Jump to content

Notebook slow not sure infected


Recommended Posts

I working on a friend's notebook who a few weeks ago found that it was very slow. She's not sure what she was doing but it just became unusable. I've run Spybot Search and Destroy which found just a batch of cookies (expected that) and MBAM didn't find anything with two scans done. I ran Hijackthis to see if someone can find what could be causing extreme slowness. Is this machine infected?

She is running Windows XP, SP3, it's updated except for the lastest IE8 security update which it cannot seem to update. She has 512 MB of memory (with a request that she add some more) but that doesn't explain the change in speed of the machine. She did download, pay for and install fixcleaner (which I never had heard of) to see if she could fix it herself.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:07:48 PM, on 11/1/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\WINDOWS\system32\mfevtps.exe

C:\Program Files\McAfee Online Backup\MOBK755backup.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\FixCleaner\FixCleaner.exe

C:\Program Files\DriverUpdate\DriverUpdate.exe

C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe

C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

C:\Program Files\Microsoft Office\Office\OSA.EXE

C:\QUICKENW\QWDLLS.EXE

C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\PROGRA~1\McAfee\MSC\McSync.exe

c:\PROGRA~1\mcafee\SITEAD~1\saUpd.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s%s

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120820092718.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [FixCleaner] C:\Program Files\FixCleaner\FixCleaner.exe -boot

O4 - HKCU\..\Run: [DriverUpdate] "C:\Program Files\DriverUpdate\DriverUpdate.exe" -boot

O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE

O4 - Global Startup: Image Transfer.lnk = ?

O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll

O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe

O23 - Service: McAfee Online Backup Service (MOBK755backup) - McAfee, Inc. - C:\Program Files\McAfee Online Backup\MOBK755backup.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: vToolbarUpdater12.1.5 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe

Attached are also the MBAM and Spybot logs from the last scans I did.

mbam-log-2012-11-01 (15-39-10).txt

SpybotSD.Report.txt

Link to post
Share on other sites

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Quit all running programs.

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

------->Your topic will be closed if you haven't replied within 3 days!<--------

Link to post
Share on other sites

As per your instructions I ran the programs and have attached the one file and posted the other two reports. Please let me know if you see anything that is affecting her machine. If not, the next step for me would be to do major testing of the memory in the machine (the present chip) and test when we get the new chip (trying to upgrade her amount of memory). Thanks again.

This is the first of the DDS files, the other one is attached as a zip file

DDS (Ver_2012-10-19.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1

Run by Owner at 12:19:47 on 2012-11-04

.

============== Running Processes ================

.

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\WINDOWS\system32\mfevtps.exe

C:\Program Files\McAfee Online Backup\MOBK755backup.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\FixCleaner\FixCleaner.exe

C:\Program Files\DriverUpdate\DriverUpdate.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe

C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

C:\Program Files\Microsoft Office\Office\OSA.EXE

C:\QUICKENW\QWDLLS.EXE

C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s%s

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120820092718.dll

BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\12.1.0.21\AVG Secure Search_toolbar.dll

BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\12.1.0.21\AVG Secure Search_toolbar.dll

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [FixCleaner] c:\program files\fixcleaner\FixCleaner.exe -boot

uRun: [DriverUpdate] "c:\program files\driverupdate\DriverUpdate.exe" -boot

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

mRun: [DeviceDiscovery] c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe

mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoThumbnailCache = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:28

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1351901225171

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{D1C23877-3C03-4FE1-B9F6-1DAEC9B9F137} : DHCPNameServer = 75.75.75.75 75.75.76.76

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.1.5\ViProtocol.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R? ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter

R? mfendisk;McAfee Core NDIS Intermediate Filter

R? mferkdet;McAfee Inc. mferkdet

R? SWDUMon;SWDUMon

S? avgtp;avgtp

S? cfwids;McAfee Inc. cfwids

S? GTIPCI21;GTIPCI21

S? McAfee SiteAdvisor Service;McAfee SiteAdvisor Service

S? McMPFSvc;McAfee Personal Firewall Service

S? McNaiAnn;McAfee VirusScan Announcer

S? McProxy;McAfee Proxy Service

S? McShield;McAfee McShield

S? mfeavfk;McAfee Inc. mfeavfk

S? mfebopk;McAfee Inc. mfebopk

S? mfefire;McAfee Firewall Core Service

S? mfefirek;McAfee Inc. mfefirek

S? mfehidk;McAfee Inc. mfehidk

S? mfendiskmp;mfendiskmp

S? mfetdi2k;McAfee Inc. mfetdi2k

S? mfevtp;McAfee Validation Trust Protection Service

S? MOBK755backup;McAfee Online Backup Service

S? MOBK755Filter;MOBK755Filter

S? mrtRate;mrtRate

S? vToolbarUpdater12.1.5;vToolbarUpdater12.1.5

.

=============== Created Last 30 ================

.

2012-11-01 19:01:33 -------- d-----w- c:\program files\Trend Micro

2012-11-01 17:40:12 -------- d-----w- C:\e4dac09a09da8dc777cd5f8a4f

2012-10-31 12:21:33 -------- d-----w- c:\windows\pss

2012-10-28 12:30:02 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes

2012-10-28 12:28:17 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-10-28 12:28:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-28 12:28:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-10-27 22:55:08 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-10-27 20:09:02 -------- d-----w- C:\483f5c0d14c4ee7828

2012-10-27 19:45:44 -------- d-----w- c:\windows\system32\XPSViewer

2012-10-27 19:36:47 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

2012-10-27 19:29:51 117760 ------w- c:\windows\system32\prntvpt.dll

2012-10-27 19:29:50 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2012-10-27 19:29:49 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2012-10-27 19:29:49 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2012-10-27 19:29:46 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2012-10-27 19:29:46 575488 ------w- c:\windows\system32\xpsshhdr.dll

2012-10-27 19:29:38 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2012-10-27 19:29:38 1676288 ------w- c:\windows\system32\xpssvcs.dll

2012-10-27 19:29:21 -------- d-----w- C:\0a8481c6362fa3ca3c55a6

2012-10-27 18:15:35 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)

2012-10-27 18:15:35 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)

2012-10-27 18:15:35 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)

2012-10-27 18:15:35 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)

2012-10-27 18:15:35 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2012-10-23 13:46:00 3993600 ----a-w- c:\program files\GUT9.tmp

2012-10-23 13:46:00 -------- d-----w- c:\program files\GUM8.tmp

2012-10-23 13:07:42 -------- d-----w- c:\documents and settings\owner\local settings\application data\Real

2012-10-23 13:01:54 -------- d-----w- c:\program files\common files\xing shared

2012-10-23 12:36:04 -------- d-----w- c:\program files\The Weather Channel FW

2012-10-23 12:33:58 -------- d-----w- c:\documents and settings\owner\local settings\application data\The Weather Channel

2012-10-22 19:54:07 -------- d-----w- c:\documents and settings\owner\local settings\application data\Google

2012-10-22 19:53:29 4096000 ----a-w- c:\program files\GUT43.tmp

2012-10-22 19:53:29 -------- d-----w- c:\program files\GUM42.tmp

2012-10-12 23:26:00 96224 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe

2012-10-12 23:26:00 157272 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe

2012-10-12 23:25:29 29312 ----a-w- c:\program files\mozilla firefox\ScriptFF.dll

.

==================== Find3M ====================

.

2012-11-04 17:02:00 13024 ----a-w- c:\windows\system32\drivers\SWDUMon.sys

2012-11-01 18:20:14 13024 ----a-w- c:\windows\system32\drivers\SETE.tmp

2012-10-23 12:56:01 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-10-23 12:55:58 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-08-21 13:29:19 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-21 12:58:06 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-08-18 21:41:38 143872 ----a-w- c:\windows\system32\javacpl.cpl

.

============= FINISH: 12:26:16.54 ===============

This one is the roguekiller report:

RogueKiller V8.2.2 [11/03/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo...13-roguekiller/

Website: http://tigzy.geeksto...roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Owner [Admin rights]

Mode : Scan -- Date : 11/04/2012 12:49:35

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] for susan's machine - RogueKiller.exe -- C:\Documents and Settings\Owner\Desktop\run on Susan's machine\for susan's machine - RogueKiller.exe -> KILLED [TermThr]

¤¤¤ Registry Entries : 1 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK8025GAS +++++

--- User ---

[MBR] 7b1c534463396aa2733efab8aabee4ff

[bSP] 7166e01b0afeb0f73e9ab91b34015cd2 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_11042012_02d1249.txt >>

RKreport[1]_S_11042012_02d1249.txt

attach.zip

Link to post
Share on other sites

Not much showing but lets run some scans.......

Please read the directions carefully so you don't end up deleting something that is good!!

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    clip.jpg
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

MrC

Link to post
Share on other sites

Here are the two logs from TDSSKiller being run. Thanks for your help.

First one:

13:33:21.0468 2620 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

13:33:23.0500 2620 ============================================================

13:33:23.0500 2620 Current date / time: 2012/11/04 13:33:23.0500

13:33:23.0500 2620 SystemInfo:

13:33:23.0500 2620

13:33:23.0500 2620 OS Version: 5.1.2600 ServicePack: 3.0

13:33:23.0500 2620 Product type: Workstation

13:33:23.0500 2620 ComputerName: OWNER-4D0C6BC69

13:33:23.0500 2620 UserName: Owner

13:33:23.0500 2620 Windows directory: C:\WINDOWS

13:33:23.0500 2620 System windows directory: C:\WINDOWS

13:33:23.0500 2620 Processor architecture: Intel x86

13:33:23.0500 2620 Number of processors: 1

13:33:23.0500 2620 Page size: 0x1000

13:33:23.0500 2620 Boot type: Normal boot

13:33:23.0500 2620 ============================================================

13:33:31.0734 2620 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054

13:33:31.0859 2620 ============================================================

13:33:31.0859 2620 \Device\Harddisk0\DR0:

13:33:33.0000 2620 MBR partitions:

13:33:33.0000 2620 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1

13:33:33.0000 2620 ============================================================

13:33:39.0187 2620 C: <-> \Device\Harddisk0\DR0\Partition1

13:33:39.0187 2620 ============================================================

13:33:39.0187 2620 Initialize success

13:33:39.0187 2620 ============================================================

13:33:53.0625 1632 Deinitialize success

second one:

13:41:26.0968 1992 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

13:41:28.0968 1992 ============================================================

13:41:28.0968 1992 Current date / time: 2012/11/04 13:41:28.0968

13:41:28.0968 1992 SystemInfo:

13:41:28.0968 1992

13:41:28.0968 1992 OS Version: 5.1.2600 ServicePack: 3.0

13:41:28.0968 1992 Product type: Workstation

13:41:28.0968 1992 ComputerName: OWNER-4D0C6BC69

13:41:28.0968 1992 UserName: Owner

13:41:28.0968 1992 Windows directory: C:\WINDOWS

13:41:28.0968 1992 System windows directory: C:\WINDOWS

13:41:28.0968 1992 Processor architecture: Intel x86

13:41:28.0968 1992 Number of processors: 1

13:41:28.0968 1992 Page size: 0x1000

13:41:28.0968 1992 Boot type: Normal boot

13:41:28.0968 1992 ============================================================

13:41:48.0781 1992 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054

13:41:49.0015 1992 ============================================================

13:41:49.0015 1992 \Device\Harddisk0\DR0:

13:41:49.0156 1992 MBR partitions:

13:41:49.0156 1992 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1

13:41:49.0156 1992 ============================================================

13:41:50.0593 1992 C: <-> \Device\Harddisk0\DR0\Partition1

13:41:50.0656 1992 ============================================================

13:41:50.0656 1992 Initialize success

13:41:50.0656 1992 ============================================================

13:47:11.0859 2064 ============================================================

13:47:11.0859 2064 Scan started

13:47:11.0859 2064 Mode: Manual; SigCheck; TDLFS;

13:47:11.0859 2064 ============================================================

13:47:16.0468 2064 ================ Scan system memory ========================

13:47:16.0468 2064 System memory - ok

13:47:16.0468 2064 ================ Scan services =============================

13:47:22.0296 2064 92433500 - ok

13:47:22.0406 2064 Abiosdsk - ok

13:47:22.0578 2064 abp480n5 - ok

13:47:23.0015 2064 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

13:48:39.0687 2064 ACPI - ok

13:48:54.0875 2064 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

13:48:55.0828 2064 ACPIEC - ok

13:48:58.0031 2064 [ B05F2367F62552A2DE7E3C352B7B9885 ] ADM8511 C:\WINDOWS\system32\DRIVERS\ADM8511.SYS

13:49:08.0406 2064 ADM8511 - ok

13:49:08.0421 2064 adpu160m - ok

13:49:10.0937 2064 [ AD707942E4CCB28D77CEE5ED989C9E55 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys

13:49:11.0453 2064 aeaudio - ok

13:49:12.0640 2064 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

13:49:13.0812 2064 aec - ok

13:49:16.0031 2064 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys

13:49:19.0296 2064 AFD - ok

13:49:22.0312 2064 [ 0EBB674888CBDEFD5773341C16DD6A07 ] AFS2K C:\WINDOWS\system32\drivers\AFS2K.sys

13:49:23.0343 2064 AFS2K - ok

13:49:34.0875 2064 [ 029E01CB2938BEC5AF31BF47B6AF0159 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys

13:49:42.0484 2064 AgereSoftModem - ok

13:49:42.0734 2064 Aha154x - ok

13:49:43.0281 2064 aic78u2 - ok

13:49:43.0296 2064 aic78xx - ok

13:49:45.0421 2064 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

13:49:46.0343 2064 Alerter - ok

13:49:46.0500 2064 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe

13:49:47.0562 2064 ALG - ok

13:49:47.0562 2064 AliIde - ok

13:49:47.0640 2064 amsint - ok

13:49:48.0640 2064 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

13:49:49.0671 2064 AppMgmt - ok

13:49:53.0500 2064 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys

13:49:55.0343 2064 Arp1394 - ok

13:49:55.0375 2064 asc - ok

13:49:55.0406 2064 asc3350p - ok

13:49:55.0484 2064 asc3550 - ok

13:50:56.0281 2064 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

13:51:11.0609 2064 aspnet_state - ok

13:51:15.0906 2064 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

13:52:41.0140 2064 AsyncMac - ok

13:52:43.0625 2064 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

13:52:44.0968 2064 atapi - ok

13:52:44.0984 2064 Atdisk - ok

13:52:45.0375 2064 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

13:52:46.0640 2064 Atmarpc - ok

13:52:48.0453 2064 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

13:52:49.0375 2064 AudioSrv - ok

13:52:51.0109 2064 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

13:52:52.0000 2064 audstub - ok

13:53:01.0062 2064 [ 684DE9D6E62BFB177AABED3C62FDEAB3 ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys

13:53:06.0765 2064 avgtp - ok

13:53:17.0046 2064 [ 2DC524A5D9C4879E7A7CB7100A2D36B4 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys

13:53:17.0906 2064 b57w2k - ok

13:53:20.0437 2064 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

13:53:21.0312 2064 Beep - ok

13:53:24.0546 2064 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll

13:53:31.0484 2064 BITS - ok

13:53:39.0578 2064 [ A065F048E9E23E6C026A7BB548D126A7 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

13:53:41.0687 2064 Bonjour Service - ok

13:53:42.0468 2064 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll

13:53:43.0625 2064 Browser - ok

13:53:44.0359 2064 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

13:53:44.0984 2064 cbidf2k - ok

13:53:45.0140 2064 cd20xrnt - ok

13:53:45.0765 2064 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

13:53:46.0609 2064 Cdaudio - ok

13:53:48.0093 2064 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

13:53:48.0718 2064 Cdfs - ok

13:53:49.0687 2064 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

13:53:50.0109 2064 Cdrom - ok

13:53:50.0890 2064 [ 1C7B1E36F3CED9E4B0B13385E627FE8B ] cfwids C:\WINDOWS\system32\drivers\cfwids.sys

13:53:50.0984 2064 cfwids - ok

13:53:51.0015 2064 Changer - ok

13:53:52.0312 2064 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe

13:53:53.0656 2064 CiSvc - ok

13:53:54.0140 2064 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

13:53:55.0046 2064 ClipSrv - ok

13:53:56.0718 2064 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:54:06.0796 2064 clr_optimization_v2.0.50727_32 - ok

13:54:07.0203 2064 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys

13:54:08.0953 2064 CmBatt - ok

13:54:08.0953 2064 CmdIde - ok

13:54:09.0296 2064 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys

13:54:10.0812 2064 Compbatt - ok

13:54:10.0875 2064 COMSysApp - ok

13:54:11.0906 2064 Cpqarray - ok

13:54:16.0812 2064 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

13:54:18.0000 2064 CryptSvc - ok

13:54:18.0015 2064 dac2w2k - ok

13:54:18.0187 2064 dac960nt - ok

13:54:20.0093 2064 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

13:54:23.0156 2064 DcomLaunch - ok

13:54:24.0703 2064 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

13:54:26.0171 2064 Dhcp - ok

13:54:26.0515 2064 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

13:54:27.0453 2064 Disk - ok

13:54:27.0453 2064 dmadmin - ok

13:54:34.0093 2064 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

13:54:37.0359 2064 dmboot - ok

13:54:43.0515 2064 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys

13:54:44.0703 2064 dmio - ok

13:54:46.0171 2064 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

13:54:47.0250 2064 dmload - ok

13:54:49.0406 2064 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

13:54:54.0796 2064 dmserver - ok

13:55:24.0765 2064 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

13:55:25.0703 2064 DMusic - ok

13:55:26.0906 2064 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

13:55:30.0203 2064 Dnscache - ok

13:55:33.0781 2064 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

13:55:36.0140 2064 Dot3svc - ok

13:55:36.0140 2064 dpti2o - ok

13:55:36.0343 2064 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

13:55:37.0593 2064 drmkaud - ok

13:55:38.0031 2064 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll

13:55:39.0453 2064 EapHost - ok

13:55:39.0718 2064 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll

13:55:40.0796 2064 ERSvc - ok

13:55:41.0031 2064 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe

13:55:42.0328 2064 Eventlog - ok

13:55:43.0750 2064 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll

13:55:45.0718 2064 EventSystem - ok

13:55:46.0375 2064 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

13:55:46.0765 2064 Fastfat - ok

13:55:47.0718 2064 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

13:55:48.0796 2064 FastUserSwitchingCompatibility - ok

13:55:49.0250 2064 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys

13:55:49.0937 2064 Fdc - ok

13:55:50.0218 2064 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

13:55:50.0781 2064 Fips - ok

13:55:51.0671 2064 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys

13:55:52.0281 2064 Flpydisk - ok

13:55:53.0078 2064 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys

13:55:53.0937 2064 FltMgr - ok

13:55:56.0937 2064 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

13:55:58.0203 2064 FontCache3.0.0.0 - ok

13:55:58.0875 2064 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

13:55:59.0609 2064 Fs_Rec - ok

13:56:04.0734 2064 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

13:56:05.0343 2064 Ftdisk - ok

13:56:05.0609 2064 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

13:56:05.0906 2064 GEARAspiWDM - ok

13:56:06.0234 2064 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

13:56:07.0437 2064 Gpc - ok

13:56:18.0000 2064 [ B6B1F53F585B41091EB3586F8297A379 ] GTIPCI21 C:\WINDOWS\system32\DRIVERS\gtipci21.sys

13:56:19.0109 2064 GTIPCI21 - ok

13:56:31.0062 2064 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

13:56:32.0265 2064 helpsvc - ok

13:56:32.0421 2064 HidServ - ok

13:56:43.0656 2064 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

13:56:45.0296 2064 hkmsvc - ok

13:56:45.0328 2064 hpn - ok

13:56:50.0296 2064 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

13:56:56.0484 2064 HTTP - ok

13:56:58.0718 2064 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

13:56:59.0968 2064 HTTPFilter - ok

13:56:59.0968 2064 i2omgmt - ok

13:56:59.0984 2064 i2omp - ok

13:57:07.0093 2064 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

13:57:07.0484 2064 i8042prt - ok

13:57:11.0953 2064 [ 9E52A1C2E2D7660612C52BC282259852 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

13:57:16.0718 2064 ialm - ok

13:57:19.0031 2064 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

13:57:24.0546 2064 idsvc - ok

13:57:24.0875 2064 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

13:57:25.0500 2064 Imapi - ok

13:57:25.0953 2064 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

13:57:27.0093 2064 ImapiService - ok

13:57:27.0171 2064 ini910u - ok

13:57:27.0390 2064 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys

13:57:28.0406 2064 IntelIde - ok

13:57:28.0578 2064 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

13:57:29.0625 2064 intelppm - ok

13:57:30.0609 2064 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

13:57:31.0859 2064 Ip6Fw - ok

13:57:32.0203 2064 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

13:57:33.0000 2064 IpFilterDriver - ok

13:57:33.0031 2064 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

13:57:35.0156 2064 IpInIp - ok

13:57:36.0156 2064 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

13:57:38.0171 2064 IpNat - ok

13:57:41.0578 2064 [ D8389F60EC63FB8197772349E82B5BB7 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

13:57:47.0031 2064 iPod Service - ok

13:57:47.0671 2064 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

13:57:49.0859 2064 IPSec - ok

13:57:50.0843 2064 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys

13:57:55.0890 2064 irda - ok

13:57:56.0656 2064 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

13:57:59.0281 2064 IRENUM - ok

13:57:59.0531 2064 [ 49CC4533CE897CB2E93C1E84A818FDE5 ] Irmon C:\WINDOWS\System32\irmon.dll

13:58:00.0968 2064 Irmon - ok

13:58:01.0765 2064 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

13:58:03.0078 2064 isapnp - ok

13:58:04.0000 2064 [ 4F2143570D2250CA4C4A4C98553C82CD ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

13:58:04.0281 2064 JavaQuickStarterService - ok

13:58:05.0031 2064 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

13:58:05.0453 2064 Kbdclass - ok

13:58:07.0968 2064 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

13:58:08.0703 2064 kmixer - ok

13:58:10.0265 2064 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

13:58:11.0250 2064 KSecDD - ok

13:58:12.0531 2064 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll

13:58:13.0312 2064 LanmanServer - ok

13:58:14.0718 2064 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

13:58:15.0359 2064 lanmanworkstation - ok

13:58:15.0406 2064 lbrtfdc - ok

13:58:17.0343 2064 [ 6E5DAC168D1FF9843E84A59D51D31107 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe

13:58:18.0437 2064 LightScribeService ( UnsignedFile.Multi.Generic ) - warning

13:58:19.0062 2064 LightScribeService - detected UnsignedFile.Multi.Generic (1)

13:58:32.0765 2064 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

13:58:33.0343 2064 LmHosts - ok

13:58:41.0156 2064 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

13:58:42.0187 2064 McAfee SiteAdvisor Service - ok

13:58:43.0578 2064 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McMPFSvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

13:58:43.0609 2064 McMPFSvc - ok

13:58:44.0937 2064 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] mcmscsvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

13:58:45.0125 2064 mcmscsvc - ok

13:58:45.0609 2064 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McNaiAnn C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

13:58:50.0187 2064 McNaiAnn - ok

13:58:52.0500 2064 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McNASvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

13:58:53.0468 2064 McNASvc - ok

13:58:57.0843 2064 [ B3CD9ADE1C2665124CA34125B331B0B4 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe

13:59:00.0203 2064 McODS - ok

13:59:10.0031 2064 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McProxy C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

13:59:10.0203 2064 McProxy - ok

13:59:13.0531 2064 [ 593FA4C378818ECE76BA64A11AD56CF2 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

13:59:14.0453 2064 McShield - ok

13:59:17.0703 2064 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

13:59:52.0578 2064 Messenger - ok

13:59:56.0046 2064 [ 43C31BDF404A6D7A7AC1BFD5EAD2A566 ] mfeapfk C:\WINDOWS\system32\drivers\mfeapfk.sys

13:59:56.0687 2064 mfeapfk - ok

13:59:57.0812 2064 [ C1DC5F42D3367F33B6451BE78B38BD46 ] mfeavfk C:\WINDOWS\system32\drivers\mfeavfk.sys

13:59:58.0609 2064 mfeavfk - ok

13:59:58.0687 2064 mfeavfk01 - ok

13:59:59.0546 2064 [ 0435C43F4C2BE01B84868AD2A906397B ] mfebopk C:\WINDOWS\system32\drivers\mfebopk.sys

13:59:59.0734 2064 mfebopk - ok

14:00:01.0968 2064 [ 7E1F8B1BDC8240F08BD358B3A466C005 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

14:00:06.0765 2064 mfefire - ok

14:00:08.0921 2064 [ 4EA6FF90015424517843E931448E00F1 ] mfefirek C:\WINDOWS\system32\drivers\mfefirek.sys

14:00:10.0921 2064 mfefirek - ok

14:00:18.0000 2064 [ D1E998748BA24A731106611D535C6BBF ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys

14:00:20.0265 2064 mfehidk - ok

14:00:21.0875 2064 [ 26C76D10ED650E6492800D6F081ECFBA ] mfendisk C:\WINDOWS\system32\DRIVERS\mfendisk.sys

14:00:26.0015 2064 mfendisk - ok

14:00:26.0625 2064 [ 26C76D10ED650E6492800D6F081ECFBA ] mfendiskmp C:\WINDOWS\system32\DRIVERS\mfendisk.sys

14:00:26.0687 2064 mfendiskmp - ok

14:00:27.0703 2064 [ F454A13377F0A006D20A8C14A753C432 ] mferkdet C:\WINDOWS\system32\drivers\mferkdet.sys

14:00:28.0734 2064 mferkdet - ok

14:00:29.0265 2064 [ 070D3FAF2EAC417C59D8674A8752F7A6 ] mfetdi2k C:\WINDOWS\system32\drivers\mfetdi2k.sys

14:00:29.0750 2064 mfetdi2k - ok

14:00:31.0015 2064 [ B10C4EFD40810C08F4B44DF2EFCB54F7 ] mfevtp C:\WINDOWS\system32\mfevtps.exe

14:00:34.0906 2064 mfevtp - ok

14:00:35.0125 2064 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

14:00:36.0828 2064 mnmdd - ok

14:00:37.0296 2064 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

14:00:39.0156 2064 mnmsrvc - ok

14:00:43.0218 2064 [ D691B1E7B797778DBB831FFC5CFC39F1 ] MOBK755backup C:\Program Files\McAfee Online Backup\MOBK755backup.exe

14:00:44.0250 2064 MOBK755backup - ok

14:00:44.0859 2064 [ 720F2E1759526EC6D6D95CB284CF62D9 ] MOBK755Filter C:\WINDOWS\system32\DRIVERS\MOBK755.sys

14:00:45.0843 2064 MOBK755Filter - ok

14:00:47.0828 2064 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

14:00:48.0687 2064 Modem - ok

14:00:49.0093 2064 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

14:00:55.0281 2064 Mouclass - ok

14:00:57.0937 2064 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

14:00:59.0359 2064 MountMgr - ok

14:00:59.0453 2064 mraid35x - ok

14:01:00.0250 2064 [ 6075DE2AD531F6E30C9995DFDA22001F ] mrtRate C:\WINDOWS\system32\drivers\mrtRate.sys

14:01:00.0687 2064 mrtRate ( UnsignedFile.Multi.Generic ) - warning

14:01:00.0687 2064 mrtRate - detected UnsignedFile.Multi.Generic (1)

14:01:02.0000 2064 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

14:01:03.0000 2064 MRxDAV - ok

14:01:04.0859 2064 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

14:01:08.0546 2064 MRxSmb - ok

14:01:09.0093 2064 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

14:01:17.0453 2064 MSDTC - ok

14:01:18.0109 2064 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

14:01:20.0015 2064 Msfs - ok

14:01:20.0125 2064 MSIServer - ok

14:01:20.0546 2064 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] MSK80Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

14:01:22.0890 2064 MSK80Service - ok

14:01:24.0140 2064 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

14:01:25.0718 2064 MSKSSRV - ok

14:01:26.0437 2064 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

14:01:27.0234 2064 MSPCLOCK - ok

14:01:27.0546 2064 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

14:01:33.0453 2064 MSPQM - ok

14:01:33.0656 2064 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

14:01:34.0437 2064 mssmbios - ok

14:01:35.0250 2064 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

14:01:35.0921 2064 Mup - ok

14:01:37.0078 2064 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll

14:01:38.0515 2064 napagent - ok

14:01:40.0875 2064 [ 0D01287D85B3715FA8270E8EC919B7F7 ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

14:01:46.0484 2064 NBService ( UnsignedFile.Multi.Generic ) - warning

14:01:46.0484 2064 NBService - detected UnsignedFile.Multi.Generic (1)

14:01:48.0234 2064 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

14:01:51.0062 2064 NDIS - ok

14:01:56.0546 2064 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

14:01:57.0500 2064 NdisTapi - ok

14:01:57.0828 2064 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

14:01:58.0546 2064 Ndisuio - ok

14:01:58.0968 2064 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

14:02:00.0140 2064 NdisWan - ok

14:02:00.0765 2064 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

14:02:01.0359 2064 NDProxy - ok

14:02:02.0156 2064 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

14:02:02.0937 2064 NetBIOS - ok

14:02:03.0343 2064 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

14:02:04.0187 2064 NetBT - ok

14:02:04.0718 2064 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe

14:02:05.0156 2064 NetDDE - ok

14:02:05.0437 2064 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

14:02:06.0062 2064 NetDDEdsdm - ok

14:02:06.0203 2064 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe

14:02:06.0656 2064 Netlogon - ok

14:02:07.0218 2064 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

14:02:07.0843 2064 Netman - ok

14:02:10.0296 2064 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

14:02:10.0984 2064 NetTcpPortSharing - ok

14:02:11.0187 2064 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys

14:02:11.0531 2064 NIC1394 - ok

14:02:11.0859 2064 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll

14:02:12.0328 2064 Nla - ok

14:02:13.0265 2064 [ C4EBBBD7165BE535F0BFD06B80601D91 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

14:02:13.0671 2064 NMIndexingService ( UnsignedFile.Multi.Generic ) - warning

14:02:13.0671 2064 NMIndexingService - detected UnsignedFile.Multi.Generic (1)

14:02:14.0828 2064 [ CD2FE9C33CFD0FE0AF124E05907E5C3D ] nmservice C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

14:02:16.0343 2064 nmservice - ok

14:02:16.0421 2064 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

14:02:17.0015 2064 Npfs - ok

14:02:17.0921 2064 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

14:02:19.0468 2064 Ntfs - ok

14:02:19.0515 2064 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

14:02:19.0953 2064 NtLmSsp - ok

14:02:20.0531 2064 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

14:02:21.0515 2064 NtmsSvc - ok

14:02:21.0546 2064 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

14:02:22.0031 2064 Null - ok

14:02:22.0187 2064 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

14:02:22.0390 2064 NwlnkFlt - ok

14:02:22.0406 2064 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

14:02:22.0593 2064 NwlnkFwd - ok

14:02:22.0656 2064 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys

14:02:23.0281 2064 ohci1394 - ok

14:02:23.0375 2064 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys

14:02:24.0765 2064 Parport - ok

14:02:24.0796 2064 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

14:02:25.0250 2064 PartMgr - ok

14:02:25.0468 2064 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

14:02:25.0828 2064 ParVdm - ok

14:02:26.0406 2064 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

14:02:26.0781 2064 PCI - ok

14:02:26.0781 2064 PCIDump - ok

14:02:27.0000 2064 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys

14:02:27.0593 2064 PCIIde - ok

14:02:27.0781 2064 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys

14:02:28.0109 2064 Pcmcia - ok

14:02:28.0125 2064 PDCOMP - ok

14:02:28.0171 2064 PDFRAME - ok

14:02:28.0171 2064 PDRELI - ok

14:02:28.0250 2064 PDRFRAME - ok

14:02:28.0250 2064 perc2 - ok

14:02:28.0265 2064 perc2hib - ok

14:02:28.0453 2064 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe

14:02:28.0625 2064 PlugPlay - ok

14:02:28.0781 2064 [ CE27FC8BDC54B3AC63D53E2D5F6CC929 ] pnarp C:\WINDOWS\system32\DRIVERS\pnarp.sys

14:02:28.0875 2064 pnarp - ok

14:02:28.0906 2064 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

14:02:29.0187 2064 PolicyAgent - ok

14:02:29.0312 2064 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

14:02:30.0500 2064 PptpMiniport - ok

14:02:30.0671 2064 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

14:02:31.0078 2064 ProtectedStorage - ok

14:02:31.0203 2064 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

14:02:31.0656 2064 PSched - ok

14:02:31.0796 2064 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

14:02:32.0984 2064 Ptilink - ok

14:02:33.0250 2064 [ F4FD591E86ECB6B5D000C7D6C987416B ] purendis C:\WINDOWS\system32\DRIVERS\purendis.sys

14:02:33.0671 2064 purendis - ok

14:02:33.0750 2064 ql1080 - ok

14:02:33.0890 2064 Ql10wnt - ok

14:02:33.0968 2064 ql12160 - ok

14:02:33.0984 2064 ql1240 - ok

14:02:34.0046 2064 ql1280 - ok

14:02:34.0359 2064 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

14:02:34.0703 2064 RasAcd - ok

14:02:34.0984 2064 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

14:02:35.0500 2064 RasAuto - ok

14:02:35.0656 2064 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys

14:02:36.0062 2064 Rasirda - ok

14:02:36.0109 2064 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

14:02:36.0375 2064 Rasl2tp - ok

14:02:36.0812 2064 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

14:02:37.0640 2064 RasMan - ok

14:02:37.0687 2064 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

14:02:37.0984 2064 RasPppoe - ok

14:02:38.0031 2064 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

14:02:38.0500 2064 Raspti - ok

14:02:38.0984 2064 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

14:02:39.0578 2064 Rdbss - ok

14:02:39.0734 2064 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

14:02:40.0031 2064 RDPCDD - ok

14:02:40.0671 2064 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

14:02:41.0281 2064 rdpdr - ok

14:02:41.0406 2064 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

14:02:42.0593 2064 RDPWD - ok

14:02:43.0093 2064 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

14:02:43.0593 2064 RDSessMgr - ok

14:02:43.0781 2064 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

14:02:44.0343 2064 redbook - ok

14:02:44.0468 2064 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

14:02:44.0968 2064 RemoteAccess - ok

14:02:45.0078 2064 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

14:02:45.0296 2064 RemoteRegistry - ok

14:02:45.0656 2064 [ BD517C7FB119997EFFBE39D5E4B37B05 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe

14:02:46.0031 2064 RichVideo ( UnsignedFile.Multi.Generic ) - warning

14:02:46.0031 2064 RichVideo - detected UnsignedFile.Multi.Generic (1)

14:02:46.0187 2064 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe

14:02:46.0656 2064 RpcLocator - ok

14:02:46.0984 2064 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll

14:02:47.0562 2064 RpcSs - ok

14:02:47.0656 2064 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

14:02:48.0109 2064 RSVP - ok

14:02:48.0218 2064 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe

14:02:48.0359 2064 SamSs - ok

14:02:48.0453 2064 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

14:02:49.0062 2064 SCardSvr - ok

14:02:49.0296 2064 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll

14:02:50.0468 2064 Schedule - ok

14:02:50.0531 2064 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys

14:02:50.0718 2064 sdbus - ok

14:02:50.0843 2064 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

14:02:51.0187 2064 Secdrv - ok

14:02:51.0843 2064 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

14:02:52.0171 2064 seclogon - ok

14:02:52.0468 2064 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll

14:02:53.0046 2064 SENS - ok

14:02:53.0406 2064 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys

14:02:53.0718 2064 serenum - ok

14:02:53.0781 2064 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys

14:02:54.0312 2064 Serial - ok

14:02:54.0515 2064 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

14:02:55.0328 2064 Sfloppy - ok

14:02:55.0750 2064 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

14:02:56.0750 2064 SharedAccess - ok

14:02:56.0859 2064 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

14:02:57.0234 2064 ShellHWDetection - ok

14:02:57.0250 2064 Simbad - ok

14:02:57.0343 2064 [ 707647A1AA0EDB6CBEF61B0C75C28ED3 ] SMCIRDA C:\WINDOWS\system32\DRIVERS\smcirda.sys

14:02:57.0625 2064 SMCIRDA - ok

14:02:57.0968 2064 [ 858934C454BDC6664C752BF0CD3EAEAE ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys

14:02:58.0578 2064 smwdm - ok

14:02:58.0781 2064 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

14:02:59.0484 2064 SONYPVU1 - ok

14:02:59.0890 2064 [ 3978F082274F723AD5A0A8058C2417DD ] SoundMAX Agent Service (default) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

14:03:00.0218 2064 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - warning

14:03:00.0218 2064 SoundMAX Agent Service (default) - detected UnsignedFile.Multi.Generic (1)

14:03:00.0312 2064 Sparrow - ok

14:03:00.0484 2064 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

14:03:00.0890 2064 splitter - ok

14:03:01.0187 2064 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe

14:03:01.0500 2064 Spooler - ok

14:03:01.0625 2064 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

14:03:01.0734 2064 sr - ok

14:03:01.0890 2064 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

14:03:02.0203 2064 srservice - ok

14:03:02.0406 2064 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

14:03:03.0156 2064 Srv - ok

14:03:03.0250 2064 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

14:03:03.0421 2064 SSDPSRV - ok

14:03:03.0578 2064 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

14:03:04.0093 2064 stisvc - ok

14:03:04.0140 2064 SWDUMon - ok

14:03:04.0250 2064 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

14:03:04.0625 2064 swenum - ok

14:03:04.0765 2064 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

14:03:04.0953 2064 swmidi - ok

14:03:04.0968 2064 SwPrv - ok

14:03:04.0984 2064 symc810 - ok

14:03:05.0000 2064 symc8xx - ok

14:03:05.0015 2064 sym_hi - ok

14:03:05.0031 2064 sym_u3 - ok

14:03:05.0078 2064 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

14:03:05.0281 2064 sysaudio - ok

14:03:05.0406 2064 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

14:03:05.0609 2064 SysmonLog - ok

14:03:05.0781 2064 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

14:03:06.0140 2064 TapiSrv - ok

14:03:06.0359 2064 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

14:03:07.0234 2064 Tcpip - ok

14:03:07.0375 2064 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

14:03:07.0968 2064 TDPIPE - ok

14:03:08.0046 2064 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

14:03:08.0437 2064 TDTCP - ok

14:03:08.0562 2064 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

14:03:09.0000 2064 TermDD - ok

14:03:09.0296 2064 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll

14:03:09.0968 2064 TermService - ok

14:03:10.0109 2064 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll

14:03:10.0218 2064 Themes - ok

14:03:10.0531 2064 [ 0EDC3CF7B38F4260EB006C38E4A44DE4 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys

14:03:10.0984 2064 tifm21 - ok

14:03:11.0250 2064 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

14:03:11.0640 2064 TlntSvr - ok

14:03:11.0640 2064 TosIde - ok

14:03:11.0812 2064 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll

14:03:12.0093 2064 TrkWks - ok

14:03:12.0171 2064 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

14:03:12.0562 2064 Udfs - ok

14:03:12.0578 2064 ultra - ok

14:03:12.0859 2064 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

14:03:13.0640 2064 Update - ok

14:03:13.0828 2064 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll

14:03:14.0046 2064 upnphost - ok

14:03:14.0078 2064 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe

14:03:14.0421 2064 UPS - ok

14:03:14.0421 2064 USBAAPL - ok

14:03:14.0484 2064 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

14:03:14.0671 2064 usbehci - ok

14:03:14.0718 2064 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

14:03:15.0078 2064 usbhub - ok

14:03:15.0125 2064 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

14:03:15.0312 2064 usbprint - ok

14:03:15.0390 2064 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

14:03:15.0843 2064 USBSTOR - ok

14:03:15.0937 2064 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

14:03:16.0125 2064 usbuhci - ok

14:03:16.0156 2064 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

14:03:16.0718 2064 VgaSave - ok

14:03:16.0828 2064 ViaIde - ok

14:03:17.0109 2064 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

14:03:17.0890 2064 VolSnap - ok

14:03:18.0359 2064 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe

14:03:18.0921 2064 VSS - ok

14:03:20.0312 2064 [ 3DA649C6EC481D8F36B54F33FC01DD1E ] vToolbarUpdater12.1.5 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe

14:03:26.0765 2064 vToolbarUpdater12.1.5 - ok

14:03:31.0359 2064 [ A22ABD73E0D6BA666CBA4E86EEB001B3 ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys

14:03:37.0609 2064 w29n51 - ok

14:03:38.0671 2064 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll

14:03:39.0781 2064 W32Time - ok

14:03:39.0875 2064 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

14:03:40.0625 2064 Wanarp - ok

14:03:40.0640 2064 WDICA - ok

14:03:40.0843 2064 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

14:03:41.0578 2064 wdmaud - ok

14:03:41.0656 2064 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll

14:03:42.0546 2064 WebClient - ok

14:03:43.0859 2064 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

14:03:45.0671 2064 winmgmt - ok

14:03:45.0890 2064 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

14:03:46.0640 2064 WmdmPmSN - ok

14:03:47.0625 2064 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll

14:03:49.0796 2064 Wmi - ok

14:03:49.0890 2064 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

14:03:50.0328 2064 WmiAcpi - ok

14:03:50.0687 2064 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

14:03:51.0140 2064 WmiApSrv - ok

14:03:52.0515 2064 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe

14:03:55.0562 2064 WMPNetworkSvc - ok

14:03:55.0796 2064 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll

14:03:56.0046 2064 wscsvc - ok

14:03:56.0187 2064 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll

14:03:56.0765 2064 wuauserv - ok

14:03:56.0921 2064 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys

14:03:57.0515 2064 WudfPf - ok

14:03:57.0656 2064 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys

14:03:57.0906 2064 WudfRd - ok

14:03:58.0046 2064 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll

14:03:58.0312 2064 WudfSvc - ok

14:03:58.0921 2064 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

14:04:00.0281 2064 WZCSVC - ok

14:04:00.0500 2064 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

14:04:00.0968 2064 xmlprov - ok

14:04:01.0031 2064 ================ Scan global ===============================

14:04:01.0328 2064 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

14:04:01.0796 2064 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

14:04:02.0343 2064 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

14:04:02.0437 2064 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

14:04:02.0484 2064 [Global] - ok

14:04:02.0484 2064 ================ Scan MBR ==================================

14:04:02.0593 2064 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0

14:04:30.0156 2064 \Device\Harddisk0\DR0 - ok

14:04:30.0171 2064 ================ Scan VBR ==================================

14:04:30.0171 2064 [ 1D4FE6D09E064C76594E6966429F6B87 ] \Device\Harddisk0\DR0\Partition1

14:04:30.0171 2064 \Device\Harddisk0\DR0\Partition1 - ok

14:04:30.0187 2064 ================ Scan active images ========================

14:04:30.0218 2064 ============================================================

14:04:30.0218 2064 Scan finished

14:04:30.0218 2064 ============================================================

14:04:30.0781 3608 Detected object count: 6

14:04:30.0781 3608 Actual detected object count: 6

14:06:51.0078 3608 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user

14:06:51.0234 3608 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:06:51.0234 3608 mrtRate ( UnsignedFile.Multi.Generic ) - skipped by user

14:06:51.0234 3608 mrtRate ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:06:51.0234 3608 NBService ( UnsignedFile.Multi.Generic ) - skipped by user

14:06:51.0234 3608 NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:06:51.0234 3608 NMIndexingService ( UnsignedFile.Multi.Generic ) - skipped by user

14:06:51.0234 3608 NMIndexingService ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:06:51.0234 3608 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user

14:06:51.0234 3608 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:06:51.0234 3608 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - skipped by user

14:06:51.0234 3608 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:07:52.0765 2028 Deinitialize success

Link to post
Share on other sites

That scan was clean.......

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

From the last scan with ComboFix. It does seem faster right now, Sue will see if it stays this fast, but I don't want to say we're clean until you have said we're done.....

ComboFix 12-11-04.01 - Owner 11/04/2012 15:19:14.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.244 [GMT -5:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Owner\WINDOWS

c:\windows\offitems.log

c:\windows\system32\service

c:\windows\system32\service\05092010_TIS17_SfFniAU.log

c:\windows\system32\service\08042010_TIS17_SfFniAU.log

c:\windows\system32\service\20032011_TIS17_SfFniAU.log

c:\windows\system32\service\22022011_TIS17_SfFniAU.log

.

.

((((((((((((((((((((((((( Files Created from 2012-10-04 to 2012-11-04 )))))))))))))))))))))))))))))))

.

.

2012-11-04 18:49 . 2012-11-04 18:49 -------- d-----w- c:\windows\LastGood

2012-11-01 19:01 . 2012-11-01 19:01 -------- d-----w- c:\program files\Trend Micro

2012-11-01 17:40 . 2012-11-01 18:12 -------- d-----w- C:\e4dac09a09da8dc777cd5f8a4f

2012-10-31 14:35 . 2012-10-31 14:36 -------- d-----w- c:\documents and settings\Administrator

2012-10-28 12:30 . 2012-10-28 12:30 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2012-10-28 12:28 . 2012-10-28 12:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-10-28 12:28 . 2012-09-29 23:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-28 12:28 . 2012-10-28 12:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-10-27 22:55 . 2012-10-28 00:02 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-10-27 20:09 . 2012-10-27 20:09 -------- d-----w- C:\483f5c0d14c4ee7828

2012-10-27 19:45 . 2012-11-01 15:54 -------- d-----w- c:\windows\system32\XPSViewer

2012-10-27 19:44 . 2012-10-27 19:44 -------- d-----w- c:\program files\MSBuild

2012-10-27 19:42 . 2012-10-27 19:42 -------- d-----w- c:\program files\Reference Assemblies

2012-10-27 19:36 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2012-10-27 19:29 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2012-10-27 19:29 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2012-10-27 19:29 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2012-10-27 19:29 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2012-10-27 19:29 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2012-10-27 19:29 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2012-10-27 19:29 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2012-10-27 19:29 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2012-10-27 19:29 . 2012-10-27 19:37 -------- d-----w- C:\0a8481c6362fa3ca3c55a6

2012-10-27 18:15 . 2012-10-28 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2012-10-27 18:15 . 2012-10-27 18:15 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)

2012-10-27 18:15 . 2012-10-27 18:15 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)

2012-10-27 18:15 . 2012-10-27 18:15 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)

2012-10-27 18:15 . 2012-10-27 18:15 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)

2012-10-23 13:46 . 2012-10-23 13:47 -------- d-----w- c:\program files\GUM8.tmp

2012-10-23 13:46 . 2012-10-23 13:46 3993600 ----a-w- c:\program files\GUT9.tmp

2012-10-23 13:07 . 2012-10-23 13:07 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Real

2012-10-23 13:01 . 2012-10-23 13:01 -------- d-----w- c:\program files\Common Files\xing shared

2012-10-23 12:54 . 2012-10-23 13:02 -------- d-----w- c:\program files\Real

2012-10-23 12:36 . 2012-10-23 12:36 -------- d-----w- c:\program files\The Weather Channel FW

2012-10-23 12:33 . 2012-10-23 12:33 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\The Weather Channel

2012-10-22 19:54 . 2012-11-04 00:08 -------- d-----w- c:\program files\Google

2012-10-22 19:54 . 2012-11-04 00:07 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Google

2012-10-22 19:53 . 2012-10-22 19:53 -------- d-----w- c:\program files\GUM42.tmp

2012-10-22 19:53 . 2012-10-22 19:53 4096000 ----a-w- c:\program files\GUT43.tmp

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-04 18:47 . 2012-07-24 13:03 13024 ----a-w- c:\windows\system32\drivers\SWDUMon.sys

2012-11-01 18:20 . 2012-07-24 13:03 13024 ----a-w- c:\windows\system32\drivers\SETE.tmp

2012-10-23 12:56 . 2010-03-31 00:36 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-10-23 12:55 . 2010-03-31 00:36 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-08-24 13:53 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-08-21 13:29 . 2008-04-14 12:00 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-21 12:58 . 2008-04-14 00:01 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-08-18 21:41 . 2011-10-03 18:23 143872 ----a-w- c:\windows\system32\javacpl.cpl

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-07-24 12:29 2086496 -c--a-w- c:\program files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll" [2012-07-24 2086496]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK755]

@="{f378ff85-8d0a-cbe6-4735-3a67760db6bb}"

[HKEY_CLASSES_ROOT\CLSID\{f378ff85-8d0a-cbe6-4735-3a67760db6bb}]

2010-09-20 07:27 3480888 ----a-w- c:\program files\McAfee Online Backup\MOBK755shell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK7552]

@="{8406002f-3c7e-565d-de02-414c2856a50b}"

[HKEY_CLASSES_ROOT\CLSID\{8406002f-3c7e-565d-de02-414c2856a50b}]

2010-09-20 07:27 3480888 ----a-w- c:\program files\McAfee Online Backup\MOBK755shell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK7553]

@="{cb5494dd-88ee-383e-88d7-bbd79c7c52d4}"

[HKEY_CLASSES_ROOT\CLSID\{cb5494dd-88ee-383e-88d7-bbd79c7c52d4}]

2010-09-20 07:27 3480888 ----a-w- c:\program files\McAfee Online Backup\MOBK755shell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"FixCleaner"="c:\program files\FixCleaner\FixCleaner.exe" [2012-06-12 49887104]

"DriverUpdate"="c:\program files\DriverUpdate\DriverUpdate.exe" [2012-07-02 28215168]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]

"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2007-06-19 101144]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2007-06-19 125720]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2007-06-19 84760]

"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]

"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-04-07 642856]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-24 1147488]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Billminder.lnk - c:\quickenw\BILLMIND.EXE [2011-9-25 36864]

Image Transfer.lnk - c:\program files\Sony Corporation\Image Transfer\SonyTray.exe [2010-5-2 73728]

Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-7-10 122880]

Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-7-10 61440]

Quicken Startup.lnk - c:\quickenw\QWDLLS.EXE [2011-9-25 36864]

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoThumbnailCache"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\WINDOWS\\system32\\mshta.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=

.

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [7/24/2012 7:30 AM 27496]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [3/24/2012 7:07 PM 89792]

R1 MOBK755Filter;MOBK755Filter;c:\windows\system32\drivers\MOBK755.sys [3/24/2012 7:11 PM 54776]

R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [9/25/2011 1:05 PM 34916]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [3/24/2012 7:07 PM 57600]

R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [3/30/2010 7:00 PM 87936]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [3/24/2012 7:07 PM 340920]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [3/24/2012 7:07 PM 83856]

S0 92433500;92433500;c:\windows\system32\drivers\80668581.sys --> c:\windows\system32\drivers\80668581.sys [?]

S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [3/30/2010 6:24 PM 20160]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [3/24/2012 7:07 PM 83856]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/24/2012 7:07 PM 87656]

S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [7/24/2012 8:03 AM 13024]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 49100910

*Deregistered* - 49100910

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

.

2012-11-04 c:\windows\Tasks\FixCleaner Scan.job

- c:\program files\FixCleaner\FixCleaner.exe [2012-06-12 12:34]

.

2012-11-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1757981266-725345543-1417001333-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]

.

2012-11-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1757981266-725345543-1417001333-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]

.

2012-11-04 c:\windows\Tasks\User_Feed_Synchronization-{3E9D4B84-CE5F-4E7A-8600-321A47CE3745}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s%s

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

SafeBoot-92433500.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-11-04 15:43

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2012-11-04 15:49:54

ComboFix-quarantined-files.txt 2012-11-04 20:49

.

Pre-Run: 54,966,030,336 bytes free

Post-Run: 55,151,816,704 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 95D3248E341F60ACB431819B885194BD

Link to post
Share on other sites

Please make sure your hard drive is running in DMA mode:

http://forums.vso-so...s-xp-t2796.html

~~~~~~~~~~~~~~~~

Run Disk Cleanup:

http://www.bleepingc...topic84096.html

~~~~~~~~~~~~~~~~~

Please download AdwCleaner from here and save it on your Desktop.

  1. Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

MrC

Link to post
Share on other sites

DMA is on one the two entries the other is running PIO (I'm assuming that's the cd drive in the system) the DMA is Multi-Word DMA mode 2.C

Did the disk clean and it cleaned quite a bit of stuff off of her hard drive.

here is the log from adwcleaner

# AdwCleaner v2.007 - Logfile created 11/10/2012 at 14:51:56

# Updated 06/11/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Owner - OWNER-4D0C6BC69

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\DOCUME~1\Owner\LOCALS~1\Temp\Uninstall.exe

***** [Registry] *****

Key Found : HKCU\Software\IGearSettings

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search

Key Found : HKU\S-1-5-21-1757981266-725345543-1417001333-1003\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v [unable to get version]

Profile name : default

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6yprxnyr.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1786 octets] - [10/11/2012 14:51:56]

########## EOF - C:\AdwCleaner[R1].txt - [1846 octets] ##########

Link to post
Share on other sites

Your hard drive is usually "0"

Some adware found....lets clear it out.....

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK if asked.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

MrC

Link to post
Share on other sites

okay the log after cleaning -->

# AdwCleaner v2.007 - Logfile created 11/10/2012 at 15:19:03

# Updated 06/11/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Owner - OWNER-4D0C6BC69

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\DOCUME~1\Owner\LOCALS~1\Temp\Uninstall.exe

***** [Registry] *****

Key Deleted : HKCU\Software\IGearSettings

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v [unable to get version]

Profile name : default

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6yprxnyr.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R2].txt - [1915 octets] - [10/11/2012 15:18:18]

AdwCleaner[s1].txt - [1714 octets] - [10/11/2012 15:19:03]

########## EOF - C:\AdwCleaner[s1].txt - [1774 octets] ##########

Link to post
Share on other sites

It found nothing in the latest scan. I'm going to have her run a hard drive scan on it and as soon as the new memory is in remove current one to see if it has gone bad but in the meantime burn nearest to run on it. It still seems slow but being that it's only 512 MB it may be affecting how it is working. I will post back results of hard drive scan.

Link to post
Share on other sites

It found nothing in the latest scan. I'm going to have her run a hard drive scan on it and as soon as the new memory is in remove current one to see if it has gone bad but in the meantime burn nearest to run on it. It still seems slow but being that it's only 512 MB it may be affecting how it is working. I will post back results of hard drive scan.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.