Jump to content

Computer keeps locking up - combofix logs enclosed!


truCido
 Share

Recommended Posts

Hi there I was wondering if someone could take a look at the log below for me and let me know if there's anything wrong?

I'm basically having problems with the computer locking up when I first login. Everything starts up and all looks fine until I try and do something and then it either completely stops responding and not even the mouse will move. Or all screens go blank and ctrl+alt+del and selecting task manager just shows a blank box and then it locks up again as before.

Avast was actually disabled when I ran ComboFix and I'm not sure why it thinks it was running

ComboFix 11-09-15.05 - Administrator 15/09/2011 23:41:08.14.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1603 [GMT 1:00]

Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MSI1D.tmp.3366cf4d.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL8B.tmp.faf80c13.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL95.tmp.2097ba25.ini

c:\documents and settings\Administrator\WINDOWS

C:\Thumbs.db

c:\windows\system32\d3d9caps.dat

c:\windows\system32\E_FD4BCEE.DLL

c:\windows\system32\nvdispco3220140.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-08-15 to 2011-09-15 )))))))))))))))))))))))))))))))

.

.

2011-09-03 21:50 . 2011-09-03 21:51 -------- d-----w- C:\DTASwin

2011-09-03 21:50 . 2011-09-03 21:50 249856 ------w- c:\windows\Setup1.exe

2011-09-03 21:50 . 2011-09-03 21:50 73216 ----a-w- c:\windows\ST6UNST.EXE

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-06 20:45 . 2010-07-02 17:58 41184 ----a-w- c:\windows\avastSS.scr

2011-09-06 20:45 . 2007-10-21 19:24 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-09-06 20:38 . 2011-05-22 21:35 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-09-06 20:37 . 2008-03-30 11:22 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-09-06 20:36 . 2007-10-21 19:24 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-09-06 20:36 . 2007-10-21 19:24 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-09-06 20:36 . 2007-10-21 19:24 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-09-06 20:36 . 2007-10-21 19:24 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-09-06 20:36 . 2008-03-30 11:22 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-09-06 20:33 . 2007-10-21 19:24 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-08-11 20:49 . 2011-06-09 18:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-15 13:29 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02 . 2004-08-04 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-06 18:52 . 2009-12-10 00:04 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 18:52 . 2009-12-10 00:04 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-24 14:10 . 2006-10-28 13:27 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll

2006-05-06 16:42 . 2006-11-09 21:55 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll

2008-12-29 21:26 . 2007-12-23 19:52 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]

.

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

2010-12-01 11:27 2735200 ----a-w- c:\program files\ZoneAlarm_Security\tbZone.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]

.

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]

.

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MozyHomeEurope]

@="{944bc754-3bde-46c6-7c52-974154f45e88}"

[HKEY_CLASSES_ROOT\CLSID\{944bc754-3bde-46c6-7c52-974154f45e88}]

2011-01-19 16:53 3426096 ----a-w- c:\program files\Mozy\MozyHomeEuropeshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MozyHomeEurope2]

@="{0be1f069-378d-5ddc-6158-d2dd69ef889b}"

[HKEY_CLASSES_ROOT\CLSID\{0be1f069-378d-5ddc-6158-d2dd69ef889b}]

2011-01-19 16:53 3426096 ----a-w- c:\program files\Mozy\MozyHomeEuropeshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MozyHomeEurope3]

@="{121ca94d-a542-2987-1237-c4026364e512}"

[HKEY_CLASSES_ROOT\CLSID\{121ca94d-a542-2987-1237-c4026364e512}]

2011-01-19 16:53 3426096 ----a-w- c:\program files\Mozy\MozyHomeEuropeshell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-01 30192]

"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-07 13891176]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]

path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk

backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]

path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk

backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^ShutDown After.lnk]

path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\ShutDown After.lnk

backup=c:\windows\pss\ShutDown After.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Mozy Status.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Mozy Status.lnk

backup=c:\windows\pss\Mozy Status.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Rainmeter.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Rainmeter.lnk

backup=c:\windows\pss\Rainmeter.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 17:29 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-03 17:43 69632 ----a-w- c:\windows\Alcmtr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]

2010-01-28 17:48 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2008-01-17 16:51 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLSService]

2010-05-11 03:53 55808 ----a-w- c:\program files\DYMO\DYMO Label Software\DLSService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DymoQuickPrint]

2010-05-11 04:06 1885512 ----a-w- c:\program files\DYMO\DYMO Label Software\DymoQuickPrint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneVPro]

2007-07-26 14:05 20480 ----a-w- c:\program files\GIGABYTE\ET5Pro\ETcall.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]

2008-01-29 03:20 2177576 ----a-w- c:\windows\TBPanel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBB36X Configure]

2006-06-02 08:46 385024 ------r- c:\windows\system32\JMRaidTool.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2010-09-01 21:47 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-11-23 22:44 135664 ----atw- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]

2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 11:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

2006-11-13 13:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]

2010-10-27 10:36 3365176 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

2005-06-08 14:44 196608 ----a-w- c:\program files\Logitech\Video\ManifestEngine.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

2005-06-08 15:24 458752 ----a-w- c:\program files\Logitech\Video\ISStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

2005-06-08 15:14 217088 ----a-w- c:\program files\Logitech\Video\LogiTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]

2005-07-19 17:32 221184 ----a-w- c:\windows\system32\LVCOMSX.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2011-07-06 18:52 449584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]

2008-04-14 00:12 169984 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2010-04-16 22:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2011-04-07 21:15 13891176 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]

2007-09-04 19:25 81920 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2011-04-07 21:15 111208 ----a-w- c:\windows\system32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2011-02-24 01:57 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 10:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]

2009-07-06 14:22 87336 ------w- c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2008-02-13 13:31 16857600 ----a-w- c:\windows\RTHDCPL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

2007-11-20 17:15 1826816 ----a-w- c:\windows\SkyTel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartDefrag]

2010-03-26 15:48 2708312 ----a-w- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-05-21 10:34 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2011-03-09 12:30 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Steam\\steamapps\\trucido@blueyonder.co.uk\\counter-strike\\hl.exe"=

"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=

"c:\\Program Files\\uTorrent\\utorrent.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\mass effect\\Binaries\\MassEffect.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\mass effect\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=

"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

"c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=

"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Web Performance Load Tester 4.2\\webperformance.exe"=

"c:\\Dieseltest\\Dieseltest.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [29/08/2009 00:55 100496]

R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [25/06/2010 16:01 111312]

S1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [03/06/2009 17:17 131584]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [22/05/2011 22:35 442200]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [30/03/2008 12:22 320856]

S1 MozyHomeEuropeFilter;MozyHomeEuropeFilter;c:\windows\system32\drivers\MozyHomeEurope.sys [26/03/2011 21:58 54776]

S1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [15/01/2009 00:53 142992]

S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [15/01/2009 00:53 41936]

S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/02/27 21:11];c:\program files\CyberLink\PowerDVD9\NavFilter\000.fcl [28/01/2010 18:48 87536]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30/03/2008 12:22 20568]

S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [09/06/2010 10:24 95568]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/12/2009 01:04 366640]

S2 MozyHomeEuropebackup;Mozy Backup Service;c:\program files\Mozy\MozyHomeEuropebackup.exe [19/01/2011 17:53 49456]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20/10/2009 19:19 50704]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [12/05/2011 21:51 2218600]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [17/04/2007 21:09 11032]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [29/11/2010 21:08 30312]

S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [09/06/2010 10:24 18120]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [30/05/2010 00:18 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [30/05/2010 00:18 8456]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [18/10/2010 21:32 36640]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [10/02/2009 20:40 13224]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [23/12/2007 20:52 30192]

S3 MarkFun_NT;MarkFun_NT;c:\program files\GIGABYTE\@BIOS\markfun.w32 [09/02/2008 01:20 17912]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/12/2009 01:04 22712]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [29/11/2010 21:08 96488]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [29/11/2010 21:08 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [29/11/2010 21:08 121576]

S3 TNET1130;D-Link AirPlus XtremeG+ Wireless Adapter;c:\windows\system32\drivers\GPlus.sys [01/01/2007 20:27 202496]

S3 WT6563F;PS3 ISP Update;c:\windows\system32\drivers\WT6563F.sys [16/11/2009 22:01 13120]

S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe --> c:\windows\system32\FsUsbExService.Exe [?]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [02/02/2008 20:24 716272]

S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [09/03/2011 13:30 92592]

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-2000478354-839522115-500Core.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-23 22:44]

.

2011-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-2000478354-839522115-500UA.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-23 22:44]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hpqen42f.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - ZoneAlarm Security Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&q=

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - Ext: eBay Sidebar for Firefox: {62760FD6-B943-48C9-AB09-F99C6FE96088} - %profile%\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}

FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

FF - Ext: TurnTool Viewer: turntoolviewer@turntool.com - %profile%\extensions\turntoolviewer@turntool.com

FF - Ext: Photobucket Uploader em:version=1.3>: pbupload@photobucket.com - %profile%\extensions\pbupload@photobucket.com

FF - Ext: FacePAD: Facebook Photo Album Downloader: facepad@lazyrussian.com - %profile%\extensions\facepad@lazyrussian.com

FF - Ext: ScrapBook: {53A03D43-5363-4669-8190-99061B2DEBA5} - %profile%\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}

FF - Ext: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - %profile%\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}

FF - Ext: Selenium IDE: Ruby Formatters: rubyformatters@seleniumhq.org - %profile%\extensions\rubyformatters@seleniumhq.org

FF - Ext: Selenium IDE: Java Formatters: javaformatters@seleniumhq.org - %profile%\extensions\javaformatters@seleniumhq.org

FF - Ext: Selenium IDE: Groovy Formatters: groovyformatters@seleniumhq.org - %profile%\extensions\groovyformatters@seleniumhq.org

FF - Ext: Selenium IDE: Perl Formatter: perlformatters@seleniumhq.org - %profile%\extensions\perlformatters@seleniumhq.org

FF - Ext: Selenium IDE: PHP Formatters: phpformatters@seleniumhq.org - %profile%\extensions\phpformatters@seleniumhq.org

FF - Ext: Selenium IDE: {a6fd85ed-e919-4a43-a5af-8da18bda539f} - %profile%\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}

FF - Ext: Selenium IDE: Python Formatters: pythonformatters@seleniumhq.org - %profile%\extensions\pythonformatters@seleniumhq.org

FF - Ext: Selenium IDE: C# Formatters: csharpformatters@seleniumhq.org - %profile%\extensions\csharpformatters@seleniumhq.org

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe

MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-09-15 23:51

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MarkFun_NT]

"ImagePath"="\??\c:\program files\Gigabyte\@BIOS\markfun.w32"

.

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\NavFilter\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-583907252-2000478354-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ab,45,54,a6,ea,b7,b3,4c,b2,a4,fb,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,ec,fc,fe,a1,25,ca,45,b4,1a,30,\

.

[HKEY_USERS\S-1-5-21-583907252-2000478354-839522115-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:83,ec,59,d4,19,76,a2,ac,66,af,5a,a6,58,e7,95,39,32,a1,a5,1b,0b,9d,61,

ee,de,67,55,3b,2a,89,24,94,da,4c,8c,a2,c7,3c,cc,22,98,57,15,fb,74,f6,de,ac,\

"??"=hex:fa,77,b5,08,5b,2f,36,ca,83,ac,2b,ef,4c,e7,f2,68

.

[HKEY_USERS\S-1-5-21-583907252-2000478354-839522115-500\Software\SecuROM\License information*]

"datasecu"=hex:e7,59,b4,ef,c4,82,db,c5,14,a3,4d,10,32,16,d2,7d,24,26,d9,f2,b5,

a3,8c,8f,e5,5a,be,bb,0c,8b,13,ae,09,5d,75,8b,4b,31,78,89,46,9e,e7,59,3f,20,\

"rkeysecu"=hex:33,68,90,f0,b9,55,8b,f6,00,b2,17,a6,32,95,44,e0

.

Completion time: 2011-09-15 23:54:19

ComboFix-quarantined-files.txt 2011-09-15 22:54

.

Pre-Run: 15,486,738,432 bytes free

Post-Run: 15,527,325,696 bytes free

.

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - 15DE75968FA211315E0A8C4560016BD4

Oh and forgot to say I've ran Malwarebytes Anti-malware and it found nothing

Link to post
Share on other sites

  • Staff

Hi,

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Next, please run the PCPitstop Full Tests here (NOT the PCMatic scan or any other scan; simply register with the box on the left and you will be taken to the Full Tests/Overdrive Test). When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.

Link to post
Share on other sites

Ok so MBAM log:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7743

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

18/09/2011 17:49:39

mbam-log-2011-09-18 (17-49-39).txt

Scan type: Quick scan

Objects scanned: 211501

Time elapsed: 11 minute(s), 58 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS Log

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14

Run by Administrator at 18:01:37 on 2011-09-18

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1353 [GMT 1:00]

.

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

svchost.exe

C:\WINDOWS\system32\dgdersvc.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Mozy\MozyHomeEuropebackup.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\TVersity\Media Server\MediaServer.exe

C:\Program Files\UPHClean\uphclean.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\vssvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wscntfy.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll

TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File

TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

dRunOnce: [RunNarrator] Narrator.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab

DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab

DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{DD832EC3-7052-48A0-B906-C0825AE76A5B} : DhcpNameServer = 192.168.0.1

Handler: AutorunsDisabled\skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\hpqen42f.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - ZoneAlarm Security Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&q=

FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\hpqen42f.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\hpqen42f.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCore.dll

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - Ext: eBay Sidebar for Firefox: {62760FD6-B943-48C9-AB09-F99C6FE96088} - %profile%\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}

FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

FF - Ext: TurnTool Viewer: turntoolviewer@turntool.com - %profile%\extensions\turntoolviewer@turntool.com

FF - Ext: Photobucket Uploader em:version=1.3>: pbupload@photobucket.com - %profile%\extensions\pbupload@photobucket.com

FF - Ext: FacePAD: Facebook Photo Album Downloader: facepad@lazyrussian.com - %profile%\extensions\facepad@lazyrussian.com

FF - Ext: ScrapBook: {53A03D43-5363-4669-8190-99061B2DEBA5} - %profile%\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}

FF - Ext: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - %profile%\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}

FF - Ext: Selenium IDE: Ruby Formatters: rubyformatters@seleniumhq.org - %profile%\extensions\rubyformatters@seleniumhq.org

FF - Ext: Selenium IDE: Java Formatters: javaformatters@seleniumhq.org - %profile%\extensions\javaformatters@seleniumhq.org

FF - Ext: Selenium IDE: Groovy Formatters: groovyformatters@seleniumhq.org - %profile%\extensions\groovyformatters@seleniumhq.org

FF - Ext: Selenium IDE: Perl Formatter: perlformatters@seleniumhq.org - %profile%\extensions\perlformatters@seleniumhq.org

FF - Ext: Selenium IDE: PHP Formatters: phpformatters@seleniumhq.org - %profile%\extensions\phpformatters@seleniumhq.org

FF - Ext: Selenium IDE: {a6fd85ed-e919-4a43-a5af-8da18bda539f} - %profile%\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}

FF - Ext: Selenium IDE: Python Formatters: pythonformatters@seleniumhq.org - %profile%\extensions\pythonformatters@seleniumhq.org

FF - Ext: Selenium IDE: C# Formatters: csharpformatters@seleniumhq.org - %profile%\extensions\csharpformatters@seleniumhq.org

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

.

============= SERVICES / DRIVERS ===============

.

R1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [2009-6-3 131584]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-22 442200]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-3-30 320856]

R1 MozyHomeEuropeFilter;MozyHomeEuropeFilter;c:\windows\system32\drivers\MozyHomeEurope.sys [2011-3-26 54776]

R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-1-15 142992]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-1-15 41936]

R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/02/27 21:11:32];c:\program files\cyberlink\powerdvd9\navfilter\000.fcl [2010-1-28 87536]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-3-30 20568]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-2 44768]

R2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-6-9 95568]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-22 54752]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-12-10 366152]

R2 MozyHomeEuropebackup;Mozy Backup Service;c:\program files\mozy\MozyHomeEuropebackup.exe [2011-1-19 49456]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-5-12 2218600]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-6-9 18120]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-10 22216]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-8-29 100496]

R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2010-6-25 111312]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2010-11-29 30312]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-5-30 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-5-30 8456]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-10-18 36640]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-2-10 13224]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-12-23 30192]

S3 MarkFun_NT;MarkFun_NT;c:\program files\gigabyte\@bios\markfun.w32 [2008-2-9 17912]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2010-11-29 96488]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2010-11-29 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2010-11-29 121576]

S3 TNET1130;D-Link AirPlus XtremeG+ Wireless Adapter;c:\windows\system32\drivers\GPlus.sys [2007-1-1 202496]

S3 WT6563F;PS3 ISP Update;c:\windows\system32\drivers\WT6563F.sys [2009-11-16 13120]

S4 FsUsbExService;FsUsbExService;c:\windows\system32\fsusbexservice.exe --> c:\windows\system32\FsUsbExService.Exe [?]

S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-3-9 92592]

.

=============== Created Last 30 ================

.

2011-09-18 16:34:28 709968 ----a-w- c:\windows\isRS-000.tmp

2011-09-15 22:38:59 98816 ----a-w- c:\windows\sed.exe

2011-09-15 22:38:59 518144 ----a-w- c:\windows\SWREG.exe

2011-09-15 22:38:59 256000 ----a-w- c:\windows\PEV.exe

2011-09-15 22:38:59 208896 ----a-w- c:\windows\MBR.exe

2011-09-09 09:12:13 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll

2011-09-03 21:50:53 -------- d-----w- C:\DTASwin

2011-09-03 21:50:48 249856 ------w- c:\windows\Setup1.exe

2011-09-03 21:50:46 73216 ----a-w- c:\windows\ST6UNST.EXE

.

==================== Find3M ====================

.

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr

2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-08-31 16:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-11 20:49:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll

.

============= FINISH: 18:02:52.68 ===============

PcPitStop - http://www.pcpitstop.com/betapit/sec.asp?conid=24561962

Link to post
Share on other sites

  • Staff

Hi,

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Grab a fresh copy of ComboFix, run it, and post its log.

Also run the PCPitStop test again and post its URL.

Link to post
Share on other sites

13:15:32.0500 2864 TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37

13:15:32.0578 2864 ============================================================

13:15:32.0578 2864 Current date / time: 2011/09/24 13:15:32.0578

13:15:32.0578 2864 SystemInfo:

13:15:32.0578 2864

13:15:32.0578 2864 OS Version: 5.1.2600 ServicePack: 3.0

13:15:32.0578 2864 Product type: Workstation

13:15:32.0578 2864 ComputerName: DAVE

13:15:32.0578 2864 UserName: Administrator

13:15:32.0578 2864 Windows directory: C:\WINDOWS

13:15:32.0578 2864 System windows directory: C:\WINDOWS

13:15:32.0578 2864 Processor architecture: Intel x86

13:15:32.0578 2864 Number of processors: 2

13:15:32.0578 2864 Page size: 0x1000

13:15:32.0578 2864 Boot type: Normal boot

13:15:32.0578 2864 ============================================================

13:15:34.0078 2864 Initialize success

13:15:51.0703 2928 ============================================================

13:15:51.0703 2928 Scan started

13:15:51.0703 2928 Mode: Manual;

13:15:51.0703 2928 ============================================================

13:15:52.0062 2928 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys

13:15:52.0078 2928 Aavmker4 - ok

13:15:52.0093 2928 Abiosdsk - ok

13:15:52.0093 2928 abp480n5 - ok

13:15:52.0140 2928 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

13:15:52.0140 2928 ACPI - ok

13:15:52.0171 2928 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

13:15:52.0171 2928 ACPIEC - ok

13:15:52.0187 2928 adpu160m - ok

13:15:52.0218 2928 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

13:15:52.0218 2928 aec - ok

13:15:52.0265 2928 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

13:15:52.0265 2928 AFD - ok

13:15:52.0265 2928 Aha154x - ok

13:15:52.0281 2928 aic78u2 - ok

13:15:52.0281 2928 aic78xx - ok

13:15:52.0296 2928 AliIde - ok

13:15:52.0296 2928 amsint - ok

13:15:52.0343 2928 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\WINDOWS\system32\Drivers\ssadadb.sys

13:15:52.0343 2928 androidusb - ok

13:15:52.0375 2928 archlp (20da1dc31893e1ad82a9c79011f5b344) C:\WINDOWS\system32\drivers\archlp.sys

13:15:52.0375 2928 archlp - ok

13:15:52.0406 2928 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

13:15:52.0406 2928 Arp1394 - ok

13:15:52.0406 2928 asc - ok

13:15:52.0421 2928 asc3350p - ok

13:15:52.0421 2928 asc3550 - ok

13:15:52.0453 2928 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys

13:15:52.0453 2928 aswFsBlk - ok

13:15:52.0500 2928 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys

13:15:52.0500 2928 aswMon2 - ok

13:15:52.0515 2928 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys

13:15:52.0515 2928 aswRdr - ok

13:15:52.0578 2928 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys

13:15:52.0578 2928 aswSnx - ok

13:15:52.0593 2928 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys

13:15:52.0609 2928 aswSP - ok

13:15:52.0609 2928 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys

13:15:52.0609 2928 aswTdi - ok

13:15:52.0625 2928 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

13:15:52.0625 2928 AsyncMac - ok

13:15:52.0656 2928 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

13:15:52.0656 2928 atapi - ok

13:15:52.0656 2928 Atdisk - ok

13:15:52.0703 2928 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

13:15:52.0703 2928 Atmarpc - ok

13:15:52.0750 2928 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

13:15:52.0750 2928 audstub - ok

13:15:52.0781 2928 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

13:15:52.0781 2928 Beep - ok

13:15:52.0812 2928 CamDrL (cba8bce5bf67a3c619d5ce540bed9cf7) C:\WINDOWS\system32\DRIVERS\Camdrl.sys

13:15:52.0828 2928 CamDrL - ok

13:15:52.0843 2928 Cardex (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPANEL.SYS

13:15:52.0843 2928 Cardex - ok

13:15:52.0921 2928 catchme - ok

13:15:52.0953 2928 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

13:15:52.0953 2928 cbidf2k - ok

13:15:52.0968 2928 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

13:15:52.0968 2928 CCDECODE - ok

13:15:52.0984 2928 cd20xrnt - ok

13:15:53.0000 2928 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

13:15:53.0000 2928 Cdaudio - ok

13:15:53.0031 2928 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

13:15:53.0031 2928 Cdfs - ok

13:15:53.0046 2928 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

13:15:53.0046 2928 Cdrom - ok

13:15:53.0062 2928 Changer - ok

13:15:53.0062 2928 CmdIde - ok

13:15:53.0078 2928 Cpqarray - ok

13:15:53.0078 2928 dac2w2k - ok

13:15:53.0093 2928 dac960nt - ok

13:15:53.0109 2928 dgderdrv - ok

13:15:53.0140 2928 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

13:15:53.0140 2928 Disk - ok

13:15:53.0187 2928 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

13:15:53.0234 2928 dmboot - ok

13:15:53.0234 2928 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

13:15:53.0234 2928 dmio - ok

13:15:53.0250 2928 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

13:15:53.0250 2928 dmload - ok

13:15:53.0281 2928 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

13:15:53.0281 2928 DMusic - ok

13:15:53.0296 2928 dpti2o - ok

13:15:53.0296 2928 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

13:15:53.0296 2928 drmkaud - ok

13:15:53.0312 2928 ENTECH - ok

13:15:53.0359 2928 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys

13:15:53.0453 2928 epmntdrv - ok

13:15:53.0468 2928 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys

13:15:53.0468 2928 EuGdiDrv - ok

13:15:53.0515 2928 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

13:15:53.0515 2928 Fastfat - ok

13:15:53.0515 2928 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

13:15:53.0531 2928 Fdc - ok

13:15:53.0531 2928 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

13:15:53.0531 2928 Fips - ok

13:15:53.0562 2928 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

13:15:53.0562 2928 Flpydisk - ok

13:15:53.0578 2928 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

13:15:53.0578 2928 FltMgr - ok

13:15:53.0609 2928 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys

13:15:53.0609 2928 fssfltr - ok

13:15:53.0640 2928 FsUsbExDisk (b07663a810e861eebfd0eac7e82ca62d) C:\WINDOWS\system32\FsUsbExDisk.SYS

13:15:53.0640 2928 FsUsbExDisk - ok

13:15:53.0687 2928 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

13:15:53.0687 2928 Fs_Rec - ok

13:15:53.0718 2928 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

13:15:53.0718 2928 Ftdisk - ok

13:15:53.0734 2928 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

13:15:53.0734 2928 GEARAspiWDM - ok

13:15:53.0781 2928 ggflt (e43455d5445848a309e62c9a5763b68e) C:\WINDOWS\system32\DRIVERS\ggflt.sys

13:15:53.0781 2928 ggflt - ok

13:15:53.0828 2928 ggsemc (04b0167f64b21ba39b5ca1ecddf383bc) C:\WINDOWS\system32\DRIVERS\ggsemc.sys

13:15:53.0828 2928 ggsemc - ok

13:15:53.0859 2928 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

13:15:53.0859 2928 Gpc - ok

13:15:53.0937 2928 Hardlock (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\WINDOWS\system32\drivers\hardlock.sys

13:15:53.0953 2928 Hardlock - ok

13:15:54.0000 2928 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

13:15:54.0000 2928 HDAudBus - ok

13:15:54.0015 2928 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

13:15:54.0015 2928 HidUsb - ok

13:15:54.0015 2928 hpn - ok

13:15:54.0062 2928 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

13:15:54.0062 2928 HTTP - ok

13:15:54.0062 2928 i2omgmt - ok

13:15:54.0078 2928 i2omp - ok

13:15:54.0093 2928 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

13:15:54.0093 2928 i8042prt - ok

13:15:54.0109 2928 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

13:15:54.0109 2928 Imapi - ok

13:15:54.0109 2928 ini910u - ok

13:15:54.0250 2928 IntcAzAudAddService (08baf30f6de95814f58af9ce7bbc5614) C:\WINDOWS\system32\drivers\RtkHDAud.sys

13:15:54.0265 2928 IntcAzAudAddService - ok

13:15:54.0281 2928 IntelIde - ok

13:15:54.0296 2928 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

13:15:54.0296 2928 intelppm - ok

13:15:54.0328 2928 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

13:15:54.0328 2928 Ip6Fw - ok

13:15:54.0375 2928 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

13:15:54.0375 2928 IpFilterDriver - ok

13:15:54.0390 2928 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

13:15:54.0390 2928 IpInIp - ok

13:15:54.0421 2928 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

13:15:54.0421 2928 IpNat - ok

13:15:54.0437 2928 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

13:15:54.0437 2928 IPSec - ok

13:15:54.0453 2928 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

13:15:54.0453 2928 IRENUM - ok

13:15:54.0468 2928 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

13:15:54.0468 2928 isapnp - ok

13:15:54.0484 2928 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\WINDOWS\system32\drivers\iviaspi.sys

13:15:54.0484 2928 Iviaspi - ok

13:15:54.0515 2928 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\WINDOWS\system32\DRIVERS\JGOGO.sys

13:15:54.0515 2928 JGOGO - ok

13:15:54.0531 2928 JRAID (06b9c22897ebdc6aba993c77f173d882) C:\WINDOWS\system32\DRIVERS\jraid.sys

13:15:54.0531 2928 JRAID - ok

13:15:54.0546 2928 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

13:15:54.0546 2928 Kbdclass - ok

13:15:54.0578 2928 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

13:15:54.0578 2928 kmixer - ok

13:15:54.0593 2928 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

13:15:54.0593 2928 KSecDD - ok

13:15:54.0625 2928 lbrtfdc - ok

13:15:54.0640 2928 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys

13:15:54.0640 2928 LVUSBSta - ok

13:15:54.0718 2928 MarkFun_NT (34ca6d7580aef0fa2cb58adbbe542f29) C:\Program Files\Gigabyte\@BIOS\markfun.w32

13:15:54.0718 2928 MarkFun_NT - ok

13:15:54.0750 2928 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys

13:15:54.0750 2928 MBAMProtector - ok

13:15:54.0796 2928 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

13:15:54.0796 2928 mnmdd - ok

13:15:54.0828 2928 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

13:15:54.0828 2928 Modem - ok

13:15:54.0843 2928 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

13:15:54.0859 2928 Mouclass - ok

13:15:54.0875 2928 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

13:15:54.0875 2928 mouhid - ok

13:15:54.0875 2928 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

13:15:54.0890 2928 MountMgr - ok

13:15:54.0890 2928 mraid35x - ok

13:15:54.0906 2928 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

13:15:54.0906 2928 MRxDAV - ok

13:15:54.0953 2928 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

13:15:54.0968 2928 MRxSmb - ok

13:15:54.0984 2928 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

13:15:54.0984 2928 Msfs - ok

13:15:55.0000 2928 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

13:15:55.0015 2928 MSKSSRV - ok

13:15:55.0015 2928 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

13:15:55.0015 2928 MSPCLOCK - ok

13:15:55.0046 2928 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

13:15:55.0046 2928 MSPQM - ok

13:15:55.0078 2928 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

13:15:55.0078 2928 mssmbios - ok

13:15:55.0093 2928 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

13:15:55.0093 2928 MSTEE - ok

13:15:55.0125 2928 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

13:15:55.0125 2928 Mup - ok

13:15:55.0156 2928 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

13:15:55.0156 2928 NABTSFEC - ok

13:15:55.0187 2928 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

13:15:55.0203 2928 NDIS - ok

13:15:55.0218 2928 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

13:15:55.0218 2928 NdisIP - ok

13:15:55.0250 2928 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

13:15:55.0250 2928 NdisTapi - ok

13:15:55.0281 2928 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

13:15:55.0281 2928 Ndisuio - ok

13:15:55.0296 2928 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

13:15:55.0296 2928 NdisWan - ok

13:15:55.0312 2928 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

13:15:55.0312 2928 NDProxy - ok

13:15:55.0343 2928 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

13:15:55.0343 2928 NetBIOS - ok

13:15:55.0375 2928 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

13:15:55.0390 2928 NetBT - ok

13:15:55.0437 2928 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

13:15:55.0437 2928 NIC1394 - ok

13:15:55.0453 2928 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys

13:15:55.0468 2928 nm - ok

13:15:55.0484 2928 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys

13:15:55.0484 2928 NPF - ok

13:15:55.0500 2928 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

13:15:55.0500 2928 Npfs - ok

13:15:55.0500 2928 NSNDIS5 - ok

13:15:55.0531 2928 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

13:15:55.0546 2928 Ntfs - ok

13:15:55.0578 2928 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

13:15:55.0578 2928 Null - ok

13:15:55.0890 2928 nv (f1de35c89d98a883d1b4030dc9896855) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

13:15:55.0953 2928 nv - ok

13:15:56.0015 2928 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

13:15:56.0015 2928 NwlnkFlt - ok

13:15:56.0031 2928 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

13:15:56.0031 2928 NwlnkFwd - ok

13:15:56.0062 2928 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

13:15:56.0062 2928 ohci1394 - ok

13:15:56.0109 2928 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

13:15:56.0109 2928 Parport - ok

13:15:56.0140 2928 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

13:15:56.0140 2928 PartMgr - ok

13:15:56.0156 2928 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

13:15:56.0156 2928 ParVdm - ok

13:15:56.0203 2928 PCANDIS5 (58c5ea3de400fe1d08cfeca6d5c14ebd) C:\WINDOWS\system32\PCANDIS5.SYS

13:15:56.0203 2928 PCANDIS5 - ok

13:15:56.0234 2928 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

13:15:56.0234 2928 PCI - ok

13:15:56.0234 2928 PCIDump - ok

13:15:56.0250 2928 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

13:15:56.0250 2928 PCIIde - ok

13:15:56.0281 2928 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

13:15:56.0281 2928 Pcmcia - ok

13:15:56.0281 2928 PDCOMP - ok

13:15:56.0296 2928 PDFRAME - ok

13:15:56.0296 2928 PDRELI - ok

13:15:56.0312 2928 PDRFRAME - ok

13:15:56.0312 2928 perc2 - ok

13:15:56.0328 2928 perc2hib - ok

13:15:56.0359 2928 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

13:15:56.0359 2928 PptpMiniport - ok

13:15:56.0375 2928 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

13:15:56.0375 2928 PSched - ok

13:15:56.0406 2928 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

13:15:56.0406 2928 Ptilink - ok

13:15:56.0421 2928 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

13:15:56.0421 2928 PxHelp20 - ok

13:15:56.0421 2928 ql1080 - ok

13:15:56.0437 2928 Ql10wnt - ok

13:15:56.0437 2928 ql12160 - ok

13:15:56.0453 2928 ql1240 - ok

13:15:56.0453 2928 ql1280 - ok

13:15:56.0468 2928 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

13:15:56.0468 2928 RasAcd - ok

13:15:56.0484 2928 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

13:15:56.0500 2928 Rasl2tp - ok

13:15:56.0500 2928 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

13:15:56.0500 2928 RasPppoe - ok

13:15:56.0515 2928 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

13:15:56.0515 2928 Raspti - ok

13:15:56.0531 2928 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

13:15:56.0531 2928 Rdbss - ok

13:15:56.0546 2928 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

13:15:56.0546 2928 RDPCDD - ok

13:15:56.0562 2928 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

13:15:56.0578 2928 rdpdr - ok

13:15:56.0609 2928 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

13:15:56.0609 2928 RDPWD - ok

13:15:56.0640 2928 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

13:15:56.0640 2928 redbook - ok

13:15:56.0687 2928 regi (001b4278407f4303efc902a2b16f2453) C:\WINDOWS\system32\drivers\regi.sys

13:15:56.0687 2928 regi - ok

13:15:56.0750 2928 RivaTuner32 (c0c8909be3ecc9df8089112bf9be954e) C:\Program Files\RivaTuner v2.06\RivaTuner32.sys

13:15:56.0750 2928 RivaTuner32 - ok

13:15:56.0796 2928 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

13:15:56.0796 2928 Secdrv - ok

13:15:56.0843 2928 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

13:15:56.0843 2928 serenum - ok

13:15:56.0843 2928 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

13:15:56.0843 2928 Serial - ok

13:15:56.0875 2928 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

13:15:56.0875 2928 Sfloppy - ok

13:15:56.0890 2928 Simbad - ok

13:15:56.0921 2928 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

13:15:56.0921 2928 SLIP - ok

13:15:56.0953 2928 SmartDefragDriver (14bb60a4f1c5291217a05d5728c403e6) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys

13:15:56.0953 2928 SmartDefragDriver - ok

13:15:56.0953 2928 Sparrow - ok

13:15:56.0984 2928 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

13:15:56.0984 2928 splitter - ok

13:15:57.0031 2928 sptd (7f1b7c4d446cd3f926af45b8c48bd593) C:\WINDOWS\system32\Drivers\sptd.sys

13:15:57.0062 2928 sptd - ok

13:15:57.0078 2928 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

13:15:57.0078 2928 sr - ok

13:15:57.0125 2928 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

13:15:57.0125 2928 Srv - ok

13:15:57.0156 2928 ssadbus (6d83ff6722baf7e82a4521dbec363e5a) C:\WINDOWS\system32\DRIVERS\ssadbus.sys

13:15:57.0171 2928 ssadbus - ok

13:15:57.0203 2928 ssadmdfl (5ae42e90f99749e0e35b9989a2d0275c) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys

13:15:57.0203 2928 ssadmdfl - ok

13:15:57.0250 2928 ssadmdm (9285d8aba50a4d6482b1574448f9eb76) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys

13:15:57.0250 2928 ssadmdm - ok

13:15:57.0281 2928 sscdbus (ffe42941e0326c322f40b0b79a46493c) C:\WINDOWS\system32\DRIVERS\sscdbus.sys

13:15:57.0281 2928 sscdbus - ok

13:15:57.0312 2928 sscdmdfl (a68e7d87adfbb8c50d88cd58230c6819) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys

13:15:57.0312 2928 sscdmdfl - ok

13:15:57.0328 2928 sscdmdm (b534b24151281856ec2f69ed3d6d60dd) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys

13:15:57.0343 2928 sscdmdm - ok

13:15:57.0390 2928 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

13:15:57.0390 2928 streamip - ok

13:15:57.0437 2928 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

13:15:57.0437 2928 swenum - ok

13:15:57.0468 2928 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

13:15:57.0468 2928 swmidi - ok

13:15:57.0484 2928 symc810 - ok

13:15:57.0484 2928 symc8xx - ok

13:15:57.0500 2928 sym_hi - ok

13:15:57.0500 2928 sym_u3 - ok

13:15:57.0546 2928 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

13:15:57.0546 2928 sysaudio - ok

13:15:57.0593 2928 TBPanel (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPanel.sys

13:15:57.0593 2928 TBPanel - ok

13:15:57.0640 2928 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

13:15:57.0656 2928 Tcpip - ok

13:15:57.0687 2928 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

13:15:57.0687 2928 TDPIPE - ok

13:15:57.0734 2928 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

13:15:57.0734 2928 TDTCP - ok

13:15:57.0765 2928 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

13:15:57.0765 2928 TermDD - ok

13:15:57.0812 2928 TNET1130 (d216d418e600d53fb96802ba7edfc114) C:\WINDOWS\system32\DRIVERS\GPlus.sys

13:15:57.0812 2928 TNET1130 - ok

13:15:57.0828 2928 TosIde - ok

13:15:57.0859 2928 truecrypt (aceb4f4f83b895e15c8c1a2f55009783) C:\WINDOWS\system32\drivers\truecrypt.sys

13:15:57.0859 2928 truecrypt - ok

13:15:57.0906 2928 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

13:15:57.0906 2928 Udfs - ok

13:15:57.0906 2928 ultra - ok

13:15:57.0953 2928 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

13:15:57.0984 2928 Update - ok

13:15:58.0000 2928 USBAAPL - ok

13:15:58.0031 2928 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

13:15:58.0031 2928 usbaudio - ok

13:15:58.0062 2928 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

13:15:58.0062 2928 usbccgp - ok

13:15:58.0078 2928 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

13:15:58.0078 2928 usbehci - ok

13:15:58.0109 2928 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

13:15:58.0109 2928 usbhub - ok

13:15:58.0140 2928 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

13:15:58.0140 2928 usbprint - ok

13:15:58.0156 2928 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

13:15:58.0156 2928 usbscan - ok

13:15:58.0156 2928 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

13:15:58.0171 2928 USBSTOR - ok

13:15:58.0187 2928 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

13:15:58.0203 2928 usbuhci - ok

13:15:58.0218 2928 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys

13:15:58.0218 2928 usb_rndisx - ok

13:15:58.0250 2928 VBoxDrv (571449cd3d011a30b346294ec6562612) C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys

13:15:58.0250 2928 VBoxDrv - ok

13:15:58.0281 2928 VBoxNetAdp (b7f32b2807e475c9dc04e6847fd734a0) C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys

13:15:58.0281 2928 VBoxNetAdp - ok

13:15:58.0312 2928 VBoxNetFlt (2e2b14df503ee31ca0796820120cf1bc) C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys

13:15:58.0312 2928 VBoxNetFlt - ok

13:15:58.0343 2928 VBoxUSBMon (44de4c74fce21b915399852d5a069ff5) C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys

13:15:58.0343 2928 VBoxUSBMon - ok

13:15:58.0375 2928 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

13:15:58.0375 2928 VgaSave - ok

13:15:58.0390 2928 ViaIde - ok

13:15:58.0406 2928 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

13:15:58.0406 2928 VolSnap - ok

13:15:58.0421 2928 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

13:15:58.0421 2928 Wanarp - ok

13:15:58.0468 2928 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

13:15:58.0484 2928 Wdf01000 - ok

13:15:58.0500 2928 WDICA - ok

13:15:58.0531 2928 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

13:15:58.0531 2928 wdmaud - ok

13:15:58.0578 2928 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

13:15:58.0578 2928 WpdUsb - ok

13:15:58.0609 2928 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

13:15:58.0609 2928 WSTCODEC - ok

13:15:58.0640 2928 WT6563F (c8b9288c7fb87899fa0ccbb6d32e95d0) C:\WINDOWS\system32\Drivers\WT6563F.sys

13:15:58.0640 2928 WT6563F - ok

13:15:58.0687 2928 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

13:15:58.0687 2928 WudfPf - ok

13:15:58.0718 2928 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

13:15:58.0734 2928 WudfRd - ok

13:15:58.0781 2928 yukonwxp (936a0e2d44adf93ce0df8e92aab29c6e) C:\WINDOWS\system32\DRIVERS\yk51x86.sys

13:15:58.0781 2928 yukonwxp - ok

13:15:58.0875 2928 {B154377D-700F-42cc-9474-23858FBDF4BD} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\CyberLink\PowerDVD9\NavFilter\000.fcl

13:15:58.0875 2928 {B154377D-700F-42cc-9474-23858FBDF4BD} - ok

13:15:58.0890 2928 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

13:15:58.0968 2928 \Device\Harddisk0\DR0 - ok

13:15:58.0968 2928 Boot (0x1200) (70253e5535e8158482b49b08636a2446) \Device\Harddisk0\DR0\Partition0

13:15:58.0968 2928 \Device\Harddisk0\DR0\Partition0 - ok

13:15:58.0984 2928 Boot (0x1200) (d6fd69d8f0936f416987f6ebb0696282) \Device\Harddisk0\DR0\Partition1

13:15:58.0984 2928 \Device\Harddisk0\DR0\Partition1 - ok

13:15:58.0984 2928 ============================================================

13:15:58.0984 2928 Scan finished

13:15:58.0984 2928 ============================================================

13:15:58.0984 1780 Detected object count: 0

13:15:58.0984 1780 Actual detected object count: 0

Link to post
Share on other sites

ComboFix 11-09-24.01 - Administrator 24/09/2011 13:19:52.15.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1427 [GMT 1:00]

Running from: c:\documents and settings\Administrator\My Documents\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Thumbs.db

c:\windows\system32\d3d9caps.dat

.

.

((((((((((((((((((((((((( Files Created from 2011-08-24 to 2011-09-24 )))))))))))))))))))))))))))))))

.

.

2011-09-18 21:56 . 2011-08-19 15:33 25944 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2011-09-18 21:56 . 2010-11-26 17:02 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2011-09-09 09:12 . 2011-09-09 09:12 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll

2011-09-03 21:50 . 2011-09-03 21:51 -------- d-----w- C:\DTASwin

2011-09-03 21:50 . 2011-09-03 21:50 249856 ------w- c:\windows\Setup1.exe

2011-09-03 21:50 . 2011-09-03 21:50 73216 ----a-w- c:\windows\ST6UNST.EXE

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 20:45 . 2010-07-02 17:58 41184 ----a-w- c:\windows\avastSS.scr

2011-09-06 20:45 . 2007-10-21 19:24 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-09-06 20:38 . 2011-05-22 21:35 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-09-06 20:37 . 2008-03-30 11:22 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-09-06 20:36 . 2007-10-21 19:24 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-09-06 20:36 . 2007-10-21 19:24 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-09-06 20:36 . 2007-10-21 19:24 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-09-06 20:36 . 2007-10-21 19:24 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-09-06 20:36 . 2008-03-30 11:22 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-09-06 20:33 . 2007-10-21 19:24 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-08-31 16:00 . 2009-12-10 00:04 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-11 20:49 . 2011-06-09 18:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-15 13:29 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02 . 2004-08-04 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2006-05-06 16:42 . 2006-11-09 21:55 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll

2008-12-29 21:26 . 2007-12-23 19:52 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-09-15_22.51.32 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-09-24 12:09 . 2011-09-24 12:09 16384 c:\windows\temp\Perflib_Perfdata_648.dat

+ 2009-11-29 01:34 . 2011-09-17 01:22 35088 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

- 2009-11-29 01:34 . 2011-08-15 23:09 35088 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

- 2009-11-29 01:34 . 2011-08-15 23:09 18704 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

+ 2009-11-29 01:34 . 2011-09-17 01:22 18704 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

- 2009-11-29 01:34 . 2011-08-15 23:09 20240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

+ 2009-11-29 01:34 . 2011-09-17 01:22 20240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

+ 2009-11-29 01:34 . 2011-09-17 01:22 888080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

- 2009-11-29 01:34 . 2011-08-15 23:09 888080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

- 2009-11-29 01:34 . 2011-08-15 23:09 272648 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe

+ 2009-11-29 01:34 . 2011-09-17 01:22 272648 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe

- 2009-11-29 01:34 . 2011-08-15 23:09 922384 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe

+ 2009-11-29 01:34 . 2011-09-17 01:22 922384 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe

- 2009-11-29 01:34 . 2011-08-15 23:09 845584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe

+ 2009-11-29 01:34 . 2011-09-17 01:22 845584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe

+ 2009-11-29 01:34 . 2011-09-17 01:22 217864 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe

- 2009-11-29 01:34 . 2011-08-15 23:09 217864 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe

- 2009-11-29 01:34 . 2011-08-15 23:09 184080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe

+ 2009-11-29 01:34 . 2011-09-17 01:22 184080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe

+ 2009-11-29 01:34 . 2011-09-17 01:22 159504 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe

- 2009-11-29 01:34 . 2011-08-15 23:09 159504 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe

+ 2011-01-14 06:10 . 2011-01-14 06:10 155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL

+ 2011-01-14 06:10 . 2011-01-14 06:10 140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL

+ 2009-11-16 12:54 . 2009-11-16 12:54 459480 c:\windows\Downloaded Program Files\PCPitstop.dll

+ 2011-08-10 16:43 . 2011-08-10 16:43 3795968 c:\windows\Installer\1800ab0.msp

+ 2011-09-06 20:46 . 2011-09-06 20:46 9006080 c:\windows\Installer\1800a99.msp

+ 2011-06-21 10:59 . 2011-06-21 10:59 1764352 c:\windows\Installer\1800a82.msp

+ 2011-08-24 05:37 . 2011-08-24 05:37 4985856 c:\windows\Installer\1800a6a.msp

+ 2011-08-10 16:42 . 2011-08-10 16:42 7070208 c:\windows\Installer\1800a53.msp

+ 2011-07-21 11:34 . 2011-07-21 11:34 3456000 c:\windows\Installer\1800a3d.msp

+ 2011-09-06 20:48 . 2011-09-06 20:48 8181248 c:\windows\Installer\1800a31.msp

+ 2011-07-27 06:39 . 2011-07-27 06:39 9892352 c:\windows\Installer\18009fc.msp

+ 2009-11-29 01:34 . 2011-09-17 01:22 1172240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

- 2009-11-29 01:34 . 2011-08-15 23:09 1172240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

+ 2009-11-29 01:34 . 2011-09-17 01:22 1165584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe

- 2009-11-29 01:34 . 2011-08-15 23:09 1165584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe

+ 2011-01-14 06:10 . 2011-01-14 06:10 2395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL

+ 2011-01-14 06:10 . 2011-01-14 06:10 2180992 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKPOWERPOINT.DLL

+ 2011-01-14 06:10 . 2011-01-14 06:10 3443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL

+ 2009-04-03 18:21 . 2009-04-03 18:21 8543096 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6425\OARTCONV.DLL

+ 2009-11-16 12:53 . 2009-11-16 12:53 3081400 c:\windows\Downloaded Program Files\PCPitstop3D.dll

+ 2006-11-03 22:53 . 2011-09-17 01:18 46249416 c:\windows\system32\MRT.exe

+ 2011-07-27 06:37 . 2011-07-27 06:37 11592192 c:\windows\Installer\1800a1a.msp

+ 2009-04-03 18:21 . 2009-04-03 18:21 16037736 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6425\OART.DLL

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]

.

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

2010-12-01 11:27 2735200 ----a-w- c:\program files\ZoneAlarm_Security\tbZone.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]

.

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]

.

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-01 30192]

"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-07 13891176]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]

path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk

backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]

path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk

backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^ShutDown After.lnk]

path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\ShutDown After.lnk

backup=c:\windows\pss\ShutDown After.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Mozy Status.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Mozy Status.lnk

backup=c:\windows\pss\Mozy Status.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Rainmeter.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Rainmeter.lnk

backup=c:\windows\pss\Rainmeter.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 17:29 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-03 17:43 69632 ----a-w- c:\windows\Alcmtr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]

2010-01-28 17:48 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2008-01-17 16:51 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLSService]

2010-05-11 03:53 55808 ----a-w- c:\program files\DYMO\DYMO Label Software\DLSService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DymoQuickPrint]

2010-05-11 04:06 1885512 ----a-w- c:\program files\DYMO\DYMO Label Software\DymoQuickPrint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneVPro]

2007-07-26 14:05 20480 ----a-w- c:\program files\GIGABYTE\ET5Pro\ETcall.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]

2008-01-29 03:20 2177576 ----a-w- c:\windows\TBPanel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBB36X Configure]

2006-06-02 08:46 385024 ------r- c:\windows\system32\JMRaidTool.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2010-09-01 21:47 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-11-23 22:44 135664 ----atw- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]

2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 11:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

2006-11-13 13:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

2005-06-08 14:44 196608 ----a-w- c:\program files\Logitech\Video\ManifestEngine.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

2005-06-08 15:24 458752 ----a-w- c:\program files\Logitech\Video\ISStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

2005-06-08 15:14 217088 ----a-w- c:\program files\Logitech\Video\LogiTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]

2005-07-19 17:32 221184 ----a-w- c:\windows\system32\LVCOMSX.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2011-08-31 16:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]

2008-04-14 00:12 169984 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2010-04-16 22:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2011-04-07 21:15 13891176 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]

2007-09-04 19:25 81920 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2011-04-07 21:15 111208 ----a-w- c:\windows\system32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2011-02-24 01:57 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 10:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]

2009-07-06 14:22 87336 ------w- c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2008-02-13 13:31 16857600 ----a-w- c:\windows\RTHDCPL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

2007-11-20 17:15 1826816 ----a-w- c:\windows\SkyTel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-05-21 10:34 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2011-03-09 12:30 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Steam\\steamapps\\trucido@blueyonder.co.uk\\counter-strike\\hl.exe"=

"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=

"c:\\Program Files\\uTorrent\\utorrent.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

"c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=

"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Web Performance Load Tester 4.2\\webperformance.exe"=

"c:\\Dieseltest\\Dieseltest.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [18/09/2011 22:56 14776]

R1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [03/06/2009 17:17 131584]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [22/05/2011 22:35 442200]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [30/03/2008 12:22 320856]

R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [15/01/2009 00:53 142992]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [15/01/2009 00:53 41936]

R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/02/27 21:11];c:\program files\CyberLink\PowerDVD9\NavFilter\000.fcl [28/01/2010 18:48 87536]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30/03/2008 12:22 20568]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/12/2009 01:04 366152]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20/10/2009 19:19 50704]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [12/05/2011 21:51 2218600]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [17/04/2007 21:09 11032]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/12/2009 01:04 22216]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [29/08/2009 00:55 100496]

R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [25/06/2010 16:01 111312]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [29/11/2010 21:08 30312]

S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [30/05/2010 00:18 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [30/05/2010 00:18 8456]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [18/10/2010 21:32 36640]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [10/02/2009 20:40 13224]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [23/12/2007 20:52 30192]

S3 MarkFun_NT;MarkFun_NT;c:\program files\GIGABYTE\@BIOS\markfun.w32 [09/02/2008 01:20 17912]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [29/11/2010 21:08 96488]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [29/11/2010 21:08 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [29/11/2010 21:08 121576]

S3 TNET1130;D-Link AirPlus XtremeG+ Wireless Adapter;c:\windows\system32\drivers\GPlus.sys [01/01/2007 20:27 202496]

S3 WT6563F;PS3 ISP Update;c:\windows\system32\drivers\WT6563F.sys [16/11/2009 22:01 13120]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [02/02/2008 20:24 716272]

S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [09/03/2011 13:30 92592]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 32196515

*Deregistered* - 32196515

*Deregistered* - uphcleanhlp

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-2000478354-839522115-500Core.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-23 22:44]

.

2011-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-2000478354-839522115-500UA.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-23 22:44]

.

2011-09-24 c:\windows\Tasks\SmartDefrag_Startup.job

- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-09-18 09:35]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hpqen42f.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - ZoneAlarm Security Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&q=

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - Ext: eBay Sidebar for Firefox: {62760FD6-B943-48C9-AB09-F99C6FE96088} - %profile%\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}

FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

FF - Ext: TurnTool Viewer: turntoolviewer@turntool.com - %profile%\extensions\turntoolviewer@turntool.com

FF - Ext: Photobucket Uploader em:version=1.3>: pbupload@photobucket.com - %profile%\extensions\pbupload@photobucket.com

FF - Ext: FacePAD: Facebook Photo Album Downloader: facepad@lazyrussian.com - %profile%\extensions\facepad@lazyrussian.com

FF - Ext: ScrapBook: {53A03D43-5363-4669-8190-99061B2DEBA5} - %profile%\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}

FF - Ext: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - %profile%\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}

FF - Ext: Selenium IDE: Ruby Formatters: rubyformatters@seleniumhq.org - %profile%\extensions\rubyformatters@seleniumhq.org

FF - Ext: Selenium IDE: Java Formatters: javaformatters@seleniumhq.org - %profile%\extensions\javaformatters@seleniumhq.org

FF - Ext: Selenium IDE: Groovy Formatters: groovyformatters@seleniumhq.org - %profile%\extensions\groovyformatters@seleniumhq.org

FF - Ext: Selenium IDE: Perl Formatter: perlformatters@seleniumhq.org - %profile%\extensions\perlformatters@seleniumhq.org

FF - Ext: Selenium IDE: PHP Formatters: phpformatters@seleniumhq.org - %profile%\extensions\phpformatters@seleniumhq.org

FF - Ext: Selenium IDE: {a6fd85ed-e919-4a43-a5af-8da18bda539f} - %profile%\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}

FF - Ext: Selenium IDE: Python Formatters: pythonformatters@seleniumhq.org - %profile%\extensions\pythonformatters@seleniumhq.org

FF - Ext: Selenium IDE: C# Formatters: csharpformatters@seleniumhq.org - %profile%\extensions\csharpformatters@seleniumhq.org

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-KiesTrayAgent - c:\program files\Samsung\Kies\KiesTrayAgent.exe

MSConfigStartUp-SmartDefrag - c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe

AddRemove-Smart Defrag_is1 - c:\program files\IObit\IObit SmartDefrag\unins000.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-09-24 13:33

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MarkFun_NT]

"ImagePath"="\??\c:\program files\Gigabyte\@BIOS\markfun.w32"

.

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\NavFilter\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-583907252-2000478354-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ab,45,54,a6,ea,b7,b3,4c,b2,a4,fb,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,ec,fc,fe,a1,25,ca,45,b4,1a,30,\

.

[HKEY_USERS\S-1-5-21-583907252-2000478354-839522115-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:83,ec,59,d4,19,76,a2,ac,66,af,5a,a6,58,e7,95,39,32,a1,a5,1b,0b,9d,61,

ee,de,67,55,3b,2a,89,24,94,da,4c,8c,a2,c7,3c,cc,22,98,57,15,fb,74,f6,de,ac,\

"??"=hex:fa,77,b5,08,5b,2f,36,ca,83,ac,2b,ef,4c,e7,f2,68

.

[HKEY_USERS\S-1-5-21-583907252-2000478354-839522115-500\Software\SecuROM\License information*]

"datasecu"=hex:e7,59,b4,ef,c4,82,db,c5,14,a3,4d,10,32,16,d2,7d,24,26,d9,f2,b5,

a3,8c,8f,e5,5a,be,bb,0c,8b,13,ae,09,5d,75,8b,4b,31,78,89,46,9e,e7,59,3f,20,\

"rkeysecu"=hex:33,68,90,f0,b9,55,8b,f6,00,b2,17,a6,32,95,44,e0

.

Completion time: 2011-09-24 13:37:55

ComboFix-quarantined-files.txt 2011-09-24 12:37

ComboFix2.txt 2011-09-15 22:54

.

Pre-Run: 26,273,918,976 bytes free

Post-Run: 26,334,425,088 bytes free

.

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - 2E6E187E6B0FA73E76BB11BA74122C52

Link to post
Share on other sites

  • Staff

Hi,

Looks like fragmentation is the largest problem here.

First though, freeing up disk space is essential for the defragmenter to work efficiently. Your Drive C and Z have 11% and 9% free space, respectively.

The defragmenter needs at least 15% free space to run at its best.

First, please try to free up some space (you can use Treesize Free to see what's taking up all of that space).

Reboot.

• Delete Temporary Files:

Please download CCleaner and save it to your desktop.

  • Run the CCleaner installer.
  • During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
  • Please do NOT run a scan yet!

Now, open CCleaner:

  • Click the "Windows" tab.
  • Select the following:
    • Check everything under the "Internet Explorer" section.
    • Check everything under the "Windows Explorer" section.
    • Check everything under the "System" section.
    • Check ONLY "Old Prefetch data" under the "Advanced" section.

    [*]Then, click the "Applications" tab:

    • CHECK everything there.

    [*]Next, click the "Options" button in the left pane, then click the "Advanced" button:

    • CHECK : "Only delete files in Windows Temp folders older than 48 hours".

    [*]Next, click the "Cleaner" button in the left pane, then click the "Run Cleaner" button (bottom right), click "OK" at the prompt.

    [*]When done, please exit CCleaner.

CAUTION: Please do NOT use the "Issues" button in the left pane. This is a built-in registry cleaner. If you don’t know how to use it, you may cause irreparable damage to your system.

• Reduce System Restore space (Drive C):

Right click My Computer and click Properties. Select the System Restore tab, and move the slider to 3%. You're pretty much wasting disk space otherwise.

• Defragment Drive C:

Defragmenting is a must. It's one of the large reasons for system slowdowns. I use Defraggler to defragment. It is free to download and you can use it forever. I recommend installing it and defragmenting as soon as possible.

After that, reboot and run the PCPitStop tests again; post the URL to the results. Let me know how things are running now.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.