContextMenuExt.dll

2011-12-05 22:18 . 2007-07-10 18:27 10752 ----a-w- c:\windows\system32\aamd532.dll

2011-12-05 22:18 . 2004-04-26 03:39 53248 ----a-w- c:\windows\system32\SSUBTMR6.DLL

2011-12-05 05:20 . 2011-12-05 05:20 -------- d-----w- c:\documents and settings\Bill\Application Data\pokerth

2011-12-04 05:40 . 2011-12-04 05:40 -------- d-----w- C:\CRIBBAGE

2011-12-03 21:23 . 2011-12-03 21:23 -------- d-----w- c:\program files\Common Files\Java

2011-12-03 15:37 . 2011-12-03 15:37 -------- d-----w- c:\program files\Hewlett-Packard

2011-12-03 15:37 . 2011-12-03 15:37 82380 ----a-w- c:\windows\system32\drivers\AFS2K.SYS

2011-12-03 15:25 . 2011-12-03 15:25 -------- d-----w- c:\windows\system32\NtmsData

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-16 17:44 . 2011-07-24 22:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-28 18:01 . 2010-11-04 20:20 41184 ----a-w- c:\windows\avastSS.scr

2011-11-28 18:01 . 2010-02-03 16:43 199816 ----a-w- c:\windows\system32\aswBoot.exe

2011-11-28 17:54 . 2010-02-03 16:43 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys

2011-11-28 17:53 . 2010-02-03 16:43 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-11-28 17:53 . 2010-02-03 16:43 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-11-28 17:53 . 2010-02-03 16:43 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2011-11-28 17:52 . 2010-02-03 16:43 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-11-28 17:52 . 2010-02-03 16:43 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-11-28 17:52 . 2010-02-03 16:43 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-11-28 17:51 . 2010-02-03 16:43 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-11-28 17:51 . 2010-02-03 16:43 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-11-28 17:48 . 2010-02-03 16:43 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-10-10 14:22 . 2009-11-30 19:49 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-03 10:06 . 2010-05-01 14:58 472808 -c--a-w- c:\windows\system32\deployJava1.dll

2011-10-03 07:37 . 2009-11-30 22:06 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-09-28 07:06 . 2008-03-21 00:35 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 16:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 16:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 16:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-04-13 . 909BD95DDDA5AE308DD365EA6EDF2262 . 1614848 . . [5.1.2600.5508] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 122512 ----a-w- e:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"True Transparency"="c:\program files\Utilities\True Transparency\TrueTransparency.exe" [2007-10-28 133120]

"hddhealth"="e:\utilities\HDD Health\hddhealth.exe" [2008-06-15 1692672]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-05-25 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-05-25 126976]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]

"Tweak UI"="TWEAKUI.CPL" [2000-06-18 106544]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-01-21 4359280]

"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-01-21 960536]

"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-01-21 377232]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"True Transparency"="c:\program files\Utilities\True Transparency\TrueTransparency.exe" [2007-10-28 133120]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

hp psc 2000 Series.lnk - e:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-6 323646]

Microsoft Office.lnk - e:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

What's my computer doing.lnk - e:\program files\What's my computer doing\WhatsMyComputerDoing.exe [2011-12-15 275296]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 19:21 548352 ----a-w- e:\program files\SUPERAntiSpyware\SASWINLO.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk

backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]

2009-03-24 02:00 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]

2009-03-18 01:40 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"e:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=

"e:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=

"e:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=

.

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2/3/2010 11:43 AM 12112]

R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2/3/2010 11:43 AM 195416]

R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2/3/2010 11:43 AM 111320]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/3/2010 11:43 AM 435032]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/3/2010 11:43 AM 314456]

R1 SASDIFSV;SASDIFSV;e:\program files\SUPERAntiSpyware\sasdifsv.sys [11/23/2009 8:43 AM 9968]

R1 SASKUTIL;SASKUTIL;e:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 8:43 AM 74480]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/3/2010 11:43 AM 20568]

S2 avast! Firewall;avast! Firewall;e:\program files\Alwil Software\Avast5\afwServ.exe [2/3/2010 11:43 AM 127192]

S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [7/20/2011 3:43 PM 16456]

S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [7/20/2011 3:43 PM 11088]

S3 SASENUM;SASENUM;e:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 8:43 AM 7408]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - uphcleanhlp

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-03 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8322926644.job

- e:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 05:52]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\Bill\Application Data\Mozilla\Firefox\Profiles\haiix58h.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-23 10:58

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600

.

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.

device: opened successfully

user: error reading MBR

kernel: MBR read successfully

user != kernel MBR !!!

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1324)

e:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

.

Completion time: 2011-12-23 11:03:53

ComboFix-quarantined-files.txt 2011-12-23 16:03

.

Pre-Run: 10,379,886,592 bytes free

Post-Run: 10,616,483,840 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - BE4D0356921995BBCC801829A430D90C

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_29

Run by Bill at 11:18:34 on 2011-12-23

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.976 [GMT -5:00]

.

AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: avast! Internet Security *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

E:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

E:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\UPHClean\uphclean.exe

E:\Program Files\RealVNC\VNC4\WinVNC4.exe

E:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

E:\Utilities\HDD Health\hddhealth.exe

E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\WINDOWS\system32\HPZipm12.exe

E:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - e:\program files\alwil software\avast5\aswWebRepIE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - e:\program files\alwil software\avast5\aswWebRepIE.dll

uRun: [True Transparency] "c:\program files\utilities\true transparency\TrueTransparency.exe"

uRun: [hddhealth] e:\utilities\hdd health\hddhealth.exe -wl

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe

mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [True Transparency] "c:\program files\utilities\true transparency\TrueTransparency.exe"

dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - e:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - e:\program files\microsoft office\office\OSA9.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\what's~1.lnk - e:\program files\what's my computer doing\WhatsMyComputerDoing.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{8AD73092-2144-4B27-9D2D-BCA31730FA97} : DhcpNameServer = 192.168.1.1

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Notify: !SASWinLogon - e:\program files\superantispyware\SASWINLO.dll

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - e:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\bill\application data\mozilla\firefox\profiles\haiix58h.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - plugin: e:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: e:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: e:\program files\java\jre6\bin\new_plugin\npjp2.dll

FF - plugin: e:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: e:\program files\videolan\vlc\npvlc.dll

.

============= SERVICES / DRIVERS ===============

.

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2010-2-3 12112]

R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2010-2-3 195416]

R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2010-2-3 111320]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-2-3 435032]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-3 314456]

R1 SASDIFSV;SASDIFSV;e:\program files\superantispyware\sasdifsv.sys [2009-11-23 9968]

R1 SASKUTIL;SASKUTIL;e:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 74480]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-3 20568]

R2 avast! Antivirus;avast! Antivirus;e:\program files\alwil software\avast5\AvastSvc.exe [2010-2-3 44768]

S2 avast! Firewall;avast! Firewall;e:\program files\alwil software\avast5\afwServ.exe [2010-2-3 127192]

S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2011-7-20 16456]

S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2011-7-20 11088]

S3 SASENUM;SASENUM;e:\program files\superantispyware\SASENUM.SYS [2009-11-23 7408]

.

=============== Created Last 30 ================

.

2011-12-23 15:44:25 -------- d-sha-r- C:\cmdcons

2011-12-23 15:42:56 98816 ----a-w- c:\windows\sed.exe

2011-12-23 15:42:56 518144 ----a-w- c:\windows\SWREG.exe

2011-12-23 15:42:56 256000 ----a-w- c:\windows\PEV.exe

2011-12-23 15:42:56 208896 ----a-w- c:\windows\MBR.exe

2011-12-22 15:49:31 -------- d-----w- c:\program files\Ultimate Defrag

2011-12-14 16:32:14 -------- d-----w- c:\documents and settings\bill\application data\Malwarebytes

2011-12-14 16:31:00 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-12-14 16:30:56 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-08 21:17:13 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2011-12-07 21:14:23 -------- d-----w- c:\documents and settings\bill\application data\SUPERAntiSpyware.com

2011-12-07 18:21:41 -------- d-----w- c:\windows\system32\PreInstall

2011-12-07 16:22:19 -------- d-----w- c:\documents and settings\bill\local settings\application data\Supremus Corporation

2011-12-06 00:25:25 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe

2011-12-06 00:22:35 -------- d-----w- c:\documents and settings\bill\local settings\application data\Help

2011-12-05 23:56:17 -------- d-----w- c:\documents and settings\bill\application data\Windows Search

2011-12-05 23:36:21 468480 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2011-12-05 23:36:21 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll

2011-12-05 23:36:21 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll

2011-12-05 23:36:20 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2011-12-05 23:36:19 63488 -c----w- c:\windows\system32\dllcache\icardie.dll

2011-12-05 23:36:19 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe

2011-12-05 23:36:18 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat

2011-12-05 23:36:15 6076416 -c----w- c:\windows\system32\dllcache\ieframe.dll

2011-12-05 23:24:01 -------- d-----w- c:\windows\ServicePackFiles

2011-12-05 23:11:30 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-12-05 23:11:22 -------- d-----w- c:\program files\UPHClean

2011-12-05 23:06:46 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2011-12-05 23:05:12 21496 ----a-w- c:\windows\system32\wucltui.dll.mui

2011-12-05 23:05:12 -------- d-----w- c:\windows\system32\SoftwareDistribution

2011-12-05 23:05:11 17400 ----a-w- c:\windows\system32\wuaueng.dll.mui

2011-12-05 23:05:10 14840 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2011-12-05 23:05:10 14840 ----a-w- c:\windows\system32\wuapi.dll.mui

2011-12-05 22:59:18 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll

2011-12-05 22:58:10 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll

2011-12-05 22:58:09 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll

2011-12-05 22:54:18 265728 -c----w- c:\windows\system32\dllcache\http.sys

2011-12-05 22:50:16 126976 -c----w- c:\windows\system32\dllcache\ftpsvc2.dll

2011-12-05 22:42:46 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2011-12-05 22:42:45 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2011-12-05 22:42:43 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2011-12-05 22:40:54 57344 -c----w- c:\windows\system32\dllcache\uexfat.dll

2011-12-05 22:40:54 57344 ------w- c:\windows\system32\uexfat.dll

2011-12-05 22:40:54 133632 -c----w- c:\windows\system32\dllcache\exfat.sys

2011-12-05 22:40:54 133632 ------w- c:\windows\system32\drivers\exfat.sys

2011-12-05 22:39:27 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2011-12-05 22:37:33 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys

2011-12-05 22:37:33 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll

2011-12-05 22:37:33 465920 ------w- c:\windows\system32\imapi2fs.dll

2011-12-05 22:37:33 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll

2011-12-05 22:37:33 317952 ------w- c:\windows\system32\imapi2.dll

2011-12-05 22:36:46 -------- d-----w- c:\program files\Windows Desktop Search

2011-12-05 22:34:14 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

2011-12-05 22:33:55 61440 ----a-w- c:\windows\ContextMenuExt.dll

2011-12-05 22:18:12 53248 ----a-w- c:\windows\system32\SSUBTMR6.DLL

2011-12-05 22:18:12 10752 ----a-w- c:\windows\system32\aamd532.dll

2011-12-05 05:20:55 -------- d-----w- c:\documents and settings\bill\application data\pokerth

2011-12-04 05:40:17 -------- d-----w- C:\CRIBBAGE

2011-12-03 15:37:10 82380 ----a-w- c:\windows\system32\drivers\AFS2K.SYS

2011-12-03 15:25:01 -------- d-----w- c:\windows\system32\NtmsData

.

==================== Find3M ====================

.

2011-12-16 17:44:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr

2011-11-28 17:54:38 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys

2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-11-28 17:53:22 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-03 10:06:03 472808 -c--a-w- c:\windows\system32\deployJava1.dll

2011-10-03 07:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600

.

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.

device: opened successfully

user: error reading MBR

.

Disk trace:

called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS

c:\docume~1\bill\locals~1\temp\catchme.sys

1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x898A9AB8]

3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\Ide\IdeDeviceP0T0L0-4[0x8990EB00]

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

user != kernel MBR !!!

.

============= FINISH: 11:19:45.12 ===============

Attach.zip

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

Please update MBAM, run a Quick Scan, and post its log.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, grab a fresh copy of ComboFix, run it, and post its log.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Hi,

Imagine, taking time off over the holidays-you slacker. No problem brother.

I downloaded tdsskiller but 7zip wouldn't unzip the file. This is the 1st time that 7zip has failed to do it's job. I tried with Windows extraction wizard also but no go. I used another computer in my house and downloaded the file and had no problem unzipping and opening it. I renamed it and transferred it to a flash drive and then to the problem computer. It ran with no problems. Here are the logs from all the scans.

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2011.12.28.01

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 7.0.5730.13

Bill :: CATWOMAN [limited]

12/28/2011 12:00:40 AM

mbam-log-2011-12-28 (00-00-40).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 193199

Time elapsed: 5 minute(s), 29 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

13:50:22.0132 2648 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

13:50:24.0132 2648 ============================================================

13:50:24.0132 2648 Current date / time: 2011/12/28 13:50:24.0132

13:50:24.0132 2648 SystemInfo:

13:50:24.0132 2648

13:50:24.0132 2648 OS Version: 5.1.2600 ServicePack: 3.0

13:50:24.0132 2648 Product type: Workstation

13:50:24.0132 2648 ComputerName: CATWOMAN

13:50:24.0132 2648 UserName: Bill

13:50:24.0132 2648 Windows directory: C:\WINDOWS

13:50:24.0132 2648 System windows directory: C:\WINDOWS

13:50:24.0132 2648 Processor architecture: Intel x86

13:50:24.0132 2648 Number of processors: 1

13:50:24.0132 2648 Page size: 0x1000

13:50:24.0132 2648 Boot type: Normal boot

13:50:24.0132 2648 ============================================================

13:50:25.0320 2648 Initialize success

13:50:33.0632 2496 ============================================================

13:50:33.0632 2496 Scan started

13:50:33.0632 2496 Mode: Manual;

13:50:33.0632 2496 ============================================================

13:50:34.0289 2496 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys

13:50:34.0289 2496 Aavmker4 - ok

13:50:34.0335 2496 Abiosdsk - ok

13:50:34.0382 2496 abp480n5 - ok

13:50:34.0476 2496 ACPI (7517e9b5fe4811cbd7712af820028cc4) C:\WINDOWS\system32\DRIVERS\ACPI.sys

13:50:34.0492 2496 ACPI - ok

13:50:34.0554 2496 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

13:50:34.0554 2496 ACPIEC - ok

13:50:34.0617 2496 adpu160m - ok

13:50:34.0695 2496 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys

13:50:34.0695 2496 aeaudio - ok

13:50:34.0757 2496 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

13:50:34.0757 2496 aec - ok

13:50:34.0835 2496 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

13:50:34.0851 2496 AFD - ok

13:50:34.0929 2496 AFS2K (b34b1ab0a7690a0e2301fec6d17b2fc1) C:\WINDOWS\system32\drivers\AFS2K.sys

13:50:34.0929 2496 AFS2K - ok

13:50:34.0992 2496 agp440 (c2747d85dc39724e0d1cb00accd94494) C:\WINDOWS\system32\DRIVERS\agp440.sys

13:50:35.0007 2496 agp440 - ok

13:50:35.0054 2496 Aha154x - ok

13:50:35.0085 2496 aic78u2 - ok

13:50:35.0132 2496 aic78xx - ok

13:50:35.0210 2496 AliIde - ok

13:50:35.0257 2496 amsint - ok

13:50:35.0320 2496 asc - ok

13:50:35.0367 2496 asc3350p - ok

13:50:35.0398 2496 asc3550 - ok

13:50:35.0523 2496 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys

13:50:35.0523 2496 aswFsBlk - ok

13:50:35.0585 2496 aswFW (9b88d53227e0bc1ce62a981b2fcd67c8) C:\WINDOWS\system32\drivers\aswFW.sys

13:50:35.0585 2496 aswFW - ok

13:50:35.0648 2496 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys

13:50:35.0648 2496 aswMon2 - ok

13:50:35.0710 2496 aswNdis (7b948e3657bea62e437bc46ca6ef6012) C:\WINDOWS\system32\DRIVERS\aswNdis.sys

13:50:35.0710 2496 aswNdis - ok

13:50:35.0773 2496 aswNdis2 (2d26aaee48a48e64129b4ae1d0ab3a3b) C:\WINDOWS\system32\drivers\aswNdis2.sys

13:50:35.0773 2496 aswNdis2 - ok

13:50:35.0820 2496 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys

13:50:35.0820 2496 aswRdr - ok

13:50:35.0914 2496 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys

13:50:35.0929 2496 aswSnx - ok

13:50:36.0007 2496 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys

13:50:36.0007 2496 aswSP - ok

13:50:36.0070 2496 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys

13:50:36.0070 2496 aswTdi - ok

13:50:36.0132 2496 AsyncMac (34c951228c152a248357409cb680ce13) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

13:50:36.0132 2496 AsyncMac - ok

13:50:36.0210 2496 atapi (65ea06f8711fb3a64ec7d323e350f456) C:\WINDOWS\system32\DRIVERS\atapi.sys

13:50:36.0210 2496 atapi - ok

13:50:36.0351 2496 Atdisk - ok

13:50:36.0460 2496 ati2mtaa (2d030c2f6b036ca0bc243e1b16d924d1) C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys

13:50:36.0476 2496 ati2mtaa - ok

13:50:36.0539 2496 Atmarpc (ce372a820e4f4e808b574050ec35c049) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

13:50:36.0539 2496 Atmarpc - ok

13:50:36.0632 2496 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

13:50:36.0648 2496 audstub - ok

13:50:36.0726 2496 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys

13:50:36.0742 2496 BANTExt - ok

13:50:36.0835 2496 BCMModem (2d39d498108c4810ef8cc1103a2a5b73) C:\WINDOWS\system32\DRIVERS\BCMDM.sys

13:50:36.0898 2496 BCMModem - ok

13:50:36.0960 2496 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

13:50:36.0960 2496 Beep - ok

13:50:37.0070 2496 catchme - ok

13:50:37.0132 2496 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

13:50:37.0132 2496 cbidf2k - ok

13:50:37.0179 2496 cd20xrnt - ok

13:50:37.0242 2496 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

13:50:37.0242 2496 Cdaudio - ok

13:50:37.0289 2496 Cdfs (3a8d04c6533a344973ba5cce5be2609b) C:\WINDOWS\system32\drivers\Cdfs.sys

13:50:37.0304 2496 Cdfs - ok

13:50:37.0382 2496 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

13:50:37.0382 2496 Cdrom - ok

13:50:37.0429 2496 Changer - ok

13:50:37.0507 2496 CmdIde - ok

13:50:37.0601 2496 Cpqarray - ok

13:50:37.0664 2496 dac2w2k - ok

13:50:37.0695 2496 dac960nt - ok

13:50:37.0773 2496 Disk (db7ba51015765db476457bedd53d3cfe) C:\WINDOWS\system32\DRIVERS\disk.sys

13:50:37.0773 2496 Disk - ok

13:50:37.0851 2496 dmboot (ba1f9637c50d105fb8ebe334d57bc16e) C:\WINDOWS\system32\drivers\dmboot.sys

13:50:37.0882 2496 dmboot - ok

13:50:37.0945 2496 dmio (a29d408f65291721091bc21a48ceed00) C:\WINDOWS\system32\drivers\dmio.sys

13:50:37.0945 2496 dmio - ok

13:50:37.0992 2496 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

13:50:37.0992 2496 dmload - ok

13:50:38.0085 2496 DMusic (0fdc464e960b5c9665d89fe00bc972a3) C:\WINDOWS\system32\drivers\DMusic.sys

13:50:38.0085 2496 DMusic - ok

13:50:38.0164 2496 dpti2o - ok

13:50:38.0210 2496 drmkaud (6d5ca8474cf00a2765b6d6b35a57e89c) C:\WINDOWS\system32\drivers\drmkaud.sys

13:50:38.0210 2496 drmkaud - ok

13:50:38.0289 2496 E1000 (854293999e91bf2eb9e786166de4a35f) C:\WINDOWS\system32\DRIVERS\e1000325.sys

13:50:38.0289 2496 E1000 - ok

13:50:38.0351 2496 E100B (98ed0bea10477b0f252cca35eb50f838) C:\WINDOWS\system32\DRIVERS\e100b325.sys

13:50:38.0367 2496 E100B - ok

13:50:38.0492 2496 exFat (3ef58f2eae3aecab45d682152db2f67d) C:\WINDOWS\system32\drivers\exFat.sys

13:50:38.0492 2496 exFat - ok

13:50:38.0570 2496 Fastfat (bb9c87cc84a747f68c4d0e24d5841e61) C:\WINDOWS\system32\drivers\Fastfat.sys

13:50:38.0570 2496 Fastfat - ok

13:50:38.0632 2496 Fdc (bafd3cc668a29f5070da63469c273127) C:\WINDOWS\system32\DRIVERS\fdc.sys

13:50:38.0632 2496 Fdc - ok

13:50:38.0695 2496 Fips (cd7388a0e1f2585d0300c9533f4de221) C:\WINDOWS\system32\drivers\Fips.sys

13:50:38.0695 2496 Fips - ok

13:50:38.0742 2496 Flpydisk (50cd9634d0d4e6c9c6e2e8ea27f8e2f6) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

13:50:38.0757 2496 Flpydisk - ok

13:50:38.0835 2496 FltMgr (d1338fb4160e250ae8a9202f8ac3860f) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

13:50:38.0835 2496 FltMgr - ok

13:50:38.0929 2496 Fs_Rec (c865b83411d7347627a4beec22543fb1) C:\WINDOWS\system32\drivers\Fs_Rec.sys

13:50:38.0929 2496 Fs_Rec - ok

13:50:39.0007 2496 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

13:50:39.0007 2496 Ftdisk - ok

13:50:39.0085 2496 Gpc (8c7faa02a68d9eef68287a2842bb4f71) C:\WINDOWS\system32\DRIVERS\msgpc.sys

13:50:39.0085 2496 Gpc - ok

13:50:39.0179 2496 HidUsb (81d2ffea0965a205f257160f1328f18e) C:\WINDOWS\system32\DRIVERS\hidusb.sys

13:50:39.0179 2496 HidUsb - ok

13:50:39.0226 2496 hpn - ok

13:50:39.0304 2496 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

13:50:39.0304 2496 HPZid412 - ok

13:50:39.0367 2496 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

13:50:39.0367 2496 HPZipr12 - ok

13:50:39.0445 2496 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

13:50:39.0445 2496 HPZius12 - ok

13:50:39.0523 2496 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

13:50:39.0539 2496 HTTP - ok

13:50:39.0601 2496 i2omgmt - ok

13:50:39.0648 2496 i2omp - ok

13:50:39.0726 2496 i8042prt (f641d64e8fd069d91e60511bb5cf4a2d) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

13:50:39.0726 2496 i8042prt - ok

13:50:39.0835 2496 ialm (3ca41cdb9c912aed354b0c7abe4a4654) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

13:50:39.0882 2496 ialm - ok

13:50:39.0945 2496 Imapi (df47d4e6ed89cd0ad7248a7604af706e) C:\WINDOWS\system32\DRIVERS\imapi.sys

13:50:39.0945 2496 Imapi - ok

13:50:40.0023 2496 ini910u - ok

13:50:40.0101 2496 IntelIde (d5dbb6592e6bd9cf2e997c609ed14474) C:\WINDOWS\system32\DRIVERS\intelide.sys

13:50:40.0101 2496 IntelIde - ok

13:50:40.0164 2496 intelppm (09a4677efbe5a0a14e9a090421d851df) C:\WINDOWS\system32\DRIVERS\intelppm.sys

13:50:40.0164 2496 intelppm - ok

13:50:40.0226 2496 Ip6Fw (0f2a14149b767cd62559a4e060d63e0a) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

13:50:40.0226 2496 Ip6Fw - ok

13:50:40.0304 2496 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

13:50:40.0304 2496 IpFilterDriver - ok

13:50:40.0335 2496 IpInIp (f6e4f5f17ead48851b2ca24faf595693) C:\WINDOWS\system32\DRIVERS\ipinip.sys

13:50:40.0351 2496 IpInIp - ok

13:50:40.0414 2496 IpNat (04191cc82eda72c44f9c154bc094ea0d) C:\WINDOWS\system32\DRIVERS\ipnat.sys

13:50:40.0429 2496 IpNat - ok

13:50:40.0492 2496 IPSec (84f6866f355c4c2185eb68206d55c591) C:\WINDOWS\system32\DRIVERS\ipsec.sys

13:50:40.0492 2496 IPSec - ok

13:50:40.0570 2496 IRENUM (ca98b430387b7d73d9b52eb4e0ab9d92) C:\WINDOWS\system32\DRIVERS\irenum.sys

13:50:40.0570 2496 IRENUM - ok

13:50:40.0648 2496 isapnp (5a59964bfb9dca86af0c4ae8cc1d6a32) C:\WINDOWS\system32\DRIVERS\isapnp.sys

13:50:40.0648 2496 isapnp - ok

13:50:40.0726 2496 Kbdclass (4780a418e0fa859b09311c87980d0f7e) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

13:50:40.0726 2496 Kbdclass - ok

13:50:40.0773 2496 kbdhid (e8b24306a700220740daf09f042280a2) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

13:50:40.0789 2496 kbdhid - ok

13:50:40.0867 2496 kmixer (e30be31b27e6fd0c3ab65e87f794e5df) C:\WINDOWS\system32\drivers\kmixer.sys

13:50:40.0867 2496 kmixer - ok

13:50:40.0929 2496 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

13:50:40.0929 2496 KSecDD - ok

13:50:41.0007 2496 L8042Kbd (58759156a6918913edd368f995be3e53) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys

13:50:41.0007 2496 L8042Kbd - ok

13:50:41.0070 2496 L8042mou (973f78482aa2f2760323900b3a501c40) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys

13:50:41.0085 2496 L8042mou - ok

13:50:41.0148 2496 lbrtfdc - ok

13:50:41.0226 2496 LHidFilt (c91206ca84684057118265e8377c77b6) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys

13:50:41.0226 2496 LHidFilt - ok

13:50:41.0335 2496 LMouFilt (9f03720fa5e6d14cd4dfea610f2c1a7c) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys

13:50:41.0335 2496 LMouFilt - ok

13:50:41.0398 2496 LMouKE (2a3e4db78b20b2cd2c548a48a8e6b1b7) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys

13:50:41.0398 2496 LMouKE - ok

13:50:41.0476 2496 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

13:50:41.0476 2496 mnmdd - ok

13:50:41.0570 2496 Modem (8c0f9f5a284b1db052c31ed629c2a5c3) C:\WINDOWS\system32\drivers\Modem.sys

13:50:41.0570 2496 Modem - ok

13:50:41.0632 2496 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

13:50:41.0632 2496 MODEMCSA - ok

13:50:41.0695 2496 Mouclass (06515a5d8482b44e55bab35981888a0e) C:\WINDOWS\system32\DRIVERS\mouclass.sys

13:50:41.0695 2496 Mouclass - ok

13:50:41.0757 2496 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

13:50:41.0773 2496 mouhid - ok

13:50:41.0820 2496 MountMgr (8b64fa7814ed005e57d43155de88398a) C:\WINDOWS\system32\drivers\MountMgr.sys

13:50:41.0820 2496 MountMgr - ok

13:50:41.0867 2496 mraid35x - ok

13:50:41.0929 2496 MRxDAV (53cb9e3b300f4ea15d5b2679b102d09f) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

13:50:41.0945 2496 MRxDAV - ok

13:50:42.0039 2496 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

13:50:42.0054 2496 MRxSmb - ok

13:50:42.0148 2496 Msfs (79e4458da04664b431e6728a18199300) C:\WINDOWS\system32\drivers\Msfs.sys

13:50:42.0148 2496 Msfs - ok

13:50:42.0226 2496 MSKSSRV (241e77138dee16d546080a794b80284b) C:\WINDOWS\system32\drivers\MSKSSRV.sys

13:50:42.0226 2496 MSKSSRV - ok

13:50:42.0289 2496 MSPCLOCK (f46de5b07ea15e0727f12eb12e710f71) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

13:50:42.0289 2496 MSPCLOCK - ok

13:50:42.0335 2496 MSPQM (c53927217ac0834dc547b396ffc495d9) C:\WINDOWS\system32\drivers\MSPQM.sys

13:50:42.0351 2496 MSPQM - ok

13:50:42.0414 2496 mssmbios (146e70915c378f02476a10bcec3a95c2) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

13:50:42.0429 2496 mssmbios - ok

13:50:42.0492 2496 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

13:50:42.0507 2496 Mup - ok

13:50:42.0570 2496 NDIS (aff1aed224d17c8bc38174ed932f68b6) C:\WINDOWS\system32\drivers\NDIS.sys

13:50:42.0585 2496 NDIS - ok

13:50:42.0664 2496 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

13:50:42.0664 2496 NdisTapi - ok

13:50:42.0710 2496 Ndisuio (077c330d7e12669d57ed16e4dfabf700) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

13:50:42.0710 2496 Ndisuio - ok

13:50:42.0773 2496 NdisWan (36a503c26f7c81fe7ce71b0b467605dd) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

13:50:42.0773 2496 NdisWan - ok

13:50:42.0851 2496 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

13:50:42.0867 2496 NDProxy - ok

13:50:42.0914 2496 NetBIOS (4977fd4bad4b94188e7b101df0e017ef) C:\WINDOWS\system32\DRIVERS\netbios.sys

13:50:42.0914 2496 NetBIOS - ok

13:50:42.0976 2496 NetBT (3294dc900631ee18c86f49e7c26e416b) C:\WINDOWS\system32\DRIVERS\netbt.sys

13:50:42.0976 2496 NetBT - ok

13:50:43.0117 2496 Npfs (bff3844722d795df4c5066aaae957ec8) C:\WINDOWS\system32\drivers\Npfs.sys

13:50:43.0117 2496 Npfs - ok

13:50:43.0210 2496 Ntfs (d7f8a3f743c54c13d78954176ad483a2) C:\WINDOWS\system32\drivers\Ntfs.sys

13:50:43.0242 2496 Ntfs - ok

13:50:43.0335 2496 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

13:50:43.0335 2496 Null - ok

13:50:43.0398 2496 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

13:50:43.0414 2496 NwlnkFlt - ok

13:50:43.0460 2496 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

13:50:43.0460 2496 NwlnkFwd - ok

13:50:43.0539 2496 Parport (9f84cffa068c474084a99bc68bf3ea63) C:\WINDOWS\system32\DRIVERS\parport.sys

13:50:43.0539 2496 Parport - ok

13:50:43.0601 2496 PartMgr (64fc948a8387d3a5fba3cdeb539b1514) C:\WINDOWS\system32\drivers\PartMgr.sys

13:50:43.0617 2496 PartMgr - ok

13:50:43.0664 2496 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

13:50:43.0664 2496 ParVdm - ok

13:50:43.0726 2496 PCI (ef6876118575c85ca4ad39ac6490656c) C:\WINDOWS\system32\DRIVERS\pci.sys

13:50:43.0742 2496 PCI - ok

13:50:43.0789 2496 PCIDump - ok

13:50:43.0851 2496 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys

13:50:43.0867 2496 PCIIde - ok

13:50:43.0929 2496 Pcmcia (c1bc00b2c7a782cf5207f1a13745ab65) C:\WINDOWS\system32\drivers\Pcmcia.sys

13:50:43.0945 2496 Pcmcia - ok

13:50:44.0023 2496 PDCOMP - ok

13:50:44.0132 2496 PDFRAME - ok

13:50:44.0179 2496 PDRELI - ok

13:50:44.0226 2496 PDRFRAME - ok

13:50:44.0273 2496 perc2 - ok

13:50:44.0320 2496 perc2hib - ok

13:50:44.0492 2496 PptpMiniport (7065eaef0b12cc5339425d575e5a71d3) C:\WINDOWS\system32\DRIVERS\raspptp.sys

13:50:44.0492 2496 PptpMiniport - ok

13:50:44.0585 2496 PQNTDrv (474543751522111dd7c0cf09e17f6d9f) C:\WINDOWS\system32\drivers\PQNTDrv.sys

13:50:44.0601 2496 PQNTDrv - ok

13:50:44.0695 2496 PSched (7c8c04b524b0823a29ee6b0818ecbbb3) C:\WINDOWS\system32\DRIVERS\psched.sys

13:50:44.0695 2496 PSched - ok

13:50:44.0773 2496 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

13:50:44.0773 2496 Ptilink - ok

13:50:44.0851 2496 pwdrvio (022542dd0026759a79df532c142e5cda) C:\WINDOWS\system32\pwdrvio.sys

13:50:44.0898 2496 pwdrvio - ok

13:50:44.0992 2496 pwdspio (a838b05740016cb7b5c2e03d63239df8) C:\WINDOWS\system32\pwdspio.sys

13:50:45.0007 2496 pwdspio - ok

13:50:45.0085 2496 ql1080 - ok

13:50:45.0148 2496 Ql10wnt - ok

13:50:45.0195 2496 ql12160 - ok

13:50:45.0242 2496 ql1240 - ok

13:50:45.0289 2496 ql1280 - ok

13:50:45.0351 2496 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

13:50:45.0351 2496 RasAcd - ok

13:50:45.0445 2496 Rasl2tp (1d0743f4b97fd729511ad5022e0bcbc1) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

13:50:45.0445 2496 Rasl2tp - ok

13:50:45.0507 2496 RasPppoe (04a17ced474f4444d6eff7a1ba169a2e) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

13:50:45.0507 2496 RasPppoe - ok

13:50:45.0570 2496 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

13:50:45.0570 2496 Raspti - ok

13:50:45.0648 2496 Rdbss (d2fd6bd47a5ad252745c96b61b55d7be) C:\WINDOWS\system32\DRIVERS\rdbss.sys

13:50:45.0648 2496 Rdbss - ok

13:50:45.0710 2496 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

13:50:45.0710 2496 RDPCDD - ok

13:50:45.0789 2496 rdpdr (00f5b19217f0ea9a513789dd8214c79b) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

13:50:45.0804 2496 rdpdr - ok

13:50:45.0898 2496 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

13:50:45.0898 2496 RDPWD - ok

13:50:45.0976 2496 redbook (bf1bfdad19fd920cc0856886ce91b208) C:\WINDOWS\system32\DRIVERS\redbook.sys

13:50:45.0992 2496 redbook - ok

13:50:46.0148 2496 SASDIFSV (5bf35c4ea3f00fa8d3f1e5bf03d24584) E:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

13:50:46.0148 2496 SASDIFSV - ok

13:50:46.0179 2496 SASENUM (a22f08c98ac2f44587bf3a1fb52bf8cd) E:\Program Files\SUPERAntiSpyware\SASENUM.SYS

13:50:46.0179 2496 SASENUM - ok

13:50:46.0210 2496 SASKUTIL (c7d81c10d3befeee41f3408714637438) E:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

13:50:46.0210 2496 SASKUTIL - ok

13:50:46.0304 2496 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

13:50:46.0320 2496 Secdrv - ok

13:50:46.0382 2496 serenum (19f5a2b382c281ea02525566e8fe6980) C:\WINDOWS\system32\DRIVERS\serenum.sys

13:50:46.0414 2496 serenum - ok

13:50:46.0460 2496 Serial (3dae0c3747f4065d18617ca36f63f104) C:\WINDOWS\system32\DRIVERS\serial.sys

13:50:46.0460 2496 Serial - ok

13:50:46.0554 2496 Sfloppy (0e0d508c42ed31e0ce4877bcbd1dac7e) C:\WINDOWS\system32\drivers\Sfloppy.sys

13:50:46.0570 2496 Sfloppy - ok

13:50:46.0648 2496 Simbad - ok

13:50:46.0757 2496 smwdm (70b8dd8707dbf6142530c106365df67d) C:\WINDOWS\system32\drivers\smwdm.sys

13:50:46.0789 2496 smwdm - ok

13:50:46.0882 2496 snapman380 (5ce1cf27620b144e212d407cdb14d339) C:\WINDOWS\system32\DRIVERS\snman380.sys

13:50:46.0882 2496 snapman380 - ok

13:50:46.0929 2496 Sparrow - ok

13:50:46.0992 2496 splitter (d15d4f064889adae4ef9a44797361a95) C:\WINDOWS\system32\drivers\splitter.sys

13:50:46.0992 2496 splitter - ok

13:50:47.0070 2496 sr (b0a078e4f5c4b11ddca9fe48e860687f) C:\WINDOWS\system32\DRIVERS\sr.sys

13:50:47.0070 2496 sr - ok

13:50:47.0179 2496 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

13:50:47.0195 2496 Srv - ok

13:50:47.0273 2496 swenum (52ca69522d2780008679f486ff2d16a9) C:\WINDOWS\system32\DRIVERS\swenum.sys

13:50:47.0289 2496 swenum - ok

13:50:47.0335 2496 swmidi (d9f7f799db20ce348d2c7f374aae5133) C:\WINDOWS\system32\drivers\swmidi.sys

13:50:47.0335 2496 swmidi - ok

13:50:47.0414 2496 symc810 - ok

13:50:47.0460 2496 symc8xx - ok

13:50:47.0507 2496 sym_hi - ok

13:50:47.0554 2496 sym_u3 - ok

13:50:47.0601 2496 sysaudio (ac17b7e3da6fc911466962bbe1596239) C:\WINDOWS\system32\drivers\sysaudio.sys

13:50:47.0617 2496 sysaudio - ok

13:50:47.0726 2496 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

13:50:47.0757 2496 Tcpip - ok

13:50:47.0820 2496 TDPIPE (acbb991ba7710ca13e3f7c581365eec0) C:\WINDOWS\system32\drivers\TDPIPE.sys

13:50:47.0820 2496 TDPIPE - ok

13:50:47.0945 2496 tdrpman174 (d953f161177dab3c8440844a9ab6e5a2) C:\WINDOWS\system32\DRIVERS\tdrpm174.sys

13:50:47.0992 2496 tdrpman174 - ok

13:50:48.0054 2496 TDTCP (b4b829f1accaa80686a9f9264f2050d0) C:\WINDOWS\system32\drivers\TDTCP.sys

13:50:48.0054 2496 TDTCP - ok

13:50:48.0132 2496 TermDD (9357984830dc4f40c3c82489b56ec95b) C:\WINDOWS\system32\DRIVERS\termdd.sys

13:50:48.0132 2496 TermDD - ok

13:50:48.0210 2496 tifsfilter (6dcb8ddb481cd3c40fa68593723b4d89) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys

13:50:48.0226 2496 tifsfilter - ok

13:50:48.0304 2496 timounter (394fc70b88b7958fa85798bbc76d140a) C:\WINDOWS\system32\DRIVERS\timntr.sys

13:50:48.0335 2496 timounter - ok

13:50:48.0398 2496 TosIde - ok

13:50:48.0492 2496 Udfs (007c5857eca3624845005d800986e400) C:\WINDOWS\system32\drivers\Udfs.sys

13:50:48.0492 2496 Udfs - ok

13:50:48.0539 2496 ultra - ok

13:50:48.0601 2496 Update (4b633414b8231060c8ceac4575fcb00e) C:\WINDOWS\system32\DRIVERS\update.sys

13:50:48.0617 2496 Update - ok

13:50:48.0726 2496 usbccgp (7d9ac2328255cb506a9b74fdf2977ce1) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

13:50:48.0742 2496 usbccgp - ok

13:50:48.0804 2496 usbehci (8e9d9764dd8030160fc42e183001113d) C:\WINDOWS\system32\DRIVERS\usbehci.sys

13:50:48.0804 2496 usbehci - ok

13:50:48.0867 2496 usbhub (32889e8b3bb890d5dbcdf866598a2b45) C:\WINDOWS\system32\DRIVERS\usbhub.sys

13:50:48.0882 2496 usbhub - ok

13:50:48.0945 2496 usbprint (0c92e95006b083ba25c0e805e6e7b1d6) C:\WINDOWS\system32\DRIVERS\usbprint.sys

13:50:48.0960 2496 usbprint - ok

13:50:49.0085 2496 usbscan (bd381322d0db6d18f42c0df992e8a7cb) C:\WINDOWS\system32\DRIVERS\usbscan.sys

13:50:49.0085 2496 usbscan - ok

13:50:49.0132 2496 usbstor (4c11e52f58b8f691099f9c1b0432a6a6) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

13:50:49.0148 2496 usbstor - ok

13:50:49.0226 2496 usbuhci (b4fbc865ce1311f671c18388df73eb80) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

13:50:49.0226 2496 usbuhci - ok

13:50:49.0273 2496 VgaSave (27573609ed1a48065a7174fa6b7f36e5) C:\WINDOWS\System32\drivers\vga.sys

13:50:49.0273 2496 VgaSave - ok

13:50:49.0320 2496 ViaIde - ok

13:50:49.0382 2496 VolSnap (999a7ab63b8f364f4df130d48ba7e972) C:\WINDOWS\system32\drivers\VolSnap.sys

13:50:49.0398 2496 VolSnap - ok

13:50:49.0507 2496 Wanarp (4d91cdfecb032a34c550080b62720e15) C:\WINDOWS\system32\DRIVERS\wanarp.sys

13:50:49.0507 2496 Wanarp - ok

13:50:49.0601 2496 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

13:50:49.0617 2496 Wdf01000 - ok

13:50:49.0679 2496 WDICA - ok

13:50:49.0757 2496 wdmaud (971260ff2bdf0371c11e811fa9c64bd8) C:\WINDOWS\system32\drivers\wdmaud.sys

13:50:49.0757 2496 wdmaud - ok

13:50:50.0023 2496 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

13:50:50.0023 2496 WudfPf - ok

13:50:50.0085 2496 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

13:50:50.0085 2496 WudfRd - ok

13:50:50.0164 2496 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

13:50:50.0351 2496 \Device\Harddisk0\DR0 - ok

13:50:50.0367 2496 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

13:50:50.0382 2496 \Device\Harddisk1\DR1 - ok

13:50:50.0398 2496 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR11

13:50:50.0414 2496 \Device\Harddisk2\DR11 - ok

13:50:50.0429 2496 Boot (0x1200) (a93d6e9d891f9cf604bab6fef43c0f3b) \Device\Harddisk0\DR0\Partition0

13:50:50.0429 2496 \Device\Harddisk0\DR0\Partition0 - ok

13:50:50.0460 2496 Boot (0x1200) (95f3c4bffc62c7d3c1c3b6eb16a05ee5) \Device\Harddisk0\DR0\Partition1

13:50:50.0460 2496 \Device\Harddisk0\DR0\Partition1 - ok

13:50:50.0492 2496 Boot (0x1200) (f2b0ba1b4ca112ad51006e136643b65e) \Device\Harddisk0\DR0\Partition2

13:50:50.0492 2496 \Device\Harddisk0\DR0\Partition2 - ok

13:50:50.0523 2496 Boot (0x1200) (47fa8a9fee2dcfe01f0387ccaaf9ea56) \Device\Harddisk0\DR0\Partition3

13:50:50.0523 2496 \Device\Harddisk0\DR0\Partition3 - ok

13:50:50.0539 2496 Boot (0x1200) (d17391afdb7cffd0e176864eb35df1ef) \Device\Harddisk1\DR1\Partition0

13:50:50.0554 2496 \Device\Harddisk1\DR1\Partition0 - ok

13:50:50.0570 2496 Boot (0x1200) (a41a22c57026c618c9d80a33ecabdd3c) \Device\Harddisk1\DR1\Partition1

13:50:50.0570 2496 \Device\Harddisk1\DR1\Partition1 - ok

13:50:50.0585 2496 Boot (0x1200) (1cd47d6506d8a29a525c9a098d2a430a) \Device\Harddisk1\DR1\Partition2

13:50:50.0585 2496 \Device\Harddisk1\DR1\Partition2 - ok

13:50:50.0601 2496 Boot (0x1200) (aa288ca921c391538793af9fd326fc48) \Device\Harddisk1\DR1\Partition3

13:50:50.0617 2496 \Device\Harddisk1\DR1\Partition3 - ok

13:50:50.0632 2496 Boot (0x1200) (d896d4dd4054c04aaeb02af0366e0429) \Device\Harddisk1\DR1\Partition4

13:50:50.0648 2496 \Device\Harddisk1\DR1\Partition4 - ok

13:50:50.0664 2496 Boot (0x1200) (e0455fa8c68baa057ea7126b879627bd) \Device\Harddisk2\DR11\Partition0

13:50:50.0664 2496 \Device\Harddisk2\DR11\Partition0 - ok

13:50:50.0679 2496 ============================================================

13:50:50.0679 2496 Scan finished

13:50:50.0679 2496 ============================================================

13:50:50.0726 2820 Detected object count: 0

13:50:50.0726 2820 Actual detected object count: 0

ComboFix 11-12-28.03 - Bill 12/28/2011 14:11:10.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1034 [GMT -5:00]

Running from: c:\documents and settings\Bill\Desktop\ComboFix.exe

AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-28 )))))))))))))))))))))))))))))))

.

.

2011-12-28 19:06 . 2011-12-28 19:09 -------- d-----w- C:\32788R22FWJFW

2011-12-22 15:49 . 2011-12-22 15:56 -------- d-----w- c:\program files\Ultimate Defrag

2011-12-14 16:32 . 2011-12-14 16:32 -------- d-----w- c:\documents and settings\Bill\Application Data\Malwarebytes

2011-12-14 16:31 . 2011-12-14 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-12-14 16:30 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-08 21:17 . 2011-12-08 21:17 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2011-12-08 14:20 . 2011-12-08 14:20 -------- d-----w- c:\documents and settings\Bill\Application Data\Panasonic

2011-12-07 21:14 . 2011-12-07 21:14 -------- d-----w- c:\documents and settings\Bill\Application Data\SUPERAntiSpyware.com

2011-12-07 16:22 . 2011-12-07 16:22 -------- d-----w- c:\documents and settings\Bill\Local Settings\Application Data\Supremus Corporation

2011-12-06 00:25 . 2011-12-06 00:27 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe

2011-12-06 00:22 . 2011-12-06 00:22 -------- d-----w- c:\documents and settings\Bill\Local Settings\Application Data\Help

2011-12-05 23:56 . 2011-12-05 23:56 -------- d-----w- c:\documents and settings\Bill\Application Data\Windows Search

2011-12-05 23:36 . 2011-08-17 21:32 468480 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2011-12-05 23:36 . 2011-08-17 21:32 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll

2011-12-05 23:36 . 2011-08-17 21:32 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll

2011-12-05 23:36 . 2011-08-17 21:32 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2011-12-05 23:36 . 2011-08-17 21:32 63488 -c----w- c:\windows\system32\dllcache\icardie.dll

2011-12-05 23:36 . 2011-08-17 12:21 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe

2011-12-05 23:36 . 2010-07-05 20:32 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat

2011-12-05 23:36 . 2011-08-17 21:32 6076416 -c----w- c:\windows\system32\dllcache\ieframe.dll

2011-12-05 23:24 . 2011-12-05 23:24 -------- d-----w- c:\windows\ServicePackFiles

2011-12-05 23:11 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-12-05 23:11 . 2011-12-05 23:11 -------- d-----w- c:\program files\UPHClean

2011-12-05 23:06 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2011-12-05 23:05 . 2010-05-06 17:17 21496 ----a-w- c:\windows\system32\wucltui.dll.mui

2011-12-05 23:05 . 2010-05-06 17:17 44536 ----a-w- c:\windows\system32\wups2.dll

2011-12-05 23:05 . 2010-05-06 17:17 17400 ----a-w- c:\windows\system32\wuaueng.dll.mui

2011-12-05 23:05 . 2010-05-06 17:17 14840 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2011-12-05 23:05 . 2010-05-06 17:17 14840 ----a-w- c:\windows\system32\wuapi.dll.mui

2011-12-05 22:59 . 2009-11-27 17:11 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll

2011-12-05 22:58 . 2009-11-27 16:07 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll

2011-12-05 22:58 . 2009-11-27 16:07 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll

2011-12-05 22:54 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys

2011-12-05 22:50 . 2009-09-06 07:09 126976 -c----w- c:\windows\system32\dllcache\ftpsvc2.dll

2011-12-05 22:42 . 2010-12-09 13:42 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2011-12-05 22:42 . 2010-12-09 13:38 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2011-12-05 22:42 . 2010-12-09 13:07 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2011-12-05 22:40 . 2008-09-30 06:19 57344 -c----w- c:\windows\system32\dllcache\uexfat.dll

2011-12-05 22:40 . 2008-09-30 06:19 57344 ------w- c:\windows\system32\uexfat.dll

2011-12-05 22:40 . 2008-09-29 10:21 133632 -c----w- c:\windows\system32\dllcache\exfat.sys

2011-12-05 22:40 . 2008-09-29 10:21 133632 ------w- c:\windows\system32\drivers\exfat.sys

2011-12-05 22:39 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2011-12-05 22:37 . 2008-05-02 13:25 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll

2011-12-05 22:37 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll

2011-12-05 22:37 . 2008-05-02 13:25 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll

2011-12-05 22:37 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll

2011-12-05 22:37 . 2008-05-02 10:49 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys

2011-12-05 22:36 . 2011-12-08 14:51 -------- d-----w- c:\program files\Windows Desktop Search

2011-12-05 22:34 . 2011-12-05 22:34 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

2011-12-05 22:33 . 2004-09-12 14:17 61440 ----a-w- c:\windows\ContextMenuExt.dll

2011-12-05 22:18 . 2007-07-10 18:27 10752 ----a-w- c:\windows\system32\aamd532.dll

2011-12-05 22:18 . 2004-04-26 03:39 53248 ----a-w- c:\windows\system32\SSUBTMR6.DLL

2011-12-05 05:20 . 2011-12-05 05:20 -------- d-----w- c:\documents and settings\Bill\Application Data\pokerth

2011-12-04 05:40 . 2011-12-04 05:40 -------- d-----w- C:\CRIBBAGE

2011-12-03 21:23 . 2011-12-03 21:23 -------- d-----w- c:\program files\Common Files\Java

2011-12-03 15:37 . 2011-12-03 15:37 -------- d-----w- c:\program files\Hewlett-Packard

2011-12-03 15:37 . 2011-12-03 15:37 82380 ----a-w- c:\windows\system32\drivers\AFS2K.SYS

2011-12-03 15:25 . 2011-12-03 15:25 -------- d-----w- c:\windows\system32\NtmsData

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-16 17:44 . 2011-07-24 22:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-28 18:01 . 2010-11-04 20:20 41184 ----a-w- c:\windows\avastSS.scr

2011-11-28 18:01 . 2010-02-03 16:43 199816 ----a-w- c:\windows\system32\aswBoot.exe

2011-11-28 17:54 . 2010-02-03 16:43 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys

2011-11-28 17:53 . 2010-02-03 16:43 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-11-28 17:53 . 2010-02-03 16:43 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-11-28 17:53 . 2010-02-03 16:43 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2011-11-28 17:52 . 2010-02-03 16:43 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-11-28 17:52 . 2010-02-03 16:43 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-11-28 17:52 . 2010-02-03 16:43 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-11-28 17:51 . 2010-02-03 16:43 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-11-28 17:51 . 2010-02-03 16:43 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-11-28 17:48 . 2010-02-03 16:43 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-10-10 14:22 . 2009-11-30 19:49 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-03 10:06 . 2010-05-01 14:58 472808 -c--a-w- c:\windows\system32\deployJava1.dll

2011-10-03 07:37 . 2009-11-30 22:06 73728 ----a-w- c:\windows\system32\javacpl.cpl

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-04-13 . 909BD95DDDA5AE308DD365EA6EDF2262 . 1614848 . . [5.1.2600.5508] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((( SnapShot@2011-12-23_15.59.15 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-12-28 18:12 . 2011-12-28 18:12 16384 c:\windows\Temp\Perflib_Perfdata_220.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 122512 ----a-w- e:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"True Transparency"="c:\program files\Utilities\True Transparency\TrueTransparency.exe" [2007-10-28 133120]

"hddhealth"="e:\utilities\HDD Health\hddhealth.exe" [2008-06-15 1692672]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-05-25 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-05-25 126976]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]

"Tweak UI"="TWEAKUI.CPL" [2000-06-18 106544]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-01-21 4359280]

"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-01-21 960536]

"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-01-21 377232]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"True Transparency"="c:\program files\Utilities\True Transparency\TrueTransparency.exe" [2007-10-28 133120]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

hp psc 2000 Series.lnk - e:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-6 323646]

Microsoft Office.lnk - e:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

What's my computer doing.lnk - e:\program files\What's my computer doing\WhatsMyComputerDoing.exe [2011-12-15 275296]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 19:21 548352 ----a-w- e:\program files\SUPERAntiSpyware\SASWINLO.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk

backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]

2009-03-24 02:00 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]

2009-03-18 01:40 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"e:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=

"e:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=

"e:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=

.

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2/3/2010 11:43 AM 12112]

R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2/3/2010 11:43 AM 195416]

R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2/3/2010 11:43 AM 111320]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/3/2010 11:43 AM 435032]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/3/2010 11:43 AM 314456]

R1 SASDIFSV;SASDIFSV;e:\program files\SUPERAntiSpyware\sasdifsv.sys [11/23/2009 8:43 AM 9968]

R1 SASKUTIL;SASKUTIL;e:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 8:43 AM 74480]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/3/2010 11:43 AM 20568]

S2 avast! Firewall;avast! Firewall;e:\program files\Alwil Software\Avast5\afwServ.exe [2/3/2010 11:43 AM 127192]

S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [7/20/2011 3:43 PM 16456]

S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [7/20/2011 3:43 PM 11088]

S3 SASENUM;SASENUM;e:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 8:43 AM 7408]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 12948040

*Deregistered* - 12948040

*Deregistered* - uphcleanhlp

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-03 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8322926644.job

- e:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 05:52]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\Bill\Application Data\Mozilla\Firefox\Profiles\haiix58h.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-28 14:24

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600

.

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.

device: opened successfully

user: error reading MBR

kernel: MBR read successfully

user != kernel MBR !!!

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1260)

e:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(1232)

c:\windows\system32\WININET.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-12-28 14:28:31

ComboFix-quarantined-files.txt 2011-12-28 19:28

ComboFix2.txt 2011-12-23 16:03

.

Pre-Run: 10,356,797,440 bytes free

Post-Run: 10,384,093,184 bytes free

.

- - End Of File - - C7F2B787095EFB00921EA0F21F6014D4

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=1

# version=7

# IEXPLORE.EXE=7.00.6000.17103 (vista_gdr.110816-1000)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=bb4d9c0862357e498de9f43c340bf322

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-12-28 08:25:42

# local_time=2011-12-28 03:25:42 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=768 16777215 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=55583

# found=0

# cleaned=0

# scan_time=2696

This computer runs slow but more relevant is that it hangs and everything sort of freezes on the screen. I can't always close programs or turn it off the normal way. Sometimes I can play around with it and make programs or windows close. The problem is not high CPU usage. It appears that all these scans turned up nothing so maybe I need to reinstall Windows? Are there other steps to take?

Urge

Link to post
Share on other sites

  • Staff

Hi,

Malware may not necessarily be the cause here.

Click Start --> Run, enter cmd.exe, and press Enter

In the black box that appears, enter this command exactly as shown:

chkdsk>"%userprofile%\desktop\chkdsk.txt"

Press Enter.

When it finishes, open chkdsk.txt on your Desktop and post its contents here.

Next, please run the PCPitstop Full Tests here (NOT the PCMatic scan or any other scan; simply register with the box on the left and you will be taken to the Full Tests/Overdrive Test). When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.

-screen317

Link to post
Share on other sites

Hi, Sorry this took so long. Here are the results.

The type of the file system is NTFS.

Volume label is OS.

WARNING! F parameter not specified.

Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...

0 percent completed.

1 percent completed.

2 percent completed.

3 percent completed.

4 percent completed.

5 percent completed.

6 percent completed.

7 percent completed.

8 percent completed.

9 percent completed.

10 percent completed.

11 percent completed.

12 percent completed.

13 percent completed.

14 percent completed.

15 percent completed.

16 percent completed.

17 percent completed.

18 percent completed.

19 percent completed.

20 percent completed.

21 percent completed.

22 percent completed.

23 percent completed.

24 percent completed.

25 percent completed.

26 percent completed.

27 percent completed.

28 percent completed.

29 percent completed.

30 percent completed.

31 percent completed.

32 percent completed.

33 percent completed.

34 percent completed.

35 percent completed.

36 percent completed.

37 percent completed.

38 percent completed.

39 percent completed.

40 percent completed.

41 percent completed.

42 percent completed.

43 percent completed.

44 percent completed.

45 percent completed.

46 percent completed.

47 percent completed.

48 percent completed.

49 percent completed.

50 percent completed.

51 percent completed.

52 percent completed.

53 percent completed.

54 percent completed.

55 percent completed.

56 percent completed.

57 percent completed.

58 percent completed.

59 percent completed.

60 percent completed.

61 percent completed.

62 percent completed.

63 percent completed.

64 percent completed.

65 percent completed.

66 percent completed.

67 percent completed.

68 percent completed.

69 percent completed.

70 percent completed.

71 percent completed.

72 percent completed.

73 percent completed.

74 percent completed.

75 percent completed.

76 percent completed.

77 percent completed.

78 percent completed.

79 percent completed.

80 percent completed.

81 percent completed.

82 percent completed.

83 percent completed.

84 percent completed.

85 percent completed.

86 percent completed.

87 percent completed.

88 percent completed.

89 percent completed.

90 percent completed.

91 percent completed.

92 percent completed.

93 percent completed.

94 percent completed.

95 percent completed.

96 percent completed.

97 percent completed.

98 percent completed.

99 percent completed.

100 percent completed.

File verification completed.

CHKDSK is verifying indexes (stage 2 of 3)...

0 percent completed.

1 percent completed.

2 percent completed.

3 percent completed.

4 percent completed.

5 percent completed.

6 percent completed.

7 percent completed.

8 percent completed.

9 percent completed.

10 percent completed.

11 percent completed.

12 percent completed.

13 percent completed.

14 percent completed.

15 percent completed.

16 percent completed.

17 percent completed.

18 percent completed.

19 percent completed.

20 percent completed.

21 percent completed.

22 percent completed.

23 percent completed.

24 percent completed.

25 percent completed.

26 percent completed.

27 percent completed.

28 percent completed.

29 percent completed.

30 percent completed.

31 percent completed.

32 percent completed.

33 percent completed.

34 percent completed.

35 percent completed.

36 percent completed.

37 percent completed.

38 percent completed.

39 percent completed.

40 percent completed.

41 percent completed.

42 percent completed.

43 percent completed.

44 percent completed.

45 percent completed.

46 percent completed.

47 percent completed.

48 percent completed.

49 percent completed.

50 percent completed.

51 percent completed.

52 percent completed.

53 percent completed.

54 percent completed.

55 percent completed.

56 percent completed.

57 percent completed.

58 percent completed.

59 percent completed.

60 percent completed.

61 percent completed.

62 percent completed.

63 percent completed.

64 percent completed.

65 percent completed.

66 percent completed.

67 percent completed.

68 percent completed.

69 percent completed.

70 percent completed.

71 percent completed.

72 percent completed.

73 percent completed.

74 percent completed.

75 percent completed.

76 percent completed.

77 percent completed.

78 percent completed.

79 percent completed.

80 percent completed.

81 percent completed.

82 percent completed.

83 percent completed.

84 percent completed.

85 percent completed.

86 percent completed.

87 percent completed.

88 percent completed.

89 percent completed.

90 percent completed.

91 percent completed.

92 percent completed.

93 percent completed.

94 percent completed.

95 percent completed.

96 percent completed.

97 percent completed.

98 percent completed.

99 percent completed.

100 percent completed.

Index verification completed.

CHKDSK is verifying security descriptors (stage 3 of 3)...

0 percent completed.

1 percent completed.

2 percent completed.

3 percent completed.

4 percent completed.

5 percent completed.

6 percent completed.

7 percent completed.

8 percent completed.

9 percent completed.

10 percent completed.

11 percent completed.

12 percent completed.

13 percent completed.

14 percent completed.

15 percent completed.

16 percent completed.

17 percent completed.

18 percent completed.

19 percent completed.

20 percent completed.

21 percent completed.

22 percent completed.

23 percent completed.

24 percent completed.

25 percent completed.

26 percent completed.

27 percent completed.

28 percent completed.

29 percent completed.

30 percent completed.

31 percent completed.

32 percent completed.

33 percent completed.

34 percent completed.

35 percent completed.

36 percent completed.

37 percent completed.

38 percent completed.

39 percent completed.

40 percent completed.

41 percent completed.

42 percent completed.

43 percent completed.

44 percent completed.

45 percent completed.

46 percent completed.

47 percent completed.

48 percent completed.

49 percent completed.

50 percent completed.

51 percent completed.

52 percent completed.

53 percent completed.

54 percent completed.

55 percent completed.

56 percent completed.

57 percent completed.

58 percent completed.

59 percent completed.

60 percent completed.

61 percent completed.

62 percent completed.

63 percent completed.

64 percent completed.

65 percent completed.

66 percent completed.

67 percent completed.

68 percent completed.

69 percent completed.

70 percent completed.

71 percent completed.

72 percent completed.

73 percent completed.

74 percent completed.

75 percent completed.

76 percent completed.

77 percent completed.

78 percent completed.

79 percent completed.

80 percent completed.

81 percent completed.

82 percent completed.

83 percent completed.

84 percent completed.

85 percent completed.

86 percent completed.

87 percent completed.

88 percent completed.

89 percent completed.

90 percent completed.

91 percent completed.

92 percent completed.

93 percent completed.

94 percent completed.

95 percent completed.

96 percent completed.

97 percent completed.

98 percent completed.

99 percent completed.

100 percent completed.

Security descriptor verification completed.

CHKDSK is verifying Usn Journal...

Usn Journal verification completed.

CHKDSK discovered free space marked as allocated in the volume bitmap.

Windows found problems with the file system.

Run CHKDSK with the /F (fix) option to correct these.

15374172 KB total disk space.

5601744 KB in 64520 files.

21628 KB in 7793 indexes.

0 KB in bad sectors.

172892 KB in use by the system.

65536 KB occupied by the log file.

9577908 KB available on disk.

4096 bytes in each allocation unit.

3843543 total allocation units on disk.

2394477 allocation units available on disk.

My link

I couldn't do the speed tests because the PCPitstop program kept trying to install Flash Player 11 even after I installed it successfully outside of the test. It didn't matter if I said yes or no. I looked thru the troubleshooting section of the pitstop tests but didn't see anything that might help. I should probably run CHKDSK with the /F option but I'll wait until you respond.

Urge

Link to post
Share on other sites

I ran chkdsk /r. Here are the results:

Event Type: Information

Event Source: Winlogon

Event Category: None

Event ID: 1001

Date: 1/8/2012

Time: 1:29:49 PM

User: N/A

Computer: CATWOMAN

Description:

Checking file system on C:

The type of the file system is NTFS.

Volume label is OS.

A disk check has been scheduled.

Windows will now check the disk.

Cleaning up minor inconsistencies on the drive.

Cleaning up 5 unused index entries from index $SII of file 0x9.

Cleaning up 5 unused index entries from index $SDH of file 0x9.

Cleaning up 5 unused security descriptors.

CHKDSK is verifying Usn Journal...

Usn Journal verification completed.

CHKDSK is verifying file data (stage 4 of 5)...

File data verification completed.

CHKDSK is verifying free space (stage 5 of 5)...

Free space verification is complete.

15374172 KB total disk space.

5481288 KB in 26134 files.

8788 KB in 3910 indexes.

0 KB in bad sectors.

212932 KB in use by the system.

65536 KB occupied by the log file.

9671164 KB available on disk.

4096 bytes in each allocation unit.

3843543 total allocation units on disk.

2417791 allocation units available on disk.

Internal Info:

c0 ab 01 00 68 75 00 00 c1 9e 00 00 00 00 00 00 ....hu..........

f4 00 00 00 02 00 00 00 53 03 00 00 00 00 00 00 ........S.......

06 ff 6a 03 00 00 00 00 a6 e6 7c 0f 00 00 00 00 ..j.......|.....

52 3a 66 03 00 00 00 00 1a f3 e5 f2 00 00 00 00 R:f.............

f4 6e a6 46 00 00 00 00 88 b8 e9 56 01 00 00 00 .n.F.......V....

99 9e 36 00 00 00 00 00 08 41 07 00 16 66 00 00 ..6......A...f..

00 00 00 00 00 20 8d 4e 01 00 00 00 46 0f 00 00 ..... .N....F...

Windows has finished checking your disk.

Please wait while your computer restarts.

It definitely looks like your hard drive is showing signs of failure.
I don't see that. Here is what it repaired:

Cleaning up minor inconsistencies on the drive.

Cleaning up 5 unused index entries from index $SII of file 0x9.

Cleaning up 5 unused index entries from index $SDH of file 0x9.

Cleaning up 5 unused security descriptors.

Now I don't know but these don't seem like serious issues to me. Am I wrong? I use A utility called Hard Drive Health. I have used it on multiple computers over the years and it has saved me from data loss at least twice when it alerted me to impending hard drive failure. HDD Health is showing that both of my drives are at 100%. In the past that % dropped significantly before I had any issues. I would like to hear your thoughts on this.

Urge

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

I cannot vouch for that program as I've never used it.

If you run chkdsk again (without any parameters set), does it still report issues? There is a discrepancy between what it fixed, what it can fix, and what it can report.. I'm just going off of what I see here.

In my experience, the behavior you describe is indicative of a hard drive that is showing signs of failing. You are more than welcome to format the hard drive and reinstall Windows. If nothing is actually wrong with the hard drive, then the issues should go away and can be written off as some form of corruption in lieu of a hard drive health issue.

Link to post
Share on other sites

OK, I ran chkdsk again and here is the report...

Checking file system on C:

The type of the file system is NTFS.

Volume label is OS.

A disk check has been scheduled.

Windows will now check the disk.

Cleaning up minor inconsistencies on the drive.

Cleaning up 2 unused index entries from index $SII of file 0x9.

Cleaning up 2 unused index entries from index $SDH of file 0x9.

Cleaning up 2 unused security descriptors.

CHKDSK is verifying Usn Journal...

Usn Journal verification completed.

15374172 KB total disk space.

5677816 KB in 26952 files.

9116 KB in 4383 indexes.

0 KB in bad sectors.

210884 KB in use by the system.

65536 KB occupied by the log file.

9476356 KB available on disk.

4096 bytes in each allocation unit.

3843543 total allocation units on disk.

2369089 allocation units available on disk.

Internal Info:

c0 ab 01 00 73 7a 00 00 38 a5 00 00 00 00 00 00 ....sz..8.......

f7 00 00 00 02 00 00 00 51 03 00 00 00 00 00 00 ........Q.......

90 4e 5a 03 00 00 00 00 f6 62 f7 0e 00 00 00 00 .NZ......b......

06 ff 6a 03 00 00 00 00 00 00 00 00 00 00 00 00 ..j.............

00 00 00 00 00 00 00 00 2c e4 09 1d 00 00 00 00 ........,.......

99 9e 36 00 00 00 00 00 08 41 07 00 48 69 00 00 ..6......A..Hi..

00 00 00 00 00 e0 8b 5a 01 00 00 00 1f 11 00 00 .......Z........

Windows has finished checking your disk.

Please wait while your computer restarts.

There is a discrepancy between what it fixed, what it can fix, and what it can report.. I'm just going off of what I see here.

What exactly is it that you see? Where do you see a discrepancy? isn't this just a minor cleanup? I would like to thank you for your help and persistance, we have been going back and forth for a month and a half now.

Urge

Link to post
Share on other sites

  • 2 weeks later...
  • 2 months later...
  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.