Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer extremely slow malware/spyware [Solved]


  • This topic is locked This topic is locked

#1
Pat_54

Pat_54

    Member

  • Member
  • PipPipPip
  • 212 posts
Hi there

My son had this computer given to him and I been trying to clean it up and get it to run faster. It's a Toshiba Satellite working in windows XP service pack 3. I have installed all the latest windows updates, Adobe reader,Java. I have deleted cookies and done an Avast antivirus scan,super antispyware scan and malwarebyes scan. Also ran disk clean and windows defrag. I also deleted unwanted programs from add an remove programs and deleted some items not needed in startup misconfig. Everything that I have done it has turned up not showing no infections nor helped to speed up computer. The reason for doing this was to try to make computer run faster but it hasn't helped at all. I'm at a loss of what to do now. This is a nice little laptop and my son can use it for school work but got to get this thing running better. When you start up computer it doesn't take long but then it takes forever to load the desktop icons it won't let you do anything until this is competed. When you open a program it takes like two minutes before it will open and sometimes you have to click on it several times before it will open and then you might see 4 or 5 of the one program opened by then. You can't open two programs at once and have them running at the same time because it just stops and won't do anything. Once you get a program to open it takes forever when you want to move about in the program. Also when you connect to the internet normally it is not to bad loading a web page but if you click on a link on that page or trying moving around to do anything you might as well just shut it down cause it takes computer forever to respond to do what you want it to. I'm not sure if there is a virus hidden somewhere or if the registry is really messed up. Can you please help me out. I would greatly appreciate the help. I ran an OTL and here are the results. Thank you ahead of time.

OTL logfile created on: 5/9/2012 12:06:07 AM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Michael\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

190.17 Mb Total Physical Memory | 34.71 Mb Available Physical Memory | 18.25% Memory free
681.75 Mb Paging File | 365.50 Mb Available in Paging File | 53.61% Paging File free
Paging file location(s): C:\pagefile.sys 288 864 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 48.68 Gb Free Space | 87.12% Space Free | Partition Type: NTFS

Computer Name: JOSH | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Michael\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\12050801\algo.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (s24trans) -- system32\DRIVERS\s24trans.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREDrv.sys (Sunbelt Software)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (NDISRD) -- C:\WINDOWS\System32\drivers\ndisrd.sys (NT Kernel Resources)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (CAMCHALA) -- C:\WINDOWS\system32\drivers\camc6hal.sys (Conexant Systems Inc.)
DRV - (CAMCAUD) -- C:\WINDOWS\system32\drivers\camc6aud.sys (Conexant Systems Inc.)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (HSFHWATI) -- C:\WINDOWS\system32\drivers\HSFHWATI.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {B97CE83E-760F-4448-9E6B-DCC0C2571874}
IE - HKCU\..\SearchScopes\{B97CE83E-760F-4448-9E6B-DCC0C2571874}: "URL" = http://www.google.co...{outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.microsoft...er=6&ar=msnhome"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/14 13:26:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012/05/08 22:39:59 | 000,000,000 | ---D | M]

[2009/08/15 21:52:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Extensions
[2009/08/14 09:32:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/15 21:52:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Extensions\[email protected]
[2009/08/14 09:32:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mjj1qunc.default\extensions
[2012/05/08 22:39:59 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2001/08/23 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0457BF1B-A775-471C-B000-894F673764E3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F39E1D98-062C-49EA-B01E-7D1A8E056D45}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (EXPLORER.EXE) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/13 06:11:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{13aca05d-4ae3-11e1-9ffc-00163623d9e7}\Shell - "" = AutoRun
O33 - MountPoints2\{13aca05d-4ae3-11e1-9ffc-00163623d9e7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{13aca05d-4ae3-11e1-9ffc-00163623d9e7}\Shell\AutoRun\command - "" = E:\PcOptions.exe
O33 - MountPoints2\{e8d2888c-98cc-11e1-a00c-00163623d9e7}\Shell - "" = AutoRun
O33 - MountPoints2\{e8d2888c-98cc-11e1-a00c-00163623d9e7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e8d2888c-98cc-11e1-a00c-00163623d9e7}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/08 23:31:08 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2012/05/08 22:56:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/05/08 22:44:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/05/08 22:44:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/05/08 22:40:24 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/05/08 22:40:24 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/05/08 22:40:23 | 000,472,864 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/05/08 22:40:23 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/05/08 22:40:23 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/05/08 22:40:23 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/05/08 09:03:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/05/08 03:59:15 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/08 03:59:14 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/05/06 20:54:47 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2012/05/06 20:54:21 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/08 23:31:14 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2012/05/08 22:58:15 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/05/08 22:39:52 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/05/08 22:39:52 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/05/08 22:39:52 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/05/08 22:39:51 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/05/08 22:39:50 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/05/08 22:39:50 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/05/08 20:16:03 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EBCB8333-CD99-4E5D-846F-442D1E9AEA58}.job
[2012/05/08 08:35:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/08 08:26:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/08 04:14:57 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/05/08 03:59:15 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/08 03:59:14 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/05/08 03:46:04 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/08 02:08:42 | 000,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2012/05/07 01:54:25 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/07 01:54:25 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/08 22:58:12 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/05/08 22:58:09 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/05/08 03:46:04 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

========== LOP Check ==========

[2011/09/21 14:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2009/08/22 10:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\LimeWire
[2012/05/08 20:16:03 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EBCB8333-CD99-4E5D-846F-442D1E9AEA58}.job

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB10506$] -> Error: Cannot create file handle -> Unknown point type

< End of report >

OTL Extras logfile created on: 5/9/2012 12:06:08 AM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Michael\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

190.17 Mb Total Physical Memory | 34.71 Mb Available Physical Memory | 18.25% Memory free
681.75 Mb Paging File | 365.50 Mb Available in Paging File | 53.61% Paging File free
Paging file location(s): C:\pagefile.sys 288 864 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 48.68 Gb Free Space | 87.12% Space Free | Partition Type: NTFS

Computer Name: JOSH | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI card Driver
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java™ 6 Update 32
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_FF311179" = AC97 Data Fax SoftModem with SmartCP
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PokerStars.net" = PokerStars.net
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/31/2011 1:04:26 AM | Computer Name = MICHAEL-5834DF8 | Source = ESENT | ID = 439
Description = wuauclt (1840) Unable to write a shadowed header for file C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb.
Error -1022.

Error - 8/31/2011 1:04:27 AM | Computer Name = MICHAEL-5834DF8 | Source = ESENT | ID = 485
Description = wuauclt (1920) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
failed with system error 1392 (0x00000570): "The file or directory is corrupted
and unreadable. ". The delete file operation will fail with error -1022 (0xfffffc02).

Error - 8/31/2011 1:04:27 AM | Computer Name = MICHAEL-5834DF8 | Source = ESENT | ID = 490
Description = wuauclt (1920) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
for read / write access failed with system error 1392 (0x00000570): "The file or
directory is corrupted and unreadable. ". The open file operation will fail with
error -1022 (0xfffffc02).

Error - 8/31/2011 1:04:27 AM | Computer Name = MICHAEL-5834DF8 | Source = ESENT | ID = 439
Description = wuauclt (1920) Unable to write a shadowed header for file C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb.
Error -1022.

Error - 8/31/2011 1:04:27 AM | Computer Name = MICHAEL-5834DF8 | Source = ESENT | ID = 485
Description = wuauclt (176) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
failed with system error 1392 (0x00000570): "The file or directory is corrupted
and unreadable. ". The delete file operation will fail with error -1022 (0xfffffc02).

Error - 8/31/2011 1:04:27 AM | Computer Name = MICHAEL-5834DF8 | Source = ESENT | ID = 490
Description = wuauclt (176) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
for read / write access failed with system error 1392 (0x00000570): "The file or
directory is corrupted and unreadable. ". The open file operation will fail with
error -1022 (0xfffffc02).

Error - 8/31/2011 1:04:27 AM | Computer Name = MICHAEL-5834DF8 | Source = ESENT | ID = 439
Description = wuauclt (176) Unable to write a shadowed header for file C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb.
Error -1022.

Error - 8/31/2011 1:04:28 AM | Computer Name = MICHAEL-5834DF8 | Source = ESENT | ID = 485
Description = wuauclt (1508) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
failed with system error 1392 (0x00000570): "The file or directory is corrupted
and unreadable. ". The delete file operation will fail with error -1022 (0xfffffc02).

Error - 8/31/2011 1:04:28 AM | Computer Name = MICHAEL-5834DF8 | Source = ESENT | ID = 490
Description = wuauclt (1508) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
for read / write access failed with system error 1392 (0x00000570): "The file or
directory is corrupted and unreadable. ". The open file operation will fail with
error -1022 (0xfffffc02).

Error - 8/31/2011 1:04:28 AM | Computer Name = MICHAEL-5834DF8 | Source = ESENT | ID = 439
Description = wuauclt (1508) Unable to write a shadowed header for file C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb.
Error -1022.

[ System Events ]
Error - 9/21/2011 4:52:27 PM | Computer Name = MICHAEL-5834DF8 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 9/21/2011 4:52:31 PM | Computer Name = MICHAEL-5834DF8 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 9/21/2011 4:52:35 PM | Computer Name = MICHAEL-5834DF8 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 9/21/2011 4:52:40 PM | Computer Name = MICHAEL-5834DF8 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 9/21/2011 4:52:44 PM | Computer Name = MICHAEL-5834DF8 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 9/21/2011 4:52:49 PM | Computer Name = MICHAEL-5834DF8 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 9/21/2011 4:52:53 PM | Computer Name = MICHAEL-5834DF8 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 9/23/2011 12:56:01 PM | Computer Name = MICHAEL-5834DF8 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 9/23/2011 12:56:01 PM | Computer Name = MICHAEL-5834DF8 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 9/23/2011 12:56:26 PM | Computer Name = MICHAEL-5834DF8 | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.


< End of report >



  • 0

Advertisements


#2
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome back to Geeks to Go. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Random Access Memory Advice:

190.17 Mb Total Physical Memory | 34.71 Mb Available Physical Memory | 18.25% Memory free

Though Microsoft claims XP will run with a mere 128 MB installed in my humble opinion a minimum of 1 GB is far better.

If you wish too upgrade the installed memory, Crucial have a small System Scanner(CrucialScan.exe) which is perfectly safe to download and run. Which will advise if the system can support any upgraded memory modules. They cater for the US/UK and Europe.

Disable SUPERAntiSpyware:

It is best to keep this as a on-demand scanner only. As at present it is taking up the limited system resources and actually causing a security conflict with the Malwarebytes' Anti-Malware protection module.

  • Open SUPERAntiSpyware
  • Click on Preferences
  • Click on Real-Time Protection tab
  • Untick Real-Time protection
  • Click on the Hi-Jack Protection tab
  • Under Home Page Protection, uncheck "Protect Home Page from being changed. Changes can only be made here."
  • Click on Close.
  • Close SUPERAntiSpyware
Next:

Any problems running the below, merely try in Safe Mode.

How to boot into Safe Mode:

Restart your computer and as soon as it starts booting up again continuously tap the F8 key. A menu should come up where you will be given the option to enter Safe Mode, do so.

If any problems refer to this tutorial.

Note: Do try in Normal Mode first though.

Scan with TDSSKiller:

Please download TDSSKiller.zip and extract (unzip) it to your Desktop.

  • Double click on TDSSKiller.exe to launch it.
  • When the window opens, click on Change Parameters
  • Under Additional options, select both Verify driver digital signatures & Detect TDLFS File System >> OK
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!

Check Hard Disk For Errors:

Click on Start >> Run..., then copy/paste the following command into the box and press OK:

cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"

A blank command window will open on your desktop, then close in a few minutes. This is normal.

A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • TDSSKiller Log.
  • Checkhd Log.

  • 0

#3
Pat_54

Pat_54

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
Hi Dakeyras

I want to thank you for helping me here. I had a friend that had two 512mb ram that he wasn't using and didn't need. I removed the one that was in this computer and installed those two in here. I wanted to tell you that I only downloaded the free edition of super antispyware and malwarebyes. When I opened the anti spyware I checked to see and none of the boxes were checked that you spoke about. It might be because of it only being the free version. But anyhow I exited out of it until we done with this then i'll turn it back on. The computer is running a little faster but I believe its because of the upgrade of the ram. I ran the others things you asked and here are those results.

23:49:10.0359 2932 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
23:49:10.0765 2932 ============================================================
23:49:10.0765 2932 Current date / time: 2012/05/09 23:49:10.0765
23:49:10.0765 2932 SystemInfo:
23:49:10.0765 2932
23:49:10.0765 2932 OS Version: 5.1.2600 ServicePack: 3.0
23:49:10.0765 2932 Product type: Workstation
23:49:10.0765 2932 ComputerName: JOSH
23:49:10.0765 2932 UserName: Michael
23:49:10.0765 2932 Windows directory: C:\WINDOWS
23:49:10.0765 2932 System windows directory: C:\WINDOWS
23:49:10.0765 2932 Processor architecture: Intel x86
23:49:10.0765 2932 Number of processors: 1
23:49:10.0765 2932 Page size: 0x1000
23:49:10.0765 2932 Boot type: Normal boot
23:49:10.0765 2932 ============================================================
23:49:15.0609 2932 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:49:15.0640 2932 ============================================================
23:49:15.0640 2932 \Device\Harddisk0\DR0:
23:49:15.0640 2932 MBR partitions:
23:49:15.0640 2932 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC3D80
23:49:15.0640 2932 ============================================================
23:49:15.0765 2932 C: <-> \Device\Harddisk0\DR0\Partition0
23:49:15.0765 2932 ============================================================
23:49:15.0765 2932 Initialize success
23:49:15.0765 2932 ============================================================
23:49:53.0125 2560 ============================================================
23:49:53.0125 2560 Scan started
23:49:53.0125 2560 Mode: Manual; SigCheck; TDLFS;
23:49:53.0125 2560 ============================================================
23:49:53.0312 2560 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
23:49:53.0500 2560 !SASCORE - ok
23:49:53.0671 2560 6to4 (c07d5197410aab28d0d93f943f59656d) C:\WINDOWS\System32\6to4svc.dll
23:49:55.0109 2560 6to4 - ok
23:49:55.0187 2560 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
23:49:55.0234 2560 Aavmker4 - ok
23:49:55.0250 2560 Abiosdsk - ok
23:49:55.0265 2560 abp480n5 - ok
23:49:55.0343 2560 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:49:56.0125 2560 ACPI - ok
23:49:56.0171 2560 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
23:49:56.0375 2560 ACPIEC - ok
23:49:56.0390 2560 adpu160m - ok
23:49:56.0453 2560 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:49:56.0656 2560 aec - ok
23:49:56.0703 2560 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
23:49:56.0796 2560 AFD - ok
23:49:56.0812 2560 Aha154x - ok
23:49:56.0828 2560 aic78u2 - ok
23:49:56.0843 2560 aic78xx - ok
23:49:56.0890 2560 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
23:49:57.0109 2560 Alerter - ok
23:49:57.0140 2560 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
23:49:57.0218 2560 ALG - ok
23:49:57.0234 2560 AliIde - ok
23:49:57.0250 2560 amsint - ok
23:49:57.0296 2560 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
23:49:57.0406 2560 AppMgmt - ok
23:49:57.0484 2560 AR5211 (69645f795bbc22f05bea8b8734e3ee82) C:\WINDOWS\system32\DRIVERS\ar5211.sys
23:49:57.0625 2560 AR5211 - ok
23:49:57.0625 2560 asc - ok
23:49:57.0640 2560 asc3350p - ok
23:49:57.0656 2560 asc3550 - ok
23:49:57.0812 2560 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:49:57.0828 2560 aspnet_state - ok
23:49:57.0859 2560 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
23:49:57.0890 2560 aswFsBlk - ok
23:49:57.0906 2560 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
23:49:57.0921 2560 aswMon2 - ok
23:49:57.0953 2560 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys
23:49:57.0968 2560 aswRdr - ok
23:49:58.0031 2560 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
23:49:58.0093 2560 aswSnx - ok
23:49:58.0156 2560 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
23:49:58.0187 2560 aswSP - ok
23:49:58.0234 2560 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
23:49:58.0250 2560 aswTdi - ok
23:49:58.0296 2560 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:49:58.0468 2560 AsyncMac - ok
23:49:58.0500 2560 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:49:58.0703 2560 atapi - ok
23:49:58.0718 2560 Atdisk - ok
23:49:58.0796 2560 Ati HotKey Poller (06b67e6a0b679d037d2d9e27a64ce90c) C:\WINDOWS\system32\Ati2evxx.exe
23:49:58.0906 2560 Ati HotKey Poller - ok
23:49:59.0000 2560 ati2mtag (d5537cc8cc9a86668e3903bd53caa83c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:49:59.0156 2560 ati2mtag - ok
23:49:59.0203 2560 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:49:59.0437 2560 Atmarpc - ok
23:49:59.0500 2560 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
23:49:59.0703 2560 AudioSrv - ok
23:49:59.0796 2560 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:50:00.0031 2560 audstub - ok
23:50:00.0218 2560 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
23:50:00.0234 2560 avast! Antivirus - ok
23:50:00.0281 2560 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:50:00.0500 2560 Beep - ok
23:50:00.0546 2560 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
23:50:00.0890 2560 BITS - ok
23:50:00.0937 2560 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
23:50:01.0156 2560 Browser - ok
23:50:01.0234 2560 CAMCAUD (cce1f3c7c8e7383b90372229454999cf) C:\WINDOWS\system32\drivers\camc6aud.sys
23:50:01.0281 2560 CAMCAUD - ok
23:50:01.0343 2560 CAMCHALA (9a3bbde74dab737efa82de7ef4b40bea) C:\WINDOWS\system32\drivers\camc6hal.sys
23:50:01.0406 2560 CAMCHALA - ok
23:50:01.0453 2560 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:50:01.0671 2560 cbidf2k - ok
23:50:01.0687 2560 cd20xrnt - ok
23:50:01.0718 2560 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:50:01.0937 2560 Cdaudio - ok
23:50:02.0000 2560 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:50:02.0234 2560 Cdfs - ok
23:50:02.0265 2560 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:50:02.0468 2560 Cdrom - ok
23:50:02.0484 2560 Changer - ok
23:50:02.0531 2560 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
23:50:02.0765 2560 CiSvc - ok
23:50:02.0828 2560 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
23:50:03.0062 2560 ClipSrv - ok
23:50:03.0218 2560 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:50:03.0234 2560 clr_optimization_v2.0.50727_32 - ok
23:50:03.0265 2560 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:50:03.0453 2560 CmBatt - ok
23:50:03.0468 2560 CmdIde - ok
23:50:03.0484 2560 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:50:03.0703 2560 Compbatt - ok
23:50:03.0718 2560 COMSysApp - ok
23:50:03.0734 2560 Cpqarray - ok
23:50:03.0781 2560 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
23:50:04.0000 2560 CryptSvc - ok
23:50:04.0000 2560 dac2w2k - ok
23:50:04.0015 2560 dac960nt - ok
23:50:04.0093 2560 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
23:50:04.0187 2560 DcomLaunch - ok
23:50:04.0234 2560 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
23:50:04.0421 2560 Dhcp - ok
23:50:04.0468 2560 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:50:04.0687 2560 Disk - ok
23:50:04.0703 2560 dmadmin - ok
23:50:04.0796 2560 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:50:05.0062 2560 dmboot - ok
23:50:05.0093 2560 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:50:05.0296 2560 dmio - ok
23:50:05.0343 2560 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:50:05.0562 2560 dmload - ok
23:50:05.0609 2560 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
23:50:05.0812 2560 dmserver - ok
23:50:05.0843 2560 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:50:06.0046 2560 DMusic - ok
23:50:06.0125 2560 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
23:50:06.0187 2560 Dnscache - ok
23:50:06.0218 2560 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
23:50:06.0437 2560 Dot3svc - ok
23:50:06.0437 2560 dpti2o - ok
23:50:06.0468 2560 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:50:06.0656 2560 drmkaud - ok
23:50:06.0703 2560 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
23:50:06.0906 2560 EapHost - ok
23:50:06.0953 2560 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
23:50:07.0156 2560 ERSvc - ok
23:50:07.0234 2560 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:50:07.0265 2560 Eventlog - ok
23:50:07.0296 2560 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
23:50:07.0343 2560 EventSystem - ok
23:50:07.0406 2560 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:50:07.0609 2560 Fastfat - ok
23:50:07.0671 2560 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:50:07.0703 2560 FastUserSwitchingCompatibility - ok
23:50:07.0718 2560 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
23:50:07.0921 2560 Fdc - ok
23:50:07.0937 2560 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:50:08.0125 2560 Fips - ok
23:50:08.0125 2560 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
23:50:08.0312 2560 Flpydisk - ok
23:50:08.0359 2560 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:50:08.0531 2560 FltMgr - ok
23:50:08.0671 2560 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:50:08.0687 2560 FontCache3.0.0.0 - ok
23:50:08.0718 2560 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:50:08.0921 2560 Fs_Rec - ok
23:50:08.0953 2560 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:50:09.0109 2560 Ftdisk - ok
23:50:09.0140 2560 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:50:09.0328 2560 Gpc - ok
23:50:09.0375 2560 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:50:09.0562 2560 helpsvc - ok
23:50:09.0593 2560 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
23:50:09.0796 2560 HidServ - ok
23:50:09.0859 2560 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:50:10.0046 2560 HidUsb - ok
23:50:10.0109 2560 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
23:50:10.0296 2560 hkmsvc - ok
23:50:10.0312 2560 hpn - ok
23:50:10.0390 2560 HSFHWATI (790acb861176ae06d97bd7fbddcdbbcb) C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
23:50:10.0437 2560 HSFHWATI - ok
23:50:10.0515 2560 HSF_DPV (9a7c0d83bd340a43e10a453960607025) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
23:50:10.0625 2560 HSF_DPV - ok
23:50:10.0687 2560 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:50:10.0750 2560 HTTP - ok
23:50:10.0796 2560 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
23:50:10.0984 2560 HTTPFilter - ok
23:50:10.0984 2560 i2omgmt - ok
23:50:11.0000 2560 i2omp - ok
23:50:11.0046 2560 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:50:11.0265 2560 i8042prt - ok
23:50:11.0437 2560 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:50:11.0531 2560 idsvc - ok
23:50:11.0578 2560 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:50:11.0750 2560 Imapi - ok
23:50:11.0812 2560 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
23:50:12.0000 2560 ImapiService - ok
23:50:12.0015 2560 ini910u - ok
23:50:12.0046 2560 IntelIde - ok
23:50:12.0062 2560 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:50:12.0218 2560 intelppm - ok
23:50:12.0265 2560 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:50:12.0453 2560 Ip6Fw - ok
23:50:12.0500 2560 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:50:12.0687 2560 IpFilterDriver - ok
23:50:12.0734 2560 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:50:12.0906 2560 IpInIp - ok
23:50:12.0937 2560 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:50:13.0125 2560 IpNat - ok
23:50:13.0156 2560 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:50:13.0328 2560 IPSec - ok
23:50:13.0343 2560 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:50:13.0421 2560 IRENUM - ok
23:50:13.0437 2560 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:50:13.0593 2560 isapnp - ok
23:50:13.0750 2560 JavaQuickStarterService (5472d771c0197355c1d347f20392b982) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
23:50:13.0765 2560 JavaQuickStarterService - ok
23:50:13.0796 2560 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:50:13.0968 2560 Kbdclass - ok
23:50:14.0000 2560 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:50:14.0171 2560 kmixer - ok
23:50:14.0203 2560 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:50:14.0312 2560 KSecDD - ok
23:50:14.0343 2560 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
23:50:14.0406 2560 lanmanserver - ok
23:50:14.0453 2560 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
23:50:14.0500 2560 lanmanworkstation - ok
23:50:14.0500 2560 lbrtfdc - ok
23:50:14.0578 2560 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
23:50:14.0765 2560 LmHosts - ok
23:50:14.0796 2560 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
23:50:14.0812 2560 MBAMProtector - ok
23:50:14.0906 2560 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
23:50:15.0000 2560 MBAMService - ok
23:50:15.0109 2560 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
23:50:15.0140 2560 MDM - ok
23:50:15.0203 2560 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:50:15.0234 2560 mdmxsdk - ok
23:50:15.0265 2560 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
23:50:15.0468 2560 Messenger - ok
23:50:15.0531 2560 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:50:15.0703 2560 mnmdd - ok
23:50:15.0765 2560 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
23:50:15.0953 2560 mnmsrvc - ok
23:50:15.0984 2560 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:50:16.0125 2560 Modem - ok
23:50:16.0156 2560 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:50:16.0296 2560 Mouclass - ok
23:50:16.0359 2560 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:50:16.0515 2560 mouhid - ok
23:50:16.0546 2560 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:50:16.0703 2560 MountMgr - ok
23:50:16.0718 2560 mraid35x - ok
23:50:16.0734 2560 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:50:16.0906 2560 MRxDAV - ok
23:50:16.0984 2560 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:50:17.0093 2560 MRxSmb - ok
23:50:17.0156 2560 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
23:50:17.0296 2560 MSDTC - ok
23:50:17.0328 2560 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:50:17.0484 2560 Msfs - ok
23:50:17.0500 2560 MSIServer - ok
23:50:17.0562 2560 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:50:17.0703 2560 MSKSSRV - ok
23:50:17.0734 2560 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:50:17.0875 2560 MSPCLOCK - ok
23:50:17.0906 2560 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:50:18.0046 2560 MSPQM - ok
23:50:18.0093 2560 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:50:18.0234 2560 mssmbios - ok
23:50:18.0281 2560 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:50:18.0343 2560 Mup - ok
23:50:18.0406 2560 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
23:50:18.0578 2560 napagent - ok
23:50:18.0609 2560 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:50:18.0781 2560 NDIS - ok
23:50:18.0812 2560 NDISRD (1a18f436e4855572260580f4d42c69e8) C:\WINDOWS\system32\drivers\NDISRD.sys
23:50:18.0828 2560 NDISRD ( UnsignedFile.Multi.Generic ) - warning
23:50:18.0828 2560 NDISRD - detected UnsignedFile.Multi.Generic (1)
23:50:18.0890 2560 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:50:18.0937 2560 NdisTapi - ok
23:50:18.0968 2560 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:50:19.0125 2560 Ndisuio - ok
23:50:19.0156 2560 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:50:19.0328 2560 NdisWan - ok
23:50:19.0343 2560 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:50:19.0390 2560 NDProxy - ok
23:50:19.0406 2560 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:50:19.0562 2560 NetBIOS - ok
23:50:19.0609 2560 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:50:19.0781 2560 NetDDE - ok
23:50:19.0796 2560 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:50:20.0109 2560 NetDDEdsdm - ok
23:50:20.0156 2560 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:50:20.0312 2560 Netlogon - ok
23:50:20.0359 2560 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
23:50:20.0515 2560 Netman - ok
23:50:20.0625 2560 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:50:20.0656 2560 NetTcpPortSharing - ok
23:50:20.0718 2560 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
23:50:20.0750 2560 Nla - ok
23:50:20.0812 2560 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:50:20.0968 2560 Npfs - ok
23:50:21.0046 2560 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:50:21.0234 2560 Ntfs - ok
23:50:21.0234 2560 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:50:21.0390 2560 NtLmSsp - ok
23:50:21.0468 2560 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
23:50:21.0671 2560 NtmsSvc - ok
23:50:21.0718 2560 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:50:21.0875 2560 Null - ok
23:50:21.0937 2560 NWCWorkstation (2c2fd0e6b0180f94c260dd26706aa5f4) C:\WINDOWS\System32\nwwks.dll
23:50:22.0015 2560 NWCWorkstation - ok
23:50:22.0093 2560 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:50:22.0250 2560 NwlnkFlt - ok
23:50:22.0281 2560 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:50:22.0421 2560 NwlnkFwd - ok
23:50:22.0484 2560 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
23:50:22.0640 2560 NwlnkIpx - ok
23:50:22.0656 2560 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
23:50:22.0843 2560 NwlnkNb - ok
23:50:22.0875 2560 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
23:50:23.0031 2560 NwlnkSpx - ok
23:50:23.0078 2560 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
23:50:23.0156 2560 NWRDR - ok
23:50:23.0250 2560 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:50:23.0265 2560 ose - ok
23:50:23.0312 2560 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
23:50:23.0468 2560 Parport - ok
23:50:23.0484 2560 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:50:23.0640 2560 PartMgr - ok
23:50:23.0656 2560 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:50:23.0843 2560 ParVdm - ok
23:50:23.0859 2560 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:50:24.0015 2560 PCI - ok
23:50:24.0031 2560 PCIDump - ok
23:50:24.0062 2560 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:50:24.0234 2560 PCIIde - ok
23:50:24.0281 2560 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
23:50:24.0453 2560 Pcmcia - ok
23:50:24.0453 2560 PDCOMP - ok
23:50:24.0468 2560 PDFRAME - ok
23:50:24.0484 2560 PDRELI - ok
23:50:24.0500 2560 PDRFRAME - ok
23:50:24.0515 2560 perc2 - ok
23:50:24.0531 2560 perc2hib - ok
23:50:24.0609 2560 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:50:24.0656 2560 PlugPlay - ok
23:50:24.0656 2560 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:50:24.0828 2560 PolicyAgent - ok
23:50:24.0859 2560 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:50:25.0000 2560 PptpMiniport - ok
23:50:25.0015 2560 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:50:25.0171 2560 ProtectedStorage - ok
23:50:25.0187 2560 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:50:25.0359 2560 PSched - ok
23:50:25.0375 2560 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:50:25.0531 2560 Ptilink - ok
23:50:25.0546 2560 ql1080 - ok
23:50:25.0562 2560 Ql10wnt - ok
23:50:25.0578 2560 ql12160 - ok
23:50:25.0593 2560 ql1240 - ok
23:50:25.0609 2560 ql1280 - ok
23:50:25.0640 2560 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:50:25.0781 2560 RasAcd - ok
23:50:25.0828 2560 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
23:50:26.0000 2560 RasAuto - ok
23:50:26.0046 2560 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:50:26.0203 2560 Rasl2tp - ok
23:50:26.0265 2560 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
23:50:26.0437 2560 RasMan - ok
23:50:26.0453 2560 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:50:26.0609 2560 RasPppoe - ok
23:50:26.0609 2560 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:50:26.0781 2560 Raspti - ok
23:50:26.0828 2560 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:50:26.0984 2560 Rdbss - ok
23:50:27.0000 2560 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:50:27.0140 2560 RDPCDD - ok
23:50:27.0187 2560 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:50:27.0343 2560 rdpdr - ok
23:50:27.0421 2560 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
23:50:27.0484 2560 RDPWD - ok
23:50:27.0531 2560 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
23:50:27.0687 2560 RDSessMgr - ok
23:50:27.0734 2560 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:50:27.0890 2560 redbook - ok
23:50:27.0937 2560 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
23:50:28.0109 2560 RemoteAccess - ok
23:50:28.0156 2560 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
23:50:28.0328 2560 RemoteRegistry - ok
23:50:28.0375 2560 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
23:50:28.0515 2560 RpcLocator - ok
23:50:28.0578 2560 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
23:50:28.0656 2560 RpcSs - ok
23:50:28.0718 2560 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
23:50:28.0890 2560 RSVP - ok
23:50:28.0953 2560 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
23:50:29.0062 2560 RTL8023xp - ok
23:50:29.0109 2560 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
23:50:29.0281 2560 rtl8139 - ok
23:50:29.0296 2560 s24trans - ok
23:50:29.0343 2560 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:50:29.0484 2560 SamSs - ok
23:50:29.0578 2560 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
23:50:29.0593 2560 SASDIFSV - ok
23:50:29.0609 2560 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
23:50:29.0625 2560 SASKUTIL - ok
23:50:29.0687 2560 SBRE (c1ae5d1f53285d79a0b73a62af20734f) C:\WINDOWS\system32\drivers\SBREdrv.sys
23:50:29.0703 2560 SBRE - ok
23:50:29.0750 2560 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
23:50:29.0937 2560 SCardSvr - ok
23:50:30.0000 2560 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
23:50:30.0171 2560 Schedule - ok
23:50:30.0218 2560 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:50:30.0312 2560 Secdrv - ok
23:50:30.0328 2560 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
23:50:30.0484 2560 seclogon - ok
23:50:30.0500 2560 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
23:50:30.0656 2560 SENS - ok
23:50:30.0703 2560 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
23:50:30.0859 2560 Serial - ok
23:50:30.0906 2560 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
23:50:31.0062 2560 Sfloppy - ok
23:50:31.0140 2560 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
23:50:31.0328 2560 SharedAccess - ok
23:50:31.0390 2560 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:50:31.0421 2560 ShellHWDetection - ok
23:50:31.0437 2560 Simbad - ok
23:50:31.0468 2560 Sparrow - ok
23:50:31.0484 2560 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:50:31.0640 2560 splitter - ok
23:50:31.0671 2560 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
23:50:31.0734 2560 Spooler - ok
23:50:31.0765 2560 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:50:31.0859 2560 sr - ok
23:50:31.0921 2560 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
23:50:32.0000 2560 srservice - ok
23:50:32.0078 2560 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:50:32.0140 2560 Srv - ok
23:50:32.0171 2560 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
23:50:32.0265 2560 SSDPSRV - ok
23:50:32.0328 2560 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
23:50:32.0515 2560 stisvc - ok
23:50:32.0593 2560 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:50:32.0765 2560 swenum - ok
23:50:32.0796 2560 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:50:32.0953 2560 swmidi - ok
23:50:32.0968 2560 SwPrv - ok
23:50:32.0984 2560 symc810 - ok
23:50:33.0000 2560 symc8xx - ok
23:50:33.0015 2560 sym_hi - ok
23:50:33.0031 2560 sym_u3 - ok
23:50:33.0109 2560 SynTP (eb363ddfbe8b6d51003ccab29d93d744) C:\WINDOWS\system32\DRIVERS\SynTP.sys
23:50:33.0171 2560 SynTP - ok
23:50:33.0218 2560 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:50:33.0359 2560 sysaudio - ok
23:50:33.0406 2560 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
23:50:33.0593 2560 SysmonLog - ok
23:50:33.0640 2560 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
23:50:33.0812 2560 TapiSrv - ok
23:50:33.0890 2560 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:50:34.0000 2560 Tcpip - ok
23:50:34.0062 2560 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
23:50:34.0109 2560 Tcpip6 - ok
23:50:34.0156 2560 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:50:34.0312 2560 TDPIPE - ok
23:50:34.0343 2560 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:50:34.0484 2560 TDTCP - ok
23:50:34.0531 2560 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:50:34.0687 2560 TermDD - ok
23:50:34.0734 2560 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
23:50:34.0921 2560 TermService - ok
23:50:34.0984 2560 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:50:35.0015 2560 Themes - ok
23:50:35.0062 2560 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
23:50:35.0171 2560 TlntSvr - ok
23:50:35.0171 2560 TosIde - ok
23:50:35.0250 2560 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
23:50:35.0406 2560 TrkWks - ok
23:50:35.0437 2560 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
23:50:35.0609 2560 tunmp - ok
23:50:35.0656 2560 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:50:35.0828 2560 Udfs - ok
23:50:35.0828 2560 ultra - ok
23:50:35.0875 2560 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:50:36.0093 2560 Update - ok
23:50:36.0125 2560 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
23:50:36.0218 2560 upnphost - ok
23:50:36.0250 2560 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
23:50:36.0421 2560 UPS - ok
23:50:36.0500 2560 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:50:36.0656 2560 usbccgp - ok
23:50:36.0703 2560 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:50:36.0843 2560 usbehci - ok
23:50:36.0875 2560 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:50:37.0015 2560 usbhub - ok
23:50:37.0062 2560 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:50:37.0203 2560 usbohci - ok
23:50:37.0265 2560 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:50:37.0437 2560 USBSTOR - ok
23:50:37.0453 2560 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:50:37.0609 2560 VgaSave - ok
23:50:37.0609 2560 ViaIde - ok
23:50:37.0656 2560 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:50:37.0828 2560 VolSnap - ok
23:50:37.0859 2560 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
23:50:38.0000 2560 VSS - ok
23:50:38.0015 2560 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
23:50:38.0187 2560 W32Time - ok
23:50:38.0234 2560 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:50:38.0390 2560 Wanarp - ok
23:50:38.0406 2560 WDICA - ok
23:50:38.0437 2560 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:50:38.0609 2560 wdmaud - ok
23:50:38.0671 2560 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
23:50:38.0828 2560 WebClient - ok
23:50:38.0890 2560 winachsf (eb5d5dd39da6b25ffd4206892365f67c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
23:50:38.0984 2560 winachsf - ok
23:50:39.0093 2560 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
23:50:39.0250 2560 winmgmt - ok
23:50:39.0312 2560 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
23:50:39.0375 2560 WmdmPmSN - ok
23:50:39.0453 2560 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
23:50:39.0515 2560 Wmi - ok
23:50:39.0578 2560 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:50:39.0765 2560 WmiApSrv - ok
23:50:39.0921 2560 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
23:50:40.0031 2560 WMPNetworkSvc - ok
23:50:40.0109 2560 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
23:50:40.0156 2560 WpdUsb - ok
23:50:40.0203 2560 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
23:50:40.0359 2560 wscsvc - ok
23:50:40.0390 2560 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
23:50:40.0593 2560 wuauserv - ok
23:50:40.0656 2560 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:50:40.0703 2560 WudfPf - ok
23:50:40.0734 2560 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:50:40.0781 2560 WudfRd - ok
23:50:40.0828 2560 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
23:50:40.0859 2560 WudfSvc - ok
23:50:40.0953 2560 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
23:50:41.0140 2560 WZCSVC - ok
23:50:41.0187 2560 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
23:50:41.0359 2560 xmlprov - ok
23:50:41.0421 2560 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
23:50:41.0750 2560 \Device\Harddisk0\DR0 - ok
23:50:41.0765 2560 Boot (0x1200) (58faef6f8670e6adb0b55b223a3855b0) \Device\Harddisk0\DR0\Partition0
23:50:41.0765 2560 \Device\Harddisk0\DR0\Partition0 - ok
23:50:41.0781 2560 ============================================================
23:50:41.0781 2560 Scan finished
23:50:41.0781 2560 ============================================================
23:50:41.0906 2384 Detected object count: 1
23:50:41.0906 2384 Actual detected object count: 1
23:51:44.0359 2384 NDISRD ( UnsignedFile.Multi.Generic ) - skipped by user
23:51:44.0359 2384 NDISRD ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:52:19.0562 3924 Deinitialize success

The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
CHKDSK is verifying indexes (stage 2 of 3)...
CHKDSK is recovering lost files.
CHKDSK is verifying security descriptors (stage 3 of 3)...
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

58597055 KB total disk space.
8395604 KB in 41753 files.
12628 KB in 4354 indexes.
0 KB in bad sectors.
191911 KB in use by the system.
65536 KB occupied by the log file.
49996912 KB available on disk.

4096 bytes in each allocation unit.
14649263 total allocation units on disk.
12499228 allocation units available on disk.



  • 0

#4
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

I want to thank you for helping me here.

You're welcome!

I had a friend that had two 512mb ram that he wasn't using and didn't need. I removed the one that was in this computer and installed those two in here.

Good.

I wanted to tell you that I only downloaded the free edition of super antispyware and malwarebyes. When I opened the anti spyware I checked to see and none of the boxes were checked that you spoke about. It might be because of it only being the free version. But anyhow I exited out of it until we done with this then i'll turn it back on.

Fair play.

The computer is running a little faster but I believe its because of the upgrade of the ram.

OK, your machine will require some in-depth maintenance but we will address that in due course.

Reset SP3 Firewall:

Click on Start >> Run... and cut/paste in the following and click on OK

firewall.cpl

Click on the Advanced tab >> Restore Defaults >> At the prompt click on Yes

Now click on the Exceptions tab >> deselect Remote Assistance >> OK

Download/Run ComboFix:

Please visit this webpage for download links, and instructions for running the tool:

How to use ComboFix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs <-- Click on this link.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If ComboFix detects Rootkit activity and asks to reboot the system, please allow this to be done.

If you recieve an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper


When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • ComboFix Log.

  • 0

#5
Pat_54

Pat_54

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
Hi Dakeyras

Computer is starting to around. It's beginning to act normal. You guys at Geekstogo are just awesome. I did the next steps in the process and here is the log from combofix.

ComboFix 12-05-10.04 - Michael 05/10/2012 20:17:59.1.1 - x86
Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Michael\Local Settings\Application Data\7d47abb2\U
c:\documents and settings\Michael\Local Settings\Application Data\7d47abb2\U\[email protected]
c:\program files\Common Files\Uninstall
c:\windows\$NtUninstallKB10506$
c:\windows\$NtUninstallKB10506$\1043516002
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\ndisapi.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-11 to 2012-05-11 )))))))))))))))))))))))))))))))
.
.
2012-05-10 05:23 . 2012-05-10 05:23 -------- d-----w- c:\documents and settings\Michael\Local Settings\Application Data\Sun
2012-05-10 03:33 . 2012-05-10 03:33 -------- d-----w- c:\program files\Common Files\Adobe
2012-05-10 02:40 . 2012-05-10 02:40 -------- d-----w- c:\program files\Oracle
2012-05-10 02:40 . 2012-05-10 02:40 -------- d-----w- c:\documents and settings\Michael\Application Data\Oracle
2012-05-10 02:40 . 2012-04-04 22:47 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-10 02:40 . 2012-04-04 22:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-10 02:40 . 2012-04-04 22:47 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-09 21:39 . 2012-05-09 21:39 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-09 21:35 . 2012-05-10 02:53 -------- d-----w- c:\documents and settings\Administrator.MICHAEL-5834DF8
2012-05-09 21:04 . 2012-05-09 21:35 -------- d-s---w- c:\documents and settings\Administrator.JOSH
2012-05-09 02:44 . 2012-05-09 02:44 -------- d-----w- c:\program files\Common Files\Java
2012-05-08 07:59 . 2012-05-08 07:59 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-08 07:59 . 2012-05-08 07:59 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-07 00:54 . 2008-04-14 00:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2012-05-07 00:54 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-05-07 00:54 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2012-05-07 00:54 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 19:56 . 2011-09-20 18:13 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 23:15 . 2011-09-21 18:19 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-09-21 18:19 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-09-21 18:20 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2011-09-21 18:20 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2011-09-21 18:20 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2011-09-21 18:20 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-09-21 18:20 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-06 23:01 . 2011-09-21 18:20 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-06 23:01 . 2011-09-21 18:20 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 22:58 . 2011-09-21 18:20 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-02-29 12:17 . 2004-08-03 22:59 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-08 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-06-29 01:05 344064 -c--a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 19:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 -c----w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2004-10-08 18:43 688218 -c--a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2004-10-08 18:44 98394 -c--a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"Symantec AntiVirus"=2 (0x2)
"SPBBCSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"SavRoam"=3 (0x3)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"DefWatch"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"!SASCORE"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [9/21/2011 2:20 PM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/21/2011 2:20 PM 337880]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [9/20/2011 10:15 AM 98392]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/21/2011 2:20 PM 20696]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [3/31/2005 5:08 PM 211200]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/20/2011 2:13 PM 22344]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - NDISRD
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-11 c:\windows\Tasks\User_Feed_Synchronization-{EBCB8333-CD99-4E5D-846F-442D1E9AEA58}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-NavLogon - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-MSDRV - NetFilter.exe
MSConfigStartUp-PersonalAV - c:\program files\PersonalAV\pav.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-vptray - c:\progra~1\SYMANT~1\VPTray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-10 20:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(556)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2792)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\SUPERAntiSpyware\SASCORE.EXE
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-05-10 20:34:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-11 00:34
.
Pre-Run: 51,033,411,584 bytes free
Post-Run: 50,887,766,016 bytes free
.
- - End Of File - - 9194504EEE9A445D21E1B8C3AC84A806
  • 0

#6
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

Computer is starting to around. It's beginning to act normal.

Good.

You guys at Geekstogo are just awesome

On behalf of Geeks to Go, thank you for the compliment...much appreciated!

Hard-Drive Maintenance/Repair:

Note: for the CHKDSK portion you may refer to this tutorial of mine here and follow the instructions for Graphical Mode if you so wish.

  • Click Start >> Run... then type in CMD and click on OK.
  • At the Command Prompt C:\ > type the following:
  • CD C:\ and hit the Enter/Return key.
  • Now type in DEFRAG C: -F
  • A Analysis report will be displayed and then Windows will start the Defragmentation run automatically.
  • This may take some time, when completed the Command Prompt C:\ > will appear.
  • Now type in CHKDSK C: /R and hit the Enter/Return key.
  • When prompted with:

CHKDSK cannot run because the volume is in use by another process
Would you like to schedule this volume to be checked next time the system
restarts (Y/N)

  • Hit the Y key then at the Command Prompt C:\ >
  • Type in EXIT and and hit the Enter/Return key.
  • Now Reboot(Restart) your computer.
Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

You should see a screen like this just after the Post(power on self test) screen:

Posted Image

Note: Do not touch either the Keyboard or Mouse, otherwise the Check-Disk will be cancelled and you computer will continue to boot-up as normal.

Malwarebytes Anti-Malware:

  • Launch the application, Check for Updates >> Perform quick scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here to run the scan...

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • Malwarebytes Anti-Malware Log.
  • Eset Log.

  • 0

#7
Pat_54

Pat_54

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
Hello again.... I think things are being to get better here. Here are the logs from the following steps I did.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.11.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Michael :: JOSH [administrator]

5/11/2012 1:19:26 PM
mbam-log-2012-05-11 (13-19-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231623
Time elapsed: 7 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=dd37df361b6364489bce77db583d1c05
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-05-11 06:24:39
# local_time=2012-05-11 02:24:39 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=43257
# found=3
# cleaned=0
# scan_time=2098
C:\Documents and Settings\Michael\Application Data\Sun\Java\Deployment\cache\6.0\33\466e8161-558c0a18 a variant of Java/Agent.DU trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Michael\Application Data\Sun\Java\Deployment\cache\6.0\62\2fa7033e-2c6c9d66 Win32/Sirefef.DD trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Michael\Local Settings\Application Data\7d47abb2\U\[email protected] a variant of Win32/Sirefef.DV trojan (unable to clean) 00000000000000000000000000000000 I



  • 0

#8
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

OK lets deal with the results of the online scan. One of the detections is not a cause for concern and merely denotes something that was quarantined by Combofix, which in turn will be removed completely when we actually uninstall ComboFix.

So carry out the below and that will actually flush the Java Cache with the offending infections residing within...

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

Next:

Let myself know when completed the above and if any further issues remaining. If not we will clean up all tools used during the Malware Removal process and I will provide some advice about online safety etc.
  • 0

#9
Pat_54

Pat_54

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
Hi Dakeyras
I ran the TFC. Computer is running super. Great job. I thank you so very much. I do have one question before we finish with clean up. Like I explained at the beginning this computer was given to my son and I was wondering is there anyway to remove the other persons name, files and folders etc. without doing a total reinstall. I was seaching this out on internet but found no real good solutions. I would appreciate it if you could guide me in the right direction here. I'm not totally dumb when it comes to doing things on computer as long as it's explained how to. Thanks again and will be waiting for instructions on clean up.
  • 0

#10
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

I ran the TFC. Computer is running super. Great job. I thank you so very much.

Good and you're most welcome!

I do have one question before we finish with clean up. Like I explained at the beginning this computer was given to my son and I was wondering is there anyway to remove the other persons name, files and folders etc. without doing a total reinstall. I was seaching this out on internet but found no real good solutions. I would appreciate it if you could guide me in the right direction here. I'm not totally dumb when it comes to doing things on computer as long as it's explained how to.

This Microsoft Article explains such if I am understanding correctly what you are inquiring about...

How to Change Name and Company Information with XP

As for the rest you could delete manually and or if there are any unwanted user profiles providing your sons account is a admin one you can remove them via:-

Start >> Control Panel >> User Accounts >> click on the account name to be removed >> Delete the account >> then if memory serves correctly you have the option to either save the account files and or delete them etc before actually deleting the account.

Now if the above is not quite the answer(s) you were looking for my best advice would be to create a new topic in this part of the forum:-

Windows XP™, 2000, 2003, NT

And the excellent Tech Staff we have here in Geeks to Go should be able to advise you far better than I because primarily I only provide Anti-Malware support.

Next:

Congratulations your Son's computer appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

Uninstall ComboFix:

  • Click on Start >> Run...
  • Now type in ComboFix /Uninstall into the and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image
Clean up with OTL:

  • Double-click OTL to start the program.
  • Close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, depress the CleanUp button.
  • Say Yes to the prompt and then allow the program to reboot your computer.
The above process should clean up and remove the vast majority of scanners used and logs created etc. Any left over merely delete yourself and empty the Recycle Bin.

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan once at least once per week.

Other installed security software:

The presently installed Anti-Virus software, avast! Free Antivirus automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also at least once per week.

Keep the system updated:

Microsoft releases patches for Windows and other products regularly:

  • I advise you visit: http://update.micros...t.aspx?ln=en-us
  • Install the Active X
  • Once installed it will advise set Auto-Updates if not set and you then you will be able to manually check for updates also via:
  • Start >> All Programs >> Microsoft Updates
Note: The above if not a option available, can still be checked manually via Start >> All Programs >> Windows Updates

Be careful when opening attachments and downloading files:

Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
Never open emails from unknown senders.
Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice is avoid these types of software applications.

Hosts File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:

Only use one of the above!

Install WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here.

You can find information about how WinPatrol works here.

Check your third party software is upto date:

Via the Secunia Online Software Inspector

Next:

This is a very helpful/useful set of advice from Microsoft: Microsoft Safety & Security Center

Any questions? Feel free to ask, if not stay safe!
  • 0

#11
Pat_54

Pat_54

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
Hi Dakeyras

I did the clean up and check all the sites you recommeded for safety and keeping the computer healthy and clean. Thanks for the advise on the other thing I asked about. I'm going to look at these sites as well. The computer is running super and is a little speed demon now. My son will be happy and I know I am. Thank you so much for your time, you have been a life saver. You people at geekstogo, do an awesome job there. I only wish I had the knowledge you do. This has been a very helpful site and I have used this site in the past and always have had very friendly mods and helpful tips. I will continue to use it when I'm in a fix. Continue to do the great work. Thanks Patty :wub: :cheers: :yeah:
  • 0

#12
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
You're welcome! :)
  • 0

#13
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP