Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unit running sluggish [Closed] [Solved]

Started by SCGrayone , May 05 2012 11:52 AM

  • This topic is locked This topic is locked

#16
SCGrayone
Posted 18 May 2012 - 08:53 PM

SCGrayone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
All processes killed
========== OTL ==========
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff not found.
C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions folder moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
C:\Program Files\Java\jre6\bin\ssv.dll moved successfully.
C:\Documents and Settings\All Users\Application Data\IObit\Advanced SystemCare V5 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\IObit folder moved successfully.
C:\Documents and Settings\Bruce\Application Data\IObit\Advanced SystemCare V5\Toolbox folder moved successfully.
C:\Documents and Settings\Bruce\Application Data\IObit\Advanced SystemCare V5\Smart RAM folder moved successfully.
C:\Documents and Settings\Bruce\Application Data\IObit\Advanced SystemCare V5\Log folder moved successfully.
C:\Documents and Settings\Bruce\Application Data\IObit\Advanced SystemCare V5\Boottime folder moved successfully.
C:\Documents and Settings\Bruce\Application Data\IObit\Advanced SystemCare V5\Backup folder moved successfully.
C:\Documents and Settings\Bruce\Application Data\IObit\Advanced SystemCare V5 folder moved successfully.
C:\Documents and Settings\Bruce\Application Data\IObit folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Bruce\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Bruce\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Bruce
->Temp folder emptied: 50977132 bytes
->Temporary Internet Files folder emptied: 113298839 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 1168 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 22830858 bytes

Total Files Cleaned = 179.00 mb

Unable to start System Restore Service. Error code 1056

OTL by OldTimer - Version 3.2.42.2 log created on 05182012_220116

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Bruce\Local Settings\Temp\fla31.tmp not found!
C:\Documents and Settings\Bruce\Local Settings\Temp\~DF18B1.tmp moved successfully.
C:\Documents and Settings\Bruce\Local Settings\Temp\~DF6641.tmp moved successfully.
File\Folder C:\Documents and Settings\Bruce\Local Settings\Temp\~DF9B90.tmp not found!
File\Folder C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.Word\~WRS{173E8CC2-A4D7-4CEB-91E5-AF58E4D9C620}.tmp not found!
File\Folder C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.Word\~WRS{C18E2E75-9F78-4AEB-8D1A-DCBF34B9CE6F}.tmp not found!
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\Y0OH479S\ads[1].htm moved successfully.
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\Y0OH479S\fastbutton[2].txt moved successfully.
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\Y0OH479S\id24[1].htm moved successfully.
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\Y0OH479S\if[1].txt moved successfully.
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\Y0OH479S\index[1].php moved successfully.
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\Y0OH479S\search[2].txt moved successfully.
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\Y0OH479S\sh088[1].html moved successfully.
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\NC7AY9LZ\13400-36000[1].htm moved successfully.
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\NC7AY9LZ\ads[1].htm moved successfully.
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\NC7AY9LZ\aiCAI06SX7.php moved successfully.
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\NC7AY9LZ\header[1].gif moved successfully.
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\NC7AY9LZ\homegrownbigcock-s-karen-sucks-and-[bleep]s-johnny-s-huge-dick[1].txt moved successfully.
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\NC7AY9LZ\if[1].txt moved successfully.
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\NC7AY9LZ\if[2].txt moved successfully.
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\NC7AY9LZ\index[1].php moved successfully.
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\NC7AY9LZ\restricted[1].html moved successfully.
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\NC7AY9LZ\start_freeware_download[1].html moved successfully.
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\D268G4JR\317615-unit-running-sluggish[2].txt moved successfully.
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\D268G4JR\ads[1].htm moved successfully.
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\D268G4JR\ads[2].htm moved successfully.
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\D268G4JR\aiCASFV4Y2.php moved successfully.
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\D268G4JR\fastbutton[2].txt moved successfully.
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\D268G4JR\search[4].txt moved successfully.
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\AOHEHV48\cancer-prevention_net[1].htm moved successfully.
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\AOHEHV48\fastbutton[1].txt moved successfully.
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\AOHEHV48\freeinstall_thankyou[1].html moved successfully.
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\AOHEHV48\nhsdtc[1].htm moved successfully.
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\AOHEHV48\rsa[1].txt moved successfully.
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...


Combo Fix Log
ComboFix 12-05-18.04 - Bruce 05/18/2012 22:18:35.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.405 [GMT -4:00]
Running from: c:\documents and settings\Bruce\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\HOqBayay.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SENEKA
.
.
((((((((((((((((((((((((( Files Created from 2012-04-19 to 2012-05-19 )))))))))))))))))))))))))))))))
.
.
2012-05-19 01:36 . 2012-05-19 01:36 -------- d-----w- c:\program files\VS Revo Group
2012-05-18 15:43 . 2012-05-18 15:43 -------- d-----w- C:\_OTL
2012-04-27 09:32 . 2012-03-20 17:06 29272 ----a-w- c:\program files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
2012-04-21 13:30 . 2012-04-21 13:30 -------- d-----w- c:\documents and settings\Bruce\Local Settings\Application Data\visi_coupon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 06:12 . 2012-04-07 00:53 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 06:12 . 2011-06-05 13:16 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:14 . 2005-03-30 01:21 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2004-08-04 10:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2005-03-30 01:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-20 17:11 . 2012-01-13 17:02 151880 ----a-w- c:\windows\system32\mfevtps.exe
2012-03-01 11:01 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-04 10:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-04 10:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2012-02-26 14:51 . 2012-02-26 14:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-26 14:51 . 2010-04-24 12:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-23 18:25 . 2012-03-25 19:14 21336 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-02-22 17:29 . 2012-01-13 17:12 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-02-22 17:29 . 2012-01-13 17:12 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2012-02-22 17:29 . 2012-01-13 17:12 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-02-22 17:29 . 2012-01-13 17:12 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2012-02-22 17:29 . 2012-01-13 17:12 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-02-22 17:29 . 2012-01-13 17:12 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-02-22 17:29 . 2012-01-13 17:12 340920 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-02-22 17:29 . 2012-01-13 17:12 180848 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-02-22 17:29 . 2012-01-13 17:03 121544 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-02-22 17:29 . 2012-01-13 17:02 464304 ----a-w- c:\windows\system32\drivers\mfehidk.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-03-21 1523512]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-25 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2008-09-18 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-12-17 296056]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-10-02 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-03-12 18:49 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 23:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2008-11-06 02:59 4347120 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-09 23:53 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-09-18 04:55 13574144 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-09-18 04:55 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-09-18 04:55 1657376 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-08-20 07:38 16384512 ------r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-05-25 01:55 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NVSvc"=2 (0x2)
"NBService"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"gusvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [1/13/2012 1:12 PM 89792]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [7/12/2011 5:55 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [5/4/2011 1:54 PM 116608]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [5/30/2009 5:47 PM 72672]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/13/2012 1:12 PM 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/13/2012 1:12 PM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/13/2012 1:12 PM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [1/13/2012 1:12 PM 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [1/13/2012 1:02 PM 151880]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [1/13/2012 1:12 PM 57600]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [1/13/2012 1:12 PM 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [1/13/2012 1:12 PM 83856]
S2 gupdate1c99386518d77ba;Google Update Service (gupdate1c99386518d77ba);c:\program files\Google\Update\GoogleUpdate.exe [2/20/2009 2:09 PM 133104]
S2 Secunia Update Agent;Secunia Update Agent;"c:\program files\Secunia\PSI\sua.exe" --start-service --> c:\program files\Secunia\PSI\sua.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/6/2012 8:53 PM 257696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/20/2009 2:09 PM 133104]
S3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [1/13/2012 1:14 PM 203080]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [1/13/2012 1:12 PM 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/13/2012 1:12 PM 87656]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys --> c:\windows\system32\DRIVERS\psi_mf.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 6:00 AM 14336]
S4 McOobeSv;McAfee OOBE Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/13/2012 1:12 PM 214904]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 06:12]
.
2012-05-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-05-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-06 01:11]
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 18:09]
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 18:09]
.
2012-05-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1292428093-1965331169-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
2012-05-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1292428093-1965331169-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
.
------- Supplementary Scan -------
.
uStart Page = www.rr.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: {23A2712A-7A4F-4D0C-822C-D7BA9974447B} - hxxps://registration.rr.com/RegHelper.cab
FF - ProfilePath - c:\documents and settings\Bruce\Application Data\Mozilla\Firefox\Profiles\tuwis799.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: browser.startup.homepage - www.rr.com
.
- - - - ORPHANS REMOVED - - - -
.
Notify-jkkHWNDv - jkkHWNDv.dll
Notify-NavLogon - (no file)
MSConfigStartUp-686841e9 - c:\windows\system32\duncbbxa.dll
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-18 22:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9a,e8,36,ab,5d,6f,4b,41,be,dd,3a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9a,e8,36,ab,5d,6f,4b,41,be,dd,3a,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1176)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1688)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\LxrSII1s.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\mcafee\VIRUSS~1\mcvsshld.exe
c:\progra~1\mcafee\VIRUSS~1\mcvsmap.exe
.
**************************************************************************
.
Completion time: 2012-05-18 22:31:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-19 02:31
.
Pre-Run: 128,882,675,712 bytes free
Post-Run: 128,722,612,224 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 1CE88812DB33D3F0A440550774F3FEFF


TDSS Log Text
22:45:05.0906 3560 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
22:45:06.0421 3560 ============================================================
22:45:06.0421 3560 Current date / time: 2012/05/18 22:45:06.0421
22:45:06.0421 3560 SystemInfo:
22:45:06.0421 3560
22:45:06.0421 3560 OS Version: 5.1.2600 ServicePack: 3.0
22:45:06.0421 3560 Product type: Workstation
22:45:06.0421 3560 ComputerName: BRUCE-5E95F1E15
22:45:06.0421 3560 UserName: Bruce
22:45:06.0421 3560 Windows directory: C:\WINDOWS
22:45:06.0421 3560 System windows directory: C:\WINDOWS
22:45:06.0421 3560 Processor architecture: Intel x86
22:45:06.0421 3560 Number of processors: 2
22:45:06.0421 3560 Page size: 0x1000
22:45:06.0421 3560 Boot type: Normal boot
22:45:06.0421 3560 ============================================================
22:45:07.0250 3560 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:45:07.0250 3560 Drive \Device\Harddisk1\DR2 - Size: 0x3C200000 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:45:07.0265 3560 ============================================================
22:45:07.0265 3560 \Device\Harddisk0\DR0:
22:45:07.0281 3560 MBR partitions:
22:45:07.0281 3560 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
22:45:07.0281 3560 \Device\Harddisk1\DR2:
22:45:07.0281 3560 MBR partitions:
22:45:07.0281 3560 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1E0DE0
22:45:07.0281 3560 ============================================================
22:45:07.0359 3560 C: <-> \Device\Harddisk0\DR0\Partition0
22:45:07.0359 3560 ============================================================
22:45:07.0359 3560 Initialize success
22:45:07.0359 3560 ============================================================
22:45:14.0515 0544 ============================================================
22:45:14.0515 0544 Scan started
22:45:14.0515 0544 Mode: Manual; SigCheck; TDLFS;
22:45:14.0515 0544 ============================================================
22:45:14.0734 0544 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
22:45:14.0890 0544 !SASCORE - ok
22:45:15.0031 0544 Abiosdsk - ok
22:45:15.0031 0544 abp480n5 - ok
22:45:15.0093 0544 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:45:15.0203 0544 ACPI - ok
22:45:15.0234 0544 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:45:15.0328 0544 ACPIEC - ok
22:45:15.0421 0544 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:45:15.0437 0544 AdobeFlashPlayerUpdateSvc - ok
22:45:15.0437 0544 adpu160m - ok
22:45:15.0468 0544 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:45:15.0562 0544 aec - ok
22:45:15.0625 0544 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:45:15.0640 0544 AFD - ok
22:45:15.0640 0544 Aha154x - ok
22:45:15.0656 0544 aic78u2 - ok
22:45:15.0656 0544 aic78xx - ok
22:45:15.0703 0544 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
22:45:15.0812 0544 Alerter - ok
22:45:15.0843 0544 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
22:45:15.0890 0544 ALG - ok
22:45:15.0890 0544 AliIde - ok
22:45:15.0890 0544 amsint - ok
22:45:16.0000 0544 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:45:16.0015 0544 Apple Mobile Device - ok
22:45:16.0031 0544 AppMgmt - ok
22:45:16.0031 0544 asc - ok
22:45:16.0031 0544 asc3350p - ok
22:45:16.0046 0544 asc3550 - ok
22:45:16.0140 0544 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:45:16.0156 0544 aspnet_state - ok
22:45:16.0171 0544 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:45:16.0281 0544 AsyncMac - ok
22:45:16.0312 0544 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:45:16.0453 0544 atapi - ok
22:45:16.0453 0544 Atdisk - ok
22:45:16.0500 0544 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:45:16.0625 0544 Atmarpc - ok
22:45:16.0656 0544 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
22:45:16.0765 0544 AudioSrv - ok
22:45:16.0796 0544 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:45:16.0921 0544 audstub - ok
22:45:16.0968 0544 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:45:17.0093 0544 Beep - ok
22:45:17.0140 0544 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
22:45:17.0265 0544 BITS - ok
22:45:17.0390 0544 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
22:45:17.0406 0544 Bonjour Service - ok
22:45:17.0468 0544 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
22:45:17.0593 0544 Browser - ok
22:45:17.0609 0544 catchme - ok
22:45:17.0640 0544 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:45:17.0750 0544 cbidf2k - ok
22:45:17.0765 0544 cd20xrnt - ok
22:45:17.0796 0544 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:45:17.0906 0544 Cdaudio - ok
22:45:17.0953 0544 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:45:18.0078 0544 Cdfs - ok
22:45:18.0093 0544 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:45:18.0218 0544 Cdrom - ok
22:45:18.0250 0544 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
22:45:18.0250 0544 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
22:45:18.0250 0544 cercsr6 - detected UnsignedFile.Multi.Generic (1)
22:45:18.0281 0544 cfwids (1c7b1e36f3ced9e4b0b13385e627fe8b) C:\WINDOWS\system32\drivers\cfwids.sys
22:45:18.0328 0544 cfwids - ok
22:45:18.0328 0544 Changer - ok
22:45:18.0359 0544 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
22:45:18.0484 0544 CiSvc - ok
22:45:18.0500 0544 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
22:45:18.0609 0544 ClipSrv - ok
22:45:18.0703 0544 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:45:18.0718 0544 clr_optimization_v2.0.50727_32 - ok
22:45:18.0734 0544 CmdIde - ok
22:45:18.0734 0544 COMSysApp - ok
22:45:18.0750 0544 Cpqarray - ok
22:45:18.0796 0544 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
22:45:18.0937 0544 CryptSvc - ok
22:45:18.0937 0544 dac2w2k - ok
22:45:18.0937 0544 dac960nt - ok
22:45:19.0000 0544 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:45:19.0031 0544 DcomLaunch - ok
22:45:19.0093 0544 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
22:45:19.0218 0544 Dhcp - ok
22:45:19.0265 0544 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:45:19.0421 0544 Disk - ok
22:45:19.0421 0544 dmadmin - ok
22:45:19.0468 0544 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:45:19.0593 0544 dmboot - ok
22:45:19.0625 0544 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:45:19.0765 0544 dmio - ok
22:45:19.0828 0544 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:45:19.0953 0544 dmload - ok
22:45:20.0000 0544 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
22:45:20.0125 0544 dmserver - ok
22:45:20.0140 0544 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:45:20.0281 0544 DMusic - ok
22:45:20.0328 0544 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
22:45:20.0343 0544 Dnscache - ok
22:45:20.0515 0544 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
22:45:20.0640 0544 Dot3svc - ok
22:45:20.0640 0544 dpti2o - ok
22:45:20.0703 0544 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:45:20.0843 0544 drmkaud - ok
22:45:20.0875 0544 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
22:45:21.0000 0544 EapHost - ok
22:45:21.0109 0544 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
22:45:21.0250 0544 ERSvc - ok
22:45:21.0343 0544 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:45:21.0359 0544 Eventlog - ok
22:45:21.0421 0544 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\Es.dll
22:45:21.0437 0544 EventSystem - ok
22:45:21.0484 0544 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:45:21.0593 0544 Fastfat - ok
22:45:21.0640 0544 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:45:21.0656 0544 FastUserSwitchingCompatibility - ok
22:45:21.0671 0544 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
22:45:21.0796 0544 Fdc - ok
22:45:21.0828 0544 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:45:21.0953 0544 Fips - ok
22:45:21.0953 0544 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:45:22.0078 0544 Flpydisk - ok
22:45:22.0109 0544 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:45:22.0234 0544 FltMgr - ok
22:45:22.0343 0544 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:45:22.0343 0544 FontCache3.0.0.0 - ok
22:45:22.0390 0544 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:45:22.0515 0544 Fs_Rec - ok
22:45:22.0531 0544 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:45:22.0656 0544 Ftdisk - ok
22:45:22.0703 0544 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:45:22.0718 0544 GEARAspiWDM - ok
22:45:22.0718 0544 GMSIPCI - ok
22:45:22.0781 0544 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:45:22.0906 0544 Gpc - ok
22:45:23.0078 0544 gupdate1c99386518d77ba (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
22:45:23.0093 0544 gupdate1c99386518d77ba - ok
22:45:23.0109 0544 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
22:45:23.0125 0544 gupdatem - ok
22:45:23.0156 0544 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:45:23.0265 0544 HDAudBus - ok
22:45:23.0390 0544 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:45:23.0515 0544 helpsvc - ok
22:45:23.0515 0544 HidServ - ok
22:45:23.0562 0544 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:45:23.0671 0544 HidUsb - ok
22:45:23.0703 0544 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
22:45:23.0828 0544 hkmsvc - ok
22:45:23.0828 0544 hpn - ok
22:45:23.0875 0544 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:45:23.0906 0544 HTTP - ok
22:45:23.0921 0544 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
22:45:24.0031 0544 HTTPFilter - ok
22:45:24.0046 0544 i2omgmt - ok
22:45:24.0046 0544 i2omp - ok
22:45:24.0093 0544 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:45:24.0203 0544 i8042prt - ok
22:45:24.0328 0544 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:45:24.0359 0544 idsvc - ok
22:45:24.0375 0544 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:45:24.0500 0544 Imapi - ok
22:45:24.0546 0544 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
22:45:24.0656 0544 ImapiService - ok
22:45:24.0671 0544 ini910u - ok
22:45:24.0875 0544 IntcAzAudAddService (b1a809e7fe19becd5aca61f0e7088c8c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:45:25.0031 0544 IntcAzAudAddService - ok
22:45:25.0156 0544 IntelIde - ok
22:45:25.0187 0544 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:45:25.0312 0544 intelppm - ok
22:45:25.0343 0544 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:45:25.0468 0544 Ip6Fw - ok
22:45:25.0484 0544 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:45:25.0609 0544 IpFilterDriver - ok
22:45:25.0625 0544 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:45:25.0734 0544 IpInIp - ok
22:45:25.0765 0544 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:45:25.0890 0544 IpNat - ok
22:45:26.0000 0544 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
22:45:26.0046 0544 iPod Service - ok
22:45:26.0093 0544 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:45:26.0218 0544 IPSec - ok
22:45:26.0250 0544 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:45:26.0296 0544 IRENUM - ok
22:45:26.0328 0544 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:45:26.0578 0544 isapnp - ok
22:45:26.0718 0544 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
22:45:26.0734 0544 JavaQuickStarterService - ok
22:45:26.0750 0544 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:45:26.0875 0544 Kbdclass - ok
22:45:26.0937 0544 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:45:27.0046 0544 kbdhid - ok
22:45:27.0093 0544 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:45:27.0203 0544 kmixer - ok
22:45:27.0250 0544 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:45:27.0265 0544 KSecDD - ok
22:45:27.0328 0544 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
22:45:27.0343 0544 lanmanserver - ok
22:45:27.0390 0544 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
22:45:27.0406 0544 lanmanworkstation - ok
22:45:27.0421 0544 lbrtfdc - ok
22:45:27.0468 0544 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
22:45:27.0593 0544 LmHosts - ok
22:45:27.0640 0544 LxrSII1d (101bdd8f513a5d0b6d38bb0cdcff66e8) C:\WINDOWS\system32\Drivers\LxrSII1d.sys
22:45:27.0640 0544 LxrSII1d ( UnsignedFile.Multi.Generic ) - warning
22:45:27.0640 0544 LxrSII1d - detected UnsignedFile.Multi.Generic (1)
22:45:27.0640 0544 LxrSII1s - ok
22:45:27.0734 0544 McAfee SiteAdvisor Service (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
22:45:27.0750 0544 McAfee SiteAdvisor Service - ok
22:45:27.0796 0544 McAWFwk (3a346239cd2d75be7f54be7e28eb5e4f) c:\PROGRA~1\mcafee\msc\mcawfwk.exe
22:45:27.0812 0544 McAWFwk - ok
22:45:27.0812 0544 McMPFSvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
22:45:27.0828 0544 McMPFSvc - ok
22:45:27.0843 0544 mcmscsvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
22:45:27.0859 0544 mcmscsvc - ok
22:45:27.0859 0544 McNaiAnn (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
22:45:27.0875 0544 McNaiAnn - ok
22:45:27.0890 0544 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
22:45:27.0906 0544 McNASvc - ok
22:45:27.0953 0544 McODS (42117cbc4849a5cf11129912dabbdeca) C:\Program Files\McAfee\VirusScan\mcods.exe
22:45:27.0984 0544 McODS - ok
22:45:27.0984 0544 McOobeSv (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
22:45:28.0000 0544 McOobeSv - ok
22:45:28.0000 0544 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
22:45:28.0015 0544 McProxy - ok
22:45:28.0125 0544 McShield (593fa4c378818ece76ba64a11ad56cf2) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
22:45:28.0140 0544 McShield - ok
22:45:28.0187 0544 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
22:45:28.0296 0544 Messenger - ok
22:45:28.0343 0544 mfeapfk (43c31bdf404a6d7a7ac1bfd5ead2a566) C:\WINDOWS\system32\drivers\mfeapfk.sys
22:45:28.0359 0544 mfeapfk - ok
22:45:28.0375 0544 mfeavfk (c1dc5f42d3367f33b6451be78b38bd46) C:\WINDOWS\system32\drivers\mfeavfk.sys
22:45:28.0390 0544 mfeavfk - ok
22:45:28.0390 0544 mfeavfk01 - ok
22:45:28.0421 0544 mfebopk (0435c43f4c2be01b84868ad2a906397b) C:\WINDOWS\system32\drivers\mfebopk.sys
22:45:28.0437 0544 mfebopk - ok
22:45:28.0484 0544 mfefire (7e1f8b1bdc8240f08bd358b3a466c005) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
22:45:28.0500 0544 mfefire - ok
22:45:28.0531 0544 mfefirek (4ea6ff90015424517843e931448e00f1) C:\WINDOWS\system32\drivers\mfefirek.sys
22:45:28.0562 0544 mfefirek - ok
22:45:28.0625 0544 mfehidk (d1e998748ba24a731106611d535c6bbf) C:\WINDOWS\system32\drivers\mfehidk.sys
22:45:28.0656 0544 mfehidk - ok
22:45:28.0671 0544 mfendisk (26c76d10ed650e6492800d6f081ecfba) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
22:45:28.0687 0544 mfendisk - ok
22:45:28.0687 0544 mfendiskmp (26c76d10ed650e6492800d6f081ecfba) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
22:45:28.0718 0544 mfendiskmp - ok
22:45:28.0734 0544 mferkdet (f454a13377f0a006d20a8c14a753c432) C:\WINDOWS\system32\drivers\mferkdet.sys
22:45:28.0750 0544 mferkdet - ok
22:45:28.0796 0544 mfetdi2k (070d3faf2eac417c59d8674a8752f7a6) C:\WINDOWS\system32\drivers\mfetdi2k.sys
22:45:28.0812 0544 mfetdi2k - ok
22:45:28.0859 0544 mfevtp (b10c4efd40810c08f4b44df2efcb54f7) C:\WINDOWS\system32\mfevtps.exe
22:45:28.0875 0544 mfevtp - ok
22:45:29.0000 0544 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
22:45:29.0031 0544 Microsoft Office Groove Audit Service - ok
22:45:29.0062 0544 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:45:29.0171 0544 mnmdd - ok
22:45:29.0203 0544 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
22:45:29.0328 0544 mnmsrvc - ok
22:45:29.0343 0544 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:45:29.0453 0544 Modem - ok
22:45:29.0484 0544 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:45:29.0609 0544 Mouclass - ok
22:45:29.0640 0544 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:45:29.0750 0544 mouhid - ok
22:45:29.0781 0544 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:45:29.0906 0544 MountMgr - ok
22:45:29.0906 0544 mraid35x - ok
22:45:29.0937 0544 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:45:30.0046 0544 MRxDAV - ok
22:45:30.0109 0544 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:45:30.0125 0544 MRxSmb - ok
22:45:30.0156 0544 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
22:45:30.0265 0544 MSDTC - ok
22:45:30.0296 0544 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:45:30.0406 0544 Msfs - ok
22:45:30.0406 0544 MSICPL - ok
22:45:30.0421 0544 MSIServer - ok
22:45:30.0453 0544 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:45:30.0562 0544 MSKSSRV - ok
22:45:30.0578 0544 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:45:30.0687 0544 MSPCLOCK - ok
22:45:30.0703 0544 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:45:30.0812 0544 MSPQM - ok
22:45:30.0843 0544 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:45:30.0953 0544 mssmbios - ok
22:45:31.0015 0544 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:45:31.0031 0544 Mup - ok
22:45:31.0062 0544 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
22:45:31.0187 0544 napagent - ok
22:45:31.0390 0544 NBService (f46070ddada5c396b1f2ebf1c46dbb08) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
22:45:31.0421 0544 NBService - ok
22:45:31.0453 0544 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:45:31.0578 0544 NDIS - ok
22:45:31.0625 0544 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:45:31.0640 0544 NdisTapi - ok
22:45:31.0687 0544 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:45:31.0796 0544 Ndisuio - ok
22:45:31.0812 0544 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:45:31.0937 0544 NdisWan - ok
22:45:31.0953 0544 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:45:31.0968 0544 NDProxy - ok
22:45:32.0031 0544 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:45:32.0140 0544 NetBIOS - ok
22:45:32.0156 0544 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:45:32.0265 0544 NetBT - ok
22:45:32.0296 0544 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:45:32.0421 0544 NetDDE - ok
22:45:32.0421 0544 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:45:32.0546 0544 NetDDEdsdm - ok
22:45:32.0578 0544 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:45:32.0687 0544 Netlogon - ok
22:45:32.0734 0544 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
22:45:32.0859 0544 Netman - ok
22:45:32.0984 0544 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:45:33.0000 0544 NetTcpPortSharing - ok
22:45:33.0046 0544 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
22:45:33.0062 0544 Nla - ok
22:45:33.0218 0544 NMIndexingService (433049770b810d7c83c5c94cdb3e09d2) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
22:45:33.0234 0544 NMIndexingService - ok
22:45:33.0265 0544 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:45:33.0390 0544 Npfs - ok
22:45:33.0390 0544 NTACCESS - ok
22:45:33.0421 0544 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:45:33.0546 0544 Ntfs - ok
22:45:33.0578 0544 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:45:33.0687 0544 NtLmSsp - ok
22:45:33.0734 0544 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
22:45:33.0859 0544 NtmsSvc - ok
22:45:33.0890 0544 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:45:34.0000 0544 Null - ok
22:45:34.0296 0544 nv (70cb8915895ccb92ddf23ce890c4f5be) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:45:34.0484 0544 nv - ok
22:45:34.0578 0544 NVENETFD (0258d664f93b4b01ddd621b8c084f322) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
22:45:34.0593 0544 NVENETFD - ok
22:45:34.0609 0544 nvnetbus (56ec9207906435ef1bf02f5c68e3ffec) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
22:45:34.0625 0544 nvnetbus - ok
22:45:34.0625 0544 nvsmu (7ec12a73067baca25a8e3e2a58ae83d8) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
22:45:34.0640 0544 nvsmu - ok
22:45:34.0703 0544 NVSvc (f96df45cfbdc670584293e03c2ab602a) C:\WINDOWS\system32\nvsvc32.exe
22:45:34.0718 0544 NVSvc - ok
22:45:34.0750 0544 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:45:34.0875 0544 NwlnkFlt - ok
22:45:34.0875 0544 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:45:35.0000 0544 NwlnkFwd - ok
22:45:35.0031 0544 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
22:45:35.0140 0544 NwlnkIpx - ok
22:45:35.0156 0544 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
22:45:35.0265 0544 NwlnkNb - ok
22:45:35.0281 0544 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
22:45:35.0390 0544 NwlnkSpx - ok
22:45:35.0453 0544 NwSapAgent (4b83fcbbe72af5f99d109798653e8b78) C:\WINDOWS\System32\ipxsap.dll
22:45:35.0578 0544 NwSapAgent - ok
22:45:35.0718 0544 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:45:35.0750 0544 odserv - ok
22:45:35.0765 0544 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:45:35.0781 0544 ose - ok
22:45:35.0828 0544 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
22:45:35.0937 0544 Parport - ok
22:45:35.0953 0544 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:45:36.0062 0544 PartMgr - ok
22:45:36.0093 0544 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:45:36.0203 0544 ParVdm - ok
22:45:36.0218 0544 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:45:36.0343 0544 PCI - ok
22:45:36.0343 0544 PCIDump - ok
22:45:36.0375 0544 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:45:36.0468 0544 PCIIde - ok
22:45:36.0515 0544 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:45:36.0625 0544 Pcmcia - ok
22:45:36.0625 0544 PDCOMP - ok
22:45:36.0640 0544 PDFRAME - ok
22:45:36.0640 0544 PDRELI - ok
22:45:36.0656 0544 PDRFRAME - ok
22:45:36.0656 0544 perc2 - ok
22:45:36.0671 0544 perc2hib - ok
22:45:36.0718 0544 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:45:36.0734 0544 PlugPlay - ok
22:45:36.0781 0544 PnkBstrA (0e01d7eebada0b324db0ca1ee73440ba) C:\WINDOWS\system32\PnkBstrA.exe
22:45:36.0796 0544 PnkBstrA - ok
22:45:36.0828 0544 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:45:36.0937 0544 PolicyAgent - ok
22:45:37.0000 0544 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:45:37.0109 0544 PptpMiniport - ok
22:45:37.0125 0544 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:45:37.0234 0544 ProtectedStorage - ok
22:45:37.0234 0544 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:45:37.0343 0544 PSched - ok
22:45:37.0359 0544 PSI - ok
22:45:37.0390 0544 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:45:37.0500 0544 Ptilink - ok
22:45:37.0500 0544 ql1080 - ok
22:45:37.0515 0544 Ql10wnt - ok
22:45:37.0515 0544 ql12160 - ok
22:45:37.0531 0544 ql1240 - ok
22:45:37.0531 0544 ql1280 - ok
22:45:37.0578 0544 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:45:37.0687 0544 RasAcd - ok
22:45:37.0718 0544 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
22:45:37.0843 0544 RasAuto - ok
22:45:37.0875 0544 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:45:37.0984 0544 Rasl2tp - ok
22:45:38.0046 0544 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
22:45:38.0156 0544 RasMan - ok
22:45:38.0156 0544 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:45:38.0265 0544 RasPppoe - ok
22:45:38.0265 0544 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:45:38.0390 0544 Raspti - ok
22:45:38.0406 0544 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:45:38.0515 0544 Rdbss - ok
22:45:38.0515 0544 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:45:38.0625 0544 RDPCDD - ok
22:45:38.0687 0544 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
22:45:38.0703 0544 RDPWD - ok
22:45:38.0718 0544 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
22:45:38.0843 0544 RDSessMgr - ok
22:45:38.0875 0544 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:45:38.0984 0544 redbook - ok
22:45:39.0015 0544 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
22:45:39.0140 0544 RemoteAccess - ok
22:45:39.0156 0544 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
22:45:39.0265 0544 RpcLocator - ok
22:45:39.0312 0544 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
22:45:39.0328 0544 RpcSs - ok
22:45:39.0390 0544 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
22:45:39.0500 0544 RSVP - ok
22:45:39.0531 0544 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:45:39.0640 0544 SamSs - ok
22:45:39.0781 0544 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:45:39.0796 0544 SASDIFSV - ok
22:45:39.0828 0544 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:45:39.0843 0544 SASKUTIL - ok
22:45:39.0890 0544 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
22:45:40.0015 0544 SCardSvr - ok
22:45:40.0046 0544 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
22:45:40.0156 0544 Schedule - ok
22:45:40.0203 0544 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:45:40.0250 0544 Secdrv - ok
22:45:40.0281 0544 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
22:45:40.0406 0544 seclogon - ok
22:45:40.0437 0544 Secunia Update Agent - ok
22:45:40.0500 0544 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
22:45:40.0593 0544 SENS - ok
22:45:40.0656 0544 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:45:40.0765 0544 serenum - ok
22:45:40.0781 0544 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:45:40.0890 0544 Serial - ok
22:45:40.0890 0544 SetupNTGLM7X - ok
22:45:40.0937 0544 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:45:41.0046 0544 Sfloppy - ok
22:45:41.0109 0544 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
22:45:41.0218 0544 SharedAccess - ok
22:45:41.0265 0544 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:45:41.0281 0544 ShellHWDetection - ok
22:45:41.0296 0544 Simbad - ok
22:45:41.0296 0544 Sparrow - ok
22:45:41.0312 0544 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:45:41.0437 0544 splitter - ok
22:45:41.0484 0544 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:45:41.0500 0544 Spooler - ok
22:45:41.0515 0544 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:45:41.0578 0544 sr - ok
22:45:41.0625 0544 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
22:45:41.0687 0544 srservice - ok
22:45:41.0718 0544 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:45:41.0750 0544 Srv - ok
22:45:41.0796 0544 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
22:45:41.0843 0544 SSDPSRV - ok
22:45:41.0890 0544 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
22:45:42.0000 0544 stisvc - ok
22:45:42.0031 0544 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:45:42.0140 0544 swenum - ok
22:45:42.0156 0544 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:45:42.0265 0544 swmidi - ok
22:45:42.0265 0544 SwPrv - ok
22:45:42.0281 0544 symc810 - ok
22:45:42.0296 0544 symc8xx - ok
22:45:42.0296 0544 sym_hi - ok
22:45:42.0312 0544 sym_u3 - ok
22:45:42.0359 0544 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:45:42.0468 0544 sysaudio - ok
22:45:42.0515 0544 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
22:45:42.0640 0544 SysmonLog - ok
22:45:42.0671 0544 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
22:45:42.0781 0544 TapiSrv - ok
22:45:42.0828 0544 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:45:42.0859 0544 Tcpip - ok
22:45:42.0906 0544 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:45:43.0015 0544 TDPIPE - ok
22:45:43.0031 0544 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:45:43.0140 0544 TDTCP - ok
22:45:43.0156 0544 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:45:43.0281 0544 TermDD - ok
22:45:43.0343 0544 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
22:45:43.0453 0544 TermService - ok
22:45:43.0500 0544 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:45:43.0515 0544 Themes - ok
22:45:43.0531 0544 TosIde - ok
22:45:43.0546 0544 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
22:45:43.0656 0544 TrkWks - ok
22:45:43.0687 0544 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:45:43.0796 0544 Udfs - ok
22:45:43.0812 0544 ultra - ok
22:45:43.0843 0544 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:45:43.0953 0544 Update - ok
22:45:44.0015 0544 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
22:45:44.0062 0544 upnphost - ok
22:45:44.0078 0544 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
22:45:44.0203 0544 UPS - ok
22:45:44.0218 0544 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:45:44.0234 0544 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
22:45:44.0234 0544 USBAAPL - detected UnsignedFile.Multi.Generic (1)
22:45:44.0265 0544 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:45:44.0375 0544 usbehci - ok
22:45:44.0421 0544 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:45:44.0531 0544 usbhub - ok
22:45:44.0546 0544 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:45:44.0656 0544 usbohci - ok
22:45:44.0687 0544 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:45:44.0781 0544 USBSTOR - ok
22:45:44.0812 0544 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:45:44.0921 0544 VgaSave - ok
22:45:44.0937 0544 ViaIde - ok
22:45:44.0984 0544 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:45:45.0109 0544 VolSnap - ok
22:45:45.0140 0544 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
22:45:45.0187 0544 VSS - ok
22:45:45.0234 0544 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
22:45:45.0328 0544 W32Time - ok
22:45:45.0343 0544 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:45:45.0453 0544 Wanarp - ok
22:45:45.0453 0544 WDICA - ok
22:45:45.0468 0544 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:45:45.0578 0544 wdmaud - ok
22:45:45.0625 0544 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
22:45:45.0750 0544 WebClient - ok
22:45:45.0843 0544 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:45:45.0953 0544 winmgmt - ok
22:45:46.0031 0544 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
22:45:46.0078 0544 WinRM - ok
22:45:46.0125 0544 WmBEnum (38932c4649f8baad6ce1000ac6503d5b) C:\WINDOWS\system32\drivers\WmBEnum.sys
22:45:46.0140 0544 WmBEnum - ok
22:45:46.0171 0544 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
22:45:46.0187 0544 WmdmPmSN - ok
22:45:46.0218 0544 WmFilter (58b3adab903fa1a78c86e6a42b80fe76) C:\WINDOWS\system32\drivers\WmFilter.sys
22:45:46.0218 0544 WmFilter - ok
22:45:46.0265 0544 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:45:46.0375 0544 WmiApSrv - ok
22:45:46.0515 0544 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
22:45:46.0562 0544 WMPNetworkSvc - ok
22:45:46.0578 0544 WmVirHid (e45f01f4014d7ab13b8a0c41ebf48a3d) C:\WINDOWS\system32\drivers\WmVirHid.sys
22:45:46.0593 0544 WmVirHid - ok
22:45:46.0625 0544 WmXlCore (0398265dd65aae2ece180fa9d1e7b5bb) C:\WINDOWS\system32\drivers\WmXlCore.sys
22:45:46.0640 0544 WmXlCore - ok
22:45:46.0671 0544 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:45:46.0687 0544 WpdUsb - ok
22:45:46.0703 0544 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:45:46.0828 0544 WS2IFSL - ok
22:45:46.0859 0544 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
22:45:46.0984 0544 wscsvc - ok
22:45:47.0031 0544 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
22:45:47.0140 0544 wuauserv - ok
22:45:47.0171 0544 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:45:47.0187 0544 WudfPf - ok
22:45:47.0218 0544 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:45:47.0234 0544 WudfRd - ok
22:45:47.0265 0544 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
22:45:47.0281 0544 WudfSvc - ok
22:45:47.0343 0544 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
22:45:47.0468 0544 WZCSVC - ok
22:45:47.0500 0544 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
22:45:47.0609 0544 xmlprov - ok
22:45:47.0765 0544 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
22:45:47.0796 0544 YahooAUService - ok
22:45:47.0828 0544 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:45:48.0250 0544 \Device\Harddisk0\DR0 - ok
22:45:48.0265 0544 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR2
22:45:48.0765 0544 \Device\Harddisk1\DR2 - ok
22:45:48.0765 0544 Boot (0x1200) (4202161a5f1164724cf8c09cdae8e796) \Device\Harddisk0\DR0\Partition0
22:45:48.0765 0544 \Device\Harddisk0\DR0\Partition0 - ok
22:45:48.0781 0544 Boot (0x1200) (b2cf56d62f5e1be92ea600f889b726b2) \Device\Harddisk1\DR2\Partition0
22:45:48.0781 0544 \Device\Harddisk1\DR2\Partition0 - ok
22:45:48.0781 0544 ============================================================
22:45:48.0781 0544 Scan finished
22:45:48.0781 0544 ============================================================
22:45:48.0890 4012 Detected object count: 3
22:45:48.0890 4012 Actual detected object count: 3
22:45:55.0625 4012 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
22:45:55.0625 4012 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:45:55.0625 4012 LxrSII1d ( UnsignedFile.Multi.Generic ) - skipped by user
22:45:55.0625 4012 LxrSII1d ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:45:55.0625 4012 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
22:45:55.0625 4012 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

Advertisements

#17
CompCav
Posted 18 May 2012 - 08:59 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Step 1.

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application. Please do not accept the trial right now. We just want to run it on demand.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


Step 2.

Run ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Step 3.

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step 4.

Please post:


mbam log
eset log
security check log

Please give me an update on how your computer is doing!
  • 0

#18
SCGrayone
Posted 18 May 2012 - 09:05 PM

SCGrayone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Starting to run better. Face Book has seem to stop trying to refreash. Did just get a Waiting for about blank on bottow left of screen. Going to sites quicker also and opening other tabs better.
  • 0

#19
CompCav
Posted 18 May 2012 - 09:08 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Good the three tools I have asked you to run in post #17 should clear any remaining malware out and help us focus on the internet issues that remain after they run.
  • 0

#20
SCGrayone
Posted 19 May 2012 - 08:17 AM

SCGrayone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
MBAM Log
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.19.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Bruce :: BRUCE-5E95F1E15 [administrator]

5/18/2012 11:25:24 PM
mbam-log-2012-05-18 (23-25-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209294
Time elapsed: 7 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESET Log
C:\Qoobox\Quarantine\C\WINDOWS\system32\HOqBayay.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{616610A2-EEF3-4912-B473-BE714893F9D6}\RP1405\A0140794.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20090206-130338.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20090206-200556.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20090211-224956.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20090220-000010.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20090220-000432.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20090227-142447.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20090305-234056.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20090313-214812.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20090322-145723.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20090322-210155.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20090327-220657.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20090402-062606.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20090410-140634.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20090420-230426.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20090430-064436.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20090525-002639.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20090620-020417.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20090627-162847.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20090708-014417.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20090714-235506.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20090719-003647.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20090802-095444.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20090819-183832.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20090828-164034.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20090906-141055.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20090929-064718.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20091014-231937.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20091101-153550.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20091101-153649.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20091107-213601.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20091208-064153.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100115-124336.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100208-063232.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100222-062739.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100318-231132.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100512-222742.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100606-124225.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100817-232734.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20110224-020147.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20110527-071327.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20111231-095538.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\05182012_114319\C_WINDOWS\System32\drivers\etc\hosts Win32/Qhost trojan cleaned by deleting - quarantined

Security Check Log
Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
McAfee AntiVirus Plus
```````````````````````````````
Anti-malware/Other Utilities Check:
SpywareBlaster 4.6
SUPERAntiSpyware
CCleaner
Java™ 6 Update 31
Adobe Flash Player 11.2.202.235
Adobe Reader 8 Adobe Reader out of date!
Mozilla Firefox (3.6.25) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````
  • 0

#21
CompCav
Posted 19 May 2012 - 08:42 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Step 1.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

Uninstall all previous versions.
Download the latest version from: http://www.adobe.com.../readstep2.html

If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.


Step 2.

Update Mozilla FireFox

Your version of FireFox is 3.6 and the current release is 12

Please uninstall the version you have and go here to download the latest version and install it.



Step 3.

Are there any remaining issues with your computer?
  • 0

#22
SCGrayone
Posted 19 May 2012 - 08:54 AM

SCGrayone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Will it be ok to uninstall Mozilla FireFox.I use IE .
  • 0

#23
CompCav
Posted 19 May 2012 - 08:56 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts

Will it be ok to uninstall Mozilla FireFox

Yes!
  • 0

#24
SCGrayone
Posted 19 May 2012 - 09:24 AM

SCGrayone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I'm I to uninstall older Adobe Reader before updating?
  • 0

#25
CompCav
Posted 19 May 2012 - 12:27 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Yes uninstall is best for Adobe reader then clean install the new one.
  • 0

Advertisements

#26
SCGrayone
Posted 19 May 2012 - 04:37 PM

SCGrayone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Thanks so much for the help. Unit seems to be running good now. I'm running 4 tabs/pages trying to tax resources. All seem to working well. Is there any other things I need to load? I think there was something to replace the PSI scan you wanted me to use.
  • 0

#27
CompCav
Posted 19 May 2012 - 05:09 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Filehippo below for updates.

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programs on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#28
SCGrayone
Posted 19 May 2012 - 05:59 PM

SCGrayone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
The fileHippo Update Checker would not down load. McAfee kept removing a Trojan while trying to download it
  • 0

#29
CompCav
Posted 19 May 2012 - 06:05 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
McAfee is giving a false positive, in that case yo may want to go back to PSI.
  • 0

#30
SCGrayone
Posted 19 May 2012 - 06:09 PM

SCGrayone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
ok thanks for the help.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP