Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Internet connection slow [Solved]


  • This topic is locked This topic is locked

#1
FredyC

FredyC

    New Member

  • Member
  • Pip
  • 9 posts
Hello. I would like to ask for help with my girlfriend's notebook, pretty old piece HP Compaq NX 7400. Installed with Windows XP Pro SP3 32bit. We have DSL cable connection of 30MBit speed. On my computer everything is running smoothly, but that notebook has serious problems. Both computers are connected through RJ45 cable to same router. Loading some webpage takes like 10 times longer than on my computer. General work speed of computer is ok. Problem started showing roughly month ago, but i had not much time to look into it.

There is Avast Free Antivirus installed and running all shields. Quick scan didn't found anything. I will try to run full scan in the night, but I don't think it will help. I tried hijackthis, which seemed ok to my humble opinion and online analyzer confirmed. I am not posting log of that as advised in guide. OTL log follows. I also tried scan with http://www.safer-networking.org/, but it didn't found anything harmful. Today I had found out that Windows Firewall was turned off, so could be possible way of infection. I had turned it on now. During scan of OTP i had turned off Avast shields and closed all apps.

OTL logfile created on: 2.12.2012 18:19:25 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = F:\ANDREA
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Czech Republic | Language: CSY | Date Format: d.M.yyyy

2,49 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 77,14% Memory free
6,09 Gb Paging File | 5,71 Gb Available in Paging File | 93,79% Paging File free
Paging file location(s): C:\pagefile.sys 3840 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Program Files
Drive C: | 24,41 Gb Total Space | 5,59 Gb Free Space | 22,90% Space Free | Partition Type: NTFS
Drive F: | 31,49 Gb Total Space | 25,06 Gb Free Space | 79,58% Space Free | Partition Type: NTFS

Computer Name: ANDREA | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.12.02 17:21:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\ANDREA\OTL.exe
PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.11.10 17:42:42 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2008.04.14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINXP\explorer.exe
PRC - [2006.11.03 10:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINXP\PixArt\Pac7302\Monitor.exe


========== Modules (No Company Name) ==========

MOD - [2012.12.01 18:30:29 | 002,036,224 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12120101\algo.dll
MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012.11.01 21:37:10 | 001,581,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft\Media Tools\plugins\pl-9b15434a5c528291c2b2ea144fd2eafb.dll
MOD - [2012.11.01 20:34:19 | 000,220,160 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft\Media Tools\MediaIconsOverlays.dll
MOD - [2012.08.23 09:38:24 | 000,574,840 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
MOD - [2012.07.18 20:06:35 | 000,753,664 | ---- | M] () -- C:\WINXP\system32\bcm1xsup.dll
MOD - [2012.03.11 17:07:38 | 000,159,744 | ---- | M] () -- C:\Program Files\Mega Codec Pack\Filters\Haali\mmfinfo.dll
MOD - [2011.09.08 14:59:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Mega Codec Pack\Filters\Haali\mkunicode.dll
MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.10.20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2012.11.10 17:42:42 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.06.12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2008.03.18 15:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\WINXP\system32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINXP\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINXP\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINXP\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINXP\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012.10.30 23:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINXP\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.10.30 23:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINXP\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINXP\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.02.25 00:02:56 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008.10.23 00:58:36 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008.03.21 15:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007.06.14 14:29:08 | 000,457,856 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2005.08.05 10:33:56 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-73586283-630328440-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm
IE - HKU\S-1-5-21-73586283-630328440-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-73586283-630328440-1417001333-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-73586283-630328440-1417001333-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-73586283-630328440-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINXP\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINXP\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINXP\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - homepage: http://www.gmail.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.gmail.com/
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINXP\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Gmail = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,734 | ---- | M]) - C:\WINXP\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINXP\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-73586283-630328440-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-73586283-630328440-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-73586283-630328440-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1344340525578 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDCEBADC-90FB-400B-99C6-3B13B3A514F2}: DhcpNameServer = 213.46.172.36 213.46.172.37
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINXP\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINXP\system32\userinit.exe) - C:\WINXP\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.07.18 19:51:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.12.02 17:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012.12.02 17:10:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2012.12.02 17:10:14 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINXP\System32\sdnclean.exe
[2012.12.02 17:10:03 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2012.11.26 13:27:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\soucasne-navyky
[2012.11.10 17:46:31 | 000,000,000 | ---D | C] -- C:\Jts
[2012.11.10 17:44:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Sun
[2012.11.10 17:44:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012.11.10 17:44:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.11.10 17:42:31 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.11.10 17:40:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Sun
[1 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.12.02 18:17:10 | 000,000,620 | ---- | M] () -- C:\WINXP\tasks\Check for updates (Spybot - Search & Destroy).job
[2012.12.02 17:38:20 | 000,001,032 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-630328440-1417001333-1003UA.job
[2012.12.02 17:10:45 | 000,000,616 | ---- | M] () -- C:\WINXP\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012.12.02 17:10:45 | 000,000,446 | ---- | M] () -- C:\WINXP\tasks\Scan the system (Spybot - Search & Destroy).job
[2012.12.02 17:10:24 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2012.12.02 16:48:03 | 000,433,426 | ---- | M] () -- C:\WINXP\System32\perfh009.dat
[2012.12.02 16:48:03 | 000,068,216 | ---- | M] () -- C:\WINXP\System32\perfc009.dat
[2012.12.02 14:39:42 | 000,000,793 | ---- | M] () -- C:\WINXP\WDICT32.INI
[2012.12.02 12:18:30 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Admin\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012.12.02 09:55:36 | 000,002,297 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2012.12.01 21:03:13 | 000,000,364 | -H-- | M] () -- C:\WINXP\tasks\avast! Emergency Update.job
[2012.12.01 19:38:00 | 000,000,980 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-630328440-1417001333-1003Core.job
[2012.12.01 08:55:22 | 000,000,214 | ---- | M] () -- C:\WINXP\tasks\AutoKMSDaily.job
[2012.12.01 08:55:07 | 000,151,552 | ---- | M] () -- C:\WINXP\KMSEmulator.exe
[2012.11.30 19:45:13 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012.11.30 08:55:45 | 000,000,212 | ---- | M] () -- C:\WINXP\tasks\AutoKMS.job
[2012.11.30 08:54:57 | 000,002,206 | ---- | M] () -- C:\WINXP\System32\wpa.dbl
[2012.11.30 08:54:24 | 000,002,048 | --S- | M] () -- C:\WINXP\bootstat.dat
[2012.11.28 21:06:35 | 000,002,341 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NinjaTrader 7.lnk
[2012.11.26 13:49:03 | 000,151,672 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\idealni-navyky.pdf
[2012.11.26 13:27:28 | 000,501,309 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\soucasne-navyky.zip
[2012.11.26 13:21:38 | 000,088,207 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\soucasne-navyky.pdf
[2012.11.22 20:05:37 | 000,026,546 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\irish.pdf
[2012.11.22 11:50:56 | 000,054,712 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Prodejni_hvezda.pdf
[2012.11.13 21:00:36 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.10 17:46:27 | 000,000,008 | RH-- | M] () -- C:\Documents and Settings\Admin\hwid
[2012.11.10 17:32:48 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\edemo.jnlp
[2012.11.06 09:03:34 | 000,002,625 | ---- | M] () -- C:\WINXP\System32\CONFIG.NT
[1 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.12.02 17:10:44 | 000,000,446 | ---- | C] () -- C:\WINXP\tasks\Scan the system (Spybot - Search & Destroy).job
[2012.12.02 17:10:43 | 000,000,620 | ---- | C] () -- C:\WINXP\tasks\Check for updates (Spybot - Search & Destroy).job
[2012.12.02 17:10:43 | 000,000,616 | ---- | C] () -- C:\WINXP\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012.12.02 17:10:24 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012.12.02 17:10:24 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2012.11.26 13:49:03 | 000,151,672 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\idealni-navyky.pdf
[2012.11.26 13:27:24 | 000,501,309 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\soucasne-navyky.zip
[2012.11.26 13:21:36 | 000,088,207 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\soucasne-navyky.pdf
[2012.11.22 20:05:36 | 000,026,546 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\irish.pdf
[2012.11.22 11:50:54 | 000,054,712 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Prodejni_hvezda.pdf
[2012.11.13 21:00:36 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.10 17:46:27 | 000,000,008 | RH-- | C] () -- C:\Documents and Settings\Admin\hwid
[2012.11.10 17:32:48 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\edemo.jnlp
[2012.08.15 11:03:51 | 000,151,552 | ---- | C] () -- C:\WINXP\KMSEmulator.exe
[2012.07.19 11:15:47 | 000,000,793 | ---- | C] () -- C:\WINXP\WDICT32.INI
[2012.07.19 10:56:18 | 000,178,176 | ---- | C] () -- C:\WINXP\System32\unrar.dll
[2012.07.19 09:24:07 | 000,000,566 | ---- | C] () -- C:\WINXP\System32\SP7302.INI
[2012.07.18 21:41:36 | 000,000,107 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012.07.18 21:32:56 | 000,004,073 | ---- | C] () -- C:\WINXP\ODBCINST.INI
[2012.07.18 21:31:18 | 000,189,000 | ---- | C] () -- C:\WINXP\System32\FNTCACHE.DAT
[2012.07.18 20:27:41 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\winscp.rnd
[2012.07.18 20:12:47 | 000,003,072 | ---- | C] () -- C:\WINXP\System32\iacenc.dll
[2012.07.18 20:06:48 | 000,139,264 | ---- | C] () -- C:\WINXP\System32\preflib.dll
[2012.07.18 20:06:47 | 000,024,064 | ---- | C] () -- C:\WINXP\System32\WLTRYSVC.EXE
[2012.07.18 20:06:46 | 000,753,664 | ---- | C] () -- C:\WINXP\System32\bcm1xsup.dll
[2012.07.18 20:01:49 | 000,147,456 | ---- | C] () -- C:\WINXP\System32\igfxCoIn_v4926.dll
[2012.07.18 19:55:37 | 000,002,048 | --S- | C] () -- C:\WINXP\bootstat.dat
[2012.07.18 19:46:07 | 000,021,640 | ---- | C] () -- C:\WINXP\System32\emptyregdb.dat
[2012.06.07 06:25:32 | 000,086,016 | ---- | C] () -- C:\WINXP\System32\NtDirect.dll

========== ZeroAccess Check ==========

[2012.07.18 21:08:55 | 000,000,227 | RHS- | M] () -- C:\WINXP\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 13:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINXP\system32\wbem\fastprox.dll -- [2010.09.16 17:11:04 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINXP\system32\wbem\wbemess.dll -- [2008.04.14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.09.15 12:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Foxit Software
[2012.10.29 16:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\KeePass
[2012.07.19 12:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Luxor - Fifth Passage
[2012.07.19 12:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\MumboJumbo
[2012.07.18 21:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012.07.19 12:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
FredyC

FredyC

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hello. Thank you for you quick reply. I did everything as advised, so log files follow. RogueKiller actually created two log files, one prefixed "RKreport[1]_S" and other "RKreport[2]_D". I am posting both of them.

After all programs I tried performance of internet connection on the notebook, especially browsing on page with many pictures, and problem is not solved. Takes roughly 15 seconds just to load page without images. My computer does the same thing very much under 1 second. Girlfriend told me, it's subjectively "better" for some pages.

Also i noticed first program is talking about defragmentation. Just want to mention, that computer overall performance is pretty fine. Will not run defrag unless said so.

 

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 9
Adobe Flash Player 11.3.300.268
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 29% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

 

# AdwCleaner v2.011 - Logfile created 12/03/2012 at 17:42:38
# Updated 02/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Admin - ANDREA
# Boot Mode : Normal
# Running from : F:\Repair\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.95

File : C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [878 octets] - [03/12/2012 17:42:38]

########## EOF - C:\AdwCleaner[S1].txt - [937 octets] ##########

 

RogueKiller V8.3.1 [Dec 2 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Admin [Admin rights]
Mode : Scan -- Date : 12/03/2012 17:50:14

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINXP\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HTS541060G9SA00 +++++
--- User ---
[MBR] 16b0f4a43a4f669ed8ea1179f80fc70e
[BSP] dd8de7ef5fd01f647c226b939c7887b9 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 15120 | Size: 24990 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 51196320 | Size: 32240 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_12032012_02d1750.txt >>
RKreport[1]_S_12032012_02d1750.txt

 

RogueKiller V8.3.1 [Dec 2 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Admin [Admin rights]
Mode : Remove -- Date : 12/03/2012 17:51:45

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSearch (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINXP\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HTS541060G9SA00 +++++
--- User ---
[MBR] 16b0f4a43a4f669ed8ea1179f80fc70e
[BSP] dd8de7ef5fd01f647c226b939c7887b9 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 15120 | Size: 24990 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 51196320 | Size: 32240 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_12032012_02d1751.txt >>
RKreport[1]_S_12032012_02d1750.txt ; RKreport[2]_D_12032012_02d1751.txt

Edited by FredyC, 03 December 2012 - 11:15 AM.

  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
FredyC

FredyC

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
It took me quiet a while to post this, because things were changing every moment during process and I had to update this post few times.

Everything had run smoothly as told. Recovery console has been installed. ComboFix finished it's job even without single restart. I had re-enabled Windows Firewall when finished and restarted the system just to be sure.

First impression was like it's fixed, but now it's hard to tell. Some webpages loads somewhat fast, usually those that were visited before, but I would not call it exact rule. When having opened more tabs in Chrome, the problem is more visible. Most of the page is loaded, but there is still loading indicator in title. And it seems to be limiting other tabs, because once I hit Esc on such "still loading" tab, content on other tab appears like magic. Just to be sure it's not Chrome issue, I tried Internet Explorer, but it's similar behaviour.

This could be completely unrelated, but I would rather to write it here. After couple minutes everything started to be kinda laggy. I opened task manager and seen there that explorer.exe is eating up 99% of cpu time. I tried to end that process and start again, but after couple seconds, it was again at 99%. Seemed to me like Windows are "catching up" after removal of some nasty thing, but it was hard to tell. So I closed all applications and cpu usage went back to normal after couple of seconds. Meanwhile Windows Update dialog popped that it installed some security updates. It's interesting it popped right after running ComboFix tool. Possibly something was blocking it ? So I restarted system again as it wanted.

After full system startup, explorer.exe went up with cpu usage again. I closed all apps and after couple seconds it calmed down again. I tried starting Skype first, as it's one of things that starts on boot. And it caused cpu usage for explorer.exe again. I tried updating Skype to newest version and for a while it seemed like solving the problem, but later when girlfriend played the video on youtube, this issue has returned and I had to shutdown Skype again. There is definitely some problem with that.

And about playing those videos, it takes quite long (15-30 seconds) to start the video and after while sound and picture starts to stutter. Like very short but very frequent pauses in video.

Hope it's enough information to continue in solving the problem.

 
ComboFix 12-12-02.01 - Admin 03.12.2012 19:25:39.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2551.2136 [GMT 1:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\SLOVA.WAV
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\TMP.WAV
.
.
((((((((((((((((((((((((( Files Created from 2012-11-03 to 2012-12-03 )))))))))))))))))))))))))))))))
.
.
2012-12-02 16:10 . 2012-12-02 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-12-02 16:10 . 2012-12-03 16:33 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-11-10 16:46 . 2012-11-12 12:38 -------- d-----w- C:\Jts
2012-11-10 16:44 . 2012-11-10 16:44 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Sun
2012-11-10 16:44 . 2012-11-10 16:44 -------- d-----w- c:\program files\Common Files\Java
2012-11-10 16:43 . 2012-11-10 16:42 821736 ----a-w- c:\winxp\system32\npDeployJava1.dll
2012-11-10 16:43 . 2012-11-10 16:42 143872 ----a-w- c:\winxp\system32\javacpl.cpl
2012-11-10 16:43 . 2012-11-10 16:42 746984 ----a-w- c:\winxp\system32\deployJava1.dll
2012-11-10 16:43 . 2012-11-10 16:42 93672 ----a-w- c:\winxp\system32\WindowsAccessBridge.dll
2012-11-10 16:42 . 2012-11-10 16:42 -------- d-----w- c:\program files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-03 16:44 . 2012-08-15 10:03 151552 ----a-w- c:\winxp\KMSEmulator.exe
2012-11-01 20:46 . 2012-12-03 17:42 7465580 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Media Tools\plugins\mediahash\downloads\Chernobyl Diaries 2012 (English) DVDRip.3LT0N\Mega Codec Pack 9.2.exe
2012-11-01 20:37 . 2012-11-01 20:37 1581056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Media Tools\plugins\pl-9b15434a5c528291c2b2ea144fd2eafb.dll
2012-11-01 19:34 . 2012-11-01 19:34 220160 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Media Tools\MediaIconsOverlays.dll
2012-10-30 22:51 . 2012-07-18 20:22 361032 ----a-w- c:\winxp\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-07-18 20:22 35928 ----a-w- c:\winxp\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2012-07-18 20:22 54232 ----a-w- c:\winxp\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-07-18 20:22 738504 ----a-w- c:\winxp\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-07-18 20:22 97608 ----a-w- c:\winxp\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2012-07-18 20:22 89752 ----a-w- c:\winxp\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2012-07-18 20:22 21256 ----a-w- c:\winxp\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-07-18 20:22 25256 ----a-w- c:\winxp\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2012-07-18 20:21 41224 ----a-w- c:\winxp\avastSS.scr
2012-10-30 22:50 . 2012-07-18 20:21 227648 ----a-w- c:\winxp\system32\aswBoot.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MediaIconsOerlay]
@="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"
[HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]
2012-11-01 19:34 220160 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Media Tools\MediaIconsOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\winxp\system32\igfxpers.exe" [2008-08-20 137752]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"PAC7302_Monitor"="c:\winxp\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2012-10-04 1912832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\winxp\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Admin\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2012-07-18 19:06 1839104 ----a-w- c:\winxp\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-08-20 08:05 166424 ----a-w- c:\winxp\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-08-20 08:06 141848 ----a-w- c:\winxp\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2006-07-13 06:12 729088 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-01-05 15:36 872448 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-14 17:29 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"SkypeUpdate"=2 (0x2)
"osppsvc"=3 (0x3)
"ose"=3 (0x3)
"Microsoft SharePoint Workspace Audit Service"=3 (0x3)
"idsvc"=3 (0x3)
"AgereModemAudio"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NinjaTrader 7\\bin\\NinjaTrader.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\WINXP\\KMSEmulator.exe"=
.
R1 aswSnx;aswSnx;c:\winxp\system32\drivers\aswSnx.sys [18.7.2012 21:22 738504]
R1 aswSP;aswSP;c:\winxp\system32\drivers\aswSP.sys [18.7.2012 21:22 361032]
R2 aswFsBlk;aswFsBlk;c:\winxp\system32\drivers\aswFsBlk.sys [18.7.2012 21:22 21256]
S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 12:28 160944]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-03 c:\winxp\Tasks\AutoKMS.job
- c:\winxp\AutoKMS\AutoKMS.exe [2012-08-15 10:04]
.
2012-12-03 c:\winxp\Tasks\AutoKMSDaily.job
- c:\winxp\AutoKMS\AutoKMS.exe [2012-08-15 10:04]
.
2012-12-03 c:\winxp\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-18 22:50]
.
2012-12-02 c:\winxp\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-630328440-1417001333-1003Core.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-18 19:23]
.
2012-12-03 c:\winxp\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-630328440-1417001333-1003UA.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-18 19:23]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-03 19:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(688)
c:\winxp\System32\BCMLogon.dll
.
Completion time: 2012-12-03 19:31:07
ComboFix-quarantined-files.txt 2012-12-03 18:31
.
Pre-Run: 9 064 398 848 bytes free
Post-Run: 9 180 000 256 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINXP
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINXP="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 345D85BB8B252AC542A4FE09FAF48E79
  • 0

#6
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings FredyC


I want you to reset the DMA you can do this by this script here - Reset DMA

If you have problems when you click on the link try to right click on the link and select "Save Target As" and then save to your desktop.
Once it is on your desktop right click on the file and select "Run"

If you still can't run it then you can go here "Reset DMA" to see what I want to do



I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
  • 0

#7
FredyC

FredyC

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hello Gringo, thanks for your reply.

ResetDMA run smoothly, it told me it had reset master and slave, than system reboot followed. TDSSKiller didn't found any threats.

aswMBR didn't ask for extra definitions. I waited like 15 seconds and when nothing has showed up, I had just hit Scan. Also I am not really sure if aswMBR has finished it's job, it looked like doing nothing, but there was no message about finishing. Button "save log" was available, so I used it. Please tell me if I need to run this again.

Performance of the internet browsing is the same after these scans.

 
07:33:58.0718 3844 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
07:33:58.0859 3844 ============================================================
07:33:58.0859 3844 Current date / time: 2012/12/04 07:33:58.0859
07:33:58.0859 3844 SystemInfo:
07:33:58.0859 3844
07:33:58.0859 3844 OS Version: 5.1.2600 ServicePack: 3.0
07:33:58.0859 3844 Product type: Workstation
07:33:58.0859 3844 ComputerName: ANDREA
07:33:58.0859 3844 UserName: Admin
07:33:58.0859 3844 Windows directory: C:\WINXP
07:33:58.0859 3844 System windows directory: C:\WINXP
07:33:58.0859 3844 Processor architecture: Intel x86
07:33:58.0859 3844 Number of processors: 1
07:33:58.0859 3844 Page size: 0x1000
07:33:58.0859 3844 Boot type: Normal boot
07:33:58.0859 3844 ============================================================
07:34:02.0343 3844 Drive \Device\Harddisk0\DR0 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1E49, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
07:34:02.0343 3844 ============================================================
07:34:02.0343 3844 \Device\Harddisk0\DR0:
07:34:02.0375 3844 MBR partitions:
07:34:02.0390 3844 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3B4F, BlocksNum 0x30CF651
07:34:02.0390 3844 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x30D31A0, BlocksNum 0x3EF85F0
07:34:02.0390 3844 ============================================================
07:34:02.0531 3844 F: <-> \Device\Harddisk0\DR0\Partition2
07:34:02.0640 3844 C: <-> \Device\Harddisk0\DR0\Partition1
07:34:02.0640 3844 ============================================================
07:34:02.0640 3844 Initialize success
07:34:02.0640 3844 ============================================================
07:34:12.0171 3904 ============================================================
07:34:12.0171 3904 Scan started
07:34:12.0171 3904 Mode: Manual;
07:34:12.0171 3904 ============================================================
07:34:13.0171 3904 ================ Scan system memory ========================
07:34:13.0171 3904 System memory - ok
07:34:13.0218 3904 ================ Scan services =============================
07:34:13.0515 3904 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINXP\system32\drivers\Aavmker4.sys
07:34:13.0578 3904 Aavmker4 - ok
07:34:13.0578 3904 Abiosdsk - ok
07:34:13.0609 3904 abp480n5 - ok
07:34:13.0656 3904 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINXP\system32\DRIVERS\ACPI.sys
07:34:13.0703 3904 ACPI - ok
07:34:13.0750 3904 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINXP\system32\DRIVERS\ACPIEC.sys
07:34:13.0796 3904 ACPIEC - ok
07:34:13.0828 3904 [ 7356EFF52AD50B8946D346002118CE62 ] ADIHdAudAddService C:\WINXP\system32\drivers\ADIHdAud.sys
07:34:13.0890 3904 ADIHdAudAddService - ok
07:34:13.0890 3904 adpu160m - ok
07:34:13.0921 3904 [ FFF87A9B1AB36EE4B7BEC98A4CB01B79 ] AEAudio C:\WINXP\system32\drivers\AEAudio.sys
07:34:14.0015 3904 AEAudio - ok
07:34:14.0078 3904 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINXP\system32\drivers\aec.sys
07:34:14.0171 3904 aec - ok
07:34:14.0234 3904 [ F6B7B1ECD7B41736BDB6FF4B092BCB79 ] AFD C:\WINXP\System32\drivers\afd.sys
07:34:14.0328 3904 AFD - ok
07:34:14.0390 3904 [ EFBC44FBD75E4F80BD927AEBF6E7EADE ] AgereModemAudio C:\WINXP\system32\agrsmsvc.exe
07:34:14.0453 3904 AgereModemAudio - ok
07:34:14.0515 3904 [ 1CFEBA39FC613E45B49D3EDDFBCDA289 ] AgereSoftModem C:\WINXP\system32\DRIVERS\AGRSM.sys
07:34:14.0578 3904 AgereSoftModem - ok
07:34:14.0578 3904 Aha154x - ok
07:34:14.0625 3904 aic78u2 - ok
07:34:14.0625 3904 aic78xx - ok
07:34:14.0656 3904 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINXP\system32\alrsvc.dll
07:34:14.0718 3904 Alerter - ok
07:34:14.0765 3904 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINXP\System32\alg.exe
07:34:14.0781 3904 ALG - ok
07:34:14.0781 3904 AliIde - ok
07:34:14.0781 3904 amsint - ok
07:34:14.0843 3904 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINXP\System32\appmgmts.dll
07:34:14.0875 3904 AppMgmt - ok
07:34:14.0890 3904 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINXP\system32\DRIVERS\arp1394.sys
07:34:14.0937 3904 Arp1394 - ok
07:34:14.0937 3904 asc - ok
07:34:14.0937 3904 asc3350p - ok
07:34:14.0968 3904 asc3550 - ok
07:34:15.0062 3904 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINXP\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
07:34:15.0078 3904 aspnet_state - ok
07:34:15.0093 3904 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINXP\system32\drivers\aswFsBlk.sys
07:34:15.0140 3904 aswFsBlk - ok
07:34:15.0140 3904 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINXP\system32\drivers\aswMon2.sys
07:34:15.0203 3904 aswMon2 - ok
07:34:15.0203 3904 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\WINXP\system32\drivers\AswRdr.sys
07:34:15.0234 3904 AswRdr - ok
07:34:15.0312 3904 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINXP\system32\drivers\aswSnx.sys
07:34:15.0359 3904 aswSnx - ok
07:34:15.0375 3904 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINXP\system32\drivers\aswSP.sys
07:34:15.0390 3904 aswSP - ok
07:34:15.0421 3904 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINXP\system32\drivers\aswTdi.sys
07:34:15.0515 3904 aswTdi - ok
07:34:15.0531 3904 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINXP\system32\DRIVERS\asyncmac.sys
07:34:15.0578 3904 AsyncMac - ok
07:34:15.0578 3904 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINXP\system32\DRIVERS\atapi.sys
07:34:15.0671 3904 atapi - ok
07:34:15.0671 3904 Atdisk - ok
07:34:15.0687 3904 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINXP\system32\DRIVERS\atmarpc.sys
07:34:15.0718 3904 Atmarpc - ok
07:34:15.0734 3904 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINXP\System32\audiosrv.dll
07:34:15.0796 3904 AudioSrv - ok
07:34:15.0843 3904 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINXP\system32\DRIVERS\audstub.sys
07:34:15.0890 3904 audstub - ok
07:34:16.0031 3904 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
07:34:16.0046 3904 avast! Antivirus - ok
07:34:16.0156 3904 [ 37F385A93C620CBE0F89C17E45F697A1 ] BCM43XX C:\WINXP\system32\DRIVERS\bcmwl5.sys
07:34:16.0265 3904 BCM43XX - ok
07:34:16.0312 3904 [ C768C8A463D32C219CE291645A0621A4 ] bcm4sbxp C:\WINXP\system32\DRIVERS\bcm4sbxp.sys
07:34:16.0406 3904 bcm4sbxp - ok
07:34:16.0468 3904 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINXP\system32\drivers\Beep.sys
07:34:16.0562 3904 Beep - ok
07:34:16.0640 3904 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINXP\system32\qmgr.dll
07:34:17.0656 3904 BITS - ok
07:34:17.0734 3904 [ FC6D1D80588D371F0321E15A75B2F8F2 ] Browser C:\WINXP\System32\browser.dll
07:34:17.0796 3904 Browser - ok
07:34:17.0906 3904 catchme - ok
07:34:17.0937 3904 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINXP\system32\drivers\cbidf2k.sys
07:34:18.0062 3904 cbidf2k - ok
07:34:18.0093 3904 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINXP\system32\DRIVERS\CCDECODE.sys
07:34:18.0187 3904 CCDECODE - ok
07:34:18.0218 3904 cd20xrnt - ok
07:34:18.0234 3904 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINXP\system32\drivers\Cdaudio.sys
07:34:18.0312 3904 Cdaudio - ok
07:34:18.0375 3904 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINXP\system32\drivers\Cdfs.sys
07:34:18.0531 3904 Cdfs - ok
07:34:18.0593 3904 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINXP\system32\DRIVERS\cdrom.sys
07:34:18.0718 3904 Cdrom - ok
07:34:18.0718 3904 Changer - ok
07:34:18.0750 3904 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINXP\system32\cisvc.exe
07:34:18.0875 3904 CiSvc - ok
07:34:18.0890 3904 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINXP\system32\clipsrv.exe
07:34:19.0000 3904 ClipSrv - ok
07:34:19.0062 3904 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINXP\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:34:19.0093 3904 clr_optimization_v2.0.50727_32 - ok
07:34:19.0156 3904 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINXP\system32\DRIVERS\CmBatt.sys
07:34:19.0187 3904 CmBatt - ok
07:34:19.0187 3904 CmdIde - ok
07:34:19.0187 3904 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINXP\system32\DRIVERS\compbatt.sys
07:34:19.0343 3904 Compbatt - ok
07:34:19.0343 3904 COMSysApp - ok
07:34:19.0390 3904 Cpqarray - ok
07:34:19.0421 3904 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINXP\System32\cryptsvc.dll
07:34:19.0578 3904 CryptSvc - ok
07:34:19.0578 3904 dac2w2k - ok
07:34:19.0609 3904 dac960nt - ok
07:34:19.0625 3904 [ 9222562D44021B988B9F9F62207FB6F2 ] DcomLaunch C:\WINXP\system32\rpcss.dll
07:34:20.0593 3904 DcomLaunch - ok
07:34:20.0640 3904 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINXP\System32\dhcpcsvc.dll
07:34:20.0843 3904 Dhcp - ok
07:34:20.0875 3904 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINXP\system32\DRIVERS\disk.sys
07:34:20.0937 3904 Disk - ok
07:34:20.0968 3904 dmadmin - ok
07:34:21.0015 3904 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINXP\system32\drivers\dmboot.sys
07:34:21.0093 3904 dmboot - ok
07:34:21.0125 3904 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINXP\system32\drivers\dmio.sys
07:34:21.0250 3904 dmio - ok
07:34:21.0265 3904 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINXP\system32\drivers\dmload.sys
07:34:21.0343 3904 dmload - ok
07:34:21.0359 3904 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINXP\System32\dmserver.dll
07:34:21.0625 3904 dmserver - ok
07:34:21.0640 3904 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINXP\system32\drivers\DMusic.sys
07:34:21.0687 3904 DMusic - ok
07:34:21.0718 3904 [ D977659AE4D8ECE5286D99D1ED34614D ] Dnscache C:\WINXP\System32\dnsrslvr.dll
07:34:21.0937 3904 Dnscache - ok
07:34:22.0000 3904 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINXP\System32\dot3svc.dll
07:34:22.0234 3904 Dot3svc - ok
07:34:22.0265 3904 dpti2o - ok
07:34:22.0312 3904 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINXP\system32\drivers\drmkaud.sys
07:34:22.0421 3904 drmkaud - ok
07:34:22.0453 3904 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINXP\System32\eapsvc.dll
07:34:22.0796 3904 EapHost - ok
07:34:22.0843 3904 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINXP\System32\ersvc.dll
07:34:23.0125 3904 ERSvc - ok
07:34:23.0171 3904 [ 020CEAAEDC8EB655B6506B8C70D53BB6 ] Eventlog C:\WINXP\system32\services.exe
07:34:24.0156 3904 Eventlog - ok
07:34:24.0187 3904 [ F17F6226BDC0CD5F0BEF0DAF84D29BEC ] EventSystem C:\WINXP\system32\es.dll
07:34:24.0515 3904 EventSystem - ok
07:34:24.0562 3904 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINXP\system32\drivers\Fastfat.sys
07:34:24.0671 3904 Fastfat - ok
07:34:24.0687 3904 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINXP\System32\shsvcs.dll
07:34:25.0703 3904 FastUserSwitchingCompatibility - ok
07:34:25.0734 3904 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINXP\system32\drivers\Fdc.sys
07:34:25.0796 3904 Fdc - ok
07:34:25.0828 3904 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINXP\system32\drivers\Fips.sys
07:34:25.0890 3904 Fips - ok
07:34:25.0921 3904 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINXP\system32\drivers\Flpydisk.sys
07:34:26.0078 3904 Flpydisk - ok
07:34:26.0140 3904 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINXP\system32\DRIVERS\fltMgr.sys
07:34:26.0296 3904 FltMgr - ok
07:34:26.0375 3904 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINXP\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
07:34:26.0453 3904 FontCache3.0.0.0 - ok
07:34:26.0515 3904 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINXP\system32\drivers\Fs_Rec.sys
07:34:26.0546 3904 Fs_Rec - ok
07:34:26.0562 3904 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINXP\system32\DRIVERS\ftdisk.sys
07:34:26.0640 3904 Ftdisk - ok
07:34:26.0703 3904 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINXP\system32\DRIVERS\msgpc.sys
07:34:26.0796 3904 Gpc - ok
07:34:26.0828 3904 [ CEF316DBBD1B3845A6D53ED620EB1AEB ] HBtnKey C:\WINXP\system32\DRIVERS\cpqbttn.sys
07:34:26.0921 3904 HBtnKey - ok
07:34:26.0953 3904 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINXP\system32\DRIVERS\HDAudBus.sys
07:34:27.0109 3904 HDAudBus - ok
07:34:27.0218 3904 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINXP\PCHealth\HelpCtr\Binaries\pchsvc.dll
07:34:27.0296 3904 helpsvc - ok
07:34:27.0359 3904 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINXP\System32\hidserv.dll
07:34:27.0765 3904 HidServ - ok
07:34:27.0796 3904 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINXP\system32\DRIVERS\hidusb.sys
07:34:27.0984 3904 hidusb - ok
07:34:28.0015 3904 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINXP\System32\kmsvc.dll
07:34:28.0484 3904 hkmsvc - ok
07:34:28.0484 3904 hpn - ok
07:34:28.0515 3904 [ 937031C085718C1C04A9C0864625EC6B ] HTTP C:\WINXP\system32\Drivers\HTTP.sys
07:34:28.0640 3904 HTTP - ok
07:34:28.0687 3904 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINXP\System32\w3ssl.dll
07:34:29.0890 3904 HTTPFilter - ok
07:34:29.0890 3904 i2omgmt - ok
07:34:29.0921 3904 i2omp - ok
07:34:29.0937 3904 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINXP\system32\DRIVERS\i8042prt.sys
07:34:29.0984 3904 i8042prt - ok
07:34:30.0250 3904 [ 48846B31BE5A4FA662CCFDE7A1BA86B9 ] ialm C:\WINXP\system32\DRIVERS\igxpmp32.sys
07:34:30.0734 3904 ialm - ok
07:34:30.0859 3904 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINXP\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:34:30.0953 3904 idsvc - ok
07:34:31.0000 3904 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINXP\system32\DRIVERS\imapi.sys
07:34:31.0140 3904 Imapi - ok
07:34:31.0156 3904 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINXP\system32\imapi.exe
07:34:31.0609 3904 ImapiService - ok
07:34:31.0640 3904 ini910u - ok
07:34:31.0656 3904 IntelIde - ok
07:34:31.0687 3904 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINXP\system32\DRIVERS\intelppm.sys
07:34:31.0890 3904 intelppm - ok
07:34:31.0906 3904 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINXP\system32\DRIVERS\Ip6Fw.sys
07:34:31.0953 3904 Ip6Fw - ok
07:34:31.0984 3904 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINXP\system32\DRIVERS\ipfltdrv.sys
07:34:32.0140 3904 IpFilterDriver - ok
07:34:32.0171 3904 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINXP\system32\DRIVERS\ipinip.sys
07:34:32.0296 3904 IpInIp - ok
07:34:32.0328 3904 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINXP\system32\DRIVERS\ipnat.sys
07:34:32.0515 3904 IpNat - ok
07:34:32.0531 3904 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINXP\system32\DRIVERS\ipsec.sys
07:34:32.0640 3904 IPSec - ok
07:34:32.0703 3904 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINXP\system32\DRIVERS\irenum.sys
07:34:32.0765 3904 IRENUM - ok
07:34:32.0812 3904 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINXP\system32\DRIVERS\isapnp.sys
07:34:32.0890 3904 isapnp - ok
07:34:32.0984 3904 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
07:34:33.0078 3904 JavaQuickStarterService - ok
07:34:33.0093 3904 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINXP\system32\DRIVERS\kbdclass.sys
07:34:33.0171 3904 Kbdclass - ok
07:34:33.0187 3904 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINXP\system32\DRIVERS\kbdhid.sys
07:34:33.0296 3904 kbdhid - ok
07:34:33.0312 3904 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINXP\system32\drivers\kmixer.sys
07:34:33.0421 3904 kmixer - ok
07:34:33.0421 3904 [ C6EBF1D6AD71DF30DB49B8D3287E1368 ] KSecDD C:\WINXP\system32\drivers\KSecDD.sys
07:34:33.0578 3904 KSecDD - ok
07:34:33.0625 3904 [ 3695B8D03745B2F8022B161238347A9D ] LanmanServer C:\WINXP\System32\srvsvc.dll
07:34:34.0671 3904 LanmanServer - ok
07:34:34.0718 3904 [ 3B9324D60DD321BAB7BF6F77931D3FD1 ] lanmanworkstation C:\WINXP\System32\wkssvc.dll
07:34:35.0781 3904 lanmanworkstation - ok
07:34:35.0781 3904 lbrtfdc - ok
07:34:35.0859 3904 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINXP\System32\lmhsvc.dll
07:34:36.0421 3904 LmHosts - ok
07:34:36.0484 3904 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINXP\System32\msgsvc.dll
07:34:37.0171 3904 Messenger - ok
07:34:37.0203 3904 Microsoft SharePoint Workspace Audit Service - ok
07:34:37.0250 3904 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINXP\system32\drivers\mnmdd.sys
07:34:37.0328 3904 mnmdd - ok
07:34:37.0359 3904 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINXP\system32\mnmsrvc.exe
07:34:37.0984 3904 mnmsrvc - ok
07:34:38.0000 3904 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINXP\system32\drivers\Modem.sys
07:34:38.0109 3904 Modem - ok
07:34:38.0140 3904 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINXP\system32\DRIVERS\mouclass.sys
07:34:38.0265 3904 Mouclass - ok
07:34:38.0312 3904 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINXP\system32\DRIVERS\mouhid.sys
07:34:38.0359 3904 mouhid - ok
07:34:38.0390 3904 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINXP\system32\drivers\MountMgr.sys
07:34:38.0515 3904 MountMgr - ok
07:34:38.0515 3904 mraid35x - ok
07:34:38.0546 3904 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINXP\system32\DRIVERS\mrxdav.sys
07:34:38.0671 3904 MRxDAV - ok
07:34:38.0703 3904 [ FB2FCCC70F7174C7BF64F48E96D3ADF4 ] MRxSmb C:\WINXP\system32\DRIVERS\mrxsmb.sys
07:34:38.0828 3904 MRxSmb - ok
07:34:38.0875 3904 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINXP\system32\msdtc.exe
07:34:39.0546 3904 MSDTC - ok
07:34:39.0546 3904 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINXP\system32\drivers\Msfs.sys
07:34:39.0671 3904 Msfs - ok
07:34:39.0671 3904 MSIServer - ok
07:34:39.0718 3904 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINXP\system32\drivers\MSKSSRV.sys
07:34:39.0796 3904 MSKSSRV - ok
07:34:39.0796 3904 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINXP\system32\drivers\MSPCLOCK.sys
07:34:39.0953 3904 MSPCLOCK - ok
07:34:39.0953 3904 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINXP\system32\drivers\MSPQM.sys
07:34:40.0046 3904 MSPQM - ok
07:34:40.0078 3904 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINXP\system32\DRIVERS\mssmbios.sys
07:34:40.0265 3904 mssmbios - ok
07:34:40.0312 3904 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINXP\system32\drivers\MSTEE.sys
07:34:40.0421 3904 MSTEE - ok
07:34:40.0453 3904 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINXP\system32\drivers\Mup.sys
07:34:40.0640 3904 Mup - ok
07:34:40.0687 3904 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINXP\system32\DRIVERS\NABTSFEC.sys
07:34:40.0828 3904 NABTSFEC - ok
07:34:40.0859 3904 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINXP\System32\qagentrt.dll
07:34:41.0578 3904 napagent - ok
07:34:41.0609 3904 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINXP\system32\drivers\NDIS.sys
07:34:41.0640 3904 NDIS - ok
07:34:41.0671 3904 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINXP\system32\DRIVERS\NdisIP.sys
07:34:41.0765 3904 NdisIP - ok
07:34:41.0796 3904 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINXP\system32\DRIVERS\ndistapi.sys
07:34:41.0984 3904 NdisTapi - ok
07:34:42.0000 3904 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINXP\system32\DRIVERS\ndisuio.sys
07:34:42.0109 3904 Ndisuio - ok
07:34:42.0125 3904 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINXP\system32\DRIVERS\ndiswan.sys
07:34:42.0234 3904 NdisWan - ok
07:34:42.0265 3904 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINXP\system32\drivers\NDProxy.sys
07:34:42.0453 3904 NDProxy - ok
07:34:42.0468 3904 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINXP\system32\DRIVERS\netbios.sys
07:34:42.0640 3904 NetBIOS - ok
07:34:42.0656 3904 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINXP\system32\DRIVERS\netbt.sys
07:34:42.0796 3904 NetBT - ok
07:34:42.0828 3904 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINXP\system32\netdde.exe
07:34:43.0640 3904 NetDDE - ok
07:34:43.0671 3904 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINXP\system32\netdde.exe
07:34:44.0421 3904 NetDDEdsdm - ok
07:34:44.0484 3904 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINXP\system32\lsass.exe
07:34:45.0046 3904 Netlogon - ok
07:34:45.0093 3904 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINXP\System32\netman.dll
07:34:45.0859 3904 Netman - ok
07:34:45.0937 3904 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINXP\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:34:45.0953 3904 NetTcpPortSharing - ok
07:34:45.0984 3904 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINXP\system32\DRIVERS\nic1394.sys
07:34:46.0140 3904 NIC1394 - ok
07:34:46.0156 3904 [ FCEE5FCB99F7C724593365C706D28388 ] Nla C:\WINXP\System32\mswsock.dll
07:34:46.0921 3904 Nla - ok
07:34:46.0921 3904 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINXP\system32\drivers\Npfs.sys
07:34:47.0015 3904 Npfs - ok
07:34:47.0062 3904 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINXP\system32\drivers\Ntfs.sys
07:34:47.0140 3904 Ntfs - ok
07:34:47.0156 3904 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINXP\system32\lsass.exe
07:34:47.0718 3904 NtLmSsp - ok
07:34:47.0796 3904 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINXP\system32\ntmssvc.dll
07:34:48.0390 3904 NtmsSvc - ok
07:34:48.0437 3904 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINXP\system32\drivers\Null.sys
07:34:48.0578 3904 Null - ok
07:34:48.0593 3904 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINXP\system32\DRIVERS\nwlnkflt.sys
07:34:48.0703 3904 NwlnkFlt - ok
07:34:48.0718 3904 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINXP\system32\DRIVERS\nwlnkfwd.sys
07:34:48.0859 3904 NwlnkFwd - ok
07:34:48.0859 3904 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINXP\system32\DRIVERS\ohci1394.sys
07:34:48.0953 3904 ohci1394 - ok
07:34:49.0000 3904 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:34:49.0015 3904 ose - ok
07:34:49.0281 3904 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
07:34:49.0531 3904 osppsvc - ok
07:34:49.0609 3904 [ AFF9A1986555E4592DE8092F9A5FA2D2 ] PAC7302 C:\WINXP\system32\DRIVERS\PAC7302.SYS
07:34:49.0765 3904 PAC7302 - ok
07:34:49.0812 3904 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINXP\system32\drivers\Parport.sys
07:34:49.0953 3904 Parport - ok
07:34:49.0968 3904 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINXP\system32\drivers\PartMgr.sys
07:34:50.0140 3904 PartMgr - ok
07:34:50.0171 3904 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINXP\system32\drivers\ParVdm.sys
07:34:50.0359 3904 ParVdm - ok
07:34:50.0359 3904 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINXP\system32\DRIVERS\pci.sys
07:34:50.0515 3904 PCI - ok
07:34:50.0515 3904 PCIDump - ok
07:34:50.0546 3904 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINXP\system32\DRIVERS\pciide.sys
07:34:50.0718 3904 PCIIde - ok
07:34:50.0718 3904 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINXP\system32\DRIVERS\pcmcia.sys
07:34:50.0937 3904 Pcmcia - ok
07:34:50.0937 3904 PDCOMP - ok
07:34:50.0953 3904 PDFRAME - ok
07:34:50.0953 3904 PDRELI - ok
07:34:50.0984 3904 PDRFRAME - ok
07:34:50.0984 3904 perc2 - ok
07:34:51.0000 3904 perc2hib - ok
07:34:51.0062 3904 [ 020CEAAEDC8EB655B6506B8C70D53BB6 ] PlugPlay C:\WINXP\system32\services.exe
07:34:52.0078 3904 PlugPlay - ok
07:34:52.0109 3904 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINXP\system32\lsass.exe
07:34:52.0703 3904 PolicyAgent - ok
07:34:52.0750 3904 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINXP\system32\DRIVERS\raspptp.sys
07:34:52.0921 3904 PptpMiniport - ok
07:34:52.0921 3904 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINXP\system32\lsass.exe
07:34:53.0484 3904 ProtectedStorage - ok
07:34:53.0546 3904 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINXP\system32\DRIVERS\psched.sys
07:34:53.0765 3904 PSched - ok
07:34:53.0781 3904 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINXP\system32\DRIVERS\ptilink.sys
07:34:53.0890 3904 Ptilink - ok
07:34:53.0890 3904 ql1080 - ok
07:34:53.0921 3904 Ql10wnt - ok
07:34:53.0921 3904 ql12160 - ok
07:34:53.0937 3904 ql1240 - ok
07:34:53.0968 3904 ql1280 - ok
07:34:53.0968 3904 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINXP\system32\DRIVERS\rasacd.sys
07:34:54.0156 3904 RasAcd - ok
07:34:54.0203 3904 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINXP\System32\rasauto.dll
07:34:54.0937 3904 RasAuto - ok
07:34:55.0000 3904 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINXP\system32\DRIVERS\rasl2tp.sys
07:34:55.0187 3904 Rasl2tp - ok
07:34:55.0265 3904 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINXP\System32\rasmans.dll
07:34:56.0187 3904 RasMan - ok
07:34:56.0218 3904 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINXP\system32\DRIVERS\raspppoe.sys
07:34:56.0406 3904 RasPppoe - ok
07:34:56.0421 3904 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINXP\system32\DRIVERS\raspti.sys
07:34:56.0562 3904 Raspti - ok
07:34:56.0640 3904 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINXP\system32\DRIVERS\rdbss.sys
07:34:56.0812 3904 Rdbss - ok
07:34:56.0828 3904 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINXP\system32\DRIVERS\RDPCDD.sys
07:34:57.0031 3904 RDPCDD - ok
07:34:57.0062 3904 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINXP\system32\DRIVERS\rdpdr.sys
07:34:57.0250 3904 rdpdr - ok
07:34:57.0359 3904 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINXP\system32\drivers\RDPWD.sys
07:34:57.0531 3904 RDPWD - ok
07:34:57.0609 3904 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINXP\system32\sessmgr.exe
07:34:58.0593 3904 RDSessMgr - ok
07:34:58.0640 3904 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINXP\system32\DRIVERS\redbook.sys
07:34:58.0812 3904 redbook - ok
07:34:58.0843 3904 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINXP\System32\mprdim.dll
07:34:59.0515 3904 RemoteAccess - ok
07:34:59.0562 3904 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINXP\system32\regsvc.dll
07:35:00.0531 3904 RemoteRegistry - ok
07:35:00.0562 3904 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINXP\system32\locator.exe
07:35:01.0156 3904 RpcLocator - ok
07:35:01.0187 3904 [ 9222562D44021B988B9F9F62207FB6F2 ] RpcSs C:\WINXP\System32\rpcss.dll
07:35:02.0015 3904 RpcSs - ok
07:35:02.0062 3904 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINXP\system32\rsvp.exe
07:35:03.0062 3904 RSVP - ok
07:35:03.0078 3904 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINXP\system32\lsass.exe
07:35:03.0625 3904 SamSs - ok
07:35:03.0656 3904 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINXP\System32\SCardSvr.exe
07:35:04.0718 3904 SCardSvr - ok
07:35:04.0765 3904 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINXP\system32\schedsvc.dll
07:35:05.0781 3904 Schedule - ok
07:35:05.0796 3904 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINXP\system32\DRIVERS\secdrv.sys
07:35:05.0937 3904 Secdrv - ok
07:35:05.0953 3904 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINXP\System32\seclogon.dll
07:35:06.0953 3904 seclogon - ok
07:35:06.0968 3904 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINXP\system32\sens.dll
07:35:07.0734 3904 SENS - ok
07:35:07.0750 3904 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINXP\system32\drivers\Serial.sys
07:35:07.0953 3904 Serial - ok
07:35:08.0000 3904 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINXP\system32\drivers\Sfloppy.sys
07:35:08.0140 3904 Sfloppy - ok
07:35:08.0218 3904 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINXP\System32\ipnathlp.dll
07:35:08.0734 3904 SharedAccess - ok
07:35:08.0765 3904 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINXP\System32\shsvcs.dll
07:35:09.0796 3904 ShellHWDetection - ok
07:35:09.0796 3904 Simbad - ok
07:35:09.0906 3904 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
07:35:09.0968 3904 SkypeUpdate - ok
07:35:10.0031 3904 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINXP\system32\DRIVERS\SLIP.sys
07:35:10.0156 3904 SLIP - ok
07:35:10.0187 3904 Sparrow - ok
07:35:10.0203 3904 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINXP\system32\drivers\splitter.sys
07:35:10.0343 3904 splitter - ok
07:35:10.0390 3904 [ 258DD5D4283FD9F9A7166BE9AE45CE73 ] Spooler C:\WINXP\system32\spoolsv.exe
07:35:12.0312 3904 Spooler - ok
07:35:12.0375 3904 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINXP\system32\DRIVERS\sr.sys
07:35:12.0718 3904 sr - ok
07:35:12.0750 3904 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINXP\system32\srsvc.dll
07:35:13.0812 3904 srservice - ok
07:35:13.0890 3904 [ 9B390283569EA58D43D2586032B892F5 ] Srv C:\WINXP\system32\DRIVERS\srv.sys
07:35:14.0093 3904 Srv - ok
07:35:14.0125 3904 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINXP\System32\ssdpsrv.dll
07:35:15.0187 3904 SSDPSRV - ok
07:35:15.0265 3904 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINXP\system32\wiaservc.dll
07:35:16.0484 3904 stisvc - ok
07:35:16.0500 3904 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINXP\system32\DRIVERS\StreamIP.sys
07:35:16.0703 3904 streamip - ok
07:35:16.0734 3904 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINXP\system32\DRIVERS\swenum.sys
07:35:16.0921 3904 swenum - ok
07:35:16.0937 3904 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINXP\system32\drivers\swmidi.sys
07:35:17.0109 3904 swmidi - ok
07:35:17.0109 3904 SwPrv - ok
07:35:17.0109 3904 symc810 - ok
07:35:17.0140 3904 symc8xx - ok
07:35:17.0140 3904 sym_hi - ok
07:35:17.0156 3904 sym_u3 - ok
07:35:17.0234 3904 [ 0F332C0BA9B968EBC8CBB906416F8597 ] SynTP C:\WINXP\system32\DRIVERS\SynTP.sys
07:35:17.0375 3904 SynTP - ok
07:35:17.0375 3904 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINXP\system32\drivers\sysaudio.sys
07:35:17.0562 3904 sysaudio - ok
07:35:17.0593 3904 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINXP\system32\smlogsvc.exe
07:35:18.0656 3904 SysmonLog - ok
07:35:18.0671 3904 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINXP\System32\tapisrv.dll
07:35:19.0781 3904 TapiSrv - ok
07:35:19.0828 3904 [ AD978A1B783B5719720CFF204B666C8E ] Tcpip C:\WINXP\system32\DRIVERS\tcpip.sys
07:35:20.0062 3904 Tcpip - ok
07:35:20.0125 3904 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINXP\system32\drivers\TDPIPE.sys
07:35:20.0343 3904 TDPIPE - ok
07:35:20.0375 3904 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINXP\system32\drivers\TDTCP.sys
07:35:20.0531 3904 TDTCP - ok
07:35:20.0625 3904 [ 88155247177638048422893737429D9E ] TermDD C:\WINXP\system32\DRIVERS\termdd.sys
07:35:20.0828 3904 TermDD - ok
07:35:20.0921 3904 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINXP\System32\termsrv.dll
07:35:22.0109 3904 TermService - ok
07:35:22.0140 3904 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINXP\System32\shsvcs.dll
07:35:23.0203 3904 Themes - ok
07:35:23.0218 3904 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINXP\system32\tlntsvr.exe
07:35:24.0296 3904 TlntSvr - ok
07:35:24.0296 3904 TosIde - ok
07:35:24.0328 3904 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINXP\system32\trkwks.dll
07:35:25.0718 3904 TrkWks - ok
07:35:25.0765 3904 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINXP\system32\drivers\Udfs.sys
07:35:26.0093 3904 Udfs - ok
07:35:26.0093 3904 ultra - ok
07:35:26.0140 3904 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINXP\system32\DRIVERS\update.sys
07:35:26.0343 3904 Update - ok
07:35:26.0390 3904 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINXP\System32\upnphost.dll
07:35:27.0343 3904 upnphost - ok
07:35:27.0359 3904 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINXP\System32\ups.exe
07:35:28.0500 3904 UPS - ok
07:35:28.0546 3904 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINXP\system32\drivers\usbaudio.sys
07:35:28.0718 3904 usbaudio - ok
07:35:28.0781 3904 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINXP\system32\DRIVERS\usbccgp.sys
07:35:29.0031 3904 usbccgp - ok
07:35:29.0046 3904 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINXP\system32\DRIVERS\usbehci.sys
07:35:29.0218 3904 usbehci - ok
07:35:29.0281 3904 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINXP\system32\DRIVERS\usbhub.sys
07:35:29.0468 3904 usbhub - ok
07:35:29.0484 3904 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINXP\system32\DRIVERS\USBSTOR.SYS
07:35:29.0640 3904 usbstor - ok
07:35:29.0671 3904 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINXP\system32\DRIVERS\usbuhci.sys
07:35:29.0984 3904 usbuhci - ok
07:35:30.0015 3904 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINXP\System32\drivers\vga.sys
07:35:30.0265 3904 VgaSave - ok
07:35:30.0265 3904 ViaIde - ok
07:35:30.0312 3904 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINXP\system32\drivers\VolSnap.sys
07:35:30.0546 3904 VolSnap - ok
07:35:30.0609 3904 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINXP\System32\vssvc.exe
07:35:31.0859 3904 VSS - ok
07:35:31.0890 3904 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINXP\system32\w32time.dll
07:35:33.0140 3904 W32Time - ok
07:35:33.0156 3904 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINXP\system32\DRIVERS\wanarp.sys
07:35:33.0359 3904 Wanarp - ok
07:35:33.0375 3904 WDICA - ok
07:35:33.0390 3904 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINXP\system32\drivers\wdmaud.sys
07:35:33.0468 3904 wdmaud - ok
07:35:33.0484 3904 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINXP\System32\webclnt.dll
07:35:34.0687 3904 WebClient - ok
07:35:34.0765 3904 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINXP\system32\wbem\WMIsvc.dll
07:35:34.0906 3904 winmgmt - ok
07:35:34.0937 3904 wltrysvc - ok
07:35:35.0000 3904 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINXP\system32\mspmsnsv.dll
07:35:35.0718 3904 WmdmPmSN - ok
07:35:35.0796 3904 [ C8A6C82F90B055149925DC7526B2D78C ] Wmi C:\WINXP\System32\advapi32.dll
07:35:35.0843 3904 Wmi - ok
07:35:35.0875 3904 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINXP\system32\DRIVERS\wmiacpi.sys
07:35:36.0093 3904 WmiAcpi - ok
07:35:36.0203 3904 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINXP\system32\wbem\wmiapsrv.exe
07:35:36.0343 3904 WmiApSrv - ok
07:35:36.0453 3904 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
07:35:36.0500 3904 WMPNetworkSvc - ok
07:35:36.0531 3904 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINXP\System32\drivers\ws2ifsl.sys
07:35:36.0750 3904 WS2IFSL - ok
07:35:36.0796 3904 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINXP\system32\wscsvc.dll
07:35:38.0093 3904 wscsvc - ok
07:35:38.0125 3904 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINXP\system32\DRIVERS\WSTCODEC.SYS
07:35:38.0312 3904 WSTCODEC - ok
07:35:38.0375 3904 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINXP\system32\wuauserv.dll
07:35:39.0531 3904 wuauserv - ok
07:35:39.0562 3904 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINXP\system32\DRIVERS\WudfPf.sys
07:35:39.0750 3904 WudfPf - ok
07:35:39.0765 3904 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINXP\system32\DRIVERS\wudfrd.sys
07:35:39.0906 3904 WudfRd - ok
07:35:39.0968 3904 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINXP\System32\WUDFSvc.dll
07:35:41.0250 3904 WudfSvc - ok
07:35:41.0359 3904 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINXP\System32\wzcsvc.dll
07:35:42.0656 3904 WZCSVC - ok
07:35:42.0703 3904 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINXP\System32\xmlprov.dll
07:35:44.0046 3904 xmlprov - ok
07:35:44.0078 3904 ================ Scan global ===============================
07:35:44.0125 3904 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINXP\system32\basesrv.dll
07:35:44.0250 3904 [ B23423313519C522E0E73BA170D3CE71 ] C:\WINXP\system32\winsrv.dll
07:35:45.0515 3904 [ B23423313519C522E0E73BA170D3CE71 ] C:\WINXP\system32\winsrv.dll
07:35:46.0593 3904 [ 020CEAAEDC8EB655B6506B8C70D53BB6 ] C:\WINXP\system32\services.exe
07:35:47.0578 3904 [Global] - ok
07:35:47.0578 3904 ================ Scan MBR ==================================
07:35:47.0625 3904 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
07:35:48.0671 3904 \Device\Harddisk0\DR0 - ok
07:35:48.0671 3904 ================ Scan VBR ==================================
07:35:48.0687 3904 [ 53726E215C47522B935CF26FFFD10C64 ] \Device\Harddisk0\DR0\Partition1
07:35:48.0687 3904 \Device\Harddisk0\DR0\Partition1 - ok
07:35:48.0718 3904 [ AB370ACAD7B452F671764D49CBD777BD ] \Device\Harddisk0\DR0\Partition2
07:35:48.0718 3904 \Device\Harddisk0\DR0\Partition2 - ok
07:35:48.0718 3904 ============================================================
07:35:48.0718 3904 Scan finished
07:35:48.0718 3904 ============================================================
07:35:48.0750 3896 Detected object count: 0
07:35:48.0750 3896 Actual detected object count: 0
07:36:36.0031 3840 Deinitialize success

 

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-04 07:37:11
-----------------------------
07:37:11.093 OS Version: Windows 5.1.2600 Service Pack 3
07:37:11.093 Number of processors: 1 586 0xE08
07:37:11.093 ComputerName: ANDREA UserName: Admin
07:37:11.875 Initialize success
07:37:12.031 AVAST engine defs: 12120301
07:37:31.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
07:37:31.500 Disk 0 Vendor: HTS541060G9SA00 MB3OC60P Size: 57241MB BusType: 3
07:37:31.515 Disk 0 MBR read successfully
07:37:31.515 Disk 0 MBR scan
07:37:31.531 Disk 0 Windows XP default MBR code
07:37:31.531 Disk 0 Partition - 00 0F Extended LBA 24990 MB offset 15120
07:37:31.546 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 32240 MB offset 51196320
07:37:31.562 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 24990 MB offset 15183
07:37:31.562 Disk 0 scanning sectors +117225360
07:37:31.656 Disk 0 scanning C:\WINXP\system32\drivers
07:37:42.156 Service scanning
07:37:59.031 Modules scanning
07:38:10.062 Disk 0 trace - called modules:
07:38:10.078 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
07:38:10.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a03dab8]
07:38:10.078 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000082[0x8a0bb908]
07:38:10.078 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a0df940]
07:38:10.500 AVAST engine scan C:\WINXP
07:38:18.796 AVAST engine scan C:\WINXP\system32
07:40:13.187 AVAST engine scan C:\WINXP\system32\drivers
07:40:22.359 AVAST engine scan C:\Documents and Settings\Admin
07:47:10.531 AVAST engine scan C:\Documents and Settings\All Users
07:53:49.812 Disk 0 MBR has been saved successfully to "F:\Repair\MBR.dat"
07:53:49.843 The log file has been saved successfully to "F:\Repair\aswMBR.txt"

Edited by FredyC, 04 December 2012 - 02:07 AM.

  • 0

#8
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

  • 0

#9
FredyC

FredyC

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi. Script ran smoothly, but even after restart, problem is still there. It seems little bit faster at some moments, but again when i open more tabs in Chrome, all of them get stuck at "Sending request" and doesn't moves further until some other tab is finished. Also for some pages loading indicator is quite persistent even when all on that page is obviously loaded.

I should also mention, that ComboFix wanted to update to never version, I had confirmed that.

 
ComboFix 12-12-04.01 - Admin 04.12.2012 22:23:39.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2551.2038 [GMT 1:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Admin\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Java\jre7\bin\ssv.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-11-04 to 2012-12-04 )))))))))))))))))))))))))))))))
.
.
2012-12-03 19:24 . 2012-12-03 19:24 -------- d-----w- c:\program files\Common Files\Skype
2012-12-02 16:10 . 2012-12-02 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-12-02 16:10 . 2012-12-03 16:33 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-11-10 16:46 . 2012-11-12 12:38 -------- d-----w- C:\Jts
2012-11-10 16:44 . 2012-11-10 16:44 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Sun
2012-11-10 16:44 . 2012-11-10 16:44 -------- d-----w- c:\program files\Common Files\Java
2012-11-10 16:43 . 2012-11-10 16:42 821736 ----a-w- c:\winxp\system32\npDeployJava1.dll
2012-11-10 16:43 . 2012-11-10 16:42 143872 ----a-w- c:\winxp\system32\javacpl.cpl
2012-11-10 16:43 . 2012-11-10 16:42 746984 ----a-w- c:\winxp\system32\deployJava1.dll
2012-11-10 16:43 . 2012-11-10 16:42 93672 ----a-w- c:\winxp\system32\WindowsAccessBridge.dll
2012-11-10 16:42 . 2012-11-10 16:42 -------- d-----w- c:\program files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-04 06:32 . 2012-08-15 10:03 151552 ----a-w- c:\winxp\KMSEmulator.exe
2012-11-01 20:37 . 2012-11-01 20:37 1581056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Media Tools\plugins\pl-9b15434a5c528291c2b2ea144fd2eafb.dll
2012-11-01 19:34 . 2012-11-01 19:34 220160 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Media Tools\MediaIconsOverlays.dll
2012-10-30 22:51 . 2012-07-18 20:22 361032 ----a-w- c:\winxp\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-07-18 20:22 35928 ----a-w- c:\winxp\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2012-07-18 20:22 54232 ----a-w- c:\winxp\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-07-18 20:22 738504 ----a-w- c:\winxp\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-07-18 20:22 97608 ----a-w- c:\winxp\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2012-07-18 20:22 89752 ----a-w- c:\winxp\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2012-07-18 20:22 21256 ----a-w- c:\winxp\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-07-18 20:22 25256 ----a-w- c:\winxp\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2012-07-18 20:21 41224 ----a-w- c:\winxp\avastSS.scr
2012-10-30 22:50 . 2012-07-18 20:21 227648 ----a-w- c:\winxp\system32\aswBoot.exe
2012-10-22 08:43 . 2010-09-16 16:09 1875328 ----a-w- c:\winxp\system32\win32k.sys
2012-10-02 18:04 . 2008-04-14 12:00 58368 ----a-w- c:\winxp\system32\synceng.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MediaIconsOerlay]
@="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"
[HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]
2012-11-01 19:34 220160 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Media Tools\MediaIconsOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\winxp\system32\igfxpers.exe" [2008-08-20 137752]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"PAC7302_Monitor"="c:\winxp\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2012-10-04 1912832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\winxp\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Admin\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2012-07-18 19:06 1839104 ----a-w- c:\winxp\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-08-20 08:05 166424 ----a-w- c:\winxp\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-08-20 08:06 141848 ----a-w- c:\winxp\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-11-09 10:27 17877168 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2006-07-13 06:12 729088 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-01-05 15:36 872448 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-14 17:29 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"SkypeUpdate"=2 (0x2)
"osppsvc"=3 (0x3)
"ose"=3 (0x3)
"Microsoft SharePoint Workspace Audit Service"=3 (0x3)
"idsvc"=3 (0x3)
"AgereModemAudio"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NinjaTrader 7\\bin\\NinjaTrader.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\WINXP\\KMSEmulator.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 aswSnx;aswSnx;c:\winxp\system32\drivers\aswSnx.sys [18.7.2012 21:22 738504]
R1 aswSP;aswSP;c:\winxp\system32\drivers\aswSP.sys [18.7.2012 21:22 361032]
R2 aswFsBlk;aswFsBlk;c:\winxp\system32\drivers\aswFsBlk.sys [18.7.2012 21:22 21256]
S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9.11.2012 11:21 160944]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 92278602
*NewlyCreated* - ASWMBR
*Deregistered* - 92278602
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-04 c:\winxp\Tasks\AutoKMS.job
- c:\winxp\AutoKMS\AutoKMS.exe [2012-08-15 10:04]
.
2012-12-04 c:\winxp\Tasks\AutoKMSDaily.job
- c:\winxp\AutoKMS\AutoKMS.exe [2012-08-15 10:04]
.
2012-12-04 c:\winxp\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-18 22:50]
.
2012-12-04 c:\winxp\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-630328440-1417001333-1003Core.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-18 19:23]
.
2012-12-04 c:\winxp\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-630328440-1417001333-1003UA.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-18 19:23]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-04 22:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(688)
c:\winxp\System32\BCMLogon.dll
.
Completion time: 2012-12-04 22:29:29
ComboFix-quarantined-files.txt 2012-12-04 21:29
ComboFix2.txt 2012-12-03 18:31
.
Pre-Run: 8 227 016 704 bytes free
Post-Run: 8 308 494 336 bytes free
.
- - End Of File - - 1379424BB223C1E4767FEDE438374BC9
  • 0

#10
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I want you to uninstall Chrome and if asked about user data or settings then remove that also


restart the computer and reinstall Chrome


Gringo
  • 0

Advertisements


#11
FredyC

FredyC

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi. I did as requested and it didn't helped at all.

First of all, there is definitely something very wrong with explorer.exe or something that is using it. Right after installation of Chrome it again started eating 99% of cpu time, now even without Skype running. I had to stop all Avast shields, than it went to zero almost instantly. Enabling shields like 2 minutes later doesn't starts this problem again. I guess if there is some nasty thing, it probably did it's work due to Avast turned off, so it's not utilizing cpu anymore. However there are small (up to 2%) but frequent spikes for explorer.exe. Not sure if that is normal, system on my computer is not doing that.

Opening the Chrome and going to some page is still very slow. It sticks to "Sending request" for like 10-15 seconds and just than it's moving further. This is now happening even for the first tab without opening more of them. I guess it was cached before, so it looked like some pages are loaded faster.

Screenshot of cpu usage without doing anything on that computer for couple of minutes.

Posted Image

Edited by FredyC, 06 December 2012 - 12:35 AM.

  • 0

#12
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#13
FredyC

FredyC

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
15354 Webcam Live
7-Zip 9.20
Adobe Flash Player 11 Plugin
Agere Systems HDA Modem
Altap Salamander 2.54
avast! Free Antivirus
Broadcom 440x 10/100 Integrated Controller
Broadcom 802.11 Wireless LAN Adapter
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Foxit Reader
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
Intel® Graphics Media Accelerator Driver
IrfanView (remove only)
Java 7 Update 9
Java Auto Updater
KeePass Password Safe 2.20.1
Luxor 5th Passage 1.00
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Czech) 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (Czech) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (Czech) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (Czech) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Language Pack 2010 - Czech/čeština
Microsoft Office O MUI (Czech) 2010
Microsoft Office OneNote MUI (Czech) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (Czech) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (Czech) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (Czech) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Slovak) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (Czech) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (Czech) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (Czech) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer MUI (Czech) 2010
Microsoft Office Word MUI (Czech) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office X MUI (Czech) 2010
Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
Microsoft Software Update for Web Folders (Czech) 14
Microsoft Software Update for Web Folders (English) 14
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MPC-HC 1.6.2.4902
NinjaTrader 7
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB975558)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB982132)
Skype™ 6.0
SoundMAX
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB971029)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
XML Paper Specification Shared Components Pack 1.0
  • 0

#14
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

  • 0

#15
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP