Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

XP Aspire netbook has 20min startup + extremely slow [Closed] [Solved]


  • This topic is locked This topic is locked

#1
maccee44

maccee44

    Member

  • Member
  • PipPip
  • 13 posts
Hi,

Problem: My Acer Aspire netbook with XP sp3 has been taking about 20 minutes to load the desktop page after starting up the computer. It gets to the "choose user" page on startup quickly, but once a user has been chosen, the computer takes 20 minutes to actually load all icons and become usable. Once fully running, it still runs incredibly slow, but is able to go to websites and perform basic functions - albeit, quite slowly.

What I've done to try to fix it: I have run registry and cleanup fixes by CCleaner, have always had AVG Free 2011 installed (haven't done any manual scans with it yet), and also ran scan and some fixes with AdAware. I've also de-selected most non-essential items on the system startup through msconfig.exe (there's one on there that's questionable though, called "PersistenceThread.exe" and it's located in the C:/windows/system32 area)

Any tips for speeding up this machine?

Thanks so much!

-Luke

Here's my log:
OTL logfile created on: 3/4/2012 7:30:13 PM - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\new user\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 51.70% Memory free
3.84 Gb Paging File | 3.09 Gb Available in Paging File | 80.57% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 2.83 Gb Free Space | 14.49% Space Free | Partition Type: NTFS
Drive E: | 213.35 Gb Total Space | 171.87 Gb Free Space | 80.56% Space Free | Partition Type: NTFS

Computer Name: MACHINENAME | User Name: new user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/04 19:25:51 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\new user\My Documents\Downloads\OTL.exe
PRC - [2012/02/13 18:45:49 | 000,939,872 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/09/10 06:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- E:\avgtray.exe
PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- E:\avgnsx.exe
PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- E:\avgrsx.exe
PRC - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- E:\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/07/13 20:05:45 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- E:\avgchsvx.exe
PRC - [2011/03/28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- E:\avgcsrvx.exe
PRC - [2011/03/03 19:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- E:\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- E:\avgwdsvc.exe
PRC - [2010/11/09 14:53:00 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/01/24 18:39:44 | 000,096,792 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\PersistenceThread.exe
PRC - [2009/04/07 14:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/19 12:58:32 | 000,086,016 | R--- | M] (SA International) -- C:\WINDOWS\system32\SAiLicSvr.exe
PRC - [2007/09/11 12:23:22 | 000,438,272 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\system32\SAiDownloader.exe
PRC - [2007/04/27 07:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2007/04/27 01:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/04 16:20:21 | 003,186,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/03/04 16:19:52 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2012/02/13 18:45:49 | 000,939,872 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/10/13 08:15:05 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/07/13 20:05:46 | 001,014,744 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- E:\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2009/10/27 19:40:14 | 003,885,984 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2008/04/14 12:58:40 | 002,854,912 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2012/02/13 18:45:58 | 000,909,152 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/11/10 05:17:31 | 000,167,264 | ---- | M] () [Disabled | Stopped] -- E:\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- E:\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/03/03 19:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Start_Pending] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- E:\avgwdsvc.exe -- (avgwd)
SRV - [2010/11/09 14:53:00 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/01/24 15:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/07/23 20:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/04/07 14:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2007/12/19 12:58:32 | 000,086,016 | R--- | M] (SA International) [Auto | Running] -- C:\WINDOWS\System32\SAiLicSvr.exe -- (SAiLicSvr)
SRV - [2007/09/11 12:23:22 | 000,438,272 | ---- | M] (TODO: <Company name>) [Auto | Running] -- C:\WINDOWS\System32\SAiDownloader.exe -- (SAiDownloader)
SRV - [2007/04/27 07:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2007/04/27 01:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/11/03 12:06:56 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/11/03 12:06:56 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/05/27 19:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 07:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 06:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 06:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2010/08/31 13:18:10 | 000,013,312 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pneteth.sys -- (pneteth)
DRV - [2010/08/21 17:02:38 | 000,132,480 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/01/28 11:49:55 | 005,870,080 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/04/07 14:33:08 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/04/07 14:33:08 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/12/29 15:32:32 | 001,346,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/10/03 17:58:34 | 000,053,344 | ---- | M] (Warp Nine Engineering) [Kernel | Auto | Stopped] -- C:\Program Files\SignWarehouse\SignWarehouse Production Suite\Program\Par1284.sys -- (Par1284)
DRV - [2008/04/15 10:14:02 | 000,990,632 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/04/15 10:13:58 | 000,534,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/03/27 16:18:12 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/03/10 17:18:42 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/02/04 16:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008/02/04 16:57:30 | 000,037,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2007/09/20 10:59:14 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/04/27 07:40:00 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2007/04/27 07:40:00 | 000,035,328 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2007/04/12 10:46:16 | 000,016,288 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/09/28 14:32:14 | 000,009,472 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pnetmdm.sys -- (pnetmdm)
DRV - [2004/09/29 12:36:29 | 000,015,360 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NetMotCM.sys -- (ndiscm)
DRV - [2002/07/17 06:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pa&d=2011-12-13 10:46:08&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1416
FF - prefs.js..extensions.enabledItems: [email protected]:10.0.0.7
FF - prefs.js..keyword.URL: "http://isearch.avg.c...6:08&sap=ku&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: E:\Firefox4\ [2011/12/24 12:51:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: E:\Toolbar\Firefox\[email protected] [2011/11/27 23:46:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Secure Search\10.0.0.7\ [2012/02/13 18:46:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/04 17:46:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/13 20:05:52 | 000,000,000 | ---D | M]

[2012/03/04 17:46:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\new user\Application Data\Mozilla\Extensions
[2012/03/04 18:29:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\new user\Application Data\Mozilla\Firefox\Profiles\n5anzkf1.default\extensions
[2012/03/04 18:29:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\new user\Application Data\Mozilla\Firefox\Profiles\n5anzkf1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/15 15:56:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/06 13:01:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012/02/13 18:46:29 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\APPLICATION DATA\AVG SECURE SEARCH\10.0.0.7
[2010/02/08 14:21:31 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/12/24 12:51:08 | 000,000,000 | ---D | M] (AVG Safe Search) -- E:\FIREFOX4
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/13 18:45:45 | 000,003,727 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

O1 HOSTS File: ([2007/01/24 08:56:24 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] E:\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [PersistenceThread] C:\WINDOWS\system32\PersistenceThread.exe (Intel Corporation)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {79D1DBE2-A317-4D67-891D-9849D17F0531} http://www.parcelque...oad/MapEdge.cab (MapEdge)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.on...e/en/crlocx.ocx (CRLDownloadWrapper Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42B1D896-E9B2-40D9-853E-E2430DD865C5}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igdlogin: DllName - (igdlogin.dll) - C:\WINDOWS\System32\igdlogin.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O27 - HKLM IFEO\afwserv.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avastsvc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avastui.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\egui.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ekrn.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msascui.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msmpeng.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msseces.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/24 10:36:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sprestrt)
O34 - HKLM BootExecute: (E:\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (E:\avgrsx.exe /sync /restart)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/04 18:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new user\My Documents\Downloads
[2012/03/04 17:46:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new user\Local Settings\Application Data\Mozilla
[2012/03/04 17:46:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new user\Application Data\Mozilla
[2012/03/04 17:45:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\new user\Recent
[2012/03/04 17:44:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new user\My Documents\registry backups
[2012/03/04 17:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new user\Application Data\Adobe
[2012/03/04 17:05:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new user\Application Data\AVG Secure Search
[2012/02/13 18:46:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/04 19:05:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1275210071-1417001333-1002UA.job
[2012/03/04 19:04:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1275210071-1417001333-1001UA.job
[2012/03/04 19:00:28 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\new user\Desktop\Internet.lnk
[2012/03/04 18:54:19 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/03/04 18:35:48 | 000,765,226 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/04 18:35:48 | 000,207,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/04 18:35:11 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/03/04 18:34:21 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1454471165-1275210071-1417001333-1004.job
[2012/03/04 18:34:21 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1454471165-1275210071-1417001333-1002.job
[2012/03/04 18:34:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/04 18:27:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/04 16:47:13 | 000,345,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/04 15:59:47 | 090,795,267 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/03/04 15:48:14 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/15 23:59:02 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1275210071-1417001333-1002Core.job
[2012/02/15 21:29:37 | 089,138,198 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.old
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/04 19:00:28 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\new user\Desktop\Internet.lnk
[2012/02/15 14:42:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/15 14:42:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2011/12/28 23:46:04 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/09/25 18:26:54 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/09/25 18:26:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/09/25 18:26:51 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/09/25 18:26:51 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/09/25 18:26:50 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/06/02 18:14:37 | 000,000,200 | ---- | C] () -- C:\WINDOWS\QCPC80UI.dat
[2011/05/11 13:04:21 | 000,000,334 | ---- | C] () -- C:\WINDOWS\BRCALIB.INI
[2011/05/11 13:01:37 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRADC10A.DAT
[2011/04/04 06:07:42 | 003,017,984 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/02 19:01:50 | 000,000,095 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2011/03/28 11:48:12 | 000,102,262 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2011/03/28 11:48:12 | 000,017,505 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat.temp
[2011/03/28 11:39:50 | 000,102,259 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2011/03/07 18:27:07 | 000,000,056 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/12/02 14:16:51 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/11/17 23:49:59 | 000,153,600 | ---- | C] () -- C:\WINDOWS\System32\WS_ATLMovie.dll
[2010/08/21 17:10:34 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\atscie.msi
[2010/08/21 17:04:26 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/07/09 19:34:35 | 000,000,076 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2010/06/06 17:41:16 | 000,000,022 | ---- | C] () -- C:\WINDOWS\MapEdge.INI
[2010/04/19 18:48:39 | 000,000,940 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2010/04/19 18:47:28 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\hppapr02.dll
[2010/04/19 18:47:28 | 000,000,600 | ---- | C] () -- C:\WINDOWS\System32\hppapr02.dat
[2010/04/19 18:43:43 | 000,130,884 | ---- | C] () -- C:\WINDOWS\hppins03.dat

========== LOP Check ==========

[2012/02/13 18:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Secure Search
[2011/11/27 23:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Security Toolbar
[2011/06/28 16:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG10
[2011/06/28 15:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9
[2011/04/02 20:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Carbonite
[2011/03/14 10:01:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files
[2011/06/28 17:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
[2011/05/25 22:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
[2011/04/02 19:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nuance
[2011/05/01 20:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SQL Anywhere 11
[2010/09/08 01:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2011/04/06 09:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\W3i
[2012/03/04 17:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\new user\Application Data\AVG Secure Search
[2011/06/28 17:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\new user\Application Data\AVG10
[2012/03/04 18:35:11 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:96D0C06F

< End of report >
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello maccee44 and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Please download ResetDMS from the link bellow. You must right click on the link and choose Save as.... Save it as resetdma.vbs on your desktop

ResetDMA


Double click it to run it.

Restart your PC. How is your system now?


Step 2

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&amp;Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


Step 3

Please don't forget to include these items in your reply:

  • Malwarebytes log
It would be helpful if you could post each log in separate post
  • 0

#3
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#4
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
user returned

Hi maccee44,

Please post logs here for me.
  • 0

#5
maccee44

maccee44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.14.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
user :: MACHINENAME [administrator]

3/13/2012 8:44:30 PM
mbam-log-2012-03-13 (20-44-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227376
Time elapsed: 11 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Detected: 4
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen) -> Data: C:\Documents and Settings\user\Application Data\Microsoft\rcixxu.exe -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:8592 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe|Debugger (Security.Hijack) -> Data: svchost.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe|Debugger (Security.Hijack) -> Data: svchost.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
E:\My Documents\Downloads\sddr.exe (Adware.RKN) -> Quarantined and deleted successfully.

(end)
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi maccee44,

How is you system now? Any changes?

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Verify Driver Digital Signature
    • Detect TDLFS file system

  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 3

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#7
maccee44

maccee44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks for opening this up again. My computer is still working just as slowly, but I am now working on your second set of instructions.

Here is the log for TDSSK - it found 5 objects but didn't have cure option so I kept it on skip for all of them:

02:07:23.0609 2136 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
02:07:24.0000 2136 ============================================================
02:07:24.0000 2136 Current date / time: 2012/03/17 02:07:24.0000
02:07:24.0000 2136 SystemInfo:
02:07:24.0000 2136
02:07:24.0000 2136 OS Version: 5.1.2600 ServicePack: 3.0
02:07:24.0000 2136 Product type: Workstation
02:07:24.0000 2136 ComputerName: MACHINENAME
02:07:24.0015 2136 UserName: user
02:07:24.0015 2136 Windows directory: C:\WINDOWS
02:07:24.0015 2136 System windows directory: C:\WINDOWS
02:07:24.0015 2136 Processor architecture: Intel x86
02:07:24.0015 2136 Number of processors: 2
02:07:24.0015 2136 Page size: 0x1000
02:07:24.0015 2136 Boot type: Normal boot
02:07:24.0015 2136 ============================================================
02:07:26.0093 2136 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
02:07:26.0093 2136 \Device\Harddisk0\DR0:
02:07:26.0093 2136 MBR used
02:07:26.0093 2136 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637
02:07:26.0093 2136 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0x1AAB2F0B
02:07:26.0171 2136 Initialize success
02:07:26.0171 2136 ============================================================
02:08:01.0562 2172 ============================================================
02:08:01.0562 2172 Scan started
02:08:01.0562 2172 Mode: Manual; SigCheck; TDLFS;
02:08:01.0562 2172 ============================================================
02:08:01.0890 2172 Abiosdsk - ok
02:08:01.0906 2172 abp480n5 - ok
02:08:01.0953 2172 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
02:08:02.0468 2172 ACPI - ok
02:08:02.0500 2172 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
02:08:02.0750 2172 ACPIEC - ok
02:08:02.0781 2172 adpu160m - ok
02:08:02.0812 2172 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
02:08:03.0093 2172 aec - ok
02:08:03.0187 2172 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
02:08:03.0234 2172 AFD - ok
02:08:03.0250 2172 Aha154x - ok
02:08:03.0281 2172 aic78u2 - ok
02:08:03.0296 2172 aic78xx - ok
02:08:03.0328 2172 AliIde - ok
02:08:03.0343 2172 amsint - ok
02:08:03.0437 2172 AR5416 (a2f96787b7a958989a962ef3824d9ca8) C:\WINDOWS\system32\DRIVERS\athw.sys
02:08:03.0593 2172 AR5416 - ok
02:08:03.0640 2172 asc - ok
02:08:03.0671 2172 asc3350p - ok
02:08:03.0687 2172 asc3550 - ok
02:08:03.0750 2172 ASPI (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\System32\DRIVERS\ASPI32.sys
02:08:03.0781 2172 ASPI ( UnsignedFile.Multi.Generic ) - warning
02:08:03.0796 2172 ASPI - detected UnsignedFile.Multi.Generic (1)
02:08:03.0843 2172 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:08:04.0109 2172 AsyncMac - ok
02:08:04.0171 2172 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
02:08:04.0437 2172 atapi - ok
02:08:04.0453 2172 Atdisk - ok
02:08:04.0500 2172 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:08:04.0781 2172 Atmarpc - ok
02:08:04.0828 2172 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
02:08:05.0093 2172 audstub - ok
02:08:05.0187 2172 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
02:08:20.0437 2172 AVGIDSDriver - ok
02:08:20.0531 2172 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
02:08:20.0656 2172 AVGIDSEH - ok
02:08:20.0671 2172 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
02:08:20.0781 2172 AVGIDSFilter - ok
02:08:20.0812 2172 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
02:08:20.0890 2172 AVGIDSShim - ok
02:08:20.0953 2172 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
02:08:21.0031 2172 Avgldx86 - ok
02:08:21.0062 2172 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
02:08:21.0125 2172 Avgmfx86 - ok
02:08:21.0171 2172 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
02:08:31.0171 2172 Avgrkx86 - ok
02:08:31.0281 2172 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
02:08:31.0375 2172 Avgtdix - ok
02:08:31.0421 2172 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
02:08:31.0453 2172 BANTExt ( UnsignedFile.Multi.Generic ) - warning
02:08:31.0453 2172 BANTExt - detected UnsignedFile.Multi.Generic (1)
02:08:31.0500 2172 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
02:08:31.0843 2172 Beep - ok
02:08:31.0890 2172 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
02:08:32.0015 2172 Bridge - ok
02:08:32.0031 2172 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
02:08:32.0156 2172 BridgeMP - ok
02:08:32.0234 2172 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
02:08:32.0312 2172 BrScnUsb - ok
02:08:32.0390 2172 BrSerIf (c121e10c64318182a6478acae1855ee0) C:\WINDOWS\system32\Drivers\BrSerIf.sys
02:08:32.0453 2172 BrSerIf - ok
02:08:32.0500 2172 BrUsbSer (7ac85cdc03befd78908b3b6a73d201d0) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
02:08:32.0531 2172 BrUsbSer - ok
02:08:32.0593 2172 btaudio (faba1418646a2b433c0bded6ff92d2fa) C:\WINDOWS\system32\drivers\btaudio.sys
02:08:32.0671 2172 btaudio - ok
02:08:32.0734 2172 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
02:08:32.0765 2172 BTDriver - ok
02:08:32.0859 2172 BTKRNL (aef038061bc1cafb4865d43a85beb1a1) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
02:08:32.0968 2172 BTKRNL - ok
02:08:33.0015 2172 Btmsdadbs (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\mspclock.sys
02:08:33.0328 2172 Btmsdadbs - ok
02:08:33.0390 2172 BTWDNDIS (80f61de965c116051614ac2f04222ff7) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
02:08:33.0437 2172 BTWDNDIS - ok
02:08:33.0453 2172 btwhid (949eca9c56f657c06d3166d51f3226c7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
02:08:33.0500 2172 btwhid - ok
02:08:33.0546 2172 btwmodem (5922bae0cd84924b9cd7e6bb515ee070) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
02:08:33.0593 2172 btwmodem - ok
02:08:33.0625 2172 BTWUSB (179a37c86fd2b9cc28eb93d093d394c7) C:\WINDOWS\system32\Drivers\btwusb.sys
02:08:33.0671 2172 BTWUSB - ok
02:08:33.0703 2172 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
02:08:33.0984 2172 cbidf2k - ok
02:08:34.0015 2172 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
02:08:34.0296 2172 CCDECODE - ok
02:08:34.0312 2172 cd20xrnt - ok
02:08:34.0328 2172 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
02:08:34.0640 2172 Cdaudio - ok
02:08:34.0796 2172 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
02:08:35.0093 2172 Cdfs - ok
02:08:35.0125 2172 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
02:08:35.0406 2172 Cdrom - ok
02:08:35.0437 2172 Changer - ok
02:08:35.0484 2172 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
02:08:35.0765 2172 CmBatt - ok
02:08:35.0781 2172 CmdIde - ok
02:08:35.0812 2172 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
02:08:36.0078 2172 Compbatt - ok
02:08:36.0125 2172 Cpqarray - ok
02:08:36.0140 2172 dac2w2k - ok
02:08:36.0156 2172 dac960nt - ok
02:08:36.0203 2172 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
02:08:36.0484 2172 Disk - ok
02:08:36.0546 2172 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
02:08:36.0859 2172 dmboot - ok
02:08:36.0953 2172 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
02:08:37.0250 2172 dmio - ok
02:08:37.0281 2172 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
02:08:37.0562 2172 dmload - ok
02:08:37.0625 2172 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
02:08:37.0890 2172 DMusic - ok
02:08:37.0921 2172 dpti2o - ok
02:08:37.0937 2172 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
02:08:38.0218 2172 drmkaud - ok
02:08:38.0281 2172 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
02:08:38.0578 2172 Fastfat - ok
02:08:38.0609 2172 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
02:08:38.0890 2172 Fdc - ok
02:08:38.0937 2172 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
02:08:39.0218 2172 Fips - ok
02:08:39.0281 2172 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
02:08:39.0546 2172 Flpydisk - ok
02:08:39.0625 2172 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
02:08:39.0890 2172 FltMgr - ok
02:08:39.0953 2172 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:08:40.0218 2172 Fs_Rec - ok
02:08:40.0250 2172 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:08:40.0531 2172 Ftdisk - ok
02:08:40.0546 2172 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
02:08:40.0828 2172 Gpc - ok
02:08:40.0843 2172 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
02:08:41.0125 2172 HDAudBus - ok
02:08:41.0218 2172 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
02:08:41.0484 2172 HidUsb - ok
02:08:41.0546 2172 HPFXBULK (b5638a404e7544c3893ae82645be97e2) C:\WINDOWS\system32\drivers\hpfxbulk.sys
02:08:41.0593 2172 HPFXBULK - ok
02:08:41.0609 2172 hpn - ok
02:08:41.0656 2172 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
02:08:41.0734 2172 HPZid412 - ok
02:08:41.0812 2172 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
02:08:41.0875 2172 HPZipr12 - ok
02:08:41.0906 2172 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
02:08:41.0984 2172 HPZius12 - ok
02:08:42.0031 2172 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
02:08:42.0109 2172 HTTP - ok
02:08:42.0125 2172 i2omgmt - ok
02:08:42.0156 2172 i2omp - ok
02:08:42.0187 2172 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
02:08:42.0500 2172 i8042prt - ok
02:08:42.0750 2172 igd (4a1e0f6367ff47f87cbe8a7ecf38b01d) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
02:08:43.0250 2172 igd - ok
02:08:43.0359 2172 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
02:08:43.0703 2172 Imapi - ok
02:08:43.0718 2172 ini910u - ok
02:08:43.0953 2172 IntcAzAudAddService (7f33081e463863a38ff231f211a004a9) C:\WINDOWS\system32\drivers\RtkHDAud.sys
02:08:44.0437 2172 IntcAzAudAddService - ok
02:08:44.0500 2172 IntelIde - ok
02:08:44.0546 2172 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
02:08:44.0875 2172 intelppm - ok
02:08:44.0906 2172 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
02:08:45.0187 2172 Ip6Fw - ok
02:08:45.0234 2172 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:08:45.0515 2172 IpFilterDriver - ok
02:08:45.0562 2172 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
02:08:45.0828 2172 IpInIp - ok
02:08:45.0859 2172 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
02:08:46.0140 2172 IpNat - ok
02:08:46.0203 2172 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
02:08:46.0468 2172 IPSec - ok
02:08:46.0515 2172 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
02:08:46.0640 2172 IRENUM - ok
02:08:46.0718 2172 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
02:08:46.0984 2172 isapnp - ok
02:08:47.0031 2172 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:08:47.0312 2172 Kbdclass - ok
02:08:47.0359 2172 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
02:08:47.0625 2172 kbdhid - ok
02:08:47.0671 2172 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
02:08:47.0937 2172 kmixer - ok
02:08:47.0984 2172 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
02:08:48.0078 2172 KSecDD - ok
02:08:48.0156 2172 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
02:08:48.0187 2172 Lavasoft Kernexplorer - ok
02:08:48.0281 2172 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
02:08:48.0312 2172 Lbd - ok
02:08:48.0328 2172 lbrtfdc - ok
02:08:48.0406 2172 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
02:08:48.0703 2172 mnmdd - ok
02:08:48.0750 2172 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
02:08:49.0031 2172 Modem - ok
02:08:49.0046 2172 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
02:08:49.0343 2172 Mouclass - ok
02:08:49.0375 2172 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
02:08:49.0656 2172 mouhid - ok
02:08:49.0687 2172 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
02:08:49.0968 2172 MountMgr - ok
02:08:50.0046 2172 mraid35x - ok
02:08:50.0078 2172 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:08:50.0359 2172 MRxDAV - ok
02:08:50.0406 2172 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:08:50.0484 2172 MRxSmb - ok
02:08:50.0515 2172 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
02:08:50.0796 2172 Msfs - ok
02:08:50.0843 2172 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
02:08:51.0109 2172 MSKSSRV - ok
02:08:51.0125 2172 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:08:51.0390 2172 MSPCLOCK - ok
02:08:51.0437 2172 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
02:08:51.0703 2172 MSPQM - ok
02:08:51.0734 2172 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:08:52.0015 2172 mssmbios - ok
02:08:52.0046 2172 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
02:08:52.0328 2172 MSTEE - ok
02:08:52.0359 2172 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
02:08:52.0421 2172 Mup - ok
02:08:52.0484 2172 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
02:08:52.0765 2172 NABTSFEC - ok
02:08:52.0828 2172 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
02:08:53.0109 2172 NDIS - ok
02:08:53.0125 2172 ndiscm (b797ee2ef919c95561dee78b72b33e5b) C:\WINDOWS\system32\DRIVERS\NetMotCM.sys
02:08:53.0203 2172 ndiscm - ok
02:08:53.0234 2172 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
02:08:53.0500 2172 NdisIP - ok
02:08:53.0546 2172 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:08:53.0609 2172 NdisTapi - ok
02:08:53.0671 2172 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:08:53.0953 2172 Ndisuio - ok
02:08:53.0984 2172 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:08:54.0250 2172 NdisWan - ok
02:08:54.0296 2172 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
02:08:54.0359 2172 NDProxy - ok
02:08:54.0375 2172 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
02:08:54.0656 2172 NetBIOS - ok
02:08:54.0703 2172 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
02:08:54.0968 2172 NetBT - ok
02:08:55.0046 2172 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
02:08:55.0328 2172 Npfs - ok
02:08:55.0390 2172 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
02:08:55.0687 2172 Ntfs - ok
02:08:55.0750 2172 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
02:08:56.0031 2172 Null - ok
02:08:56.0078 2172 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:08:56.0343 2172 NwlnkFlt - ok
02:08:56.0390 2172 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:08:56.0671 2172 NwlnkFwd - ok
02:08:56.0781 2172 Par1284 (8e55251d83763ccca60fe26a811cfb0c) C:\Program Files\SignWarehouse\SignWarehouse Production Suite\Program\Par1284.sys
02:08:56.0796 2172 Par1284 ( UnsignedFile.Multi.Generic ) - warning
02:08:56.0796 2172 Par1284 - detected UnsignedFile.Multi.Generic (1)
02:08:56.0859 2172 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
02:08:57.0140 2172 Parport - ok
02:08:57.0234 2172 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
02:08:57.0500 2172 PartMgr - ok
02:08:57.0546 2172 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
02:08:57.0828 2172 ParVdm - ok
02:08:57.0875 2172 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
02:08:58.0140 2172 PCI - ok
02:08:58.0156 2172 PCIDump - ok
02:08:58.0203 2172 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
02:08:58.0468 2172 PCIIde - ok
02:08:58.0500 2172 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
02:08:58.0781 2172 Pcmcia - ok
02:08:58.0796 2172 PDCOMP - ok
02:08:58.0812 2172 PDFRAME - ok
02:08:58.0843 2172 PDRELI - ok
02:08:58.0859 2172 PDRFRAME - ok
02:08:58.0875 2172 perc2 - ok
02:08:58.0906 2172 perc2hib - ok
02:08:58.0984 2172 pneteth (64a2de016f1afa87df4c233caf00d3ef) C:\WINDOWS\system32\DRIVERS\pneteth.sys
02:08:59.0000 2172 pneteth ( UnsignedFile.Multi.Generic ) - warning
02:08:59.0000 2172 pneteth - detected UnsignedFile.Multi.Generic (1)
02:08:59.0031 2172 pnetmdm (da19e3401f39c10df193be029c7e7bba) C:\WINDOWS\system32\DRIVERS\pnetmdm.sys
02:08:59.0062 2172 pnetmdm ( UnsignedFile.Multi.Generic ) - warning
02:08:59.0062 2172 pnetmdm - detected UnsignedFile.Multi.Generic (1)
02:08:59.0140 2172 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
02:08:59.0437 2172 PptpMiniport - ok
02:08:59.0484 2172 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
02:08:59.0750 2172 PSched - ok
02:08:59.0796 2172 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
02:09:00.0078 2172 Ptilink - ok
02:09:00.0109 2172 ql1080 - ok
02:09:00.0140 2172 Ql10wnt - ok
02:09:00.0156 2172 ql12160 - ok
02:09:00.0171 2172 ql1240 - ok
02:09:00.0203 2172 ql1280 - ok
02:09:00.0218 2172 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:09:00.0500 2172 RasAcd - ok
02:09:00.0531 2172 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:09:00.0812 2172 Rasl2tp - ok
02:09:00.0843 2172 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:09:01.0125 2172 RasPppoe - ok
02:09:01.0171 2172 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
02:09:01.0453 2172 Raspti - ok
02:09:01.0500 2172 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:09:01.0765 2172 Rdbss - ok
02:09:01.0781 2172 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:09:02.0078 2172 RDPCDD - ok
02:09:02.0125 2172 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
02:09:02.0203 2172 RDPWD - ok
02:09:02.0281 2172 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
02:09:02.0562 2172 redbook - ok
02:09:02.0625 2172 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
02:09:02.0906 2172 ROOTMODEM - ok
02:09:02.0968 2172 RTLE8023xp (f42679371a71a94a451785e714ef2710) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
02:09:03.0078 2172 RTLE8023xp - ok
02:09:03.0171 2172 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
02:09:03.0312 2172 Secdrv - ok
02:09:03.0375 2172 Sentinel (95a26d5d8ceda33377af627dafc2796f) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
02:09:03.0421 2172 Sentinel - ok
02:09:03.0453 2172 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
02:09:03.0734 2172 Serial - ok
02:09:03.0796 2172 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
02:09:04.0062 2172 Sfloppy - ok
02:09:04.0093 2172 Simbad - ok
02:09:04.0125 2172 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
02:09:04.0406 2172 SLIP - ok
02:09:04.0468 2172 SNTNLUSB (8d4a96868ae13c3cf8425b383b59d802) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
02:09:04.0500 2172 SNTNLUSB - ok
02:09:04.0562 2172 Sparrow - ok
02:09:04.0593 2172 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
02:09:04.0875 2172 splitter - ok
02:09:04.0937 2172 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
02:09:05.0062 2172 sr - ok
02:09:05.0125 2172 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
02:09:05.0203 2172 Srv - ok
02:09:05.0234 2172 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
02:09:05.0500 2172 streamip - ok
02:09:05.0546 2172 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
02:09:05.0828 2172 swenum - ok
02:09:05.0875 2172 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
02:09:06.0140 2172 swmidi - ok
02:09:06.0171 2172 symc810 - ok
02:09:06.0187 2172 symc8xx - ok
02:09:06.0218 2172 sym_hi - ok
02:09:06.0234 2172 sym_u3 - ok
02:09:06.0296 2172 SynTP (60cd166ae4261920b4008a1a114ae97c) C:\WINDOWS\system32\DRIVERS\SynTP.sys
02:09:06.0359 2172 SynTP - ok
02:09:06.0421 2172 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
02:09:06.0687 2172 sysaudio - ok
02:09:06.0781 2172 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
02:09:06.0875 2172 Tcpip - ok
02:09:06.0921 2172 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
02:09:07.0203 2172 TDPIPE - ok
02:09:07.0250 2172 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
02:09:07.0531 2172 TDTCP - ok
02:09:07.0562 2172 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
02:09:07.0843 2172 TermDD - ok
02:09:07.0906 2172 TosIde - ok
02:09:07.0953 2172 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
02:09:08.0234 2172 Udfs - ok
02:09:08.0250 2172 ultra - ok
02:09:08.0312 2172 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
02:09:08.0593 2172 Update - ok
02:09:08.0687 2172 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:09:08.0953 2172 usbccgp - ok
02:09:09.0015 2172 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
02:09:09.0296 2172 usbehci - ok
02:09:09.0375 2172 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
02:09:09.0656 2172 usbhub - ok
02:09:09.0703 2172 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
02:09:09.0968 2172 usbprint - ok
02:09:10.0015 2172 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
02:09:10.0296 2172 usbscan - ok
02:09:10.0359 2172 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:09:10.0625 2172 usbstor - ok
02:09:10.0671 2172 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
02:09:10.0953 2172 usbuhci - ok
02:09:11.0000 2172 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
02:09:11.0281 2172 usbvideo - ok
02:09:11.0296 2172 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
02:09:11.0578 2172 VgaSave - ok
02:09:11.0593 2172 ViaIde - ok
02:09:11.0640 2172 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
02:09:11.0921 2172 VolSnap - ok
02:09:12.0031 2172 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:09:12.0312 2172 Wanarp - ok
02:09:12.0359 2172 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
02:09:12.0437 2172 Wdf01000 - ok
02:09:12.0484 2172 WDICA - ok
02:09:12.0531 2172 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
02:09:12.0812 2172 wdmaud - ok
02:09:12.0906 2172 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
02:09:12.0953 2172 WinUSB - ok
02:09:13.0031 2172 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
02:09:13.0312 2172 WmiAcpi - ok
02:09:13.0375 2172 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
02:09:13.0453 2172 WpdUsb - ok
02:09:13.0500 2172 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
02:09:13.0546 2172 WsAudio_DeviceS(1) - ok
02:09:13.0562 2172 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys
02:09:13.0593 2172 WsAudio_DeviceS(2) - ok
02:09:13.0625 2172 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys
02:09:13.0656 2172 WsAudio_DeviceS(3) - ok
02:09:13.0671 2172 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys
02:09:13.0718 2172 WsAudio_DeviceS(4) - ok
02:09:13.0734 2172 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys
02:09:13.0781 2172 WsAudio_DeviceS(5) - ok
02:09:13.0828 2172 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
02:09:14.0125 2172 WSTCODEC - ok
02:09:14.0171 2172 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
02:09:14.0234 2172 WudfPf - ok
02:09:14.0312 2172 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
02:09:14.0359 2172 WudfRd - ok
02:09:14.0437 2172 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
02:09:14.0718 2172 \Device\Harddisk0\DR0 - ok
02:09:14.0718 2172 Boot (0x1200) (dba935ddb545620199879304da2294e1) \Device\Harddisk0\DR0\Partition0
02:09:14.0718 2172 \Device\Harddisk0\DR0\Partition0 - ok
02:09:14.0750 2172 Boot (0x1200) (41a7e37b67dda8e55c05b92bbf8c7611) \Device\Harddisk0\DR0\Partition1
02:09:14.0750 2172 \Device\Harddisk0\DR0\Partition1 - ok
02:09:14.0750 2172 ============================================================
02:09:14.0750 2172 Scan finished
02:09:14.0750 2172 ============================================================
02:09:14.0890 3124 Detected object count: 5
02:09:14.0890 3124 Actual detected object count: 5
02:10:06.0437 3124 ASPI ( UnsignedFile.Multi.Generic ) - skipped by user
02:10:06.0437 3124 ASPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:10:06.0453 3124 BANTExt ( UnsignedFile.Multi.Generic ) - skipped by user
02:10:06.0453 3124 BANTExt ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:10:06.0453 3124 Par1284 ( UnsignedFile.Multi.Generic ) - skipped by user
02:10:06.0453 3124 Par1284 ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:10:06.0468 3124 pneteth ( UnsignedFile.Multi.Generic ) - skipped by user
02:10:06.0468 3124 pneteth ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:10:06.0468 3124 pnetmdm ( UnsignedFile.Multi.Generic ) - skipped by user
02:10:06.0468 3124 pnetmdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

#8
maccee44

maccee44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Apparently even though I disabled AVG for 15min, this log says it was still active...

ComboFix 12-03-16.05 - user 03/17/2012 2:21.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1259 [GMT -7:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\dee9b03a4dd3ee59.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\SET17A.tmp
c:\windows\system32\SET1A5.tmp
c:\windows\system32\SET1A9.tmp
c:\windows\system32\SET1AA.tmp
c:\windows\system32\SET1B1.tmp
c:\windows\system32\SET1FA.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-02-17 to 2012-03-17 )))))))))))))))))))))))))))))))
.
.
2012-03-14 03:42 . 2012-03-14 03:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-14 03:42 . 2011-12-10 22:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-05 00:48 . 2012-03-05 00:48 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 16:53 . 2007-01-24 16:57 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-15 22:42 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2010-01-24 11:13 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-12-29 07:29 . 2011-12-29 07:29 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-29 07:29 . 2011-12-29 07:46 16432 ----a-w- c:\windows\system32\lsdelete.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-02-14 02:45 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-02-14 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-04 03:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-04 03:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-04 03:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PersistenceThread"="c:\windows\system32\PersistenceThread.exe" [2010-01-25 96792]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-25 1434920]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2010-01-28 53248]
"AVG_TRAY"="E:\avgtray.exe" [2011-09-10 2338656]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-02-14 939872]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-02-14 928096]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-1-2 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igdlogin]
2010-01-25 02:39 65536 ----a-w- c:\windows\system32\igdlogin.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0e:\avgchsvx.exe /sync\0e:\avgrsx.exe /sync /restart\0lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^PdaNet Desktop.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\PdaNet Desktop.lnk
backup=c:\windows\pss\PdaNet Desktop.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsMon00]
2010-05-14 04:48 2621440 ------r- c:\program files\Browny02\Brother\BrStMonW.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Carbonite Backup]
2011-03-04 03:52 948880 -c--a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
2005-11-12 02:30 995328 ------w- c:\program files\Brother\ControlCenter2\brctrcen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-27 02:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-01-25 02:39 354840 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-10 03:55 49208 -c--a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-01-25 02:39 137752 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2010-10-19 09:58 1439496 -c--a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 12:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 21:49 249064 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"Lavasoft Ad-Aware Service"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"AVG Security Toolbar Service"=3 (0x3)
"vToolbarUpdater"=2 (0x2)
"QBFCService"=3 (0x3)
"QBCFMonitorService"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"btwdins"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=
"e:\\avgmfapx.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\WINDOWS\\system32\\SAiLicSvr.exe"=
"c:\\Program Files\\SignWarehouse\\SignWarehouse Production Suite\\Program\\App2.exe"=
"c:\\Program Files\\SignWarehouse\\SignWarehouse Production Suite\\Program\\App.exe"=
"e:\\avgdiagex.exe"=
"e:\\avgnsx.exe"=
"e:\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 8:13 AM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [3/16/2011 4:03 PM 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/29/2011 12:24 AM 64512]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 6:41 AM 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4/5/2011 12:59 AM 297168]
R2 avgwd;AVG WatchDog;E:\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
R2 SAiDownloader;SAiDownloader;c:\windows\system32\SAiDownloader.exe [12/5/2011 10:17 PM 438272]
R2 SAiLicSvr;SAiLicSvr;c:\windows\system32\SAiLicSvr.exe [12/5/2011 10:21 PM 86016]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [4/27/2007 2:00 AM 316992]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [4/14/2011 9:28 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 7:53 AM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 7:53 AM 27216]
R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [1/24/2010 7:40 PM 5097632]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [11/18/2010 12:50 AM 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [11/18/2010 12:50 AM 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [11/18/2010 12:51 AM 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [11/18/2010 12:51 AM 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [11/18/2010 12:51 AM 25704]
S2 AVGIDSAgent;AVGIDSAgent;e:\identity protection\Agent\Bin\AVGIDSAgent.exe [8/18/2011 2:33 AM 7390560]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [9/8/2010 2:25 AM 16512]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [5/11/2011 2:01 PM 245760]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [11/3/2011 1:06 PM 15232]
S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [8/22/2010 2:00 PM 13312]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2/22/2010 5:15 PM 9472]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service;e:\toolbar\ToolbarBroker.exe [6/28/2011 5:58 PM 167264]
S4 Btmsdadbs;Btmsdadbs;c:\windows\system32\drivers\mspclock.sys [8/3/2004 3:58 PM 5376]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [11/3/2011 1:06 PM 2152152]
S4 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2/13/2012 7:45 PM 909152]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 67637227
*Deregistered* - 67637227
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 20:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
DPF: {79D1DBE2-A317-4D67-891D-9849D17F0531} - hxxp://www.parcelquest.com/download/MapEdge.cab
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\k2l7bq2c.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=&mid=676221bc4311ecc869857cd11a1a081f-0&ds=AVG&v=10.0.0.7&lang=us&pr=pa&d=2011-12-13%2010%3A46%3A08&sap=ku&q=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - E:\Firefox4
FF - Ext: AVG Security Toolbar: [email protected] - c:\documents and settings\All Users.WINDOWS\Application Data\AVG Secure Search\10.0.0.7
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-Google Update - c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-nmctxth - c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
MSConfigStartUp-psomvymt - c:\docume~1\user\LOCALS~1\Temp\hntmknsup\fjomaessjmo.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-17 02:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(628)
c:\windows\system32\igdlogin.dll
.
Completion time: 2012-03-17 02:35:27
ComboFix-quarantined-files.txt 2012-03-17 09:35
.
Pre-Run: 2,109,669,376 bytes free
Post-Run: 2,241,798,144 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 80159DF111E23A112F5BE9695C4CCEE2
  • 0

#9
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Let's try this step before we continue with malware search.

  • Go to Start -> My Computer
  • Right click on C: disk and clik on Properties
  • Click on tab Tools and click on Check now... button
  • Check Automatically fix system errors and Scan for and attempt recovery of bad sectors
  • Click Start button
  • Confirm schedule disk check next time computer starts with&nbsp;&nbsp;Yes button
  • Restart your system and wait while system checks your disk for errors

Is there any changes on speed after this step?
  • 0

#10
maccee44

maccee44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I followed the instructions you gave and restarted the computer. It ran the scan and started up with same slow problems. I didn't see any report pop up to show the results of the scan other than during the scan it would say part 1/5 100% complete, part 5/5 100% complete, etc. Is there a way to tell if it found/fixed any errors?

Thanks
  • 0

Advertisements


#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi maccee44,

Sorry for delay. Let's continue...

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
  • 0

#12
maccee44

maccee44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Status: Disinfected (events: 4)
3/22/2012 5:11:17 PM Disinfected Trojan program Trojan-Downloader.Java.Agent.ji C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\59\256bb8bb-31f52e17 High
3/22/2012 5:11:17 PM Disinfected Trojan program Trojan.Java.Agent.am C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\59\256bb8bb-31f52e17/bpac/b.class High
3/22/2012 5:11:17 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\59\256bb8bb-31f52e17/bpac/KAVS.class High
3/22/2012 5:11:17 PM Disinfected Trojan program Trojan-Downloader.Java.Agent.ji C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\59\256bb8bb-31f52e17/bpac/purok.class High
  • 0

#13
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
How is your system now? Any changes?

Please restart in safe mode:

  • If the computer is running, shut down Windows, and then turn off the power
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.

Test your system in Safe Mode now. Is it slow?
  • 0

#14
maccee44

maccee44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Just restarted and checked how the computer is working. It seems to be slightly faster startup times - like 7-10minutes now. And folders and browsers open slightly faster, but still running quite slow.
  • 0

#15
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Test it in Safe Mode now and let me know results.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP