Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

XP Painfully slow

Started by saraveza408 , Apr 17 2012 09:52 PM

  • Please log in to reply

#1
saraveza408
Posted 17 April 2012 - 09:52 PM

saraveza408

    Member

  • Member
  • PipPipPip
  • 376 posts
my computer all of a sudden became painfully slow with everything i do on it.i ran malwarebytes & it came back with no infections.ive been through this before on other computers.So heres my hijack this log & can someone please help me fix this?
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:44:49 PM, on 4/17/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
F2 - REG:system.ini: UserInit=Userinit.exe,
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

--
End of file - 3879 bytes
  • 0

Advertisements

#2
saraveza408
Posted 17 April 2012 - 10:22 PM

saraveza408

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 376 posts
ok so i just read the malware ect cleaning topic & downloaded & ran OTL & heres the log;


OTL logfile created on: 4/17/2012 8:58:25 PM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\Mig\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.98 Mb Total Physical Memory | 168.73 Mb Available Physical Memory | 37.75% Memory free
1.06 Gb Paging File | 0.76 Gb Available in Paging File | 71.56% Paging File free
Paging file location(s): C:\pagefile.sys 700 1200 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 13.97 Gb Total Space | 1.89 Gb Free Space | 13.55% Space Free | Partition Type: NTFS
Drive D: | 18.27 Gb Total Space | 18.00 Gb Free Space | 98.51% Space Free | Partition Type: NTFS

Computer Name: MIGUEL-0Y9ZZ019 | User Name: Mig | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/17 20:57:45 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mig\My Documents\Downloads\OTL.exe
PRC - [2012/04/12 00:37:36 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/04/27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/17 14:40:56 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006/11/17 14:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/12 00:37:34 | 000,444,400 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppgooglenaclpluginchrome.dll
MOD - [2012/04/12 00:37:33 | 003,915,248 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll
MOD - [2012/04/12 00:36:08 | 000,122,880 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\avutil-51.dll
MOD - [2012/04/12 00:36:06 | 000,220,672 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\avformat-53.dll
MOD - [2012/04/12 00:36:05 | 001,747,456 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll
MOD - [2012/04/11 23:51:55 | 008,743,584 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
MOD - [2011/11/10 22:43:26 | 000,138,072 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\ASCv5ExtMenu.dll
MOD - [2006/11/17 14:41:22 | 000,120,384 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\naXML71.dll
MOD - [2006/11/17 14:39:10 | 000,071,232 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\naisign.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/03/31 21:31:37 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/04/27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2006/11/17 14:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\CBPMp50.sys -- (CBPMp50)
DRV - [2007/07/23 17:49:50 | 000,822,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WPC300N.SYS -- (WPC300N)
DRV - [2006/11/28 22:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CBPSp50.sys -- (CBPSp50)
DRV - [2004/08/03 22:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2002/08/28 16:00:48 | 000,231,552 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97ali.sys -- (aliadwdm)
DRV - [2001/08/17 05:51:20 | 000,020,752 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {DCF0DD69-E951-4709-8075-5F8253A39479}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{9B7E403C-0F10-429B-9BEC-E4905400B242}: "URL" = http://www.google.co...ie7&rlz=1I7RNWN
IE - HKCU\..\SearchScopes\{DCF0DD69-E951-4709-8075-5F8253A39479}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..keyword.URL: "http://search.yahoo....type=685749&p="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/18 09:24:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/16 13:12:35 | 000,000,000 | ---D | M]

[2012/03/05 21:28:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mig\Application Data\Mozilla\Extensions
[2012/04/16 13:16:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mig\Application Data\Mozilla\Firefox\Profiles\jhp3bxby.default\extensions
[2012/04/05 22:36:42 | 000,000,000 | ---D | M] (Facebook Auto-Logout) -- C:\Documents and Settings\Mig\Application Data\Mozilla\Firefox\Profiles\jhp3bxby.default\extensions\[email protected]
[2012/03/12 22:31:23 | 000,001,539 | ---- | M] () -- C:\Documents and Settings\Mig\Application Data\Mozilla\Firefox\Profiles\jhp3bxby.default\searchplugins\thesaurus---referencecom.xml
[2012/03/05 21:27:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MIG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JHP3BXBY.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MIG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JHP3BXBY.DEFAULT\EXTENSIONS\[email protected]
[2012/04/02 21:40:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/03/18 09:24:37 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/02 21:38:42 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/16 03:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 03:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Mig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Mig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Mig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2003/03/31 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{685B86AB-6169-45EB-B991-235151C68D9A}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (Userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mig\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/05 21:28:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/17 20:42:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mig\Start Menu\Programs\HiJackThis
[2012/04/17 20:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/04/16 13:40:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mig\Recent
[2012/04/16 13:38:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Google Chrome
[2012/04/16 12:09:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Advanced SystemCare 5
[2012/04/16 12:05:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/04/16 12:05:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/16 12:05:05 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/04/16 12:05:05 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2012/04/16 12:05:05 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2012/04/16 12:05:05 | 000,000,000 | ---D | C] -- C:\Program Files\AWS
[2012/04/14 12:30:16 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/04/12 19:36:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mig\Application Data\IObit(2)
[2012/04/02 21:40:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
[2012/04/02 21:38:56 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/04/02 21:38:56 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/04/02 21:38:56 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/04/02 21:38:56 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/04/02 21:35:24 | 000,908,576 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Mig\Desktop\jre-6u31-windows-i586-iftw-k.exe
[2012/03/31 21:29:11 | 004,125,344 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2012/03/31 21:17:20 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/03/31 06:53:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\bamf
[2012/03/29 11:18:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mig\Local Settings\Application Data\Facebook
[2012/03/29 11:09:12 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2012/03/29 11:08:50 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2012/03/29 11:08:44 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2012/03/29 11:08:28 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2012/03/29 11:08:28 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2012/03/29 11:08:23 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2012/03/29 11:08:16 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2012/03/29 11:08:06 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2012/03/29 11:07:44 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2012/03/26 16:26:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mig\Desktop\CRD
[2012/03/26 16:06:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HP
[2012/03/26 16:04:31 | 000,053,248 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\ZTAG.DLL
[2012/03/26 16:04:30 | 000,106,496 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\ZSPOOL.DLL
[2012/03/26 16:04:29 | 000,061,440 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\ZIMF.DLL
[2012/03/26 16:04:26 | 000,114,688 | ---- | C] (Marvell Semiconductor, Inc.) -- C:\WINDOWS\System32\HPMCoSetup.dll
[2012/03/26 16:04:24 | 000,237,568 | ---- | C] (Marvell Semiconductor, Inc.) -- C:\WINDOWS\System32\HPIPMXRes.dll
[2012/03/26 16:04:23 | 000,512,000 | ---- | C] (Marvell Semiconductor, Inc.) -- C:\WINDOWS\System32\HPIPMX.dll
[2012/03/26 16:04:21 | 000,163,840 | ---- | C] (Marvell Semiconductor, Inc.) -- C:\WINDOWS\System32\CP1215LI.DLL
[2012/03/26 16:04:21 | 000,143,360 | ---- | C] (Marvell Semiconductor, Inc.) -- C:\WINDOWS\System32\CP1215LM.DLL
[2012/03/26 16:04:21 | 000,057,344 | ---- | C] (Marvell Semiconductor, Inc.) -- C:\WINDOWS\System32\CP1215EWS.dll
[2012/03/26 16:04:14 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2012/03/26 12:33:31 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4prt.sys
[2012/03/26 12:32:40 | 000,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4usb.sys
[2012/03/26 12:31:57 | 000,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys
[2012/03/26 12:29:33 | 000,000,000 | ---D | C] -- C:\HP LaserJet ljP3005 Firmware v02.140.2
[2012/03/24 11:54:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mig\Application Data\Philipp Winterberg
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/17 20:43:18 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Mig\Desktop\HiJackThis.lnk
[2012/04/17 20:36:29 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Mig\Desktop\HijackThis.msi
[2012/04/17 20:16:01 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/04/17 20:11:08 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/17 20:10:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/16 17:15:03 | 000,251,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/16 13:47:37 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/16 13:47:37 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/16 13:39:16 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\CCleaner.lnk
[2012/04/16 13:38:46 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Mig\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/16 11:54:46 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/15 09:17:50 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/14 09:54:41 | 000,550,977 | ---- | M] () -- C:\Documents and Settings\Mig\Desktop\water-texture-04.jpg
[2012/04/14 09:44:25 | 000,094,157 | ---- | M] () -- C:\Documents and Settings\Mig\Desktop\brochure-design-10.jpg
[2012/04/11 22:30:08 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Advanced SystemCare 5.lnk
[2012/04/11 21:53:01 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/11 21:53:01 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/10 17:49:11 | 000,016,914 | ---- | M] () -- C:\Documents and Settings\Mig\Desktop\leroy.jpg
[2012/04/10 11:58:19 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/05 22:09:06 | 000,005,579 | ---- | M] () -- C:\Documents and Settings\Mig\My Documents\spring.Theme
[2012/04/04 19:57:49 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\Mig\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/02 21:38:39 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/04/02 21:38:39 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/04/02 21:38:38 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/04/02 21:38:38 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/04/02 21:38:37 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/04/02 21:35:46 | 000,908,576 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Mig\Desktop\jre-6u31-windows-i586-iftw-k.exe
[2012/03/31 21:31:37 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/03/31 21:31:35 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/03/31 21:30:22 | 004,125,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/17 20:42:10 | 000,002,443 | ---- | C] () -- C:\Documents and Settings\Mig\Desktop\HiJackThis.lnk
[2012/04/17 20:35:55 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Mig\Desktop\HijackThis.msi
[2012/04/16 17:15:03 | 000,251,088 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/16 13:38:46 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Mig\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/16 13:37:12 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/16 13:37:11 | 000,000,876 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/14 09:54:34 | 000,550,977 | ---- | C] () -- C:\Documents and Settings\Mig\Desktop\water-texture-04.jpg
[2012/04/14 09:44:01 | 000,094,157 | ---- | C] () -- C:\Documents and Settings\Mig\Desktop\brochure-design-10.jpg
[2012/04/11 22:30:08 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Advanced SystemCare 5.lnk
[2012/04/10 17:48:31 | 000,016,914 | ---- | C] () -- C:\Documents and Settings\Mig\Desktop\leroy.jpg
[2012/04/05 22:09:05 | 000,005,579 | ---- | C] () -- C:\Documents and Settings\Mig\My Documents\spring.Theme
[2012/03/31 21:17:21 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/01/29 03:13:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/10 09:41:49 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IsUser11b.dll

< End of report >
  • 0

#3
Gammo
Posted 21 April 2012 - 04:13 AM

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0

#4
saraveza408
Posted 21 April 2012 - 10:31 PM

saraveza408

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 376 posts
only 1 log came back for my OTL scan results;

OTL logfile created on: 4/21/2012 9:25:06 PM - Run 2
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\Mig\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.98 Mb Total Physical Memory | 243.04 Mb Available Physical Memory | 54.37% Memory free
1.06 Gb Paging File | 0.85 Gb Available in Paging File | 80.55% Paging File free
Paging file location(s): C:\pagefile.sys 700 1200 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 13.97 Gb Total Space | 1.73 Gb Free Space | 12.38% Space Free | Partition Type: NTFS
Drive D: | 18.27 Gb Total Space | 18.00 Gb Free Space | 98.51% Space Free | Partition Type: NTFS

Computer Name: MIGUEL-0Y9ZZ019 | User Name: Mig | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/21 21:23:37 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mig\Desktop\OTL.exe
PRC - [2011/04/27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/17 14:40:56 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006/11/17 14:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/10 22:43:26 | 000,138,072 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\ASCv5ExtMenu.dll
MOD - [2006/11/17 14:41:22 | 000,120,384 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\naXML71.dll
MOD - [2006/11/17 14:39:10 | 000,071,232 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\naisign.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/03/31 21:31:37 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/04/27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2006/11/17 14:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\CBPMp50.sys -- (CBPMp50)
DRV - [2007/07/23 17:49:50 | 000,822,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WPC300N.SYS -- (WPC300N)
DRV - [2006/11/28 22:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CBPSp50.sys -- (CBPSp50)
DRV - [2004/08/03 22:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2002/08/28 16:00:48 | 000,231,552 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97ali.sys -- (aliadwdm)
DRV - [2001/08/17 05:51:20 | 000,020,752 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1935655697-706699826-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1935655697-706699826-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1935655697-706699826-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1935655697-706699826-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1935655697-706699826-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1935655697-706699826-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1935655697-706699826-1343024091-1003\..\SearchScopes,DefaultScope = {DCF0DD69-E951-4709-8075-5F8253A39479}
IE - HKU\S-1-5-21-1935655697-706699826-1343024091-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-1935655697-706699826-1343024091-1003\..\SearchScopes\{9B7E403C-0F10-429B-9BEC-E4905400B242}: "URL" = http://www.google.co...ie7&rlz=1I7RNWN
IE - HKU\S-1-5-21-1935655697-706699826-1343024091-1003\..\SearchScopes\{DCF0DD69-E951-4709-8075-5F8253A39479}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-1935655697-706699826-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..keyword.URL: "http://search.yahoo....type=685749&p="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/18 09:24:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/16 13:12:35 | 000,000,000 | ---D | M]

[2012/03/05 21:28:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mig\Application Data\Mozilla\Extensions
[2012/04/16 13:16:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mig\Application Data\Mozilla\Firefox\Profiles\jhp3bxby.default\extensions
[2012/04/05 22:36:42 | 000,000,000 | ---D | M] (Facebook Auto-Logout) -- C:\Documents and Settings\Mig\Application Data\Mozilla\Firefox\Profiles\jhp3bxby.default\extensions\[email protected]k
[2012/03/12 22:31:23 | 000,001,539 | ---- | M] () -- C:\Documents and Settings\Mig\Application Data\Mozilla\Firefox\Profiles\jhp3bxby.default\searchplugins\thesaurus---referencecom.xml
[2012/03/05 21:27:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MIG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JHP3BXBY.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MIG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JHP3BXBY.DEFAULT\EXTENSIONS\[email protected]
[2012/04/02 21:40:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/03/18 09:24:37 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/02 21:38:42 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/16 03:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 03:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Mig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Mig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: In My Head = C:\Documents and Settings\Mig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icjghaijajcdnfbepmfmapepjcgkdehh\3.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\Mig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2003/03/31 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Broadband Networking.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NevoMedia Server.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1935655697-706699826-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{685B86AB-6169-45EB-B991-235151C68D9A}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (Userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mig\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/05 21:28:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/21 21:23:27 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mig\Desktop\OTL.exe
[2012/04/20 20:44:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mig\Recent
[2012/04/17 20:42:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mig\Start Menu\Programs\HiJackThis
[2012/04/17 20:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/04/16 13:38:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Google Chrome
[2012/04/16 12:09:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Advanced SystemCare 5
[2012/04/16 12:05:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/04/16 12:05:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/16 12:05:05 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/04/16 12:05:05 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2012/04/16 12:05:05 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2012/04/16 12:05:05 | 000,000,000 | ---D | C] -- C:\Program Files\AWS
[2012/04/14 12:30:16 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/04/12 19:36:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mig\Application Data\IObit(2)
[2012/04/02 21:40:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
[2012/03/31 06:53:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\bamf
[2012/03/29 11:18:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mig\Local Settings\Application Data\Facebook
[2012/03/26 16:26:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mig\Desktop\CRD
[2012/03/26 16:06:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HP
[2012/03/26 16:04:31 | 000,053,248 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\ZTAG.DLL
[2012/03/26 16:04:30 | 000,106,496 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\ZSPOOL.DLL
[2012/03/26 16:04:29 | 000,061,440 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\ZIMF.DLL
[2012/03/26 16:04:26 | 000,114,688 | ---- | C] (Marvell Semiconductor, Inc.) -- C:\WINDOWS\System32\HPMCoSetup.dll
[2012/03/26 16:04:24 | 000,237,568 | ---- | C] (Marvell Semiconductor, Inc.) -- C:\WINDOWS\System32\HPIPMXRes.dll
[2012/03/26 16:04:23 | 000,512,000 | ---- | C] (Marvell Semiconductor, Inc.) -- C:\WINDOWS\System32\HPIPMX.dll
[2012/03/26 16:04:21 | 000,163,840 | ---- | C] (Marvell Semiconductor, Inc.) -- C:\WINDOWS\System32\CP1215LI.DLL
[2012/03/26 16:04:21 | 000,143,360 | ---- | C] (Marvell Semiconductor, Inc.) -- C:\WINDOWS\System32\CP1215LM.DLL
[2012/03/26 16:04:21 | 000,057,344 | ---- | C] (Marvell Semiconductor, Inc.) -- C:\WINDOWS\System32\CP1215EWS.dll
[2012/03/26 12:29:33 | 000,000,000 | ---D | C] -- C:\HP LaserJet ljP3005 Firmware v02.140.2
[2012/03/24 11:54:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mig\Application Data\Philipp Winterberg
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/21 21:23:37 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mig\Desktop\OTL.exe
[2012/04/21 20:31:43 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/04/21 20:27:49 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/21 20:26:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/21 08:06:58 | 000,262,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/20 21:28:48 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/19 22:33:22 | 008,997,812 | ---- | M] () -- C:\Documents and Settings\Mig\Desktop\Project3.png
[2012/04/16 13:47:37 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/16 13:47:37 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/16 13:39:16 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\CCleaner.lnk
[2012/04/16 13:38:46 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Mig\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/16 11:54:46 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/11 22:30:08 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Advanced SystemCare 5.lnk
[2012/04/11 21:53:01 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/11 21:53:01 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/10 11:58:19 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/05 22:09:06 | 000,005,579 | ---- | M] () -- C:\Documents and Settings\Mig\My Documents\spring.Theme
[2012/04/04 19:57:49 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\Mig\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/21 08:06:58 | 000,262,232 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/19 22:33:10 | 008,997,812 | ---- | C] () -- C:\Documents and Settings\Mig\Desktop\Project3.png
[2012/04/16 13:38:46 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Mig\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/16 13:37:12 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/16 13:37:11 | 000,000,876 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/11 22:30:08 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Advanced SystemCare 5.lnk
[2012/04/05 22:09:05 | 000,005,579 | ---- | C] () -- C:\Documents and Settings\Mig\My Documents\spring.Theme
[2012/03/31 21:17:21 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/01/29 03:13:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/10 09:41:49 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IsUser11b.dll

========== LOP Check ==========

[2005/01/29 21:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2012/01/29 14:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\IObit
[2009/12/12 20:17:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mig\Application Data\FrostWire
[2012/04/16 12:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mig\Application Data\IObit(2)
[2012/04/02 15:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mig\Application Data\Philipp Winterberg
[2009/12/28 12:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mig\Application Data\Sony
[2012/04/21 20:31:43 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Mig\Desktop\Project3.png:SummaryInformation

< End of report >
  • 0

#5
Gammo
Posted 22 April 2012 - 04:13 AM

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean



Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.




Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#6
saraveza408
Posted 22 April 2012 - 06:54 PM

saraveza408

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 376 posts
heres the malwarebytes log;

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.22.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Mig :: MIGUEL-0Y9ZZ019 [administrator]

4/22/2012 5:40:57 PM
mbam-log-2012-04-22 (17-40-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 299943
Time elapsed: 11 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#7
saraveza408
Posted 22 April 2012 - 08:57 PM

saraveza408

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 376 posts
ok i got all the way up to combofix's scan.A blue window popped up & warned that it may take 10 mins or more depending on my computer & i waited about a hour & nothing ever happened.
  • 0

#8
Gammo
Posted 23 April 2012 - 11:34 AM

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

#9
saraveza408
Posted 24 April 2012 - 12:15 AM

saraveza408

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 376 posts
ok heres the log;

23:09:52.0033 3120 TDSS rootkit removing tool 2.7.32.0 Apr 23 2012 19:12:34
23:09:52.0784 3120 ============================================================
23:09:52.0784 3120 Current date / time: 2012/04/23 23:09:52.0784
23:09:52.0784 3120 SystemInfo:
23:09:52.0784 3120
23:09:52.0784 3120 OS Version: 5.1.2600 ServicePack: 3.0
23:09:52.0784 3120 Product type: Workstation
23:09:52.0784 3120 ComputerName: MIGUEL-0Y9ZZ019
23:09:52.0784 3120 UserName: Mig
23:09:52.0784 3120 Windows directory: C:\WINDOWS
23:09:52.0784 3120 System windows directory: C:\WINDOWS
23:09:52.0784 3120 Processor architecture: Intel x86
23:09:52.0784 3120 Number of processors: 1
23:09:52.0784 3120 Page size: 0x1000
23:09:52.0784 3120 Boot type: Normal boot
23:09:52.0784 3120 ============================================================
23:09:59.0213 3120 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:09:59.0233 3120 ============================================================
23:09:59.0233 3120 \Device\Harddisk0\DR0:
23:09:59.0233 3120 MBR partitions:
23:09:59.0233 3120 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xA0510E, BlocksNum 0x1BF1F20
23:09:59.0253 3120 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x25F706D, BlocksNum 0x248A3D2
23:09:59.0253 3120 ============================================================
23:09:59.0343 3120 C: <-> \Device\Harddisk0\DR0\Partition0
23:09:59.0413 3120 D: <-> \Device\Harddisk0\DR0\Partition1
23:09:59.0413 3120 ============================================================
23:09:59.0413 3120 Initialize success
23:09:59.0413 3120 ============================================================
23:11:15.0893 0304 ============================================================
23:11:15.0893 0304 Scan started
23:11:15.0893 0304 Mode: Manual; SigCheck; TDLFS;
23:11:15.0893 0304 ============================================================
23:11:18.0006 0304 Abiosdsk - ok
23:11:18.0046 0304 abp480n5 - ok
23:11:18.0457 0304 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:11:23.0044 0304 ACPI - ok
23:11:23.0134 0304 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
23:11:23.0514 0304 ACPIEC - ok
23:11:23.0614 0304 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:11:24.0846 0304 AdobeFlashPlayerUpdateSvc - ok
23:11:24.0886 0304 adpu160m - ok
23:11:25.0097 0304 AdvancedSystemCareService5 (b11c71b29fa69e4586f9b65560e6604d) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
23:11:25.0597 0304 AdvancedSystemCareService5 - ok
23:11:25.0647 0304 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:11:26.0038 0304 aec - ok
23:11:26.0098 0304 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:11:26.0438 0304 AFD - ok
23:11:26.0479 0304 Aha154x - ok
23:11:26.0519 0304 aic78u2 - ok
23:11:26.0569 0304 aic78xx - ok
23:11:26.0639 0304 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
23:11:27.0109 0304 Alerter - ok
23:11:27.0180 0304 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
23:11:27.0931 0304 ALG - ok
23:11:28.0031 0304 aliadwdm (065a6d38a79216592de03f3525d6296e) C:\WINDOWS\system32\drivers\ac97ali.sys
23:11:28.0371 0304 aliadwdm - ok
23:11:28.0451 0304 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
23:11:28.0712 0304 AliIde - ok
23:11:28.0752 0304 amsint - ok
23:11:28.0812 0304 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
23:11:29.0263 0304 AppMgmt - ok
23:11:29.0363 0304 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:11:29.0643 0304 Arp1394 - ok
23:11:29.0673 0304 asc - ok
23:11:29.0713 0304 asc3350p - ok
23:11:29.0753 0304 asc3550 - ok
23:11:29.0933 0304 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:11:30.0314 0304 aspnet_state - ok
23:11:30.0364 0304 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:11:30.0584 0304 AsyncMac - ok
23:11:30.0665 0304 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:11:30.0975 0304 atapi - ok
23:11:30.0995 0304 Atdisk - ok
23:11:31.0055 0304 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:11:31.0406 0304 Atmarpc - ok
23:11:31.0476 0304 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
23:11:31.0776 0304 AudioSrv - ok
23:11:31.0816 0304 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:11:32.0047 0304 audstub - ok
23:11:32.0137 0304 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:11:32.0467 0304 Beep - ok
23:11:32.0567 0304 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
23:11:33.0118 0304 BITS - ok
23:11:33.0188 0304 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
23:11:33.0469 0304 Browser - ok
23:11:33.0539 0304 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:11:33.0789 0304 cbidf2k - ok
23:11:33.0829 0304 CBPMp50 - ok
23:11:33.0929 0304 CBPSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\CBPSp50.sys
23:11:34.0180 0304 CBPSp50 - ok
23:11:34.0250 0304 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:11:34.0520 0304 CCDECODE - ok
23:11:34.0560 0304 cd20xrnt - ok
23:11:34.0640 0304 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:11:34.0981 0304 Cdaudio - ok
23:11:35.0071 0304 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:11:35.0341 0304 Cdfs - ok
23:11:35.0401 0304 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:11:35.0652 0304 Cdrom - ok
23:11:35.0682 0304 Changer - ok
23:11:35.0752 0304 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
23:11:35.0992 0304 CiSvc - ok
23:11:36.0052 0304 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
23:11:36.0523 0304 ClipSrv - ok
23:11:36.0603 0304 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:11:36.0934 0304 clr_optimization_v2.0.50727_32 - ok
23:11:36.0994 0304 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:11:37.0214 0304 CmBatt - ok
23:11:37.0254 0304 CmdIde - ok
23:11:37.0304 0304 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:11:37.0534 0304 Compbatt - ok
23:11:37.0574 0304 COMSysApp - ok
23:11:37.0645 0304 Cpqarray - ok
23:11:37.0705 0304 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
23:11:37.0985 0304 CryptSvc - ok
23:11:38.0025 0304 dac2w2k - ok
23:11:38.0065 0304 dac960nt - ok
23:11:38.0175 0304 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
23:11:38.0416 0304 DcomLaunch - ok
23:11:38.0526 0304 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
23:11:38.0826 0304 Dhcp - ok
23:11:38.0866 0304 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:11:39.0147 0304 Disk - ok
23:11:39.0187 0304 dmadmin - ok
23:11:39.0287 0304 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:11:39.0667 0304 dmboot - ok
23:11:39.0718 0304 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:11:39.0998 0304 dmio - ok
23:11:40.0068 0304 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:11:40.0318 0304 dmload - ok
23:11:40.0399 0304 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
23:11:40.0639 0304 dmserver - ok
23:11:40.0679 0304 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:11:40.0919 0304 DMusic - ok
23:11:40.0999 0304 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
23:11:41.0170 0304 Dnscache - ok
23:11:41.0250 0304 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
23:11:41.0720 0304 Dot3svc - ok
23:11:41.0801 0304 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
23:11:42.0061 0304 dot4 - ok
23:11:42.0141 0304 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
23:11:42.0401 0304 Dot4Print - ok
23:11:42.0472 0304 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
23:11:42.0772 0304 dot4usb - ok
23:11:42.0812 0304 dpti2o - ok
23:11:42.0872 0304 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:11:43.0062 0304 drmkaud - ok
23:11:43.0132 0304 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
23:11:43.0463 0304 EapHost - ok
23:11:43.0533 0304 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
23:11:43.0783 0304 ERSvc - ok
23:11:43.0874 0304 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:11:44.0014 0304 Eventlog - ok
23:11:44.0084 0304 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
23:11:44.0344 0304 EventSystem - ok
23:11:44.0434 0304 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:11:44.0635 0304 Fastfat - ok
23:11:44.0725 0304 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:11:44.0885 0304 FastUserSwitchingCompatibility - ok
23:11:44.0955 0304 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
23:11:45.0225 0304 Fdc - ok
23:11:45.0266 0304 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:11:45.0536 0304 Fips - ok
23:11:45.0626 0304 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
23:11:46.0137 0304 Flpydisk - ok
23:11:46.0247 0304 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:11:46.0648 0304 FltMgr - ok
23:11:46.0788 0304 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:11:46.0858 0304 FontCache3.0.0.0 - ok
23:11:46.0928 0304 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:11:47.0168 0304 Fs_Rec - ok
23:11:47.0238 0304 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:11:47.0589 0304 Ftdisk - ok
23:11:47.0669 0304 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:11:47.0899 0304 Gpc - ok
23:11:48.0070 0304 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
23:11:48.0270 0304 gupdate - ok
23:11:48.0290 0304 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
23:11:48.0420 0304 gupdatem - ok
23:11:48.0540 0304 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:11:48.0781 0304 helpsvc - ok
23:11:48.0881 0304 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
23:11:49.0111 0304 HidServ - ok
23:11:49.0181 0304 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:11:49.0452 0304 HidUsb - ok
23:11:49.0522 0304 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
23:11:49.0812 0304 hkmsvc - ok
23:11:49.0852 0304 hpn - ok
23:11:49.0922 0304 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:11:50.0203 0304 HTTP - ok
23:11:50.0273 0304 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
23:11:50.0543 0304 HTTPFilter - ok
23:11:50.0583 0304 i2omgmt - ok
23:11:50.0633 0304 i2omp - ok
23:11:50.0703 0304 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:11:50.0974 0304 i8042prt - ok
23:11:51.0104 0304 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:11:51.0725 0304 idsvc - ok
23:11:51.0785 0304 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:11:52.0025 0304 Imapi - ok
23:11:52.0075 0304 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
23:11:52.0366 0304 ImapiService - ok
23:11:52.0406 0304 ini910u - ok
23:11:52.0446 0304 IntelIde - ok
23:11:52.0516 0304 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:11:52.0746 0304 intelppm - ok
23:11:52.0806 0304 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:11:53.0067 0304 ip6fw - ok
23:11:53.0147 0304 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:11:53.0477 0304 IpFilterDriver - ok
23:11:53.0517 0304 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:11:53.0738 0304 IpInIp - ok
23:11:53.0808 0304 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:11:54.0048 0304 IpNat - ok
23:11:54.0118 0304 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:11:54.0429 0304 IPSec - ok
23:11:54.0489 0304 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:11:54.0719 0304 IRENUM - ok
23:11:54.0779 0304 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:11:55.0010 0304 isapnp - ok
23:11:55.0140 0304 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
23:11:55.0570 0304 JavaQuickStarterService - ok
23:11:55.0630 0304 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:11:55.0851 0304 Kbdclass - ok
23:11:55.0921 0304 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:11:56.0121 0304 kbdhid - ok
23:11:56.0221 0304 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:11:56.0472 0304 kmixer - ok
23:11:56.0542 0304 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:11:56.0752 0304 KSecDD - ok
23:11:56.0842 0304 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
23:11:57.0002 0304 lanmanserver - ok
23:11:57.0093 0304 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
23:11:57.0273 0304 lanmanworkstation - ok
23:11:57.0313 0304 lbrtfdc - ok
23:11:57.0433 0304 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
23:11:57.0663 0304 LmHosts - ok
23:11:57.0733 0304 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
23:11:57.0794 0304 MBAMSwissArmy - ok
23:11:57.0914 0304 McAfeeFramework (1bc1a6b644d4cc1964cd851e92b604f4) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
23:11:58.0124 0304 McAfeeFramework - ok
23:11:58.0224 0304 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
23:11:58.0444 0304 Messenger - ok
23:11:58.0495 0304 mferkdk - ok
23:11:58.0595 0304 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:11:58.0825 0304 mnmdd - ok
23:11:58.0905 0304 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
23:11:59.0226 0304 mnmsrvc - ok
23:11:59.0306 0304 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:11:59.0526 0304 Modem - ok
23:11:59.0576 0304 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:11:59.0786 0304 Mouclass - ok
23:11:59.0857 0304 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:12:00.0097 0304 mouhid - ok
23:12:00.0167 0304 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:12:00.0467 0304 MountMgr - ok
23:12:00.0558 0304 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
23:12:00.0658 0304 MpFilter - ok
23:12:00.0718 0304 mraid35x - ok
23:12:00.0788 0304 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:12:01.0048 0304 MRxDAV - ok
23:12:01.0148 0304 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:12:01.0349 0304 MRxSmb - ok
23:12:01.0379 0304 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
23:12:01.0649 0304 MSDTC - ok
23:12:01.0749 0304 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:12:02.0040 0304 Msfs - ok
23:12:02.0080 0304 MSIServer - ok
23:12:02.0130 0304 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:12:02.0340 0304 MSKSSRV - ok
23:12:02.0450 0304 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
23:12:02.0520 0304 MsMpSvc - ok
23:12:02.0600 0304 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:12:02.0801 0304 MSPCLOCK - ok
23:12:02.0851 0304 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:12:03.0051 0304 MSPQM - ok
23:12:03.0111 0304 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:12:03.0291 0304 mssmbios - ok
23:12:03.0372 0304 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
23:12:03.0582 0304 MSTEE - ok
23:12:03.0652 0304 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:12:03.0762 0304 Mup - ok
23:12:03.0852 0304 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:12:04.0113 0304 NABTSFEC - ok
23:12:04.0203 0304 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
23:12:04.0493 0304 napagent - ok
23:12:04.0553 0304 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:12:04.0884 0304 NDIS - ok
23:12:04.0924 0304 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:12:05.0154 0304 NdisIP - ok
23:12:05.0244 0304 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:12:05.0344 0304 NdisTapi - ok
23:12:05.0394 0304 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:12:05.0595 0304 Ndisuio - ok
23:12:05.0665 0304 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:12:05.0945 0304 NdisWan - ok
23:12:05.0995 0304 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:12:06.0095 0304 NDProxy - ok
23:12:06.0166 0304 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\WINDOWS\system32\HPZinw12.dll
23:12:06.0276 0304 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:12:06.0276 0304 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:12:06.0356 0304 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:12:06.0606 0304 NetBIOS - ok
23:12:06.0666 0304 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:12:06.0937 0304 NetBT - ok
23:12:07.0017 0304 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:12:07.0407 0304 NetDDE - ok
23:12:07.0437 0304 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:12:07.0678 0304 NetDDEdsdm - ok
23:12:07.0768 0304 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
23:12:07.0968 0304 Netlogon - ok
23:12:08.0048 0304 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
23:12:08.0319 0304 Netman - ok
23:12:08.0429 0304 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:12:08.0489 0304 NetTcpPortSharing - ok
23:12:08.0529 0304 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:12:08.0779 0304 NIC1394 - ok
23:12:08.0859 0304 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
23:12:09.0000 0304 Nla - ok
23:12:09.0080 0304 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:12:09.0320 0304 Npfs - ok
23:12:09.0420 0304 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:12:09.0691 0304 Ntfs - ok
23:12:09.0731 0304 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
23:12:09.0881 0304 NtLmSsp - ok
23:12:09.0991 0304 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
23:12:10.0281 0304 NtmsSvc - ok
23:12:10.0342 0304 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
23:12:10.0452 0304 NuidFltr - ok
23:12:10.0512 0304 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:12:10.0762 0304 Null - ok
23:12:10.0832 0304 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:12:11.0083 0304 NwlnkFlt - ok
23:12:11.0143 0304 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:12:11.0403 0304 NwlnkFwd - ok
23:12:11.0463 0304 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:12:11.0704 0304 ohci1394 - ok
23:12:11.0834 0304 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:12:11.0934 0304 ose - ok
23:12:12.0044 0304 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
23:12:12.0294 0304 Parport - ok
23:12:12.0344 0304 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:12:12.0585 0304 PartMgr - ok
23:12:12.0645 0304 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:12:12.0935 0304 ParVdm - ok
23:12:12.0995 0304 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:12:13.0216 0304 PCI - ok
23:12:13.0256 0304 PCIDump - ok
23:12:13.0296 0304 PCIIde - ok
23:12:13.0386 0304 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
23:12:13.0626 0304 Pcmcia - ok
23:12:13.0666 0304 PDCOMP - ok
23:12:13.0706 0304 PDFRAME - ok
23:12:13.0746 0304 PDRELI - ok
23:12:13.0797 0304 PDRFRAME - ok
23:12:13.0827 0304 perc2 - ok
23:12:13.0867 0304 perc2hib - ok
23:12:14.0017 0304 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:12:14.0107 0304 PlugPlay - ok
23:12:14.0177 0304 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\WINDOWS\system32\HPZipm12.dll
23:12:14.0227 0304 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:12:14.0227 0304 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:12:14.0267 0304 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:12:14.0437 0304 PolicyAgent - ok
23:12:14.0508 0304 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:12:14.0748 0304 PptpMiniport - ok
23:12:14.0808 0304 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
23:12:15.0018 0304 Processor - ok
23:12:15.0058 0304 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:12:15.0249 0304 ProtectedStorage - ok
23:12:15.0289 0304 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:12:15.0529 0304 PSched - ok
23:12:15.0609 0304 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:12:15.0900 0304 Ptilink - ok
23:12:15.0960 0304 QCDonner (fddd1aeb9f81ef1e6e48ae1edc2a97d6) C:\WINDOWS\system32\DRIVERS\OVCD.sys
23:12:16.0210 0304 QCDonner - ok
23:12:16.0230 0304 ql1080 - ok
23:12:16.0270 0304 Ql10wnt - ok
23:12:16.0290 0304 ql12160 - ok
23:12:16.0330 0304 ql1240 - ok
23:12:16.0370 0304 ql1280 - ok
23:12:16.0440 0304 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:12:16.0681 0304 RasAcd - ok
23:12:16.0771 0304 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
23:12:17.0101 0304 RasAuto - ok
23:12:17.0161 0304 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:12:17.0402 0304 Rasl2tp - ok
23:12:17.0482 0304 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
23:12:17.0702 0304 RasMan - ok
23:12:17.0762 0304 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:12:18.0013 0304 RasPppoe - ok
23:12:18.0063 0304 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:12:18.0323 0304 Raspti - ok
23:12:18.0433 0304 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:12:18.0744 0304 Rdbss - ok
23:12:18.0804 0304 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:12:19.0034 0304 RDPCDD - ok
23:12:19.0104 0304 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:12:19.0435 0304 rdpdr - ok
23:12:19.0535 0304 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
23:12:19.0755 0304 RDPWD - ok
23:12:19.0845 0304 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
23:12:20.0166 0304 RDSessMgr - ok
23:12:20.0246 0304 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:12:20.0476 0304 redbook - ok
23:12:20.0566 0304 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
23:12:20.0797 0304 RemoteAccess - ok
23:12:20.0867 0304 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
23:12:21.0137 0304 RemoteRegistry - ok
23:12:21.0217 0304 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
23:12:21.0498 0304 RpcLocator - ok
23:12:21.0578 0304 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
23:12:21.0708 0304 RpcSs - ok
23:12:21.0788 0304 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
23:12:22.0119 0304 RSVP - ok
23:12:22.0199 0304 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
23:12:22.0399 0304 rtl8139 - ok
23:12:22.0439 0304 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:12:22.0589 0304 SamSs - ok
23:12:22.0679 0304 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
23:12:22.0940 0304 SCardSvr - ok
23:12:23.0040 0304 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
23:12:23.0260 0304 Schedule - ok
23:12:23.0370 0304 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:12:23.0571 0304 Secdrv - ok
23:12:23.0651 0304 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
23:12:23.0861 0304 seclogon - ok
23:12:23.0911 0304 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
23:12:24.0101 0304 SENS - ok
23:12:24.0212 0304 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
23:12:24.0522 0304 Serial - ok
23:12:24.0622 0304 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:12:24.0802 0304 Sfloppy - ok
23:12:24.0893 0304 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
23:12:25.0173 0304 SharedAccess - ok
23:12:25.0253 0304 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:12:25.0333 0304 ShellHWDetection - ok
23:12:25.0373 0304 Simbad - ok
23:12:25.0443 0304 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:12:25.0654 0304 SLIP - ok
23:12:25.0744 0304 SNC (1a992c8136c015453e82041c35b299da) C:\WINDOWS\system32\DRIVERS\SonyNC.sys
23:12:26.0034 0304 SNC - ok
23:12:26.0054 0304 Sparrow - ok
23:12:26.0124 0304 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:12:26.0345 0304 splitter - ok
23:12:26.0415 0304 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
23:12:26.0565 0304 Spooler - ok
23:12:26.0625 0304 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:12:26.0925 0304 sr - ok
23:12:27.0016 0304 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
23:12:27.0256 0304 srservice - ok
23:12:27.0336 0304 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:12:27.0476 0304 Srv - ok
23:12:27.0556 0304 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
23:12:27.0807 0304 SSDPSRV - ok
23:12:27.0907 0304 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
23:12:28.0237 0304 stisvc - ok
23:12:28.0307 0304 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:12:28.0518 0304 streamip - ok
23:12:28.0598 0304 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:12:28.0798 0304 swenum - ok
23:12:28.0848 0304 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:12:29.0069 0304 swmidi - ok
23:12:29.0119 0304 SwPrv - ok
23:12:29.0169 0304 symc810 - ok
23:12:29.0209 0304 symc8xx - ok
23:12:29.0269 0304 sym_hi - ok
23:12:29.0309 0304 sym_u3 - ok
23:12:29.0369 0304 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:12:29.0619 0304 sysaudio - ok
23:12:29.0709 0304 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
23:12:29.0980 0304 SysmonLog - ok
23:12:30.0070 0304 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
23:12:30.0330 0304 TapiSrv - ok
23:12:30.0410 0304 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:12:30.0541 0304 Tcpip - ok
23:12:30.0611 0304 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:12:30.0821 0304 TDPIPE - ok
23:12:30.0861 0304 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:12:31.0061 0304 TDTCP - ok
23:12:31.0131 0304 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:12:31.0352 0304 TermDD - ok
23:12:31.0452 0304 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
23:12:31.0712 0304 TermService - ok
23:12:31.0772 0304 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:12:31.0863 0304 Themes - ok
23:12:31.0943 0304 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
23:12:32.0203 0304 TlntSvr - ok
23:12:32.0243 0304 TosIde - ok
23:12:32.0313 0304 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
23:12:32.0554 0304 TrkWks - ok
23:12:32.0654 0304 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:12:32.0884 0304 Udfs - ok
23:12:32.0944 0304 ultra - ok
23:12:33.0054 0304 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:12:33.0325 0304 Update - ok
23:12:33.0385 0304 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
23:12:33.0615 0304 upnphost - ok
23:12:33.0655 0304 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
23:12:33.0915 0304 UPS - ok
23:12:33.0986 0304 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:12:34.0216 0304 usbccgp - ok
23:12:34.0276 0304 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:12:34.0486 0304 usbehci - ok
23:12:34.0576 0304 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:12:34.0827 0304 usbhub - ok
23:12:34.0877 0304 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:12:35.0077 0304 usbohci - ok
23:12:35.0157 0304 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:12:35.0378 0304 usbprint - ok
23:12:35.0438 0304 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:12:35.0618 0304 usbscan - ok
23:12:35.0678 0304 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:12:35.0898 0304 USBSTOR - ok
23:12:35.0948 0304 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:12:36.0139 0304 VgaSave - ok
23:12:36.0159 0304 ViaIde - ok
23:12:36.0229 0304 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:12:36.0479 0304 VolSnap - ok
23:12:36.0569 0304 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
23:12:36.0850 0304 VSS - ok
23:12:36.0920 0304 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
23:12:37.0160 0304 W32Time - ok
23:12:37.0230 0304 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:12:37.0451 0304 Wanarp - ok
23:12:37.0551 0304 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
23:12:37.0671 0304 Wdf01000 - ok
23:12:37.0701 0304 WDICA - ok
23:12:37.0781 0304 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:12:38.0021 0304 wdmaud - ok
23:12:38.0091 0304 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
23:12:38.0322 0304 WebClient - ok
23:12:38.0482 0304 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
23:12:38.0752 0304 winmgmt - ok
23:12:38.0873 0304 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
23:12:39.0063 0304 WmdmPmSN - ok
23:12:39.0183 0304 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
23:12:39.0624 0304 Wmi - ok
23:12:39.0754 0304 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
23:12:40.0104 0304 WmiApSrv - ok
23:12:40.0295 0304 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
23:12:40.0875 0304 WMPNetworkSvc - ok
23:12:41.0026 0304 WPC300N (ee44fe4c6388eae2ec5749e2c5d781f2) C:\WINDOWS\system32\DRIVERS\WPC300N.SYS
23:12:41.0276 0304 WPC300N ( UnsignedFile.Multi.Generic ) - warning
23:12:41.0276 0304 WPC300N - detected UnsignedFile.Multi.Generic (1)
23:12:41.0336 0304 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:12:41.0617 0304 WS2IFSL - ok
23:12:41.0697 0304 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
23:12:41.0977 0304 wscsvc - ok
23:12:42.0047 0304 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:12:42.0257 0304 WSTCODEC - ok
23:12:42.0348 0304 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
23:12:42.0548 0304 wuauserv - ok
23:12:42.0638 0304 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:12:42.0748 0304 WudfPf - ok
23:12:42.0798 0304 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:12:42.0918 0304 WudfRd - ok
23:12:42.0979 0304 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
23:12:43.0109 0304 WudfSvc - ok
23:12:43.0209 0304 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
23:12:43.0519 0304 WZCSVC - ok
23:12:43.0599 0304 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
23:12:43.0830 0304 xmlprov - ok
23:12:43.0930 0304 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
23:12:44.0431 0304 \Device\Harddisk0\DR0 - ok
23:12:44.0491 0304 Boot (0x1200) (3e72cc291773fc9333c5de3ebdfc564d) \Device\Harddisk0\DR0\Partition0
23:12:44.0491 0304 \Device\Harddisk0\DR0\Partition0 - ok
23:12:44.0541 0304 Boot (0x1200) (5b237309cbb6d8269537fd9140f4e17e) \Device\Harddisk0\DR0\Partition1
23:12:44.0541 0304 \Device\Harddisk0\DR0\Partition1 - ok
23:12:44.0561 0304 ============================================================
23:12:44.0561 0304 Scan finished
23:12:44.0561 0304 ============================================================
23:12:44.0721 1360 Detected object count: 3
23:12:44.0721 1360 Actual detected object count: 3
23:13:55.0653 1360 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
23:13:55.0653 1360 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:13:55.0653 1360 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
23:13:55.0653 1360 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:13:55.0653 1360 WPC300N ( UnsignedFile.Multi.Generic ) - skipped by user
23:13:55.0653 1360 WPC300N ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

#10
Gammo
Posted 24 April 2012 - 09:40 AM

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Your logs appear to be clean. If your PC is still slow, it's not because of malware. :thumbsup:

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo :cool:
  • 0

#11
saraveza408
Posted 25 April 2012 - 10:51 AM

saraveza408

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 376 posts
ok great! Thanks for the help & patience too!
Quick question;basically any of those free programs that say they update all your drivers or that they speed up your computer are all no good right?
  • 0

#12
Gammo
Posted 25 April 2012 - 02:29 PM

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts

Quick question;basically any of those free programs that say they update all your drivers or that they speed up your computer are all no good right?

You shouldn't use such programs. They're more likely to cause problems than to fix them. :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP