Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

is my OLT Log clean? [Solved]


  • This topic is locked This topic is locked

#1
scottb

scottb

    Member

  • Member
  • PipPipPip
  • 164 posts
Hi All,

Have my friends laptop, it was running slow I have ran malwarebytes super antispyware and avast antivirus as well as trent micro online. He runs google chrome and when run a second tab opens with www.searchnu.com/408. Here's the OLT log

OTL logfile created on: 29/11/2012 09:27:13 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = F:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

750.80 Mb Total Physical Memory | 389.39 Mb Available Physical Memory | 51.86% Memory free
1.79 Gb Paging File | 1.50 Gb Available in Paging File | 83.95% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.77 Gb Total Space | 0.70 Gb Free Space | 7.17% Space Free | Partition Type: NTFS
Drive D: | 18.17 Gb Total Space | 15.66 Gb Free Space | 86.18% Space Free | Partition Type: NTFS
Drive F: | 1.86 Gb Total Space | 0.41 Gb Free Space | 21.87% Space Free | Partition Type: FAT

Computer Name: LUIGI | User Name: Richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe ()
PRC - F:\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corp.)
PRC - C:\WINDOWS\system32\TPWRTRAY.EXE (TOSHIBA Corporation)
PRC - C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe (adi)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\12112801\algo.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe ()
MOD - c:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\qedit.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()


========== Win32 Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (Browser Manager) -- C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe ()
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Driver Services (SafeList) ==========

DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (SASKUTIL) -- C:\Documents and Settings\Richard\Local Settings\temp\SAS_SelfExtract\saskutil.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Documents and Settings\Richard\Local Settings\temp\SAS_SelfExtract\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (ZD1211BU(TP-LINK)) TP-LINK Wireless USB Adapter Driver(TP-LINK) -- C:\WINDOWS\system32\drivers\ZD1211BU.sys (Atheros Technology Corporation)
DRV - (RT2500) -- C:\WINDOWS\system32\drivers\RT2500.sys (Ralink Technology Inc.)
DRV - (TOSHIBASoftModem) -- C:\WINDOWS\system32\drivers\LTSM.sys (LT)
DRV - (TVALD) -- C:\WINDOWS\system32\DRIVERS\TVALD.SYS (Toshiba Corporation)
DRV - (TVALG) -- C:\WINDOWS\system32\DRIVERS\TVALG.SYS (TOSHIBA Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/408
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Richard\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Richard\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [1999/12/31 23:10:41 | 000,000,000 | ---D | M]

[1999/12/31 23:10:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Documents and Settings\Richard\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Documents and Settings\Richard\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Documents and Settings\Richard\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\
CHR - Extension: No name found = C:\Documents and Settings\Richard\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djjpllkkkfobicnffejagpfbnkmgpggb\1.0.0_0\
CHR - Extension: No name found = C:\Documents and Settings\Richard\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hheionapfacfmaodbgacjbnfhmofjebc\1.0_0\
CHR - Extension: No name found = C:\Documents and Settings\Richard\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474\
CHR - Extension: No name found = C:\Documents and Settings\Richard\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\
CHR - Extension: No name found = C:\Documents and Settings\Richard\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2011/05/30 14:08:03 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe (adi)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [Tpwrtray] C:\WINDOWS\System32\TPWRTRAY.EXE (TOSHIBA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_25.dll (Sun Microsystems, Inc.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O20 - AppInit_DLLs: (c:\docume~1\alluse~1\applic~1\browse~1\23796~1.11\{16cdf~1\browse~1.dll) -c:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Richard\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Richard\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/03 22:40:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/11/28 20:32:05 | 000,256,904 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2012/11/28 18:10:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Application Data\FixBee
[2012/11/28 18:10:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FixBee
[2012/11/28 18:09:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/11/28 18:08:39 | 000,000,000 | ---D | C] -- C:\Program Files\FixBee
[2012/11/28 17:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Application Data\DriverCure
[2012/11/28 17:55:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Application Data\ParetoLogic
[2012/11/28 17:55:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2012/11/27 15:59:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/11/27 15:44:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/11/27 15:44:13 | 000,361,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/11/27 15:44:13 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/11/27 15:44:11 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/11/27 15:42:36 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/11/27 15:42:34 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/11/26 10:01:32 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/11/26 10:01:29 | 000,738,504 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/11/26 10:01:23 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/11/26 10:01:23 | 000,089,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/11/26 10:01:21 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

========== Files - Modified Within 30 Days ==========

[2012/11/29 09:32:06 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\Browser Manager.job
[2012/11/29 09:28:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{802FB642-22F5-42A1-8292-34E89E89D123}.job
[2012/11/29 09:25:22 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/29 09:12:12 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-842925246-1343024091-1004UA.job
[2012/11/29 09:07:01 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/29 09:04:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/11/29 07:39:57 | 000,000,318 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/11/29 07:38:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/29 07:38:43 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/29 07:37:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/28 23:11:01 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-842925246-1343024091-1004Core.job
[2012/11/28 23:06:33 | 000,223,980 | ---- | M] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\census.cache
[2012/11/28 23:06:07 | 000,161,172 | ---- | M] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\ars.cache
[2012/11/28 20:29:14 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\housecall.guid.cache
[2012/11/27 15:44:14 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\avast! Free Antivirus.lnk
[2012/11/27 15:44:09 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/11/26 16:52:29 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/11/26 16:19:11 | 000,144,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/26 16:15:04 | 000,462,806 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/26 16:15:04 | 000,078,752 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/26 12:49:49 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/11/26 09:40:20 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/26 09:30:56 | 000,000,064 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ftstate.ini
[2012/10/30 22:51:58 | 000,738,504 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/10/30 22:51:58 | 000,361,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/10/30 22:51:58 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/10/30 22:51:58 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/10/30 22:51:57 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/10/30 22:51:57 | 000,089,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/10/30 22:51:56 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/10/30 22:51:56 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/10/30 22:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/10/30 22:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

========== Files Created - No Company Name ==========

[2012/11/29 07:37:41 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\Browser Manager.job
[2012/11/28 23:06:33 | 000,223,980 | ---- | C] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\census.cache
[2012/11/28 23:06:07 | 000,161,172 | ---- | C] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\ars.cache
[2012/11/28 20:29:14 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\housecall.guid.cache
[2012/11/27 15:44:14 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\avast! Free Antivirus.lnk
[2012/11/26 10:01:25 | 000,000,318 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/11/26 09:35:55 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/11/26 09:24:55 | 000,000,064 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ftstate.ini
[2012/02/17 15:25:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/03 21:42:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/10 19:47:22 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/10 19:47:20 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/10 19:47:20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/10 19:47:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/10 19:47:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/20 12:51:51 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/28 15:19:48 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/08/18 17:16:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/08/18 17:14:20 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/20 16:08:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/05 12:24:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\TOSMgmt.dll
[2008/05/05 12:23:41 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
[2008/05/05 12:04:48 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\getnode.dll
[2008/05/05 12:04:45 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\tcleanup.exe
[2008/04/03 23:01:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/03 22:59:49 | 000,144,424 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/03 22:45:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/03 22:36:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2004/08/04 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 12:00:00 | 000,462,806 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 12:00:00 | 000,078,752 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 12:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2012/11/27 15:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[1999/12/31 23:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/11/29 07:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[1999/12/31 23:10:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Browser Manager
[2012/11/28 18:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FixBee
[2012/02/17 20:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FUJIFILM
[2011/11/24 21:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2011/11/24 20:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2012/11/28 18:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/11/24 21:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[1999/12/31 23:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Babylon
[1999/12/31 23:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\BabylonToolbar
[2012/11/28 17:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\DriverCure
[2012/11/28 18:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\FixBee
[2009/08/18 18:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Leadertech
[2012/11/27 09:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Nokia
[2012/11/27 09:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Nokia Suite
[2012/11/28 17:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\ParetoLogic
[2011/11/24 22:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\PC Suite
[2011/11/10 20:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Windows Desktop Search
[2012/11/29 07:39:57 | 000,000,318 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[2012/11/29 09:32:06 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\Browser Manager.job
[2012/11/29 09:28:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{802FB642-22F5-42A1-8292-34E89E89D123}.job

========== Purity Check ==========



< End of report >


Thanks in advance.
  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
scottb

scottb

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
Hi Gringo,

Here are a copy of the logs as requested.



Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java™ 6 Update 25
Java version out of Date!
Adobe Reader 10.1.0 Adobe Reader out of Date!
Google Chrome 23.0.1271.91
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 48% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


----------------------------------------------------------------------------------------------------------------------------------
Next Log.


# AdwCleaner v2.009 - Logfile created 11/29/2012 at 11:46:47
# Updated 24/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Richard - LUIGI
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Richard\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Browser Manager

***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\All Users\Application Data\Browser Manager
Deleted on reboot : C:\Documents and Settings\Richard\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Deleted on reboot : C:\Documents and Settings\Richard\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Deleted on reboot : C:\Program Files\BabylonToolbar
File Deleted : C:\DOCUME~1\Richard\LOCALS~1\Temp\Searchqu.ini
File Deleted : C:\DOCUME~1\Richard\LOCALS~1\Temp\searchqutoolbar-manifest.xml
File Deleted : C:\DOCUME~1\Richard\LOCALS~1\Temp\SetupDataMngr_Searchqu.exe
File Deleted : C:\WINDOWS\Tasks\Browser Manager.job
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\Richard\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Richard\Application Data\BabylonToolbar
Folder Deleted : C:\Documents and Settings\Richard\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Richard\Start Menu\Programs\Browser Manager

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Microsoft\Babylon
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DealPly
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Software
Key Deleted : HKU\S-1-5-21-1614895754-842925246-1343024091-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=115298&tt=4512_8&babsrc=HP_ss_cr&mntrId=446b2c160000000000000013d371f7b1 --> hxxp://www.google.com

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Richard\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [4946 octets] - [29/11/2012 11:46:47]

########## EOF - C:\AdwCleaner[S1].txt - [5006 octets] ##########


----------------------------------------------------------------------------------------------------------------------------

The Rogue Killer app created 2 logs so I' ve posted both.


RogueKiller V8.3.1 [Nov 26 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Richard [Admin rights]
Mode : Scan -- Date : 11/29/2012 11:53:12

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[WALLP] HKCU\[...]\Desktop : Wallpaper (C:\Documents and Settings\Richard\Local Settings\Application Data\Microsoft\Wallpaper1.bmp) -> FOUND
[APPINIT][SUSP PATH] HKLM\[...]\Windows : AppInit_DLLs (c:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

˙ž1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: IC25N030ATMR04-0 +++++
--- User ---
[MBR] 3a9dcae66d16ec7e79cff1acfdcc74a1
[BSP] 725bf1c4d408dd78ceff2d0502921e9b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 10001 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 20482875 | Size: 18606 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_11292012_02d1153.txt >>
RKreport[1]_S_11292012_02d1153.txt



And now for the second one


RogueKiller V8.3.1 [Nov 26 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Richard [Admin rights]
Mode : Remove -- Date : 11/29/2012 11:53:30

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[WALLP] HKCU\[...]\Desktop : Wallpaper (C:\Documents and Settings\Richard\Local Settings\Application Data\Microsoft\Wallpaper1.bmp) -> REPLACED (C:\Documents and Settings\Richard\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp)
[APPINIT][SUSP PATH] HKLM\[...]\Windows : AppInit_DLLs (c:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll) -> REPLACED ()

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

˙ž1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: IC25N030ATMR04-0 +++++
--- User ---
[MBR] 3a9dcae66d16ec7e79cff1acfdcc74a1
[BSP] 725bf1c4d408dd78ceff2d0502921e9b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 10001 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 20482875 | Size: 18606 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_11292012_02d1153.txt >>
RKreport[1]_S_11292012_02d1153.txt ; RKreport[2]_D_11292012_02d1153.txt



The computer appears to be running ok for the age and spec of it.

The desktop short cut icon in the task bar is there but is not working it starts searching for shortcut.

His wallpaper has disapeared and has been replaced by an old one. I have uninstalled google chrome and installed firefox, have changed internet explorer home page change it back to msn.

I was getting a rundll32.exe error on shut down but that appears to have stopped now.

Outlook express keeps giving me a free up disk space by compacting messages, when i startup laptop.

Thanks Scottb.
  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
scottb

scottb

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
Hi Gringo,

Here's the log for combo fix.

ComboFix 12-11-29.02 - Richard 29/11/2012 14:26:19.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.751.474 [GMT 0:00]
Running from: c:\documents and settings\Richard\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-29 )))))))))))))))))))))))))))))))
.
.
2012-11-29 12:42 . 2012-11-29 12:42 -------- d-----w- c:\documents and settings\Richard\Local Settings\Application Data\Mozilla
2012-11-29 12:42 . 2012-11-29 12:42 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-11-29 12:42 . 2012-11-20 06:17 262112 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-11-29 12:42 . 2012-11-20 06:17 890008 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2012-11-29 11:21 . 2012-11-29 11:21 -------- d-----w- c:\documents and settings\Richard\Local Settings\Application Data\CRE
2012-11-28 20:32 . 2012-06-05 07:37 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-11-28 18:10 . 2012-11-28 18:23 -------- d-----w- c:\documents and settings\Richard\Application Data\FixBee
2012-11-28 18:10 . 2012-11-28 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\FixBee
2012-11-28 18:08 . 2012-11-28 18:23 -------- d-----w- c:\program files\FixBee
2012-11-28 17:55 . 2012-11-28 17:55 -------- d-----w- c:\documents and settings\Richard\Application Data\DriverCure
2012-11-28 17:55 . 2012-11-28 17:55 -------- d-----w- c:\documents and settings\Richard\Application Data\ParetoLogic
2012-11-28 17:55 . 2012-11-28 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2012-11-27 15:44 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-11-27 15:44 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-11-27 15:44 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-11-27 15:42 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2012-11-27 15:42 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-11-26 10:01 . 2012-10-30 22:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-11-26 10:01 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-26 10:01 . 2012-10-30 22:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-11-26 10:01 . 2012-10-30 22:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-11-26 10:01 . 2012-10-30 22:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-11-26 09:35 . 2012-11-26 09:35 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-26 09:35 . 2012-02-11 19:29 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-22 08:37 . 2004-08-04 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2004-08-04 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-29 19:54 . 2011-06-23 18:08 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-20 06:17 . 2012-11-29 12:42 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-27 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-04-06 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-04-06 114688]
"PmProxy"="c:\program files\Analog Devices\SoundMAX\PmProxy.exe" [2003-02-28 40960]
"Tpwrtray"="TPWRTRAY.EXE" [2003-05-07 221184]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2003-05-23 253952]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Richard^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Richard\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\000StTHK]
2001-06-23 19:28 24576 -c--a-w- c:\windows\system32\000StTHK.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 -c--a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
2010-09-29 11:27 1584640 -c--a-w- c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-14 21:17 49152 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-01-07 12:12 253672 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-04-27 18:16 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"MDM"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"GoToAssist"=3 (0x3)
"GoogleDesktopManager-051210-111108"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [26/11/2012 10:01 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [27/11/2012 15:44 361032]
R1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Richard\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Richard\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
R1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Richard\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Richard\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/11/2012 15:44 21256]
S3 ZD1211BU(TP-LINK);TP-LINK Wireless USB Adapter Driver(TP-LINK);c:\windows\system32\drivers\ZD1211BU.sys [29/05/2011 17:02 500736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-26 09:35]
.
2012-11-29 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-27 22:50]
.
2012-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-27 18:16]
.
2012-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-27 18:16]
.
2012-11-29 c:\windows\Tasks\User_Feed_Synchronization-{802FB642-22F5-42A1-8292-34E89E89D123}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Richard\Application Data\Mozilla\Firefox\Profiles\frwtctt5.default\
FF - ExtSQL: 2012-11-27 16:03; [email protected]; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
MSConfigStartUp-chromium - c:\program files\Google\Chrome\Application\chrome.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-Google Update - c:\documents and settings\Richard\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-hpqSRMon - c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
MSConfigStartUp-NokiaSuite - c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-29 14:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2012-11-29 14:37:51
ComboFix-quarantined-files.txt 2012-11-29 14:37
.
Pre-Run: 1,153,077,248 bytes free
Post-Run: 1,933,643,776 bytes free
.
- - End Of File - - 5FE69D3C3AD190FD2AF6BBC221DE1EDF



The show desktop icon still not working, the laptop is a little slow loading applications but i think that's more to do with the age of it. Outlook express is still asking to compact messages. Should i allow this or is this not aq good idea?

Thanks again scottb
  • 0

#6
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
  • 0

#7
scottb

scottb

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
Hi Gringo,

Here's the logs you asked for


15:27:11.0495 3880 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:27:11.0926 3880 ============================================================
15:27:11.0926 3880 Current date / time: 2012/11/29 15:27:11.0926
15:27:11.0926 3880 SystemInfo:
15:27:11.0926 3880
15:27:11.0926 3880 OS Version: 5.1.2600 ServicePack: 3.0
15:27:11.0926 3880 Product type: Workstation
15:27:11.0926 3880 ComputerName: LUIGI
15:27:11.0926 3880 UserName: Richard
15:27:11.0926 3880 Windows directory: C:\WINDOWS
15:27:11.0926 3880 System windows directory: C:\WINDOWS
15:27:11.0926 3880 Processor architecture: Intel x86
15:27:11.0926 3880 Number of processors: 1
15:27:11.0926 3880 Page size: 0x1000
15:27:11.0926 3880 Boot type: Normal boot
15:27:11.0926 3880 ============================================================
15:27:13.0518 3880 Drive \Device\Harddisk0\DR0 - Size: 0x6FC7C8000 (27.95 Gb), SectorSize: 0x200, Cylinders: 0xE40, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:27:13.0528 3880 ============================================================
15:27:13.0528 3880 \Device\Harddisk0\DR0:
15:27:13.0528 3880 MBR partitions:
15:27:13.0528 3880 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1388AFC
15:27:13.0538 3880 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1388B7A, BlocksNum 0x2457405
15:27:13.0538 3880 ============================================================
15:27:13.0568 3880 D: <-> \Device\Harddisk0\DR0\Partition2
15:27:13.0598 3880 C: <-> \Device\Harddisk0\DR0\Partition1
15:27:13.0598 3880 ============================================================
15:27:13.0598 3880 Initialize success
15:27:13.0598 3880 ============================================================
15:27:17.0924 3724 ============================================================
15:27:17.0924 3724 Scan started
15:27:17.0924 3724 Mode: Manual;
15:27:17.0924 3724 ============================================================
15:27:19.0346 3724 ================ Scan system memory ========================
15:27:19.0356 3724 System memory - ok
15:27:19.0356 3724 ================ Scan services =============================
15:27:19.0667 3724 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
15:27:19.0677 3724 Aavmker4 - ok
15:27:19.0697 3724 Abiosdsk - ok
15:27:19.0707 3724 abp480n5 - ok
15:27:19.0777 3724 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:27:19.0777 3724 ACPI - ok
15:27:19.0837 3724 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
15:27:19.0837 3724 ACPIEC - ok
15:27:19.0917 3724 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:27:19.0927 3724 AdobeFlashPlayerUpdateSvc - ok
15:27:19.0937 3724 adpu160m - ok
15:27:19.0997 3724 [ EABCB9C1420341AB4B468DE317A1DA96 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
15:27:20.0007 3724 aeaudio - ok
15:27:20.0047 3724 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
15:27:20.0047 3724 aec - ok
15:27:20.0087 3724 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:27:20.0097 3724 AFD - ok
15:27:20.0107 3724 Aha154x - ok
15:27:20.0128 3724 aic78u2 - ok
15:27:20.0138 3724 aic78xx - ok
15:27:20.0188 3724 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
15:27:20.0198 3724 Alerter - ok
15:27:20.0228 3724 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
15:27:20.0228 3724 ALG - ok
15:27:20.0248 3724 AliIde - ok
15:27:20.0258 3724 amsint - ok
15:27:20.0278 3724 ApfiltrService - ok
15:27:20.0338 3724 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
15:27:20.0338 3724 AppMgmt - ok
15:27:20.0358 3724 asc - ok
15:27:20.0378 3724 asc3350p - ok
15:27:20.0388 3724 asc3550 - ok
15:27:20.0528 3724 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:27:20.0528 3724 aspnet_state - ok
15:27:20.0558 3724 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
15:27:20.0558 3724 aswFsBlk - ok
15:27:20.0618 3724 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
15:27:20.0618 3724 aswMon2 - ok
15:27:20.0648 3724 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
15:27:20.0648 3724 AswRdr - ok
15:27:20.0718 3724 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
15:27:20.0728 3724 aswSnx - ok
15:27:20.0768 3724 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
15:27:20.0778 3724 aswSP - ok
15:27:20.0808 3724 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
15:27:20.0819 3724 aswTdi - ok
15:27:20.0869 3724 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:27:20.0869 3724 AsyncMac - ok
15:27:20.0899 3724 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:27:20.0899 3724 atapi - ok
15:27:20.0919 3724 Atdisk - ok
15:27:20.0959 3724 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:27:20.0959 3724 Atmarpc - ok
15:27:21.0019 3724 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:27:21.0029 3724 AudioSrv - ok
15:27:21.0099 3724 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:27:21.0099 3724 audstub - ok
15:27:21.0199 3724 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:27:21.0209 3724 avast! Antivirus - ok
15:27:21.0249 3724 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:27:21.0249 3724 Beep - ok
15:27:21.0329 3724 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
15:27:21.0359 3724 BITS - ok
15:27:21.0409 3724 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
15:27:21.0409 3724 Browser - ok
15:27:21.0530 3724 catchme - ok
15:27:21.0590 3724 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
15:27:21.0590 3724 cbidf2k - ok
15:27:21.0610 3724 cd20xrnt - ok
15:27:21.0640 3724 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
15:27:21.0640 3724 Cdaudio - ok
15:27:21.0680 3724 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:27:21.0690 3724 Cdfs - ok
15:27:21.0720 3724 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:27:21.0720 3724 Cdrom - ok
15:27:21.0740 3724 Changer - ok
15:27:21.0780 3724 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
15:27:21.0790 3724 CiSvc - ok
15:27:21.0810 3724 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:27:21.0810 3724 ClipSrv - ok
15:27:21.0860 3724 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:27:21.0880 3724 clr_optimization_v2.0.50727_32 - ok
15:27:21.0910 3724 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:27:21.0910 3724 CmBatt - ok
15:27:21.0930 3724 CmdIde - ok
15:27:21.0960 3724 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:27:21.0960 3724 Compbatt - ok
15:27:21.0980 3724 COMSysApp - ok
15:27:22.0010 3724 Cpqarray - ok
15:27:22.0050 3724 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:27:22.0060 3724 CryptSvc - ok
15:27:22.0070 3724 dac2w2k - ok
15:27:22.0090 3724 dac960nt - ok
15:27:22.0160 3724 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:27:22.0180 3724 DcomLaunch - ok
15:27:22.0221 3724 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:27:22.0231 3724 Dhcp - ok
15:27:22.0251 3724 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:27:22.0261 3724 Disk - ok
15:27:22.0271 3724 dmadmin - ok
15:27:22.0351 3724 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:27:22.0361 3724 dmboot - ok
15:27:22.0421 3724 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
15:27:22.0431 3724 dmio - ok
15:27:22.0481 3724 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:27:22.0491 3724 dmload - ok
15:27:22.0531 3724 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
15:27:22.0531 3724 dmserver - ok
15:27:22.0561 3724 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
15:27:22.0571 3724 DMusic - ok
15:27:22.0611 3724 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:27:22.0611 3724 Dnscache - ok
15:27:22.0671 3724 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
15:27:22.0671 3724 Dot3svc - ok
15:27:22.0681 3724 dpti2o - ok
15:27:22.0701 3724 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:27:22.0711 3724 drmkaud - ok
15:27:22.0771 3724 [ AC9CF17EE2AE003C98EB4F5336C38058 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:27:22.0771 3724 E100B - ok
15:27:22.0831 3724 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
15:27:22.0831 3724 EapHost - ok
15:27:22.0881 3724 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:27:22.0881 3724 ERSvc - ok
15:27:22.0912 3724 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
15:27:22.0932 3724 Eventlog - ok
15:27:22.0992 3724 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
15:27:23.0002 3724 EventSystem - ok
15:27:23.0052 3724 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:27:23.0062 3724 Fastfat - ok
15:27:23.0142 3724 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:27:23.0152 3724 FastUserSwitchingCompatibility - ok
15:27:23.0182 3724 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
15:27:23.0182 3724 Fdc - ok
15:27:23.0202 3724 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:27:23.0212 3724 Fips - ok
15:27:23.0252 3724 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
15:27:23.0252 3724 Flpydisk - ok
15:27:23.0312 3724 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
15:27:23.0312 3724 FltMgr - ok
15:27:23.0372 3724 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:27:23.0382 3724 FontCache3.0.0.0 - ok
15:27:23.0412 3724 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:27:23.0412 3724 Fs_Rec - ok
15:27:23.0432 3724 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:27:23.0442 3724 Ftdisk - ok
15:27:23.0492 3724 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:27:23.0492 3724 Gpc - ok
15:27:23.0562 3724 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
15:27:23.0562 3724 gupdate - ok
15:27:23.0582 3724 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
15:27:23.0582 3724 gupdatem - ok
15:27:23.0653 3724 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:27:23.0663 3724 gusvc - ok
15:27:23.0733 3724 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:27:23.0733 3724 helpsvc - ok
15:27:23.0783 3724 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
15:27:23.0793 3724 HidServ - ok
15:27:23.0833 3724 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:27:23.0833 3724 HidUsb - ok
15:27:23.0883 3724 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
15:27:23.0893 3724 hkmsvc - ok
15:27:23.0913 3724 hpn - ok
15:27:23.0953 3724 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
15:27:23.0963 3724 HPZid412 - ok
15:27:23.0993 3724 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
15:27:23.0993 3724 HPZipr12 - ok
15:27:24.0033 3724 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
15:27:24.0033 3724 HPZius12 - ok
15:27:24.0123 3724 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:27:24.0123 3724 HTTP - ok
15:27:24.0203 3724 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
15:27:24.0243 3724 HTTPFilter - ok
15:27:24.0263 3724 i2omgmt - ok
15:27:24.0273 3724 i2omp - ok
15:27:24.0314 3724 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:27:24.0314 3724 i8042prt - ok
15:27:24.0364 3724 [ 759A944AA02F686EC069E6FF5B5636D8 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
15:27:24.0364 3724 ialm - ok
15:27:24.0484 3724 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:27:24.0504 3724 idsvc - ok
15:27:24.0554 3724 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
15:27:24.0554 3724 Imapi - ok
15:27:24.0614 3724 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
15:27:24.0624 3724 ImapiService - ok
15:27:24.0644 3724 ini910u - ok
15:27:24.0674 3724 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
15:27:24.0674 3724 IntelIde - ok
15:27:24.0724 3724 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:27:24.0734 3724 intelppm - ok
15:27:24.0764 3724 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
15:27:24.0774 3724 Ip6Fw - ok
15:27:24.0804 3724 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:27:24.0804 3724 IpInIp - ok
15:27:24.0844 3724 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:27:24.0854 3724 IpNat - ok
15:27:24.0904 3724 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:27:24.0914 3724 IPSec - ok
15:27:24.0944 3724 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
15:27:24.0944 3724 IRENUM - ok
15:27:24.0974 3724 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:27:24.0984 3724 isapnp - ok
15:27:25.0135 3724 [ 11C3EFB4BAC41175D03B1595DB1A4A4F ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
15:27:25.0145 3724 JavaQuickStarterService - ok
15:27:25.0175 3724 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:27:25.0185 3724 Kbdclass - ok
15:27:25.0235 3724 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:27:25.0235 3724 kbdhid - ok
15:27:25.0325 3724 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:27:25.0335 3724 kmixer - ok
15:27:25.0365 3724 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:27:25.0375 3724 KSecDD - ok
15:27:25.0415 3724 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
15:27:25.0425 3724 lanmanserver - ok
15:27:25.0475 3724 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:27:25.0495 3724 lanmanworkstation - ok
15:27:25.0515 3724 lbrtfdc - ok
15:27:25.0575 3724 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:27:25.0585 3724 LmHosts - ok
15:27:25.0645 3724 [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
15:27:25.0655 3724 McciCMService - ok
15:27:25.0746 3724 [ DBEF8BB9651BA4C23784850C982833FC ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
15:27:25.0756 3724 MDM - ok
15:27:25.0826 3724 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
15:27:25.0886 3724 Messenger - ok
15:27:26.0216 3724 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
15:27:26.0216 3724 mnmdd - ok
15:27:26.0266 3724 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
15:27:26.0276 3724 mnmsrvc - ok
15:27:26.0326 3724 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:27:26.0326 3724 Modem - ok
15:27:26.0346 3724 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:27:26.0346 3724 Mouclass - ok
15:27:26.0366 3724 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:27:26.0366 3724 mouhid - ok
15:27:26.0407 3724 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:27:26.0407 3724 MountMgr - ok
15:27:26.0487 3724 [ 313265CF4F5F02ED927774DA1DB3FE00 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:27:26.0487 3724 MozillaMaintenance - ok
15:27:26.0507 3724 mraid35x - ok
15:27:26.0557 3724 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
15:27:26.0557 3724 MREMP50 - ok
15:27:26.0567 3724 MREMPR5 - ok
15:27:26.0577 3724 MRENDIS5 - ok
15:27:26.0597 3724 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
15:27:26.0607 3724 MRESP50 - ok
15:27:26.0647 3724 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:27:26.0647 3724 MRxDAV - ok
15:27:26.0717 3724 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:27:26.0737 3724 MRxSmb - ok
15:27:26.0787 3724 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
15:27:26.0797 3724 MSDTC - ok
15:27:26.0827 3724 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:27:26.0827 3724 Msfs - ok
15:27:26.0847 3724 MSIServer - ok
15:27:26.0877 3724 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:27:26.0877 3724 MSKSSRV - ok
15:27:26.0927 3724 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:27:26.0927 3724 MSPCLOCK - ok
15:27:26.0957 3724 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:27:26.0957 3724 MSPQM - ok
15:27:27.0017 3724 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:27:27.0017 3724 mssmbios - ok
15:27:27.0108 3724 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:27:27.0108 3724 Mup - ok
15:27:27.0168 3724 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
15:27:27.0188 3724 napagent - ok
15:27:27.0238 3724 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:27:27.0238 3724 NDIS - ok
15:27:27.0268 3724 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:27:27.0278 3724 NdisTapi - ok
15:27:27.0318 3724 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:27:27.0318 3724 Ndisuio - ok
15:27:27.0348 3724 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:27:27.0358 3724 NdisWan - ok
15:27:27.0388 3724 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:27:27.0388 3724 NDProxy - ok
15:27:27.0438 3724 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
15:27:27.0438 3724 Net Driver HPZ12 - ok
15:27:27.0488 3724 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
15:27:27.0498 3724 NetBIOS - ok
15:27:27.0538 3724 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:27:27.0538 3724 NetBT - ok
15:27:27.0598 3724 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
15:27:27.0608 3724 NetDDE - ok
15:27:27.0628 3724 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:27:27.0638 3724 NetDDEdsdm - ok
15:27:27.0678 3724 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
15:27:27.0688 3724 Netlogon - ok
15:27:27.0728 3724 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
15:27:27.0748 3724 Netman - ok
15:27:27.0789 3724 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:27:27.0799 3724 NetTcpPortSharing - ok
15:27:27.0839 3724 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
15:27:27.0859 3724 Nla - ok
15:27:27.0909 3724 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:27:27.0909 3724 Npfs - ok
15:27:27.0969 3724 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:27:27.0979 3724 Ntfs - ok
15:27:28.0009 3724 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
15:27:28.0019 3724 NtLmSsp - ok
15:27:28.0099 3724 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:27:28.0119 3724 NtmsSvc - ok
15:27:28.0159 3724 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
15:27:28.0169 3724 Null - ok
15:27:28.0269 3724 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:27:28.0269 3724 NwlnkFlt - ok
15:27:28.0299 3724 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:27:28.0299 3724 NwlnkFwd - ok
15:27:28.0339 3724 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
15:27:28.0349 3724 Parport - ok
15:27:28.0379 3724 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:27:28.0379 3724 PartMgr - ok
15:27:28.0429 3724 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
15:27:28.0429 3724 ParVdm - ok
15:27:28.0470 3724 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
15:27:28.0480 3724 pccsmcfd - ok
15:27:28.0510 3724 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:27:28.0520 3724 PCI - ok
15:27:28.0530 3724 PCIDump - ok
15:27:28.0570 3724 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
15:27:28.0570 3724 PCIIde - ok
15:27:28.0620 3724 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:27:28.0630 3724 Pcmcia - ok
15:27:28.0640 3724 PDCOMP - ok
15:27:28.0660 3724 PDFRAME - ok
15:27:28.0680 3724 PDRELI - ok
15:27:28.0690 3724 PDRFRAME - ok
15:27:28.0710 3724 perc2 - ok
15:27:28.0720 3724 perc2hib - ok
15:27:28.0780 3724 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
15:27:28.0800 3724 PlugPlay - ok
15:27:28.0820 3724 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
15:27:28.0830 3724 Pml Driver HPZ12 - ok
15:27:28.0860 3724 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
15:27:28.0870 3724 PolicyAgent - ok
15:27:28.0920 3724 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:27:28.0920 3724 PptpMiniport - ok
15:27:28.0940 3724 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:27:28.0950 3724 ProtectedStorage - ok
15:27:28.0960 3724 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
15:27:28.0970 3724 PSched - ok
15:27:29.0020 3724 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:27:29.0020 3724 Ptilink - ok
15:27:29.0040 3724 ql1080 - ok
15:27:29.0050 3724 Ql10wnt - ok
15:27:29.0070 3724 ql12160 - ok
15:27:29.0090 3724 ql1240 - ok
15:27:29.0100 3724 ql1280 - ok
15:27:29.0120 3724 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:27:29.0120 3724 RasAcd - ok
15:27:29.0171 3724 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:27:29.0181 3724 RasAuto - ok
15:27:29.0221 3724 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:27:29.0221 3724 Rasl2tp - ok
15:27:29.0281 3724 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:27:29.0301 3724 RasMan - ok
15:27:29.0321 3724 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:27:29.0331 3724 RasPppoe - ok
15:27:29.0361 3724 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:27:29.0361 3724 Raspti - ok
15:27:29.0391 3724 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:27:29.0401 3724 Rdbss - ok
15:27:29.0431 3724 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:27:29.0431 3724 RDPCDD - ok
15:27:29.0491 3724 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:27:29.0491 3724 rdpdr - ok
15:27:29.0551 3724 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
15:27:29.0561 3724 RDPWD - ok
15:27:29.0601 3724 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:27:29.0621 3724 RDSessMgr - ok
15:27:29.0651 3724 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
15:27:29.0661 3724 redbook - ok
15:27:29.0701 3724 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:27:29.0711 3724 RemoteAccess - ok
15:27:29.0761 3724 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
15:27:29.0781 3724 RemoteRegistry - ok
15:27:29.0821 3724 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
15:27:29.0831 3724 RpcLocator - ok
15:27:29.0882 3724 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
15:27:29.0902 3724 RpcSs - ok
15:27:29.0942 3724 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
15:27:29.0962 3724 RSVP - ok
15:27:30.0022 3724 [ AE1E626F00180BFB3CA5A81FFFC65332 ] RT2500 C:\WINDOWS\system32\DRIVERS\RT2500.sys
15:27:30.0032 3724 RT2500 - ok
15:27:30.0052 3724 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
15:27:30.0062 3724 SamSs - ok
15:27:30.0082 3724 SASDIFSV - ok
15:27:30.0092 3724 SASKUTIL - ok
15:27:30.0172 3724 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:27:30.0182 3724 SCardSvr - ok
15:27:30.0242 3724 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:27:30.0262 3724 Schedule - ok
15:27:30.0302 3724 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:27:30.0302 3724 Secdrv - ok
15:27:30.0342 3724 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
15:27:30.0352 3724 seclogon - ok
15:27:30.0392 3724 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
15:27:30.0402 3724 SENS - ok
15:27:30.0452 3724 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
15:27:30.0462 3724 Serial - ok
15:27:30.0743 3724 [ F31E9531AF225CA25350D5E87E999B31 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
15:27:30.0973 3724 ServiceLayer - ok
15:27:31.0043 3724 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
15:27:31.0043 3724 Sfloppy - ok
15:27:31.0173 3724 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
15:27:31.0183 3724 SharedAccess - ok
15:27:31.0213 3724 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:27:31.0233 3724 ShellHWDetection - ok
15:27:31.0243 3724 Simbad - ok
15:27:31.0334 3724 [ CB66F528258A605B993DEB51FB1C71BD ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
15:27:31.0354 3724 smwdm - ok
15:27:31.0404 3724 [ 3978F082274F723AD5A0A8058C2417DD ] SoundMAX Agent Service (default) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
15:27:31.0404 3724 SoundMAX Agent Service (default) - ok
15:27:31.0424 3724 Sparrow - ok
15:27:31.0444 3724 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
15:27:31.0444 3724 splitter - ok
15:27:31.0504 3724 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:27:31.0524 3724 Spooler - ok
15:27:31.0554 3724 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:27:31.0564 3724 sr - ok
15:27:31.0634 3724 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
15:27:31.0644 3724 srservice - ok
15:27:31.0704 3724 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:27:31.0714 3724 Srv - ok
15:27:31.0744 3724 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:27:31.0774 3724 SSDPSRV - ok
15:27:31.0834 3724 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:27:31.0864 3724 stisvc - ok
15:27:31.0914 3724 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:27:31.0924 3724 swenum - ok
15:27:31.0945 3724 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
15:27:31.0955 3724 swmidi - ok
15:27:31.0965 3724 SwPrv - ok
15:27:31.0985 3724 symc810 - ok
15:27:32.0005 3724 symc8xx - ok
15:27:32.0015 3724 sym_hi - ok
15:27:32.0025 3724 sym_u3 - ok
15:27:32.0055 3724 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:27:32.0055 3724 sysaudio - ok
15:27:32.0145 3724 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:27:32.0155 3724 SysmonLog - ok
15:27:32.0245 3724 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:27:32.0265 3724 TapiSrv - ok
15:27:32.0315 3724 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:27:32.0335 3724 Tcpip - ok
15:27:32.0375 3724 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
15:27:32.0375 3724 TDPIPE - ok
15:27:32.0405 3724 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
15:27:32.0405 3724 TDTCP - ok
15:27:32.0445 3724 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:27:32.0445 3724 TermDD - ok
15:27:32.0505 3724 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
15:27:32.0535 3724 TermService - ok
15:27:32.0575 3724 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
15:27:32.0595 3724 Themes - ok
15:27:32.0635 3724 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
15:27:32.0656 3724 TlntSvr - ok
15:27:32.0746 3724 [ BDF9ED967F81145ED058601B1C4D8FB7 ] TOSHIBASoftModem C:\WINDOWS\system32\DRIVERS\LTSM.sys
15:27:32.0776 3724 TOSHIBASoftModem - ok
15:27:32.0796 3724 TosIde - ok
15:27:32.0836 3724 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:27:32.0856 3724 TrkWks - ok
15:27:32.0896 3724 [ 9FB4E326A7C70C3C4BE767B8EF932BCF ] TVALD C:\WINDOWS\system32\DRIVERS\TVALD.SYS
15:27:32.0896 3724 TVALD - ok
15:27:32.0916 3724 [ 80EBC386BD6F71E0B352C956492FD5BD ] TVALG C:\WINDOWS\system32\DRIVERS\TVALG.SYS
15:27:32.0926 3724 TVALG - ok
15:27:32.0956 3724 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:27:32.0966 3724 Udfs - ok
15:27:32.0996 3724 ultra - ok
15:27:33.0076 3724 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:27:33.0086 3724 Update - ok
15:27:33.0186 3724 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
15:27:33.0206 3724 upnphost - ok
15:27:33.0236 3724 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
15:27:33.0246 3724 UPS - ok
15:27:33.0306 3724 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:27:33.0316 3724 usbccgp - ok
15:27:33.0337 3724 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:27:33.0347 3724 usbehci - ok
15:27:33.0397 3724 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:27:33.0407 3724 usbhub - ok
15:27:33.0447 3724 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:27:33.0447 3724 usbprint - ok
15:27:33.0497 3724 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:27:33.0507 3724 usbscan - ok
15:27:33.0567 3724 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\drivers\usbser.sys
15:27:33.0567 3724 usbser - ok
15:27:33.0617 3724 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:27:33.0627 3724 USBSTOR - ok
15:27:33.0657 3724 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:27:33.0667 3724 usbuhci - ok
15:27:33.0697 3724 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:27:33.0697 3724 VgaSave - ok
15:27:33.0717 3724 ViaIde - ok
15:27:33.0777 3724 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
15:27:33.0777 3724 VolSnap - ok
15:27:33.0837 3724 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
15:27:33.0867 3724 VSS - ok
15:27:33.0907 3724 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
15:27:33.0927 3724 W32Time - ok
15:27:33.0977 3724 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:27:33.0977 3724 Wanarp - ok
15:27:34.0027 3724 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
15:27:34.0048 3724 Wdf01000 - ok
15:27:34.0058 3724 WDICA - ok
15:27:34.0098 3724 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:27:34.0098 3724 wdmaud - ok
15:27:34.0188 3724 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
15:27:34.0208 3724 WebClient - ok
15:27:34.0278 3724 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:27:34.0288 3724 winmgmt - ok
15:27:34.0388 3724 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
15:27:34.0438 3724 WinRM - ok
15:27:34.0518 3724 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
15:27:34.0528 3724 WmdmPmSN - ok
15:27:34.0588 3724 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
15:27:34.0608 3724 Wmi - ok
15:27:34.0648 3724 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:27:34.0658 3724 WmiApSrv - ok
15:27:34.0779 3724 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
15:27:34.0799 3724 WMPNetworkSvc - ok
15:27:34.0829 3724 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:27:34.0839 3724 WpdUsb - ok
15:27:34.0869 3724 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:27:34.0879 3724 WS2IFSL - ok
15:27:34.0929 3724 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
15:27:34.0949 3724 wscsvc - ok
15:27:34.0959 3724 WSearch - ok
15:27:35.0019 3724 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
15:27:35.0049 3724 wuauserv - ok
15:27:35.0129 3724 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:27:35.0129 3724 WudfPf - ok
15:27:35.0169 3724 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:27:35.0179 3724 WudfRd - ok
15:27:35.0239 3724 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
15:27:35.0259 3724 WudfSvc - ok
15:27:35.0329 3724 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:27:35.0359 3724 WZCSVC - ok
15:27:35.0409 3724 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:27:35.0440 3724 xmlprov - ok
15:27:35.0510 3724 [ D125E1445BB9DC951C250D4192E70841 ] ZD1211BU(TP-LINK) C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys
15:27:35.0540 3724 ZD1211BU(TP-LINK) - ok
15:27:35.0580 3724 [ 4FF040FE3099D578131CF62E3B822E0D ] {6080A529-897E-4629-A488-ABA0C29B635E} C:\WINDOWS\system32\drivers\ialmsbw.sys
15:27:35.0590 3724 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
15:27:35.0630 3724 [ 9623FE5A34823EF8BE6BA55CB52222E8 ] {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} C:\WINDOWS\system32\drivers\ialmkchw.sys
15:27:35.0630 3724 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
15:27:35.0650 3724 ================ Scan global ===============================
15:27:35.0690 3724 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
15:27:35.0750 3724 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:27:35.0800 3724 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:27:35.0850 3724 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
15:27:35.0860 3724 [Global] - ok
15:27:35.0870 3724 ================ Scan MBR ==================================
15:27:35.0880 3724 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
15:27:36.0080 3724 \Device\Harddisk0\DR0 - ok
15:27:36.0080 3724 ================ Scan VBR ==================================
15:27:36.0090 3724 [ C36CD0F3A143AD24C5BCF08A11A6D5E9 ] \Device\Harddisk0\DR0\Partition1
15:27:36.0090 3724 \Device\Harddisk0\DR0\Partition1 - ok
15:27:36.0110 3724 [ EA7CDDFD9FF14D770EC3A48A81460757 ] \Device\Harddisk0\DR0\Partition2
15:27:36.0121 3724 \Device\Harddisk0\DR0\Partition2 - ok
15:27:36.0121 3724 ============================================================
15:27:36.0121 3724 Scan finished
15:27:36.0121 3724 ============================================================
15:27:36.0151 2872 Detected object count: 0
15:27:36.0151 2872 Actual detected object count: 0


Now for the next one

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-29 15:31:16
-----------------------------
15:31:16.337 OS Version: Windows 5.1.2600 Service Pack 3
15:31:16.337 Number of processors: 1 586 0x209
15:31:16.337 ComputerName: LUIGI UserName:
15:31:17.619 Initialize success
15:31:17.829 AVAST engine defs: 12112900
15:31:38.910 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:31:38.910 Disk 0 Vendor: IC25N030ATMR04-0 MOAOAD4A Size: 28615MB BusType: 3
15:31:38.940 Disk 0 MBR read successfully
15:31:38.940 Disk 0 MBR scan
15:31:38.940 Disk 0 Windows XP default MBR code
15:31:38.940 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 10001 MB offset 63
15:31:38.940 Disk 0 Partition - 00 0F Extended LBA 18606 MB offset 20482875
15:31:38.970 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 18606 MB offset 20482938
15:31:38.970 Disk 0 scanning sectors +58589055
15:31:39.030 Disk 0 scanning C:\WINDOWS\system32\drivers
15:31:52.920 Service scanning
15:32:13.630 Modules scanning
15:32:22.713 Disk 0 trace - called modules:
15:32:23.063 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:32:23.063 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f90ab8]
15:32:23.063 3 CLASSPNP.SYS[f78f2fd7] -> nt!IofCallDriver -> \Device\00000077[0x82f87f18]
15:32:23.063 5 ACPI.sys[f7869620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82f58940]
15:32:23.494 AVAST engine scan C:\WINDOWS
15:32:40.829 AVAST engine scan C:\WINDOWS\system32
15:36:23.559 AVAST engine scan C:\WINDOWS\system32\drivers
15:36:41.865 AVAST engine scan C:\Documents and Settings\Richard
15:37:37.856 AVAST engine scan C:\Documents and Settings\All Users
15:38:05.055 Scan finished successfully
15:45:51.886 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Richard\Desktop\MBR.dat"
15:45:51.896 The log file has been saved successfully to "C:\Documents and Settings\Richard\Desktop\aswMBR.txt"


Outlook still asking to compact messages and desktop shortcut still missing but other than that all appears to be working well I think.
[email protected] know if i should just let outlook do it's thing.

Thanks again scottb.
  • 0

#8
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

go ahead and let outlook do its thing


:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

  • 0

#9
scottb

scottb

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
Hi Gringo,

Here is the log you requested.


ComboFix 12-12-01.01 - Richard 01/12/2012 7:53.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.751.470 [GMT 0:00]
Running from: c:\documents and settings\Richard\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Richard\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-01 to 2012-12-01 )))))))))))))))))))))))))))))))
.
.
2012-11-29 12:42 . 2012-11-29 12:42 -------- d-----w- c:\documents and settings\Richard\Local Settings\Application Data\Mozilla
2012-11-29 12:42 . 2012-11-29 12:42 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-11-29 12:42 . 2012-11-20 06:17 262112 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-11-29 12:42 . 2012-11-20 06:17 890008 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2012-11-29 11:21 . 2012-11-29 11:21 -------- d-----w- c:\documents and settings\Richard\Local Settings\Application Data\CRE
2012-11-28 20:32 . 2012-06-05 07:37 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-11-28 18:10 . 2012-11-28 18:23 -------- d-----w- c:\documents and settings\Richard\Application Data\FixBee
2012-11-28 18:10 . 2012-11-28 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\FixBee
2012-11-28 18:08 . 2012-11-28 18:23 -------- d-----w- c:\program files\FixBee
2012-11-28 17:55 . 2012-11-28 17:55 -------- d-----w- c:\documents and settings\Richard\Application Data\DriverCure
2012-11-28 17:55 . 2012-11-28 17:55 -------- d-----w- c:\documents and settings\Richard\Application Data\ParetoLogic
2012-11-28 17:55 . 2012-11-28 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2012-11-27 15:44 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-11-27 15:44 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-11-27 15:44 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-11-27 15:42 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2012-11-27 15:42 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-11-26 10:01 . 2012-10-30 22:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-11-26 10:01 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-26 10:01 . 2012-10-30 22:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-11-26 10:01 . 2012-10-30 22:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-11-26 10:01 . 2012-10-30 22:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-11-26 09:35 . 2012-11-26 09:35 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-26 09:35 . 2012-02-11 19:29 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-22 08:37 . 2004-08-04 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2004-08-04 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-29 19:54 . 2011-06-23 18:08 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-20 06:17 . 2012-11-29 12:42 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-04-06 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-04-06 114688]
"PmProxy"="c:\program files\Analog Devices\SoundMAX\PmProxy.exe" [2003-02-28 40960]
"Tpwrtray"="TPWRTRAY.EXE" [2003-05-07 221184]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2003-05-23 253952]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Richard^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Richard\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\000StTHK]
2001-06-23 19:28 24576 -c--a-w- c:\windows\system32\000StTHK.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 -c--a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
2010-09-29 11:27 1584640 -c--a-w- c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-14 21:17 49152 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-01-07 12:12 253672 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-04-27 18:16 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"MDM"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"GoToAssist"=3 (0x3)
"GoogleDesktopManager-051210-111108"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [26/11/2012 10:01 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [27/11/2012 15:44 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/11/2012 15:44 21256]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Richard\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Richard\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Richard\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Richard\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S3 ZD1211BU(TP-LINK);TP-LINK Wireless USB Adapter Driver(TP-LINK);c:\windows\system32\drivers\ZD1211BU.sys [29/05/2011 17:02 500736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-26 09:35]
.
2012-11-30 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-27 22:50]
.
2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-27 18:16]
.
2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-27 18:16]
.
2012-12-01 c:\windows\Tasks\User_Feed_Synchronization-{802FB642-22F5-42A1-8292-34E89E89D123}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Richard\Application Data\Mozilla\Firefox\Profiles\frwtctt5.default\
FF - ExtSQL: 2012-11-27 16:03; [email protected]; c:\program files\AVAST Software\Avast\WebRep\FF
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-01 08:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
- - - - - - - > 'explorer.exe'(1740)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-12-01 08:03:53
ComboFix-quarantined-files.txt 2012-12-01 08:03
ComboFix2.txt 2012-11-29 14:37
.
Pre-Run: 1,752,875,008 bytes free
Post-Run: 1,741,930,496 bytes free
.
- - End Of File - - 37B2AE347660F7EBA042FEBB80473A3F


The laptop seems fine at the moment a little slow to execute some applications but as I said I think it's just the age and spec of it.

Solved the outlook express compacting issue by resetting the compact check count to 0 in reg.

Thought I had solved the missing show desktop icon by creating an show desktop.scf and dragging into quick launch bar. It works whilst the laptop is on but problem reappears on reboot. Both issues were posted on different topics with in geeks to go just had to do a little digging. Pity the desktop icon one doesn't really work.

Any suggestions?

Thanks again Scott
  • 0

#10
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
try the fix-it here and let me know if it works - http://support.microsoft.com/kb/190355
  • 0

Advertisements


#11
scottb

scottb

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
H Gringo,

That was the fix I used it works until you reboot laptop then icon is missing again

Scott
  • 0

#12
scottb

scottb

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
Hi Gringo,

Bizarre, just did it again and this time it worked. I think I know how, when I dragged it into the quick launch bar first time it restored old desktop icon and created new one. So I deleted old one and renamed new one. This time I just deleted new one and left old one. rebooted Hey Presto shortcut to show desktop is` still there.

Hope the log looks good

Scottb
  • 0

#13
scottb

scottb

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
Hi Gringo,

Bizarre, just did it again and this time it worked. I think I know how, when I dragged it into the quick launch bar first time it restored old desktop icon and created new one. So I deleted old one and renamed new one. This time I just deleted new one and left old one. rebooted Hey Presto shortcut to show desktop is` still there.

Hope the log looks good

Scottb
  • 0

#14
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

Things are looking good.

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#15
scottb

scottb

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
Hi Gringo,

The push windows key plus R isn't opening anything all it does is highlight different desktop icon each time you hit them. the windows icon on this laptop is on the top row beside the numbers, if that makes any difference?

scottb
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP