Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer too slow..freezes and disallows program access


  • Please log in to reply

#1
rriche

rriche

    Member

  • Member
  • PipPip
  • 59 posts
Hi Geeks To Go...
I am currently experiencing the following problems:
Computer runs too slow..
Computer will often freeze and not allow access to programs..When trying to reboot, it will often state I am exeriencing a network sink issue and I have to cancel the lost data suggestion for it to proceed with reboot.
Also lately after a bungled netgear adaptor driver update I have been experiencing wireless dropout to the modem...My internet provider techs assisted and got it to operate properly for one day last week but since that time the issue has reappeared..
Please help me Geeks as I am too stupid to fix these issues on my own accord..
Your assistance is greatly and most warmly appreciated...

Regards
Richrd Philippe

As requested here is the OTC report:

OTL Extras logfile created on: 20/12/2011 6:36:38 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Richard\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1023.48 Mb Total Physical Memory | 295.90 Mb Available Physical Memory | 28.91% Memory free
3.83 Gb Paging File | 3.16 Gb Available in Paging File | 82.50% Paging File free
Paging file location(s): C:\pagefile.sys 3000 3500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 67.95 Gb Free Space | 60.79% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 36.30 Gb Free Space | 15.59% Space Free | Partition Type: NTFS

Computer Name: PENTIUM-4 | User Name: Richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime -- (Nero AG)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\DAP\DAP.exe" = C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP) -- (SpeedBit Ltd.)
"C:\Documents and Settings\Richard\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0001.tmp\lmi_rescue.exe" = C:\Documents and Settings\Richard\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0001.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX300_series" = Canon MX300 series
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23B59B9F-C360-11D7-875B-0090CC005647}" = PIF DESIGNER2.1
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 25
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4102037D-E8E0-48E0-B203-E521D194FB71}" = NETGEAR WG111v2 wireless USB 2.0 adapter
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{66C8BE35-8BBB-472B-96C7-C7C9A499F988}" = ArcSoft Software Suite
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{70AB1576-7883-2313-C650-7A71270B1033}" = Nero 7 Ultra Edition
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EC5A7FA4-740B-4979-AD3B-B1117D98C9AE}" = WebIressDataServices 2.00
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"54C387968987D0308E3C2F0A5D723BC3CB8926B9" = Windows Driver Package - 2Wire (2WIREPCP) Net (09/18/2002 1.4.0.5)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ATI Display Driver" = ATI Display Driver
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"C-Media Audio Driver" = C-Media WDM Audio Driver
"CNXT_MODEM_PCI_HSF" = PCI SoftV92 Modem
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"GoldWave v5.23" = GoldWave v5.23
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PokerStars" = PokerStars
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"SpeedBit Video Downloader" = SpeedBit Video Downloader
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WinAVIVideoConverter_is1" = WinAVIVideoConverter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.10 beta 4 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15/12/2011 5:00:42 PM | Computer Name = PENTIUM-4 | Source = Application Error | ID = 1000
Description = Faulting application wg111v2.exe, version 1.0.0.185, faulting module
wg111v2.exe, version 1.0.0.185, fault address 0x00015055.

Error - 16/12/2011 3:18:15 AM | Computer Name = PENTIUM-4 | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 14.0.6109.5005, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 16/12/2011 11:09:31 AM | Computer Name = PENTIUM-4 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 17/12/2011 2:59:38 AM | Computer Name = PENTIUM-4 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 17/12/2011 3:04:34 AM | Computer Name = PENTIUM-4 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 17/12/2011 11:09:17 AM | Computer Name = PENTIUM-4 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 18/12/2011 2:59:46 AM | Computer Name = PENTIUM-4 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 18/12/2011 3:04:42 AM | Computer Name = PENTIUM-4 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 18/12/2011 5:45:21 AM | Computer Name = PENTIUM-4 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 18/12/2011 10:55:22 AM | Computer Name = PENTIUM-4 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 18/12/2011 4:12:59 AM | Computer Name = PENTIUM-4 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service RichVideo with
arguments "-Service" in order to run the server: {889CA1C3-E115-47E1-88EC-20DF644E982A}

Error - 18/12/2011 4:12:59 AM | Computer Name = PENTIUM-4 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service RichVideo with
arguments "-Service" in order to run the server: {889CA1C3-E115-47E1-88EC-20DF644E982A}

Error - 18/12/2011 4:12:59 AM | Computer Name = PENTIUM-4 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service RichVideo with
arguments "-Service" in order to run the server: {889CA1C3-E115-47E1-88EC-20DF644E982A}

Error - 18/12/2011 4:12:59 AM | Computer Name = PENTIUM-4 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service RichVideo with
arguments "-Service" in order to run the server: {889CA1C3-E115-47E1-88EC-20DF644E982A}

Error - 18/12/2011 4:13:06 AM | Computer Name = PENTIUM-4 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service RichVideo with
arguments "-Service" in order to run the server: {889CA1C3-E115-47E1-88EC-20DF644E982A}

Error - 18/12/2011 4:13:06 AM | Computer Name = PENTIUM-4 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service RichVideo with
arguments "-Service" in order to run the server: {889CA1C3-E115-47E1-88EC-20DF644E982A}

Error - 18/12/2011 4:13:06 AM | Computer Name = PENTIUM-4 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service RichVideo with
arguments "-Service" in order to run the server: {889CA1C3-E115-47E1-88EC-20DF644E982A}

Error - 18/12/2011 4:13:06 AM | Computer Name = PENTIUM-4 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service RichVideo with
arguments "-Service" in order to run the server: {889CA1C3-E115-47E1-88EC-20DF644E982A}

Error - 18/12/2011 5:45:21 AM | Computer Name = PENTIUM-4 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.117.1145.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 18/12/2011 10:55:22 AM | Computer Name = PENTIUM-4 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.117.1145.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.


< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,798 posts
  • MVP
You posted the Extras log instead of the OTL log which is probably why you got ignored.

ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Do the following:
Start -> Run
type diskmgmt.msc
Click "OK"

Disk Management will open.

Click and hold the right side of the Disk Management Window and drag it to the right until you can see all the columns.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.
http://graphicssoft....nscreenshot.htm Save the file as a .jpg or the forum won't allow it.


Run OTL, Quickscan and post the log.


Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Ron
  • 0

#3
rriche

rriche

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Hello Ron,
Thankyou for your timely response and your services are sincerely and greatly valued.....
I will try and provide the details that you require...If not too much too ask could you please let me know just what you may be trying to achieve as it is of great interest to me in your technical process.

As per your guidelines:
Combofix log...

ComboFix 11-12-25.03 - Richard 26/12/2011 16:09:12.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1023.535 [GMT 11:00]
Running from: c:\documents and settings\Richard\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Richard\Application Data\Toolbar4
c:\documents and settings\Richard\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\cache\561fc09638c094093d7e73ed2e9fd71f
c:\documents and settings\Richard\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\cache\6f52dca438370b63146a128c3829cc7e
c:\documents and settings\Richard\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\cache\bbb9c886cf2ba534f4be36c9ba863f2f
c:\documents and settings\Richard\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\cache\c126aa3bce59a908a231c8d862925cfb
c:\documents and settings\Richard\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\include_files\23e99d9c2c038a2ee37e9255c6a8b04c
c:\documents and settings\Richard\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\speedbit_icon0.2.png
c:\documents and settings\Richard\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\video.png
c:\windows\EventSystem.log
E:\AUTORUN.INF
.
Infected copy of c:\windows\system32\user32.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\user32.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-11-26 to 2011-12-26 )))))))))))))))))))))))))))))))
.
.
2011-12-26 11:21 . 2011-12-26 11:21 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-12-26 11:20 . 2011-12-26 11:20 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D5DB03E9-3A5A-4934-8085-3ECD962882D9}\offreg.dll
2011-12-25 15:28 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D5DB03E9-3A5A-4934-8085-3ECD962882D9}\mpengine.dll
2011-12-14 12:48 . 2011-12-15 02:07 -------- d-----w- c:\documents and settings\Richard\Local Settings\Application Data\LogMeIn Rescue Applet
2011-12-11 21:42 . 2007-12-25 23:47 272128 ----a-w- c:\windows\system32\drivers\wg111v2.sys
2011-12-11 21:42 . 2007-12-25 00:24 344064 ------w- c:\windows\system32\SCMLib.dll
2011-12-11 21:42 . 2007-04-26 19:00 1069056 ------w- c:\windows\system32\libeay32.dll
2011-12-11 21:42 . 2005-07-19 17:53 966765 ------w- c:\windows\system32\acAuth.dll
2011-12-11 21:42 . 2005-01-25 03:30 143360 ------w- c:\windows\system32\IpLib.dll
2011-12-11 21:41 . 2011-12-11 21:41 -------- d-----w- c:\documents and settings\Richard\Application Data\InstallShield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-24 13:33 . 2011-11-24 13:33 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-11-23 13:25 . 2004-08-04 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 10:47 . 2011-02-04 06:54 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-04 19:20 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-04 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2004-08-04 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2007-02-10 08:46 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
2011-03-30 05:46 2447360 ----a-w- c:\program files\SpeedBit Video Downloader\TBUF2\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 01:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2011-03-30 2918576]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-30 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-20 519584]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2011-12-12 1268192]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 17:29 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-03 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-14 16:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
2011-03-30 05:47 2918576 ----a-w- c:\program files\DAP\DAP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2001-10-15 15:10 196608 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-12 13:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 11:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
2011-02-05 05:17 557056 ----a-w- c:\program files\lg_fwupdate\fwupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2011-06-15 05:16 997920 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2011-07-21 12:07 718720 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 07:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]
2011-01-05 03:56 2084040 ----a-w- c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-03-30 06:31 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX6000]
2006-10-13 06:04 994096 ----a-w- c:\windows\vVX6000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"RichVideo"=3 (0x3)
"VideoAcceleratorService"=3 (0x3)
"iPod Service"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [12/12/2011 8:42 AM 272128]
S1 MpKsl40bdf8a8;MpKsl40bdf8a8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9E3EB6B9-4ED4-4512-9057-0FC9714AAB20}\MpKsl40bdf8a8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9E3EB6B9-4ED4-4512-9057-0FC9714AAB20}\MpKsl40bdf8a8.sys [?]
S1 MpKsl48301ef0;MpKsl48301ef0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8613A809-741A-452B-98BC-03420C16E0B5}\MpKsl48301ef0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8613A809-741A-452B-98BC-03420C16E0B5}\MpKsl48301ef0.sys [?]
S1 MpKsl4c6587b7;MpKsl4c6587b7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17D36365-4851-4F92-B959-42BFB36A7B18}\MpKsl4c6587b7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17D36365-4851-4F92-B959-42BFB36A7B18}\MpKsl4c6587b7.sys [?]
S1 MpKsl50931f9f;MpKsl50931f9f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AEDA2D54-56C5-4636-BC97-4999FD58EF3B}\MpKsl50931f9f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AEDA2D54-56C5-4636-BC97-4999FD58EF3B}\MpKsl50931f9f.sys [?]
S1 MpKsl77e6c875;MpKsl77e6c875;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{98C58E66-EECB-420F-94AF-09D33CAFC074}\MpKsl77e6c875.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{98C58E66-EECB-420F-94AF-09D33CAFC074}\MpKsl77e6c875.sys [?]
S1 MpKsl94c959a5;MpKsl94c959a5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6F8E86D4-6000-44A2-91D1-B3BD7C1BB5BD}\MpKsl94c959a5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6F8E86D4-6000-44A2-91D1-B3BD7C1BB5BD}\MpKsl94c959a5.sys [?]
S1 MpKsl9c6a3d64;MpKsl9c6a3d64;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B83353FF-6918-4B94-9F8F-AC2FDCA35EFA}\MpKsl9c6a3d64.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B83353FF-6918-4B94-9F8F-AC2FDCA35EFA}\MpKsl9c6a3d64.sys [?]
S1 MpKslaf8c3338;MpKslaf8c3338;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BC76F156-038E-472D-A803-07F73C5A191D}\MpKslaf8c3338.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BC76F156-038E-472D-A803-07F73C5A191D}\MpKslaf8c3338.sys [?]
S1 MpKslc57ff2b6;MpKslc57ff2b6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B83353FF-6918-4B94-9F8F-AC2FDCA35EFA}\MpKslc57ff2b6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B83353FF-6918-4B94-9F8F-AC2FDCA35EFA}\MpKslc57ff2b6.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 2:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/01/2010 8:51 PM 135664]
S3 BPIKSp50;BPIKSp50 NDIS Protocol Driver;\??\d:\bpiksp50.sys --> d:\BPIKSp50.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/01/2010 8:51 PM 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12/06/2011 12:15 PM 31125880]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys --> c:\windows\system32\DRIVERS\netaapl.sys [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/01/2010 9:37 PM 4640000]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [13/04/2006 5:19 PM 2383152]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/08/2004 11:00 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 2:16 PM 753504]
S4 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 06:57]
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 09:51]
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 09:51]
.
2011-12-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 05:39]
.
2011-12-26 c:\windows\Tasks\User_Feed_Synchronization-{D686A14D-76A5-4342-9F21-989052557DA2}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 18:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ninemsn.com.au/
uInternet Settings,ProxyOverride = *.local
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
LSP: c:\program files\SpeedBit Video Accelerator\LSP3.2.1.3\SBLSP.dll
Trusted Zone: tab.com.au\www
TCP: DhcpNameServer = 10.0.0.138
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-26 22:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1275210071-343818398-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(868)
c:\program files\SpeedBit Video Accelerator\LSP3.2.1.3\SBLSP.dll
c:\program files\SpeedBit Video Accelerator\ConfigDB.dll
.
- - - - - - - > 'explorer.exe'(3924)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-12-26 22:29:40 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-26 11:28
.
Pre-Run: 73,090,646,016 bytes free
Post-Run: 73,158,254,592 bytes free
.
- - End Of File - - 1CA5E9E5463F35293F0D812DAD032195



TDSSKILLER...

08:09:17.0671 2056 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
08:09:18.0687 2056 ============================================================
08:09:18.0687 2056 Current date / time: 2011/12/27 08:09:18.0687
08:09:18.0687 2056 SystemInfo:
08:09:18.0687 2056
08:09:18.0687 2056 OS Version: 5.1.2600 ServicePack: 3.0
08:09:18.0687 2056 Product type: Workstation
08:09:18.0687 2056 ComputerName: PENTIUM-4
08:09:18.0687 2056 UserName: Richard
08:09:18.0687 2056 Windows directory: C:\WINDOWS
08:09:18.0687 2056 System windows directory: C:\WINDOWS
08:09:18.0687 2056 Processor architecture: Intel x86
08:09:18.0687 2056 Number of processors: 2
08:09:18.0687 2056 Page size: 0x1000
08:09:18.0687 2056 Boot type: Normal boot
08:09:18.0687 2056 ============================================================
08:09:21.0140 2056 Initialize success
08:09:38.0156 3232 Deinitialize success


TDSSKILLER Part 2

08:09:46.0859 0124 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
08:09:47.0718 0124 ============================================================
08:09:47.0718 0124 Current date / time: 2011/12/27 08:09:47.0718
08:09:47.0718 0124 SystemInfo:
08:09:47.0718 0124
08:09:47.0718 0124 OS Version: 5.1.2600 ServicePack: 3.0
08:09:47.0718 0124 Product type: Workstation
08:09:47.0718 0124 ComputerName: PENTIUM-4
08:09:47.0718 0124 UserName: Richard
08:09:47.0718 0124 Windows directory: C:\WINDOWS
08:09:47.0718 0124 System windows directory: C:\WINDOWS
08:09:47.0718 0124 Processor architecture: Intel x86
08:09:47.0718 0124 Number of processors: 2
08:09:47.0718 0124 Page size: 0x1000
08:09:47.0718 0124 Boot type: Normal boot
08:09:47.0718 0124 ============================================================
08:09:49.0000 0124 Initialize success
08:10:12.0859 3536 ============================================================
08:10:12.0859 3536 Scan started
08:10:12.0859 3536 Mode: Manual;
08:10:12.0859 3536 ============================================================
08:10:13.0296 3536 Abiosdsk - ok
08:10:13.0421 3536 abp480n5 - ok
08:10:13.0578 3536 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:10:13.0578 3536 ACPI - ok
08:10:13.0703 3536 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:10:13.0703 3536 ACPIEC - ok
08:10:13.0859 3536 adpu160m - ok
08:10:14.0031 3536 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:10:14.0031 3536 aec - ok
08:10:14.0187 3536 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
08:10:14.0187 3536 AegisP - ok
08:10:14.0328 3536 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:10:14.0328 3536 AFD - ok
08:10:14.0437 3536 Aha154x - ok
08:10:14.0562 3536 aic78u2 - ok
08:10:14.0687 3536 aic78xx - ok
08:10:14.0921 3536 ALCXWDM (9a6aa923f00d368c8ad3bd7485d5cdca) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
08:10:15.0000 3536 ALCXWDM - ok
08:10:15.0140 3536 AliIde - ok
08:10:15.0265 3536 amsint - ok
08:10:15.0406 3536 asc - ok
08:10:15.0531 3536 asc3350p - ok
08:10:15.0656 3536 asc3550 - ok
08:10:15.0812 3536 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:10:15.0812 3536 AsyncMac - ok
08:10:15.0953 3536 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:10:15.0953 3536 atapi - ok
08:10:16.0078 3536 Atdisk - ok
08:10:16.0343 3536 ati2mtag (492bd2a5f65f218d4ede5764a3bb67e9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
08:10:16.0390 3536 ati2mtag - ok
08:10:16.0562 3536 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:10:16.0562 3536 Atmarpc - ok
08:10:16.0687 3536 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:10:16.0687 3536 audstub - ok
08:10:16.0812 3536 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:10:16.0812 3536 Beep - ok
08:10:16.0828 3536 BPIKSp50 - ok
08:10:16.0843 3536 catchme - ok
08:10:17.0015 3536 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:10:17.0015 3536 cbidf2k - ok
08:10:17.0156 3536 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:10:17.0156 3536 CCDECODE - ok
08:10:17.0265 3536 cd20xrnt - ok
08:10:17.0421 3536 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:10:17.0421 3536 Cdaudio - ok
08:10:17.0546 3536 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:10:17.0562 3536 Cdfs - ok
08:10:17.0687 3536 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:10:17.0687 3536 Cdrom - ok
08:10:17.0781 3536 Changer - ok
08:10:17.0921 3536 CmdIde - ok
08:10:18.0078 3536 cmuda - ok
08:10:18.0218 3536 Cpqarray - ok
08:10:18.0343 3536 dac2w2k - ok
08:10:18.0468 3536 dac960nt - ok
08:10:18.0625 3536 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:10:18.0625 3536 Disk - ok
08:10:18.0828 3536 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:10:18.0859 3536 dmboot - ok
08:10:19.0015 3536 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:10:19.0031 3536 dmio - ok
08:10:19.0156 3536 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:10:19.0156 3536 dmload - ok
08:10:19.0359 3536 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:10:19.0359 3536 DMusic - ok
08:10:19.0500 3536 dpti2o - ok
08:10:19.0687 3536 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:10:19.0687 3536 drmkaud - ok
08:10:19.0828 3536 es1371 (24e564f710d887ecc75cfe59882ecc5d) C:\WINDOWS\system32\drivers\es1371mp.sys
08:10:19.0828 3536 es1371 - ok
08:10:19.0953 3536 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:10:19.0968 3536 Fastfat - ok
08:10:20.0109 3536 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
08:10:20.0109 3536 Fdc - ok
08:10:20.0265 3536 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:10:20.0281 3536 Fips - ok
08:10:20.0406 3536 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:10:20.0406 3536 Flpydisk - ok
08:10:20.0531 3536 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
08:10:20.0531 3536 FltMgr - ok
08:10:20.0671 3536 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:10:20.0671 3536 Fs_Rec - ok
08:10:20.0796 3536 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:10:20.0796 3536 Ftdisk - ok
08:10:20.0937 3536 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
08:10:20.0937 3536 gameenum - ok
08:10:21.0062 3536 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:10:21.0062 3536 GEARAspiWDM - ok
08:10:21.0234 3536 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:10:21.0234 3536 Gpc - ok
08:10:21.0375 3536 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:10:21.0375 3536 HidUsb - ok
08:10:21.0484 3536 hpn - ok
08:10:21.0656 3536 HSFHWBS2 (6312dc46356df3974e88aa51b69360dc) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
08:10:21.0656 3536 HSFHWBS2 - ok
08:10:21.0828 3536 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
08:10:21.0875 3536 HSF_DP - ok
08:10:22.0156 3536 HSF_DPV (daab917eec9849840a13353198d48cc5) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
08:10:22.0281 3536 HSF_DPV - ok
08:10:22.0687 3536 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:10:22.0734 3536 HTTP - ok
08:10:22.0953 3536 i2omgmt - ok
08:10:23.0281 3536 i2omp - ok
08:10:23.0656 3536 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:10:23.0671 3536 i8042prt - ok
08:10:24.0125 3536 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:10:24.0140 3536 Imapi - ok
08:10:24.0484 3536 ini910u - ok
08:10:24.0843 3536 IntelIde - ok
08:10:25.0234 3536 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:10:25.0250 3536 intelppm - ok
08:10:25.0453 3536 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
08:10:25.0453 3536 Ip6Fw - ok
08:10:25.0625 3536 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:10:25.0625 3536 IpFilterDriver - ok
08:10:25.0781 3536 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:10:25.0781 3536 IpInIp - ok
08:10:25.0937 3536 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:10:25.0937 3536 IpNat - ok
08:10:26.0093 3536 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:10:26.0109 3536 IPSec - ok
08:10:26.0265 3536 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:10:26.0265 3536 IRENUM - ok
08:10:26.0406 3536 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:10:26.0406 3536 isapnp - ok
08:10:26.0562 3536 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:10:26.0562 3536 Kbdclass - ok
08:10:26.0703 3536 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:10:26.0703 3536 kmixer - ok
08:10:26.0828 3536 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:10:26.0843 3536 KSecDD - ok
08:10:26.0984 3536 lbrtfdc - ok
08:10:27.0156 3536 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
08:10:27.0156 3536 mdmxsdk - ok
08:10:27.0281 3536 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:10:27.0281 3536 mnmdd - ok
08:10:27.0421 3536 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:10:27.0421 3536 Modem - ok
08:10:27.0562 3536 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
08:10:27.0562 3536 MODEMCSA - ok
08:10:27.0703 3536 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:10:27.0703 3536 Mouclass - ok
08:10:27.0828 3536 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:10:27.0828 3536 MountMgr - ok
08:10:27.0968 3536 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
08:10:27.0968 3536 MpFilter - ok
08:10:28.0062 3536 MpKsl40bdf8a8 - ok
08:10:28.0078 3536 MpKsl48301ef0 - ok
08:10:28.0078 3536 MpKsl4c6587b7 - ok
08:10:28.0093 3536 MpKsl50931f9f - ok
08:10:28.0093 3536 MpKsl77e6c875 - ok
08:10:28.0109 3536 MpKsl94c959a5 - ok
08:10:28.0109 3536 MpKsl9c6a3d64 - ok
08:10:28.0125 3536 MpKslaf8c3338 - ok
08:10:28.0140 3536 MpKslc57ff2b6 - ok
08:10:28.0265 3536 mraid35x - ok
08:10:28.0421 3536 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:10:28.0437 3536 MRxDAV - ok
08:10:28.0578 3536 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:10:28.0609 3536 MRxSmb - ok
08:10:28.0781 3536 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:10:28.0781 3536 Msfs - ok
08:10:28.0953 3536 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:10:28.0953 3536 MSKSSRV - ok
08:10:29.0125 3536 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:10:29.0125 3536 MSPCLOCK - ok
08:10:29.0250 3536 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:10:29.0250 3536 MSPQM - ok
08:10:29.0375 3536 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:10:29.0390 3536 mssmbios - ok
08:10:29.0500 3536 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
08:10:29.0500 3536 MSTEE - ok
08:10:29.0640 3536 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:10:29.0640 3536 Mup - ok
08:10:29.0765 3536 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
08:10:29.0765 3536 NABTSFEC - ok
08:10:29.0921 3536 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:10:29.0937 3536 NDIS - ok
08:10:30.0078 3536 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
08:10:30.0078 3536 NdisIP - ok
08:10:30.0234 3536 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:10:30.0234 3536 NdisTapi - ok
08:10:30.0406 3536 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:10:30.0406 3536 Ndisuio - ok
08:10:30.0562 3536 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:10:30.0562 3536 NdisWan - ok
08:10:30.0734 3536 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:10:30.0734 3536 NDProxy - ok
08:10:30.0859 3536 Netaapl - ok
08:10:31.0078 3536 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:10:31.0078 3536 NetBIOS - ok
08:10:31.0218 3536 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:10:31.0234 3536 NetBT - ok
08:10:31.0421 3536 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:10:31.0421 3536 Npfs - ok
08:10:31.0625 3536 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:10:31.0671 3536 Ntfs - ok
08:10:31.0812 3536 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:10:31.0812 3536 Null - ok
08:10:31.0968 3536 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:10:31.0968 3536 NwlnkFlt - ok
08:10:32.0093 3536 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:10:32.0093 3536 NwlnkFwd - ok
08:10:32.0250 3536 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
08:10:32.0250 3536 Parport - ok
08:10:32.0437 3536 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:10:32.0437 3536 PartMgr - ok
08:10:32.0578 3536 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:10:32.0593 3536 ParVdm - ok
08:10:32.0750 3536 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:10:32.0750 3536 PCI - ok
08:10:32.0921 3536 PCIDump - ok
08:10:33.0078 3536 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:10:33.0078 3536 PCIIde - ok
08:10:33.0218 3536 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:10:33.0218 3536 Pcmcia - ok
08:10:33.0375 3536 PDCOMP - ok
08:10:33.0546 3536 PDFRAME - ok
08:10:33.0703 3536 PDRELI - ok
08:10:33.0859 3536 PDRFRAME - ok
08:10:33.0984 3536 perc2 - ok
08:10:34.0140 3536 perc2hib - ok
08:10:34.0218 3536 pgfilter - ok
08:10:34.0375 3536 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:10:34.0375 3536 PptpMiniport - ok
08:10:34.0515 3536 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:10:34.0515 3536 PSched - ok
08:10:34.0640 3536 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:10:34.0640 3536 Ptilink - ok
08:10:34.0750 3536 ql1080 - ok
08:10:34.0875 3536 Ql10wnt - ok
08:10:35.0000 3536 ql12160 - ok
08:10:35.0156 3536 ql1240 - ok
08:10:35.0281 3536 ql1280 - ok
08:10:35.0421 3536 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:10:35.0421 3536 RasAcd - ok
08:10:35.0562 3536 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:10:35.0562 3536 Rasl2tp - ok
08:10:35.0687 3536 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:10:35.0687 3536 RasPppoe - ok
08:10:35.0828 3536 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:10:35.0828 3536 Raspti - ok
08:10:35.0953 3536 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:10:35.0953 3536 Rdbss - ok
08:10:36.0093 3536 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:10:36.0093 3536 RDPCDD - ok
08:10:36.0296 3536 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:10:36.0296 3536 rdpdr - ok
08:10:36.0437 3536 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
08:10:36.0437 3536 RDPWD - ok
08:10:36.0593 3536 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:10:36.0593 3536 redbook - ok
08:10:36.0750 3536 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
08:10:36.0750 3536 RTL8023xp - ok
08:10:36.0890 3536 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
08:10:36.0890 3536 rtl8139 - ok
08:10:37.0046 3536 RTLWUSB (c3880bf1bad0b8eb69efb07a9c3fa7d9) C:\WINDOWS\system32\DRIVERS\wg111v2.sys
08:10:37.0062 3536 RTLWUSB - ok
08:10:37.0218 3536 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:10:37.0218 3536 Secdrv - ok
08:10:37.0375 3536 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:10:37.0375 3536 serenum - ok
08:10:37.0500 3536 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
08:10:37.0500 3536 Serial - ok
08:10:37.0640 3536 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:10:37.0656 3536 Sfloppy - ok
08:10:37.0750 3536 Simbad - ok
08:10:37.0906 3536 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys
08:10:37.0906 3536 SISNIC - ok
08:10:38.0031 3536 SjyPkt - ok
08:10:38.0187 3536 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
08:10:38.0187 3536 SLIP - ok
08:10:38.0312 3536 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
08:10:38.0328 3536 SONYPVU1 - ok
08:10:38.0421 3536 Sparrow - ok
08:10:38.0593 3536 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:10:38.0593 3536 splitter - ok
08:10:38.0734 3536 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:10:38.0734 3536 sr - ok
08:10:38.0921 3536 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:10:38.0968 3536 Srv - ok
08:10:39.0140 3536 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
08:10:39.0140 3536 StarOpen - ok
08:10:39.0296 3536 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
08:10:39.0296 3536 streamip - ok
08:10:39.0437 3536 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:10:39.0437 3536 swenum - ok
08:10:39.0578 3536 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:10:39.0578 3536 swmidi - ok
08:10:39.0687 3536 symc810 - ok
08:10:39.0812 3536 symc8xx - ok
08:10:39.0953 3536 sym_hi - ok
08:10:40.0078 3536 sym_u3 - ok
08:10:40.0234 3536 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:10:40.0234 3536 sysaudio - ok
08:10:40.0390 3536 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:10:40.0421 3536 Tcpip - ok
08:10:40.0546 3536 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:10:40.0562 3536 TDPIPE - ok
08:10:40.0687 3536 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:10:40.0687 3536 TDTCP - ok
08:10:40.0828 3536 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:10:40.0828 3536 TermDD - ok
08:10:40.0968 3536 TosIde - ok
08:10:41.0125 3536 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
08:10:41.0125 3536 uagp35 - ok
08:10:41.0265 3536 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:10:41.0265 3536 Udfs - ok
08:10:41.0390 3536 ultra - ok
08:10:41.0562 3536 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:10:41.0593 3536 Update - ok
08:10:41.0734 3536 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
08:10:41.0734 3536 USBAAPL - ok
08:10:41.0859 3536 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
08:10:41.0859 3536 usbaudio - ok
08:10:42.0015 3536 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:10:42.0015 3536 usbccgp - ok
08:10:42.0140 3536 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:10:42.0140 3536 usbehci - ok
08:10:42.0281 3536 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:10:42.0281 3536 usbhub - ok
08:10:42.0406 3536 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
08:10:42.0406 3536 usbohci - ok
08:10:42.0531 3536 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:10:42.0546 3536 usbprint - ok
08:10:42.0671 3536 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:10:42.0671 3536 usbscan - ok
08:10:42.0796 3536 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
08:10:42.0796 3536 usbser - ok
08:10:42.0937 3536 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:10:42.0937 3536 USBSTOR - ok
08:10:43.0093 3536 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:10:43.0109 3536 usbuhci - ok
08:10:43.0234 3536 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:10:43.0234 3536 VgaSave - ok
08:10:43.0375 3536 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
08:10:43.0375 3536 ViaIde - ok
08:10:43.0500 3536 viamraid (0363e216e4eb5052969c96608934dbde) C:\WINDOWS\system32\DRIVERS\viamraid.sys
08:10:43.0500 3536 viamraid - ok
08:10:43.0671 3536 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:10:43.0687 3536 VolSnap - ok
08:10:43.0953 3536 VX6000 (61fc38a2e136a2e5944e7ca286abaaae) C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys
08:10:44.0015 3536 VX6000 - ok
08:10:44.0187 3536 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:10:44.0187 3536 Wanarp - ok
08:10:44.0343 3536 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
08:10:44.0359 3536 Wdf01000 - ok
08:10:44.0468 3536 WDICA - ok
08:10:44.0625 3536 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:10:44.0625 3536 wdmaud - ok
08:10:44.0796 3536 winachsf (be3a842c2f2e87e7c840d36bcf13e8e0) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
08:10:44.0828 3536 winachsf - ok
08:10:45.0046 3536 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
08:10:45.0046 3536 WpdUsb - ok
08:10:45.0187 3536 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:10:45.0187 3536 WS2IFSL - ok
08:10:45.0312 3536 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
08:10:45.0312 3536 WSTCODEC - ok
08:10:45.0453 3536 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:10:45.0453 3536 WudfPf - ok
08:10:45.0593 3536 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:10:45.0593 3536 WudfRd - ok
08:10:45.0656 3536 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
08:10:45.0828 3536 \Device\Harddisk0\DR0 - ok
08:10:45.0828 3536 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
08:10:46.0046 3536 \Device\Harddisk1\DR1 - ok
08:10:46.0046 3536 Boot (0x1200) (22a17cdb45dd0c61b8a67809141dc236) \Device\Harddisk0\DR0\Partition0
08:10:46.0046 3536 \Device\Harddisk0\DR0\Partition0 - ok
08:10:46.0062 3536 Boot (0x1200) (6da2cbe739fe1600c2072c1ae93dee93) \Device\Harddisk1\DR1\Partition0
08:10:46.0062 3536 \Device\Harddisk1\DR1\Partition0 - ok
08:10:46.0062 3536 ============================================================
08:10:46.0062 3536 Scan finished
08:10:46.0062 3536 ============================================================
08:10:46.0078 2036 Detected object count: 0
08:10:46.0078 2036 Actual detected object count: 0
08:12:50.0078 1668 ============================================================
08:12:50.0078 1668 Scan started
08:12:50.0078 1668 Mode: Manual; SigCheck; TDLFS;
08:12:50.0078 1668 ============================================================
08:12:50.0343 1668 Abiosdsk - ok
08:12:50.0468 1668 abp480n5 - ok
08:12:50.0625 1668 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:12:51.0843 1668 ACPI - ok
08:12:51.0984 1668 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:12:52.0156 1668 ACPIEC - ok
08:12:52.0265 1668 adpu160m - ok
08:12:52.0437 1668 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:12:52.0609 1668 aec - ok
08:12:52.0765 1668 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
08:12:52.0781 1668 AegisP ( UnsignedFile.Multi.Generic ) - warning
08:12:52.0781 1668 AegisP - detected UnsignedFile.Multi.Generic (1)
08:12:52.0937 1668 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:12:53.0031 1668 AFD - ok
08:12:53.0140 1668 Aha154x - ok
08:12:53.0265 1668 aic78u2 - ok
08:12:53.0390 1668 aic78xx - ok
08:12:53.0625 1668 ALCXWDM (9a6aa923f00d368c8ad3bd7485d5cdca) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
08:12:53.0859 1668 ALCXWDM - ok
08:12:54.0031 1668 AliIde - ok
08:12:54.0156 1668 amsint - ok
08:12:54.0281 1668 asc - ok
08:12:54.0406 1668 asc3350p - ok
08:12:54.0531 1668 asc3550 - ok
08:12:54.0703 1668 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:12:54.0859 1668 AsyncMac - ok
08:12:55.0046 1668 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:12:55.0203 1668 atapi - ok
08:12:55.0312 1668 Atdisk - ok
08:12:55.0546 1668 ati2mtag (492bd2a5f65f218d4ede5764a3bb67e9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
08:12:55.0671 1668 ati2mtag - ok
08:12:55.0859 1668 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:12:56.0015 1668 Atmarpc - ok
08:12:56.0156 1668 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:12:56.0328 1668 audstub - ok
08:12:56.0468 1668 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:12:56.0640 1668 Beep - ok
08:12:56.0656 1668 BPIKSp50 - ok
08:12:56.0671 1668 catchme - ok
08:12:56.0937 1668 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:12:57.0140 1668 cbidf2k - ok
08:12:57.0593 1668 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:12:57.0765 1668 CCDECODE - ok
08:12:58.0046 1668 cd20xrnt - ok
08:12:58.0421 1668 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:12:58.0578 1668 Cdaudio - ok
08:12:59.0031 1668 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:12:59.0234 1668 Cdfs - ok
08:12:59.0703 1668 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:12:59.0890 1668 Cdrom - ok
08:13:00.0031 1668 Changer - ok
08:13:00.0203 1668 CmdIde - ok
08:13:00.0359 1668 cmuda - ok
08:13:00.0500 1668 Cpqarray - ok
08:13:00.0625 1668 dac2w2k - ok
08:13:00.0750 1668 dac960nt - ok
08:13:00.0906 1668 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:13:01.0078 1668 Disk - ok
08:13:01.0265 1668 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:13:01.0453 1668 dmboot - ok
08:13:01.0609 1668 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:13:01.0781 1668 dmio - ok
08:13:01.0921 1668 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:13:02.0093 1668 dmload - ok
08:13:02.0234 1668 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:13:02.0406 1668 DMusic - ok
08:13:02.0531 1668 dpti2o - ok
08:13:02.0687 1668 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:13:02.0843 1668 drmkaud - ok
08:13:03.0015 1668 es1371 (24e564f710d887ecc75cfe59882ecc5d) C:\WINDOWS\system32\drivers\es1371mp.sys
08:13:03.0062 1668 es1371 - ok
08:13:03.0218 1668 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:13:03.0390 1668 Fastfat - ok
08:13:03.0546 1668 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
08:13:03.0734 1668 Fdc - ok
08:13:03.0859 1668 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:13:04.0140 1668 Fips - ok
08:13:04.0296 1668 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:13:04.0453 1668 Flpydisk - ok
08:13:04.0593 1668 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
08:13:04.0765 1668 FltMgr - ok
08:13:04.0906 1668 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:13:05.0078 1668 Fs_Rec - ok
08:13:05.0265 1668 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:13:05.0453 1668 Ftdisk - ok
08:13:05.0593 1668 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
08:13:05.0781 1668 gameenum - ok
08:13:05.0953 1668 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:13:05.0968 1668 GEARAspiWDM - ok
08:13:06.0125 1668 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:13:06.0296 1668 Gpc - ok
08:13:06.0437 1668 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:13:06.0609 1668 HidUsb - ok
08:13:06.0718 1668 hpn - ok
08:13:06.0906 1668 HSFHWBS2 (6312dc46356df3974e88aa51b69360dc) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
08:13:06.0953 1668 HSFHWBS2 - ok
08:13:07.0125 1668 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
08:13:07.0421 1668 HSF_DP - ok
08:13:07.0625 1668 HSF_DPV (daab917eec9849840a13353198d48cc5) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
08:13:07.0703 1668 HSF_DPV - ok
08:13:07.0875 1668 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:13:07.0984 1668 HTTP - ok
08:13:08.0109 1668 i2omgmt - ok
08:13:08.0265 1668 i2omp - ok
08:13:08.0421 1668 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:13:08.0593 1668 i8042prt - ok
08:13:08.0734 1668 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:13:08.0906 1668 Imapi - ok
08:13:09.0031 1668 ini910u - ok
08:13:09.0156 1668 IntelIde - ok
08:13:09.0281 1668 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:13:09.0453 1668 intelppm - ok
08:13:09.0593 1668 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
08:13:09.0765 1668 Ip6Fw - ok
08:13:09.0906 1668 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:13:10.0109 1668 IpFilterDriver - ok
08:13:10.0250 1668 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:13:10.0437 1668 IpInIp - ok
08:13:10.0578 1668 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:13:10.0750 1668 IpNat - ok
08:13:10.0906 1668 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:13:11.0078 1668 IPSec - ok
08:13:11.0218 1668 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:13:11.0296 1668 IRENUM - ok
08:13:11.0437 1668 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:13:11.0609 1668 isapnp - ok
08:13:11.0765 1668 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:13:11.0937 1668 Kbdclass - ok
08:13:12.0078 1668 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:13:12.0234 1668 kmixer - ok
08:13:12.0375 1668 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:13:12.0484 1668 KSecDD - ok
08:13:12.0625 1668 lbrtfdc - ok
08:13:12.0781 1668 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
08:13:12.0828 1668 mdmxsdk - ok
08:13:12.0968 1668 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:13:13.0140 1668 mnmdd - ok
08:13:13.0281 1668 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:13:13.0453 1668 Modem - ok
08:13:13.0593 1668 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
08:13:13.0765 1668 MODEMCSA - ok
08:13:13.0906 1668 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:13:14.0062 1668 Mouclass - ok
08:13:14.0218 1668 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:13:14.0390 1668 MountMgr - ok
08:13:14.0546 1668 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
08:13:14.0578 1668 MpFilter - ok
08:13:14.0656 1668 MpKsl40bdf8a8 - ok
08:13:14.0671 1668 MpKsl48301ef0 - ok
08:13:14.0687 1668 MpKsl4c6587b7 - ok
08:13:14.0687 1668 MpKsl50931f9f - ok
08:13:14.0703 1668 MpKsl77e6c875 - ok
08:13:14.0703 1668 MpKsl94c959a5 - ok
08:13:14.0718 1668 MpKsl9c6a3d64 - ok
08:13:14.0718 1668 MpKslaf8c3338 - ok
08:13:14.0734 1668 MpKslc57ff2b6 - ok
08:13:14.0875 1668 mraid35x - ok
08:13:15.0078 1668 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:13:15.0312 1668 MRxDAV - ok
08:13:15.0468 1668 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:13:15.0593 1668 MRxSmb - ok
08:13:15.0796 1668 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:13:16.0046 1668 Msfs - ok
08:13:16.0187 1668 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:13:16.0343 1668 MSKSSRV - ok
08:13:16.0484 1668 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:13:16.0671 1668 MSPCLOCK - ok
08:13:16.0796 1668 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:13:16.0953 1668 MSPQM - ok
08:13:17.0109 1668 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:13:17.0265 1668 mssmbios - ok
08:13:17.0390 1668 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
08:13:17.0546 1668 MSTEE - ok
08:13:17.0687 1668 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:13:17.0750 1668 Mup - ok
08:13:17.0875 1668 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
08:13:18.0062 1668 NABTSFEC - ok
08:13:18.0218 1668 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:13:18.0375 1668 NDIS - ok
08:13:18.0515 1668 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
08:13:18.0687 1668 NdisIP - ok
08:13:18.0828 1668 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:13:18.0906 1668 NdisTapi - ok
08:13:19.0093 1668 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:13:19.0265 1668 Ndisuio - ok
08:13:19.0406 1668 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:13:19.0578 1668 NdisWan - ok
08:13:19.0718 1668 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:13:19.0796 1668 NDProxy - ok
08:13:19.0906 1668 Netaapl - ok
08:13:20.0093 1668 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:13:20.0265 1668 NetBIOS - ok
08:13:20.0406 1668 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:13:20.0562 1668 NetBT - ok
08:13:20.0734 1668 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:13:20.0890 1668 Npfs - ok
08:13:21.0093 1668 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:13:21.0281 1668 Ntfs - ok
08:13:21.0437 1668 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:13:21.0609 1668 Null - ok
08:13:21.0718 1668 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:13:21.0890 1668 NwlnkFlt - ok
08:13:22.0015 1668 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:13:22.0171 1668 NwlnkFwd - ok
08:13:22.0343 1668 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
08:13:22.0500 1668 Parport - ok
08:13:22.0640 1668 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:13:22.0812 1668 PartMgr - ok
08:13:22.0937 1668 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:13:23.0109 1668 ParVdm - ok
08:13:23.0250 1668 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:13:23.0437 1668 PCI - ok
08:13:23.0546 1668 PCIDump - ok
08:13:23.0703 1668 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:13:23.0859 1668 PCIIde - ok
08:13:24.0000 1668 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:13:24.0203 1668 Pcmcia - ok
08:13:24.0312 1668 PDCOMP - ok
08:13:24.0437 1668 PDFRAME - ok
08:13:24.0562 1668 PDRELI - ok
08:13:24.0687 1668 PDRFRAME - ok
08:13:24.0812 1668 perc2 - ok
08:13:24.0937 1668 perc2hib - ok
08:13:25.0031 1668 pgfilter - ok
08:13:25.0187 1668 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:13:25.0359 1668 PptpMiniport - ok
08:13:25.0500 1668 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:13:25.0687 1668 PSched - ok
08:13:25.0812 1668 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:13:25.0968 1668 Ptilink - ok
08:13:26.0093 1668 ql1080 - ok
08:13:26.0218 1668 Ql10wnt - ok
08:13:26.0343 1668 ql12160 - ok
08:13:26.0468 1668 ql1240 - ok
08:13:26.0593 1668 ql1280 - ok
08:13:26.0734 1668 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:13:26.0890 1668 RasAcd - ok
08:13:27.0078 1668 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:13:27.0234 1668 Rasl2tp - ok
08:13:27.0390 1668 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:13:27.0546 1668 RasPppoe - ok
08:13:27.0687 1668 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:13:27.0843 1668 Raspti - ok
08:13:28.0031 1668 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:13:28.0171 1668 Rdbss - ok
08:13:28.0296 1668 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:13:28.0453 1668 RDPCDD - ok
08:13:28.0609 1668 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:13:28.0765 1668 rdpdr - ok
08:13:28.0906 1668 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
08:13:28.0953 1668 RDPWD - ok
08:13:29.0093 1668 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:13:29.0281 1668 redbook - ok
08:13:29.0437 1668 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
08:13:29.0531 1668 RTL8023xp - ok
08:13:29.0671 1668 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
08:13:29.0828 1668 rtl8139 - ok
08:13:29.0984 1668 RTLWUSB (c3880bf1bad0b8eb69efb07a9c3fa7d9) C:\WINDOWS\system32\DRIVERS\wg111v2.sys
08:13:30.0062 1668 RTLWUSB - ok
08:13:30.0234 1668 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:13:30.0328 1668 Secdrv - ok
08:13:30.0468 1668 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:13:30.0640 1668 serenum - ok
08:13:30.0781 1668 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
08:13:30.0953 1668 Serial - ok
08:13:31.0109 1668 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:13:31.0265 1668 Sfloppy - ok
08:13:31.0390 1668 Simbad - ok
08:13:31.0531 1668 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys
08:13:31.0703 1668 SISNIC - ok
08:13:31.0812 1668 SjyPkt - ok
08:13:31.0953 1668 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
08:13:32.0125 1668 SLIP - ok
08:13:32.0265 1668 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
08:13:32.0421 1668 SONYPVU1 - ok
08:13:32.0531 1668 Sparrow - ok
08:13:32.0687 1668 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:13:32.0843 1668 splitter - ok
08:13:33.0000 1668 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:13:33.0078 1668 sr - ok
08:13:33.0234 1668 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:13:33.0343 1668 Srv - ok
08:13:33.0500 1668 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
08:13:33.0515 1668 StarOpen ( UnsignedFile.Multi.Generic ) - warning
08:13:33.0515 1668 StarOpen - detected UnsignedFile.Multi.Generic (1)
08:13:33.0656 1668 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
08:13:33.0796 1668 streamip - ok
08:13:33.0937 1668 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:13:34.0109 1668 swenum - ok
08:13:34.0250 1668 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:13:34.0421 1668 swmidi - ok
08:13:34.0546 1668 symc810 - ok
08:13:34.0671 1668 symc8xx - ok
08:13:34.0796 1668 sym_hi - ok
08:13:34.0921 1668 sym_u3 - ok
08:13:35.0109 1668 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:13:35.0281 1668 sysaudio - ok
08:13:35.0437 1668 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:13:35.0531 1668 Tcpip - ok
08:13:35.0671 1668 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:13:35.0843 1668 TDPIPE - ok
08:13:35.0968 1668 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:13:36.0140 1668 TDTCP - ok
08:13:36.0281 1668 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:13:36.0437 1668 TermDD - ok
08:13:36.0562 1668 TosIde - ok
08:13:36.0718 1668 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
08:13:36.0875 1668 uagp35 - ok
08:13:37.0015 1668 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:13:37.0187 1668 Udfs - ok
08:13:37.0312 1668 ultra - ok
08:13:37.0484 1668 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:13:37.0671 1668 Update - ok
08:13:37.0828 1668 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
08:13:37.0875 1668 USBAAPL - ok
08:13:38.0031 1668 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
08:13:38.0203 1668 usbaudio - ok
08:13:38.0343 1668 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:13:38.0484 1668 usbccgp - ok
08:13:38.0625 1668 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:13:38.0796 1668 usbehci - ok
08:13:38.0937 1668 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:13:39.0109 1668 usbhub - ok
08:13:39.0234 1668 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
08:13:39.0390 1668 usbohci - ok
08:13:39.0531 1668 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:13:39.0687 1668 usbprint - ok
08:13:39.0828 1668 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:13:39.0984 1668 usbscan - ok
08:13:40.0093 1668 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
08:13:40.0250 1668 usbser - ok
08:13:40.0375 1668 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:13:40.0531 1668 USBSTOR - ok
08:13:40.0671 1668 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:13:40.0828 1668 usbuhci - ok
08:13:40.0968 1668 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:13:41.0125 1668 VgaSave - ok
08:13:41.0250 1668 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
08:13:41.0406 1668 ViaIde - ok
08:13:41.0546 1668 viamraid (0363e216e4eb5052969c96608934dbde) C:\WINDOWS\system32\DRIVERS\viamraid.sys
08:13:41.0593 1668 viamraid - ok
08:13:41.0750 1668 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:13:41.0921 1668 VolSnap - ok
08:13:42.0140 1668 VX6000 (61fc38a2e136a2e5944e7ca286abaaae) C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys
08:13:42.0234 1668 VX6000 - ok
08:13:42.0406 1668 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:13:42.0562 1668 Wanarp - ok
08:13:42.0718 1668 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
08:13:42.0734 1668 Wdf01000 - ok
08:13:42.0875 1668 WDICA - ok
08:13:43.0062 1668 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:13:43.0218 1668 wdmaud - ok
08:13:43.0390 1668 winachsf (be3a842c2f2e87e7c840d36bcf13e8e0) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
08:13:43.0453 1668 winachsf - ok
08:13:43.0656 1668 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
08:13:43.0718 1668 WpdUsb - ok
08:13:43.0843 1668 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:13:44.0000 1668 WS2IFSL - ok
08:13:44.0140 1668 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
08:13:44.0296 1668 WSTCODEC - ok
08:13:44.0437 1668 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:13:44.0500 1668 WudfPf - ok
08:13:44.0640 1668 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:13:44.0656 1668 WudfRd - ok
08:13:44.0718 1668 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
08:13:44.0984 1668 \Device\Harddisk0\DR0 - ok
08:13:44.0984 1668 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
08:13:45.0234 1668 \Device\Harddisk1\DR1 - ok
08:13:45.0250 1668 Boot (0x1200) (22a17cdb45dd0c61b8a67809141dc236) \Device\Harddisk0\DR0\Partition0
08:13:45.0250 1668 \Device\Harddisk0\DR0\Partition0 - ok
08:13:45.0250 1668 Boot (0x1200) (6da2cbe739fe1600c2072c1ae93dee93) \Device\Harddisk1\DR1\Partition0
08:13:45.0250 1668 \Device\Harddisk1\DR1\Partition0 - ok
08:13:45.0250 1668 ============================================================
08:13:45.0250 1668 Scan finished
08:13:45.0250 1668 ============================================================
08:13:45.0359 2208 Detected object count: 2
08:13:45.0359 2208 Actual detected object count: 2
08:15:35.0937 2208 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
08:15:35.0937 2208 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:15:35.0937 2208 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
08:15:35.0937 2208 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:15:47.0906 2164 Deinitialize success


aswMBR.exe Report...
Note: Fix button not enabled.

aswMBR version 0.9.9.1120 Copyright© 2011 AVAST Software
Run date: 2011-12-27 08:19:09
-----------------------------
08:19:09.750 OS Version: Windows 5.1.2600 Service Pack 3
08:19:09.750 Number of processors: 2 586 0x407
08:19:09.750 ComputerName: PENTIUM-4 UserName: Richard
08:19:10.218 Initialize success
08:19:54.109 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
08:19:54.109 Disk 0 Vendor: WDC_WD1200BB-00FTA0 15.05R15 Size: 114472MB BusType: 3
08:19:54.109 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
08:19:54.125 Disk 1 Vendor: WDC_WD2500JB-00REA0 20.00K20 Size: 238475MB BusType: 3
08:19:56.140 Disk 0 MBR read successfully
08:19:56.140 Disk 0 MBR scan
08:19:56.140 Disk 0 Windows XP default MBR code
08:19:56.140 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114463 MB offset 63
08:19:56.140 Disk 0 scanning sectors +234420480
08:19:56.203 Disk 0 scanning C:\WINDOWS\system32\drivers
08:20:04.343 Service scanning
08:20:04.734 Service BPIKSp50 D:\BPIKSp50.sys **LOCKED** 21
08:20:05.390 Modules scanning
08:20:11.828 Scan finished successfully
08:23:49.546 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Richard\Desktop\MBR.dat"
08:23:49.562 The log file has been saved successfully to "C:\Documents and Settings\Richard\Desktop\aswMBR.txt"


MalwareBytes Report:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122605

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

27/12/2011 8:48:57 AM
mbam-log-2011-12-27 (08-48-57).txt

Scan type: Quick scan
Objects scanned: 164104
Time elapsed: 5 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Diskmgmt Report:
See attachment screenshot.JPG


OTL Report:
OTL logfile created on: 27/12/2011 9:00:29 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Richard\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1023.48 Mb Total Physical Memory | 420.27 Mb Available Physical Memory | 41.06% Memory free
3.83 Gb Paging File | 3.33 Gb Available in Paging File | 86.98% Paging File free
Paging file location(s): C:\pagefile.sys 3000 3500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 68.08 Gb Free Space | 60.91% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 36.30 Gb Free Space | 15.59% Space Free | Partition Type: NTFS

Computer Name: PENTIUM-4 | User Name: Richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/20 18:35:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard\Desktop\OTL_1.exe
PRC - [2011/04/27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/03/30 17:31:10 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/03/30 16:47:22 | 002,918,576 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2010/05/10 12:13:36 | 001,268,192 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/01/03 22:50:13 | 000,053,248 | ---- | M] () -- C:\Program Files\DAP\zlib.dll
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/05/10 12:13:36 | 001,268,192 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
MOD - [2007/12/25 11:24:46 | 000,344,064 | ---- | M] () -- C:\WINDOWS\system32\SCMLib.dll
MOD - [2005/07/20 04:53:04 | 000,966,765 | ---- | M] () -- C:\WINDOWS\system32\acAuth.dll
MOD - [2002/07/04 09:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\Software Suite\PhotoImpression 5\Share\PIHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (MSCamSvc)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/06/12 12:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/04/27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/01/05 14:56:48 | 000,421,576 | ---- | M] (SpeedBit Ltd.) [Disabled | Stopped] -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/08/15 18:44:04 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/04/14 05:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/25 13:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/12/26 10:47:30 | 000,272,128 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB)
DRV - [2007/04/26 10:23:44 | 000,988,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/04/26 10:23:08 | 000,267,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2007/04/26 10:23:04 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/10/13 17:04:44 | 002,383,152 | ---- | M] (Microsoft Corporation
) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX6000Xp.sys -- (VX6000)
DRV - [2006/05/04 03:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/05/18 20:50:30 | 002,319,680 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/04 09:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2002/06/03 12:18:32 | 000,040,832 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files\DAP\DAPFireFox [2011/03/30 16:48:45 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2011/12/26 22:20:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\TBUF2\tbcore3.dll ()
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files\SearchPredict\SearchPredict.dll (Speedbit Ltd.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O2 - BHO: (Download Accelerator Plus Integration) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\TBUF2\Grabber.dll (Speedbit Ltd.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\TBUF2\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\TBUF2\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\SpeedBit Video Accelerator\LSP3.2.1.3\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\SpeedBit Video Accelerator\LSP3.2.1.3\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\SpeedBit Video Accelerator\LSP3.2.1.3\SBLSP.dll (SpeedBit)
O15 - HKCU\..Trusted Domains: tab.com.au ([www] http in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1322144960296 (MUCatalogWebControl Class)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.fujifilmi...geUploader5.cab (Image Uploader Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} https://online.westp...iomanagerwt.cab (PortfolioManagerWT ProfileManager Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83698BAF-446C-4BDA-BAC2-CB14BD72E7DC}: DhcpNameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\Documents and Settings\Richard\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Richard\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/10 19:49:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/27 08:36:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/27 08:36:22 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/27 08:36:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/27 08:33:52 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Richard\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/27 08:18:15 | 001,918,464 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Richard\Desktop\aswMBR.exe
[2011/12/27 08:09:08 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Richard\Desktop\tdsskiller.exe
[2011/12/26 22:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/12/26 16:06:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/26 16:06:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/26 16:06:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/26 16:06:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/26 16:06:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/26 16:06:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Richard\Start Menu\Programs\Administrative Tools
[2011/12/26 16:01:30 | 004,352,130 | R--- | C] (Swearware) -- C:\Documents and Settings\Richard\Desktop\ComboFix.exe
[2011/12/20 18:35:44 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Richard\Desktop\OTL_1.exe
[2011/12/20 18:34:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Richard\Desktop\OTL.exe
[2011/12/14 23:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Local Settings\Application Data\LogMeIn Rescue Applet
[2011/12/12 08:42:16 | 001,069,056 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libeay32.dll
[2011/12/12 08:42:16 | 000,272,128 | ---- | C] (NETGEAR Inc.) -- C:\WINDOWS\System32\drivers\wg111v2.sys
[2011/12/12 08:42:16 | 000,143,360 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\System32\IpLib.dll
[2011/12/12 08:42:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NETGEAR WG111v2 Smart Wizard
[2011/12/12 08:41:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Application Data\InstallShield
[2011/12/03 15:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/12/03 15:16:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Start Menu\Programs\WinRAR
[2011/12/03 14:40:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Application Data\WinRAR

========== Files - Modified Within 30 Days ==========

[2011/12/27 08:59:18 | 000,150,123 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\screenshot.JPG
[2011/12/27 08:44:04 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/27 08:36:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/27 08:33:52 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Richard\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/27 08:23:49 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\MBR.dat
[2011/12/27 08:18:15 | 001,918,464 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Richard\Desktop\aswMBR.exe
[2011/12/27 08:09:17 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Richard\Desktop\tdsskiller.exe
[2011/12/27 01:35:35 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/27 00:00:27 | 000,000,396 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D686A14D-76A5-4342-9F21-989052557DA2}.job
[2011/12/26 22:20:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/26 22:19:40 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/26 22:19:37 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/26 22:19:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/26 22:19:28 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/26 16:02:18 | 004,352,130 | R--- | M] (Swearware) -- C:\Documents and Settings\Richard\Desktop\ComboFix.exe
[2011/12/26 11:42:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/20 18:35:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard\Desktop\OTL_1.exe
[2011/12/20 18:35:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard\Desktop\OTL.exe
[2011/12/20 15:28:06 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/12/16 03:26:33 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/16 03:08:40 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/12 09:01:20 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/12/12 08:42:15 | 000,000,595 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk
[2011/12/12 08:42:15 | 000,000,583 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WG111v2 Smart Wizard.lnk
[2011/12/06 20:07:53 | 000,070,144 | ---- | M] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/05 09:01:05 | 026,786,816 | ---- | M] () -- C:\Documents and Settings\Richard\My Documents\concertprogram2011.pub
[2011/12/03 16:02:00 | 006,502,693 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\WG111v2_v4.0.0.zip
[2011/12/03 15:46:18 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Richard\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/03 12:04:22 | 027,286,016 | ---- | M] () -- C:\Documents and Settings\Richard\My Documents\concertprogramA11.pub

========== Files Created - No Company Name ==========

[2011/12/27 08:59:18 | 000,150,123 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\screenshot.JPG
[2011/12/27 08:36:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/27 08:23:49 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\MBR.dat
[2011/12/26 16:06:51 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/26 16:06:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/26 16:06:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/26 16:06:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/26 16:06:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/16 15:23:28 | 026,786,816 | ---- | C] () -- C:\Documents and Settings\Richard\My Documents\concertprogram2011.pub
[2011/12/12 08:47:35 | 000,011,013 | ---- | C] () -- C:\Documents and Settings\Richard\My Documents\Seating Plan Dress Circle.pdf
[2011/12/12 08:47:27 | 000,049,269 | ---- | C] () -- C:\Documents and Settings\Richard\My Documents\2010seatingstallsraked_1.pdf
[2011/12/12 08:42:16 | 000,966,765 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll
[2011/12/12 08:42:16 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\SCMLib.dll
[2011/12/12 08:42:15 | 000,000,595 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk
[2011/12/12 08:42:15 | 000,000,583 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WG111v2 Smart Wizard.lnk
[2011/12/03 16:01:32 | 006,502,693 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\WG111v2_v4.0.0.zip
[2011/11/29 13:37:46 | 027,286,016 | ---- | C] () -- C:\Documents and Settings\Richard\My Documents\concertprogramA11.pub
[2011/08/16 00:37:33 | 000,057,424 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/08/15 18:45:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2011/08/15 18:31:28 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011/03/30 16:48:19 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\EasyHook32.dll
[2011/02/05 16:17:09 | 000,000,366 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2010/06/16 19:18:39 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/01/01 09:55:55 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/01/31 16:04:47 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\CNCFLcNL.DLL
[2008/01/24 14:34:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\mozregistry.dat
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/30 19:21:41 | 000,000,556 | ---- | C] () -- C:\Documents and Settings\Richard\Application Data\internaldb8467.dat
[2007/07/30 19:21:41 | 000,000,374 | ---- | C] () -- C:\Documents and Settings\Richard\Application Data\internaldb6334.dat
[2007/07/30 19:21:38 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Richard\Application Data\internaldb41.dat
[2007/02/20 21:19:31 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2007/02/19 20:37:21 | 000,070,144 | ---- | C] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/19 15:50:05 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2007/02/15 18:01:51 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2007/02/15 17:56:30 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2007/02/15 17:55:25 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE RX510E.ini
[2007/02/12 22:44:56 | 000,000,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2007/02/12 22:40:44 | 000,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/02/11 20:53:30 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\fusioncache.dat
[2007/02/11 16:28:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/11 10:55:19 | 000,000,016 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/02/11 06:37:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/02/11 06:35:57 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/02/10 20:09:01 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2007/02/10 19:52:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/02/10 19:45:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/04/29 07:05:14 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/12/10 11:23:10 | 000,015,497 | ---- | C] () -- C:\WINDOWS\VX6KStd.ini
[2004/08/04 23:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 23:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 23:00:00 | 000,508,462 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 23:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 23:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 23:00:00 | 000,088,220 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 23:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 23:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 23:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 23:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 23:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 23:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/04/23 16:02:10 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2003/02/18 19:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[1996/04/04 06:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2011/02/04 17:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/02/11 18:42:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BigPond
[2008/01/31 16:05:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/04/17 01:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2008/01/31 00:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoldWaveCDDB
[2011/04/27 19:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2008/04/17 02:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2007/02/17 08:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Paritech
[2011/01/03 22:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2011/12/26 22:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/02/15 18:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2011/08/04 19:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/01/04 23:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\.BitTornado
[2007/02/11 18:42:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\BigPond
[2008/01/31 18:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Canon
[2007/02/17 08:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Commsec
[2008/01/31 14:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\EPSON
[2008/01/31 00:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\GoldWaveCDDB
[2007/02/19 20:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\iWin
[2007/10/11 19:58:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Nova Development
[2007/02/13 21:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\PlayFirst
[2011/11/25 00:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Samsung
[2011/12/27 09:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\uTorrent
[2008/12/26 00:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\WebIRESS
[2011/05/14 10:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Windows Desktop Search
[2011/05/17 20:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Windows Search
[2011/04/27 15:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\WinPatrol
[2011/12/27 01:35:35 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/12/27 00:00:27 | 000,000,396 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D686A14D-76A5-4342-9F21-989052557DA2}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:553CA6CA

< End of report >


Vew Report:
Part 1
Vino's Event Viewer v01c run on Windows XP in English
Report run at 27/12/2011 9:16:18 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/12/2011 9:12:58 AM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Part 2
Vino's Event Viewer v01c run on Windows XP in English
Report run at 27/12/2011 9:18:29 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Thankyou Ron..Await your further directions...
Richard
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,798 posts
  • MVP
There are many reasons for a slow system but malware is the most common so we ran a few scans to see if there was an infection. Apparently there was something like a rootkit - Combofix had to replace the user32.dll. TDSSKiller and aswMBR check for some nasty but rather common infections that infect the MBR. The Disk manager thing was looking for the latest version rootkit which creates its own partition. Sometimes malware remove key services but clearing the logs and running vew says there are no major errors. (I'm not worried too much about an ipod service since you can always uninstall it and reinstall if it doesn't work right.)

Uninstall:
Download Accelerator Plus (DAP)
Java™ 6 Update 25 -get latest from java.com
SpeedBit Video Accelerator
SpeedBit Video Downloader
µTorrent
uTorrentBar Toolbar

Let's clean out some dead wood:

Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:OTL
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

    
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.







Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

Driver::
MpKsl40bdf8a8
MpKsl48301ef0
MpKsl4c6587b7
MpKsl50931f9f
MpKsl77e6c875
MpKsl94c959a5
MpKsl9c6a3d64
MpKslaf8c3338
MpKslc57ff2b6
SjyPkt
BPIKSp50


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

If it is still running slow:

Get the free version of Speccy:
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post. This mainly tells me the temps on your system but it has a lot of other interesting info/

Get Process Explorer
http://live.sysinter...com/procexp.exe
Save it to your desktop then run it. Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply. This will tell me if something is using too much of the CPU.
  • 0

#5
rriche

rriche

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Hi Ron...
Thankyou for the running details..
As per your directions:

Uninstalled all your highlighted programs.

OTL Log.
========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00000000-0000-0000-0000-000000000000} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Richard\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Richard\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Richard\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Richard\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Richard\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Richard\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Richard\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Richard\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Richard
->Flash cache emptied: 12941 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Richard
->Java cache emptied: 219533 bytes

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12272011_175435

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


COMBOFIX LOG.

ComboFix 11-12-25.03 - Richard 27/12/2011 18:05:47.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1023.616 [GMT 11:00]
Running from: c:\documents and settings\Richard\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Richard\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Richard\Application Data\Toolbar4
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BPIKSP50
-------\Legacy_MPKSL40BDF8A8
-------\Legacy_MPKSL48301EF0
-------\Legacy_MPKSL4C6587B7
-------\Legacy_MPKSL50931F9F
-------\Legacy_MPKSL77E6C875
-------\Legacy_MPKSL94C959A5
-------\Legacy_MPKSL9C6A3D64
-------\Legacy_MPKSLAF8C3338
-------\Legacy_MPKSLC57FF2B6
-------\Legacy_SJYPKT
-------\Service_BPIKSp50
-------\Service_MpKsl40bdf8a8
-------\Service_MpKsl48301ef0
-------\Service_MpKsl4c6587b7
-------\Service_MpKsl50931f9f
-------\Service_MpKsl77e6c875
-------\Service_MpKsl94c959a5
-------\Service_MpKsl9c6a3d64
-------\Service_MpKslaf8c3338
-------\Service_MpKslc57ff2b6
-------\Service_SjyPkt
.
.
((((((((((((((((((((((((( Files Created from 2011-11-27 to 2011-12-27 )))))))))))))))))))))))))))))))
.
.
2011-12-27 07:21 . 2011-12-27 07:21 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7C32BD91-FB2D-42A1-B37A-D5C6D7327CD5}\offreg.dll
2011-12-27 06:54 . 2011-12-27 06:54 -------- d-----w- C:\_OTL
2011-12-26 21:36 . 2011-12-26 21:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-26 21:36 . 2011-08-31 06:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-26 14:36 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7C32BD91-FB2D-42A1-B37A-D5C6D7327CD5}\mpengine.dll
2011-12-14 12:48 . 2011-12-15 02:07 -------- d-----w- c:\documents and settings\Richard\Local Settings\Application Data\LogMeIn Rescue Applet
2011-12-11 21:42 . 2007-12-25 23:47 272128 ----a-w- c:\windows\system32\drivers\wg111v2.sys
2011-12-11 21:42 . 2007-12-25 00:24 344064 ------w- c:\windows\system32\SCMLib.dll
2011-12-11 21:42 . 2007-04-26 19:00 1069056 ------w- c:\windows\system32\libeay32.dll
2011-12-11 21:42 . 2005-07-19 17:53 966765 ------w- c:\windows\system32\acAuth.dll
2011-12-11 21:42 . 2005-01-25 03:30 143360 ------w- c:\windows\system32\IpLib.dll
2011-12-11 21:41 . 2011-12-11 21:41 -------- d-----w- c:\documents and settings\Richard\Application Data\InstallShield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-24 13:33 . 2011-11-24 13:33 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-11-23 13:25 . 2004-08-04 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 10:47 . 2011-02-04 06:54 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-09 18:54 . 2010-04-29 23:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-09 16:27 . 2011-04-26 00:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-04 19:20 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-04 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2004-08-04 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2007-02-10 08:46 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((( [email protected]_11.21.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-27 07:20 . 2011-12-27 07:20 16384 c:\windows\temp\Perflib_Perfdata_7c.dat
+ 2011-12-27 06:46 . 2011-11-09 18:54 157472 c:\windows\system32\javaws.exe
- 2011-04-26 00:16 . 2011-04-26 00:16 157472 c:\windows\system32\javaws.exe
+ 2011-12-27 06:46 . 2011-11-09 18:54 149280 c:\windows\system32\javaw.exe
+ 2011-12-27 06:46 . 2011-11-09 18:54 149280 c:\windows\system32\java.exe
+ 2011-12-27 06:48 . 2011-12-27 06:48 203776 c:\windows\Installer\1ce64e8.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-20 519584]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2011-12-12 1268192]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 17:29 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-03 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-14 16:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2001-10-15 15:10 196608 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-12 13:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 11:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
2011-02-05 05:17 557056 ----a-w- c:\program files\lg_fwupdate\fwupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2011-06-15 05:16 997920 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2011-07-21 12:07 718720 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 07:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX6000]
2006-10-13 06:04 994096 ----a-w- c:\windows\vVX6000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"RichVideo"=3 (0x3)
"VideoAcceleratorService"=3 (0x3)
"iPod Service"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [12/12/2011 8:42 AM 272128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 2:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/01/2010 8:51 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/01/2010 8:51 PM 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12/06/2011 12:15 PM 31125880]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys --> c:\windows\system32\DRIVERS\netaapl.sys [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/01/2010 9:37 PM 4640000]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [13/04/2006 5:19 PM 2383152]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/08/2004 11:00 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 2:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 06:57]
.
2011-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 09:51]
.
2011-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 09:51]
.
2011-12-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 05:39]
.
2011-12-26 c:\windows\Tasks\User_Feed_Synchronization-{D686A14D-76A5-4342-9F21-989052557DA2}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 18:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ninemsn.com.au/
uInternet Settings,ProxyOverride = *.local
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
Trusted Zone: tab.com.au\www
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-DownloadAccelerator - c:\program files\DAP\DAP.EXE
MSConfigStartUp-DownloadAccelerator - c:\program files\DAP\DAP.EXE
MSConfigStartUp-SpeedBitVideoAccelerator - c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe
MSConfigStartUp-uTorrent - c:\program files\uTorrent\uTorrent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-27 18:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1275210071-343818398-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3260)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-12-27 18:28:56 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-27 07:28
.
Pre-Run: 73,017,065,472 bytes free
Post-Run: 72,958,345,216 bytes free
.
- - End Of File - - 1B5FFB34FFAE251F8F9C984A3F7E83FA


SPECCY FILE
Attached File  Speccy.txt   505.49KB   151 downloads

PROCEXP LOG.

Process PID CPU Private Bytes Working Set Description Company Name
iexplore.exe 1392 41,532 K 52,520 K Internet Explorer Microsoft Corporation
explorer.exe 1344 36,772 K 46,424 K Windows Explorer Microsoft Corporation
MsMpEng.exe 1144 81,248 K 31,152 K Antimalware Service Executable Microsoft Corporation
svchost.exe 1180 15,644 K 26,184 K Generic Host Process for Win32 Services Microsoft Corporation
procexp.exe 2668 1 13,224 K 18,356 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
searchindexer.exe 420 19,812 K 17,036 K Microsoft Windows Search Indexer Microsoft Corporation
AppleMobileDeviceService.exe 1860 10,136 K 13,544 K MobileDeviceService Apple Inc.
OSPPSVC.EXE 3144 5,580 K 10,160 K Microsoft Office Software Protection Platform Service Microsoft Corporation
WG111v2.exe 2392 5,884 K 9,800 K WG111v2 MFC Application
spoolsv.exe 1744 3,572 K 5,880 K Spooler SubSystem App Microsoft Corporation
svchost.exe 1044 3,212 K 5,396 K Generic Host Process for Win32 Services Microsoft Corporation
wmiprvse.exe 3472 2,304 K 5,028 K WMI Microsoft Corporation
svchost.exe 1104 2,072 K 4,896 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 280 2,544 K 4,472 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1400 1,580 K 4,048 K Generic Host Process for Win32 Services Microsoft Corporation
ctfmon.exe 2104 1,032 K 3,976 K CTF Loader Microsoft Corporation
svchost.exe 1820 1,372 K 3,944 K Generic Host Process for Win32 Services Microsoft Corporation
csrss.exe 780 1,852 K 3,944 K Client Server Runtime Process Microsoft Corporation
alg.exe 2852 1,232 K 3,760 K Application Layer Gateway Service Microsoft Corporation
svchost.exe 1320 1,380 K 3,736 K Generic Host Process for Win32 Services Microsoft Corporation
services.exe 852 1,808 K 3,588 K Services and Controller app Microsoft Corporation
svchost.exe 1220 2,412 K 3,504 K Generic Host Process for Win32 Services Microsoft Corporation
ati2evxx.exe 396 772 K 3,268 K ATI External Event Utility EXE Module ATI Technologies Inc.
mDNSResponder.exe 1900 1,000 K 3,116 K Bonjour Service Apple Inc.
jusched.exe 2368 856 K 3,088 K Java™ Update Scheduler Sun Microsystems, Inc.
iexplore.exe 2216 9,348 K 2,876 K Internet Explorer Microsoft Corporation
winlogon.exe 808 6,952 K 2,704 K Windows NT Logon Application Microsoft Corporation
wscntfy.exe 2004 584 K 2,460 K Windows Security Center Notification App Microsoft Corporation
ati2evxx.exe 1028 604 K 2,452 K ATI External Event Utility EXE Module ATI Technologies Inc.
lsass.exe 864 3,980 K 1,744 K LSA Shell (Export Version) Microsoft Corporation
jqs.exe 156 2,160 K 1,424 K Java™ Quick Starter Service Sun Microsystems, Inc.
smss.exe 724 172 K 432 K Windows NT Session Manager Microsoft Corporation
System 4 0 K 236 K
System Idle Process 0 99 0 K 28 K
Interrupts n/a < 1 0 K 0 K Hardware Interrupts and DPCs


Thankyou Ron..
Just hoping I am doing things the way you require..

Await your thoughts...

Rich
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,798 posts
  • MVP
I don't see any problems in your logs. Is it still slow and freezing? What programs are you having trouble with?
  • 0

#7
rriche

rriche

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Hi Ron...
Computer appears to be running at normal speed expectations which is just fabulous...
I am not sure about the freeze situation, but I may need a day or two to get some true indication...
Quite often the computer would undertake a reboot on its own accord...I will also have to wait to see if this has stopped...
I am also experiencing internet dropout on my wirelss connection and will often have to reboot the computer to be able to get connection again. merely pulling the netgear adapter key out of usb and back in will not re-engage the wireless connection..Again I will post if this is continuing to occur after some time...

Ron...should I turn back on my Microsoft Security Essentials system at this stage?
Will get back to you after I get some indicators on situation.
Rich
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,798 posts
  • MVP
Yes. Turn MSSE back on. Make sure it is updating correctly.
  • 0

#9
rriche

rriche

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Happy New Year Ron...
Computer is running lean, fast and clear..
Since your excellent directions and actions everything appears to be in top nick...A very big THANKYOU for having the kindness to pass on and share all your fantastic skills.

However may I regret to trouble you more as I still have an issue about my wireless connection dropping out after approx 20 - 30 min of operation.
I have had my provider techs run over the lines and modem settings and all their endeavours have not fixed the issue.
I run another desktop, laptop, smart phones and tablet off the same wireless stream..(not at same time...) and no other unit has any issues of dropout..
Can you please provide any guidance in this direction to rectify this issue...
Await any assistance you may provide..
Kind regards

Richard
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,798 posts
  • MVP
I would try downloading a new driver for the wireless. You might also let Windows handle the wireless rather than the program tha comes with the adapter. It usually works better. It could just be that the adapter is getting hot and failing. Might need to get a usb wireless adapter and use that.

That's about all I see so I think we can clean up now.

We need to clean up System Restore.

Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Run OTL. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.

To hide hidden files again (If you do not run OTL cleanup):

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You probably do not have the latest Java (Java™ 6 Update 29 or 7 update 1). Get the latest at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Note on Java and Firefox. For some reason Java does not remove old consoles from Firefox. Any time you update Java you should do Firefox, Add-ons, Extensions and disable any old Java Consoles

They will look like: Java Console 6.xx. The xx corresponds to the update number. When they switch to 7 update 0 then it will be Java Console 7.

Multiple Java Consoles will slow down the Firefox boot. After any change to Firefox or its extension you should run Speedyfox. (Mentioned later.)



Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP