Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer stalls, slow to load webpages, applications

Started by 94jewels , May 11 2011 07:44 PM

This topic is locked

#1
94jewels

Posted 11 May 2011 - 07:44 PM

Member

Member
18 posts

Hello,

My computer has been stalling for a long time, it loads IE, its webpages and opens applications at an increasingly slow pace. While the computer is not in use, it seems it is working or downloading things continually on its own. I have ran several malware/spyware checks and nothing has shown. I have tried figuring out the logs to fix the problem on my own, but have had no success in determining the problem. Any assistance would be greatly appreciated. Thank you.

OTL logfile created on: 5/11/2011 6:13:19 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Julie\Documents
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 172.00 Mb Available Physical Memory | 17.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 47.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 117.71 Gb Free Space | 78.97% Space Free | Partition Type: NTFS

Computer Name: BARBARA-PC | User Name: Julie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/11 10:27:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Julie\Documents\OTL.exe
PRC - [2011/04/28 19:47:31 | 000,238,752 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe
PRC - [2011/04/16 10:26:27 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/23 07:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/02/23 07:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/02/23 07:04:17 | 000,121,000 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2009/12/28 18:25:40 | 000,036,864 | ---- | M] () -- C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/05/15 15:55:46 | 001,550,896 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2006/11/02 05:34:44 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe

========== Modules (SafeList) ==========

MOD - [2011/05/11 10:27:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Julie\Documents\OTL.exe
MOD - [2011/02/23 07:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/23 07:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/02/23 07:04:17 | 000,121,000 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/12/28 18:25:40 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe -- (WLANBelkinService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/15 15:55:46 | 001,550,896 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (utexndm2)
DRV - [2011/02/23 06:57:38 | 000,101,976 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2011/02/23 06:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 06:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 06:56:41 | 000,192,728 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2011/02/23 06:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 06:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 06:55:03 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/02/23 06:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 07:24:46 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\aswNdis.sys -- (aswNdis)
DRV - [2010/07/21 17:52:14 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2010/02/12 13:36:35 | 000,836,384 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ae1000va.sys -- (AE1000)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\40007722.sys -- (40007722)
DRV - [2009/10/09 23:31:02 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\4000772.sys -- (setup_9.0.0.722_11.05.2011_23-39drv)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\40007721.sys -- (40007721)
DRV - [2009/09/01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2008/10/29 08:29:54 | 000,043,520 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/05/15 15:55:36 | 000,118,576 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/05/15 15:55:36 | 000,038,576 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/05/15 15:55:36 | 000,037,040 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/22 22:05:29 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2011/05/11 09:06:55 | 000,434,037 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14940 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_11.05.2011_23-39.lnk = C:\Users\Julie\Desktop\Virus Removal Tool\setup_9.0.0.722_11.05.2011_23-39\startup.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4b312022-7202-11e0-a606-0019211798c2}\Shell - "" = AutoRun
O33 - MountPoints2\{4b312022-7202-11e0-a606-0019211798c2}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/11 13:48:35 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\4000772.sys
[2011/05/11 13:48:35 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\40007721.sys
[2011/05/11 13:48:35 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\40007722.sys
[2011/05/11 13:48:34 | 000,000,000 | ---D | C] -- C:\Users\Julie\Desktop\Virus Removal Tool
[2011/05/11 13:27:49 | 115,446,536 | ---- | C] ( ) -- C:\Users\Julie\Desktop\setup_9.0.0.722_11.05.2011_23-39.exe
[2011/05/11 11:03:37 | 115,335,096 | ---- | C] ( ) -- C:\Users\Julie\Documents\setup_9.0.0.722_11.05.2011_19-40.exe
[2011/05/11 10:27:10 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Julie\Documents\OTL.exe
[2011/04/28 19:57:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/28 19:01:50 | 000,000,000 | ---D | C] -- C:\Users\Julie\AppData\Roaming\U3
[2011/04/23 13:00:25 | 000,000,000 | ---D | C] -- C:\Users\Julie\Documents\gmer
[2011/04/23 12:33:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puran Defrag
[2011/04/23 12:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2011/04/16 10:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared

========== Files - Modified Within 30 Days ==========

[2011/05/11 18:15:32 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/11 18:09:27 | 000,004,432 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/11 18:09:27 | 000,004,432 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/11 14:15:06 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/11 13:50:59 | 000,002,193 | ---- | M] () -- C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_11.05.2011_23-39.lnk
[2011/05/11 13:45:46 | 115,446,536 | ---- | M] ( ) -- C:\Users\Julie\Desktop\setup_9.0.0.722_11.05.2011_23-39.exe
[2011/05/11 12:46:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/11 11:55:00 | 000,607,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/11 11:55:00 | 000,104,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/11 11:16:01 | 115,335,096 | ---- | M] ( ) -- C:\Users\Julie\Documents\setup_9.0.0.722_11.05.2011_19-40.exe
[2011/05/11 10:27:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Julie\Documents\OTL.exe
[2011/05/11 09:06:55 | 000,434,037 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/05/10 19:49:06 | 000,002,627 | ---- | M] () -- C:\Users\Julie\Desktop\Microsoft Office Word 2007.lnk
[2011/05/01 08:44:02 | 000,433,231 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110511-090655.backup
[2011/04/28 19:46:11 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/04/23 12:33:33 | 000,000,862 | ---- | M] () -- C:\Users\Julie\Desktop\Puran Defrag.lnk
[2011/04/23 12:27:37 | 000,000,017 | ---- | M] () -- C:\Windows\System32\npd6.d
[2011/04/19 20:58:26 | 000,000,943 | ---- | M] () -- C:\Users\Julie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/19 20:46:29 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/04/19 20:46:29 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/04/19 20:46:10 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/04/16 10:26:35 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2011/04/13 17:22:52 | 000,379,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/05/11 13:50:59 | 000,002,193 | ---- | C] () -- C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_11.05.2011_23-39.lnk
[2011/04/23 12:33:33 | 000,000,862 | ---- | C] () -- C:\Users\Julie\Desktop\Puran Defrag.lnk
[2011/04/19 20:46:10 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/09/20 15:41:45 | 000,003,584 | ---- | C] () -- C:\Users\Julie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/01 20:37:42 | 000,200,704 | ---- | C] () -- C:\Windows\System32\UpdateDriver.exe
[2010/06/01 20:37:41 | 000,005,224 | ---- | C] () -- C:\Windows\System32\ucuiinfo.ini
[2010/03/22 22:04:50 | 000,023,087 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/03/13 17:53:47 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/03/13 17:53:47 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/02/22 21:26:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/02/22 21:26:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/02/22 00:01:39 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/09/12 20:33:37 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009/09/12 20:33:37 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/24 18:34:44 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2008/06/01 16:25:50 | 000,137,476 | ---- | C] () -- C:\Windows\HPHins15.dat
[2008/06/01 16:25:50 | 000,002,828 | ---- | C] () -- C:\Windows\hphmdl15.dat
[2008/04/16 08:35:22 | 000,000,359 | ---- | C] () -- C:\Windows\lgfwup.ini
[2008/02/11 20:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/11/07 04:19:28 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2006/11/02 05:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:44:53 | 000,379,640 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 03:33:01 | 000,607,168 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,104,808 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1997/06/13 19:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll

========== LOP Check ==========

[2010/08/28 20:42:22 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\CBS Interactive
[2010/02/28 18:54:07 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\IObit
[2010/08/15 19:03:47 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\Stellarium
[2010/02/20 23:20:30 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\ubi.com
[2011/05/11 12:45:09 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

#2
maliprog

Posted 12 May 2011 - 12:11 AM

Trusted Helper

Malware Removal
6,172 posts

Hello 94jewels and welcome to G2G! :unsure:

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:

Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
Absence of symptoms does not always mean the computer is clean
Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
Please DO NOT run any scans or fix on your own without my direction.
Please read all of my response through at least once before attempting to follow the procedures described.
If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
You must reply within 3 days or your topic will be closed

Let's take it easy

Step 1

Please go to Control panel then Device manager

From the list expand IDE ATA/ATAPI controllers
Double click on first ATA channel (ATA shannel 0)
Click on Advanced settings tab
Check Enable DMA if it unchecked
Do this with all ATA channels
Restart you system after this

How is your system now?

Step 2

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.

Extract the zip file to its own folder.
Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
Click Start scan to start scanning.
If infection is detected, the default setting for "action" should be Cure
- (If suspicious file is detected please click on it and change it to Skip).
Click Continue button
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 3

Please don't forget to include these items in your reply:

TDSSKiller log

It would be helpful if you could post each log in separate post

#3
94jewels

Posted 12 May 2011 - 08:47 AM

Member

Topic Starter
Member
18 posts

Hi maliprog,

Thank you so much for your help with this.

I went to device manager and all controllers were enabled.

I just ran the TDSSKiller and will post the log in the next post.

#4
94jewels

Posted 12 May 2011 - 08:48 AM

Member

Topic Starter
Member
18 posts

2011/05/12 07:41:53.0307 1412 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/12 07:41:56.0354 1412 ================================================================================
2011/05/12 07:41:56.0354 1412 SystemInfo:
2011/05/12 07:41:56.0354 1412
2011/05/12 07:41:56.0354 1412 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/12 07:41:56.0354 1412 Product type: Workstation
2011/05/12 07:41:56.0354 1412 ComputerName: BARBARA-PC
2011/05/12 07:41:56.0401 1412 UserName: Julie
2011/05/12 07:41:56.0401 1412 Windows directory: C:\Windows
2011/05/12 07:41:56.0401 1412 System windows directory: C:\Windows
2011/05/12 07:41:56.0401 1412 Processor architecture: Intel x86
2011/05/12 07:41:56.0401 1412 Number of processors: 1
2011/05/12 07:41:56.0401 1412 Page size: 0x1000
2011/05/12 07:41:56.0401 1412 Boot type: Normal boot
2011/05/12 07:41:56.0401 1412 ================================================================================
2011/05/12 07:41:57.0541 1412 Initialize success
2011/05/12 07:42:29.0943 1432 ================================================================================
2011/05/12 07:42:29.0943 1432 Scan started
2011/05/12 07:42:29.0943 1432 Mode: Manual;
2011/05/12 07:42:29.0943 1432 ================================================================================
2011/05/12 07:42:31.0677 1432 40007721 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\Windows\system32\DRIVERS\40007721.sys
2011/05/12 07:42:31.0771 1432 40007722 (a305fad3719c5db0c13d1c2bfd08a04d) C:\Windows\system32\DRIVERS\40007722.sys
2011/05/12 07:42:31.0927 1432 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/12 07:42:32.0005 1432 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/05/12 07:42:32.0099 1432 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/05/12 07:42:32.0162 1432 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/05/12 07:42:32.0208 1432 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/05/12 07:42:32.0349 1432 AE1000 (5efe06456dbc5cd87cadc42af8d31cd9) C:\Windows\system32\DRIVERS\ae1000va.sys
2011/05/12 07:42:32.0474 1432 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/12 07:42:32.0537 1432 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/05/12 07:42:32.0599 1432 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/12 07:42:32.0693 1432 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/05/12 07:42:32.0724 1432 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/05/12 07:42:32.0787 1432 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/05/12 07:42:32.0880 1432 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/05/12 07:42:32.0927 1432 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/05/12 07:42:33.0115 1432 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/05/12 07:42:33.0177 1432 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/05/12 07:42:33.0271 1432 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\Windows\system32\drivers\aswFsBlk.sys
2011/05/12 07:42:33.0365 1432 aswFW (1ad83bfec454d43992a5b4333abc8769) C:\Windows\system32\drivers\aswFW.sys
2011/05/12 07:42:33.0443 1432 aswMonFlt (b0f137f664f10829cd2380b0e20e7c29) C:\Windows\system32\drivers\aswMonFlt.sys
2011/05/12 07:42:33.0505 1432 aswNdis (7b948e3657bea62e437bc46ca6ef6012) C:\Windows\system32\DRIVERS\aswNdis.sys
2011/05/12 07:42:33.0568 1432 aswNdis2 (892e24024f23b9fdeffeddddffbaf1ea) C:\Windows\system32\drivers\aswNdis2.sys
2011/05/12 07:42:33.0630 1432 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\Windows\system32\drivers\aswRdr.sys
2011/05/12 07:42:33.0708 1432 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\Windows\system32\drivers\aswSnx.sys
2011/05/12 07:42:33.0833 1432 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\Windows\system32\drivers\aswSP.sys
2011/05/12 07:42:34.0208 1432 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\Windows\system32\drivers\aswTdi.sys
2011/05/12 07:42:34.0318 1432 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/12 07:42:34.0412 1432 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/05/12 07:42:34.0787 1432 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/12 07:42:34.0974 1432 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/12 07:42:35.0068 1432 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/12 07:42:35.0115 1432 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/12 07:42:35.0302 1432 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/12 07:42:35.0396 1432 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/12 07:42:35.0474 1432 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/12 07:42:35.0521 1432 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/12 07:42:35.0599 1432 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/12 07:42:35.0677 1432 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/12 07:42:35.0740 1432 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/12 07:42:35.0865 1432 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/05/12 07:42:35.0943 1432 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/12 07:42:36.0083 1432 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/05/12 07:42:36.0130 1432 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/05/12 07:42:36.0302 1432 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/05/12 07:42:36.0365 1432 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/05/12 07:42:36.0583 1432 dc3d (91c1736e77cff029302728b431d0eedb) C:\Windows\system32\DRIVERS\dc3d.sys
2011/05/12 07:42:36.0787 1432 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/12 07:42:36.0896 1432 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/12 07:42:37.0037 1432 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/12 07:42:37.0224 1432 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/12 07:42:37.0333 1432 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/12 07:42:37.0458 1432 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/12 07:42:37.0537 1432 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/05/12 07:42:37.0771 1432 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/12 07:42:37.0849 1432 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/12 07:42:37.0943 1432 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/12 07:42:38.0052 1432 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/12 07:42:38.0099 1432 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/12 07:42:38.0177 1432 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/12 07:42:38.0255 1432 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/12 07:42:38.0365 1432 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/05/12 07:42:38.0443 1432 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/12 07:42:38.0490 1432 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/12 07:42:38.0708 1432 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/05/12 07:42:38.0787 1432 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/12 07:42:38.0849 1432 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/12 07:42:38.0896 1432 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/12 07:42:38.0990 1432 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/12 07:42:39.0083 1432 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/05/12 07:42:39.0177 1432 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
2011/05/12 07:42:39.0240 1432 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/05/12 07:42:39.0318 1432 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/12 07:42:39.0458 1432 ialm (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/12 07:42:39.0646 1432 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/05/12 07:42:39.0818 1432 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/12 07:42:39.0927 1432 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/12 07:42:40.0005 1432 InCDfs (7bfc3eda22190c0fe8c2ca19e5379da5) C:\Windows\system32\drivers\InCDFs.sys
2011/05/12 07:42:40.0115 1432 InCDPass (fc4dbf18a4eb0d2fe3171471a3d0f9a8) C:\Windows\system32\drivers\InCDPass.sys
2011/05/12 07:42:40.0177 1432 InCDrec (f8e7c551def07fdc12ca5cc7ae5d975b) C:\Windows\system32\drivers\InCDrec.sys
2011/05/12 07:42:40.0271 1432 incdrm (31a5a3809249a326eb0ef58d563a9654) C:\Windows\system32\drivers\InCDRm.sys
2011/05/12 07:42:40.0443 1432 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/12 07:42:40.0505 1432 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/12 07:42:40.0646 1432 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/12 07:42:40.0787 1432 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/12 07:42:40.0896 1432 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/12 07:42:41.0099 1432 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/12 07:42:41.0208 1432 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/05/12 07:42:41.0349 1432 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/12 07:42:41.0505 1432 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/12 07:42:41.0599 1432 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/12 07:42:41.0693 1432 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/12 07:42:41.0771 1432 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/12 07:42:41.0896 1432 kl1 (ce3958f58547454884e97bda78cd7040) C:\Windows\system32\DRIVERS\kl1.sys
2011/05/12 07:42:41.0990 1432 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/12 07:42:42.0162 1432 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/12 07:42:42.0318 1432 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/12 07:42:42.0396 1432 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/12 07:42:42.0537 1432 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/12 07:42:42.0755 1432 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/12 07:42:42.0849 1432 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/05/12 07:42:42.0958 1432 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/12 07:42:43.0052 1432 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/12 07:42:43.0115 1432 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/12 07:42:43.0208 1432 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/12 07:42:43.0333 1432 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/12 07:42:43.0427 1432 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/05/12 07:42:43.0521 1432 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/12 07:42:43.0615 1432 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/12 07:42:43.0708 1432 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/12 07:42:43.0865 1432 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/12 07:42:44.0083 1432 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/12 07:42:44.0224 1432 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/12 07:42:44.0333 1432 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/05/12 07:42:44.0412 1432 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/05/12 07:42:44.0583 1432 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/12 07:42:44.0708 1432 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/12 07:42:44.0927 1432 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/12 07:42:45.0177 1432 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/12 07:42:45.0287 1432 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/12 07:42:45.0474 1432 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/12 07:42:45.0583 1432 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/12 07:42:45.0693 1432 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/12 07:42:45.0771 1432 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/12 07:42:45.0865 1432 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/12 07:42:45.0974 1432 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/12 07:42:46.0083 1432 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/12 07:42:46.0162 1432 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/12 07:42:46.0224 1432 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/12 07:42:46.0318 1432 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/12 07:42:46.0412 1432 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/12 07:42:46.0490 1432 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/12 07:42:46.0708 1432 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/12 07:42:46.0849 1432 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/12 07:42:46.0927 1432 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/12 07:42:47.0068 1432 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/12 07:42:47.0193 1432 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/12 07:42:47.0318 1432 NuidFltr (ef2b9a14ec5dd74ade3417faf1b45e16) C:\Windows\system32\DRIVERS\NuidFltr.sys
2011/05/12 07:42:47.0380 1432 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/12 07:42:47.0458 1432 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/05/12 07:42:47.0630 1432 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/05/12 07:42:47.0724 1432 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/05/12 07:42:48.0037 1432 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/05/12 07:42:48.0255 1432 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/05/12 07:42:48.0333 1432 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/12 07:42:48.0412 1432 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/05/12 07:42:48.0521 1432 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/12 07:42:48.0599 1432 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/05/12 07:42:48.0693 1432 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/12 07:42:48.0802 1432 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/12 07:42:49.0099 1432 Point32 (60a044879c4fa76314494f5fddc43b93) C:\Windows\system32\DRIVERS\point32.sys
2011/05/12 07:42:49.0224 1432 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/12 07:42:49.0333 1432 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/05/12 07:42:49.0521 1432 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/12 07:42:49.0646 1432 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/05/12 07:42:49.0740 1432 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/12 07:42:49.0849 1432 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/12 07:42:49.0943 1432 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/12 07:42:50.0052 1432 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/12 07:42:50.0146 1432 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/12 07:42:50.0224 1432 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/12 07:42:50.0412 1432 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/12 07:42:50.0490 1432 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/12 07:42:50.0615 1432 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/05/12 07:42:50.0693 1432 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/12 07:42:50.0802 1432 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/12 07:42:51.0037 1432 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/12 07:42:51.0271 1432 RTL8023xp (5e01ab8ab1acf8850b2d64a6fd068e46) C:\Windows\system32\DRIVERS\Rtnicxp.sys
2011/05/12 07:42:51.0380 1432 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/12 07:42:51.0568 1432 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/12 07:42:51.0662 1432 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/12 07:42:51.0802 1432 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/05/12 07:42:51.0896 1432 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/12 07:42:52.0083 1432 setup_9.0.0.722_11.05.2011_23-39drv (64d93ec1218765498c40619427a85a91) C:\Windows\system32\DRIVERS\4000772.sys
2011/05/12 07:42:52.0162 1432 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/05/12 07:42:52.0255 1432 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/12 07:42:52.0349 1432 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/12 07:42:52.0615 1432 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/12 07:42:52.0802 1432 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/05/12 07:42:52.0912 1432 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/05/12 07:42:53.0052 1432 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/05/12 07:42:53.0162 1432 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/12 07:42:53.0302 1432 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/12 07:42:53.0396 1432 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/05/12 07:42:53.0474 1432 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/12 07:42:53.0552 1432 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/12 07:42:53.0693 1432 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/12 07:42:53.0833 1432 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/12 07:42:53.0974 1432 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/12 07:42:54.0052 1432 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/12 07:42:54.0224 1432 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/05/12 07:42:54.0412 1432 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/12 07:42:54.0505 1432 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/12 07:42:54.0599 1432 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/12 07:42:54.0708 1432 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/12 07:42:54.0787 1432 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/12 07:42:55.0021 1432 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/12 07:42:55.0208 1432 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/12 07:42:55.0318 1432 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/12 07:42:55.0396 1432 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/12 07:42:55.0474 1432 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/05/12 07:42:55.0568 1432 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/12 07:42:55.0724 1432 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/12 07:42:55.0787 1432 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/05/12 07:42:55.0958 1432 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/12 07:42:56.0083 1432 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/12 07:42:56.0208 1432 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/12 07:42:56.0427 1432 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/05/12 07:42:56.0708 1432 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/12 07:42:56.0818 1432 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/12 07:42:56.0912 1432 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/12 07:42:57.0005 1432 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/12 07:42:57.0083 1432 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/12 07:42:57.0177 1432 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/12 07:42:57.0287 1432 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/12 07:42:57.0365 1432 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/12 07:42:57.0599 1432 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/12 07:42:57.0708 1432 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/12 07:42:57.0787 1432 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/05/12 07:42:57.0865 1432 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/05/12 07:42:57.0927 1432 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/05/12 07:42:58.0021 1432 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/12 07:42:58.0115 1432 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/12 07:42:58.0240 1432 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/12 07:42:58.0349 1432 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/05/12 07:42:58.0474 1432 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/12 07:42:58.0552 1432 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/12 07:42:58.0615 1432 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/12 07:42:58.0755 1432 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/05/12 07:42:58.0849 1432 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/12 07:42:59.0287 1432 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/12 07:42:59.0521 1432 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/12 07:42:59.0630 1432 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/12 07:42:59.0802 1432 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/12 07:43:00.0052 1432 ================================================================================
2011/05/12 07:43:00.0052 1432 Scan finished
2011/05/12 07:43:00.0052 1432 ================================================================================

#5
maliprog

Posted 12 May 2011 - 11:13 AM

Trusted Helper

Malware Removal
6,172 posts

Let's do some more scans.

Step 1

Download ComboFix here :

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\\ComboFix.txt log in your next reply.

Step 2

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Confirm deletion to all infection AVP finds
Once it has finished select report and post that.

Posted Image

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Step 3

Please don't forget to include these items in your reply:

Combofix log
AVPTool log

It would be helpful if you could post each log in separate post

#6
94jewels

Posted 12 May 2011 - 03:34 PM

Member

Topic Starter
Member
18 posts

Hi and sorry it took so long to reply. The scans took quite some time to complete. While the ComboFix scan was running a message popped up stating the "PEV.exe service has stopped working". I'm not sure what this does, but thought you might want to know.

#7
94jewels

Posted 12 May 2011 - 03:35 PM

Member

Topic Starter
Member
18 posts

ComboFix 11-05-11.04 - Julie 05/12/2011 10:45:33.2.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1015.382 [GMT -7:00]
Running from: c:\combofix\ComboFix.exe
Command switches used :: ComboFix
AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\2wire_dsl_setup_tool\2Wire_DSL_Setup_Tool.exe
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-04-12 to 2011-05-12 )))))))))))))))))))))))))))))))
.
.
2011-05-12 18:00 . 2011-05-12 18:01 -------- d-----w- c:\users\Julie\AppData\Local\temp
2011-05-12 18:00 . 2011-05-12 18:00 -------- d-----w- c:\users\Safety Account\AppData\Local\temp
2011-05-12 18:00 . 2011-05-12 18:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-05-12 18:00 . 2011-05-12 18:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-11 20:48 . 2009-10-22 20:54 37392 ----a-w- c:\windows\system32\drivers\40007722.sys
2011-05-11 20:48 . 2009-10-10 06:31 311312 ----a-w- c:\windows\system32\drivers\4000772.sys
2011-05-11 20:48 . 2009-09-26 00:59 128016 ----a-w- c:\windows\system32\drivers\40007721.sys
2011-05-11 03:03 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-10 18:54 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA309660-8B50-43F1-8507-B5F14592F4A6}\mpengine.dll
2011-04-29 02:57 . 2011-04-29 02:57 -------- d-----w- c:\program files\Common Files\Java
2011-04-29 02:01 . 2011-04-29 02:02 -------- d-----w- c:\users\Julie\AppData\Roaming\U3
2011-04-26 22:23 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-26 22:23 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-26 22:02 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-23 19:33 . 2011-04-23 19:36 -------- d-----w- c:\program files\Puran Defrag
2011-04-23 19:33 . 2011-04-08 23:09 229376 ----a-w- c:\windows\system32\PuranDefragS.exe
2011-04-23 19:33 . 2011-04-08 23:09 221184 ----a-w- c:\windows\system32\PuranDC.exe
2011-04-23 19:33 . 2011-04-08 23:09 1110016 ----a-w- c:\windows\system32\PuranFD.exe
2011-04-23 19:33 . 2011-04-08 23:09 107008 ----a-w- c:\windows\system32\PuranDefragBT.exe
2011-04-23 19:33 . 2010-01-27 20:58 212992 ----a-w- c:\windows\system32\PuranDefrag.dll
2011-04-16 17:27 . 2011-04-16 17:27 -------- d-----w- c:\program files\Common Files\xing shared
2011-04-13 00:12 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-13 00:12 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-04-12 23:57 . 2011-02-16 14:02 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-04-12 23:56 . 2011-02-16 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-12 23:51 . 2011-02-22 13:24 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-12 23:51 . 2011-02-22 13:24 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-12 23:51 . 2011-02-22 13:23 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-12 23:51 . 2011-02-22 13:23 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-12 23:48 . 2011-02-18 14:03 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-12 23:48 . 2011-02-18 14:03 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-12 23:48 . 2011-02-18 14:03 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-12 23:48 . 2011-03-02 15:44 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-12 23:48 . 2009-05-04 09:59 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-12 23:48 . 2011-03-03 13:25 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-04-12 23:48 . 2011-03-03 15:42 739328 ----a-w- c:\windows\system32\inetcomm.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-29 02:56 . 2010-04-16 04:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-29 02:47 . 2011-03-09 21:17 404128 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-04-16 17:26 . 2010-12-01 21:39 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-04-16 17:26 . 2008-04-16 15:30 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-03-11 15:24 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-03 15:40 . 2011-04-26 22:23 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-26 22:23 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-26 22:23 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-26 22:23 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-23 14:04 . 2010-09-09 20:37 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 14:04 . 2010-09-09 20:37 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 13:57 . 2010-09-09 20:38 101976 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-02-23 13:56 . 2010-09-09 20:39 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-23 13:56 . 2010-09-09 20:39 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 13:56 . 2010-09-09 20:37 192728 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-02-23 13:55 . 2010-09-09 20:37 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 13:55 . 2010-09-09 20:37 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 13:55 . 2010-09-09 20:37 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-23 13:54 . 2010-09-09 20:39 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-22 14:13 . 2011-03-23 00:44 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 00:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 00:44 797696 ----a-w- c:\windows\system32\FntCache.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-21 20:17 1233288 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-21 1233288]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-21 1233288]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-22 1797008]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-22 1778064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-04-16 273544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
c:\users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
setup_9.0.0.722_11.05.2011_23-39.lnk - c:\users\Julie\Desktop\Virus Removal Tool\setup_9.0.0.722_11.05.2011_23-39\startup.exe [2011-5-11 72208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Reboot.exe]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Reboot.exe
backup=c:\windows\pss\Reboot.exe.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ypagerps1]
del [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 20:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileHippo.com]
2010-08-09 12:47 248832 ----a-w- c:\program files\FileHippo.com\UpdateChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-12 04:13 166424 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-05-15 22:55 1057328 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-06 05:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
2008-04-18 00:22 249856 ----a-w- c:\program files\lg_fwupdate\fwupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 22:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-12 04:13 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 22:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-05-15 22:55 1628208 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2011-02-23 121000]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-23 136176]
R2 WLANBelkinService;Belkin WLAN service;c:\program files\Belkin\F7D4101\V1\wlansrv.exe [2009-12-29 36864]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh6.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-23 136176]
R3 netr73;Belkin Wireless 54G USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [x]
R3 utexndm2;AVZ Kernel Driver;c:\windows\system32\Drivers\utexndm2.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2011-04-08 229376]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 40007722;40007722 Boot Guard Driver;c:\windows\system32\DRIVERS\40007722.sys [2009-10-22 37392]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2010-09-07 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 40007721;40007721;c:\windows\system32\DRIVERS\40007721.sys [2009-09-26 128016]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 setup_9.0.0.722_11.05.2011_23-39drv;setup_9.0.0.722_11.05.2011_23-39drv;c:\windows\system32\DRIVERS\4000772.sys [2009-10-10 311312]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 AE1000;Linksys AE1000 Driver;c:\windows\system32\DRIVERS\ae1000va.sys [2010-02-12 836384]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-22 44432]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - KLMD25
*Deregistered* - klmd25
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-23 03:01]
.
2011-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-23 03:01]
.
2010-04-04 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2010-04-04 22:31]
.
2010-04-04 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2010-04-04 22:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
LSP: c:\windows\system32\wpclsp.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-Messenger (Yahoo!) - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
MSConfigStartUp-MSN Toolbar - c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-12 11:00
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-05-12 11:07:25
ComboFix-quarantined-files.txt 2011-05-12 18:07
.
Pre-Run: 125,119,381,504 bytes free
Post-Run: 125,851,566,080 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11
- - End Of File - - 29ACF1049CAC8F01E287B48435F7E064

#8
94jewels

Posted 12 May 2011 - 03:38 PM

Member

Topic Starter
Member
18 posts

The kaspersky scan showed no critical or important events. Would you like me to post the log report that includes all events? It is a huge file and thought I would check with you first.

#9
94jewels

Posted 12 May 2011 - 06:21 PM

Member

Topic Starter
Member
18 posts

Hi there,

I thought I would let you know that I had shutdown my computer for a time and turned it back on and another message appeared stating the "wlansrv.exe has stopped working". I'm not sure if this should be a concern or not, but became worried that two programs stopped working following the combofix scan.

#10
maliprog

Posted 13 May 2011 - 12:30 AM

Trusted Helper

Malware Removal
6,172 posts

Hi 94jewels,

PAV.exe is part of Combofix. Regarding wlansrv.exe....it probably has something to do with you system. How is your system now? Any changes?

Step 1

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply

Step 2

Go to Start -> My Computer
Right click on C: disk and clik on Properties
Click on tab Tools and click on Check now... button
Check Automatically fix system errors and Scan for and attempt recovery of bad sectors
Click Start button
Confirm schedule disk check next time computer starts with Yes button
Restart your system and wait while system checks your disk for errors

Step 3

Please don't forget to include these items in your reply:

aswMBR log

It would be helpful if you could post each log in separate post

#11
94jewels

Posted 13 May 2011 - 10:55 AM

Member

Topic Starter
Member
18 posts

Good morning,
Well, the computer is still running slowly. It locks up repeatedly and while accessing internet pages, fails to load due to the length of time it takes to load the webpage. When shutting down, it oftentimes gets stuck for a very long time and the only way to shutdown is to power off manually.

#12
94jewels

Posted 13 May 2011 - 10:56 AM

Member

Topic Starter
Member
18 posts

Here is the aswMBR log:

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-13 06:52:23
-----------------------------
06:52:23.867 OS Version: Windows 6.0.6002 Service Pack 2
06:52:23.867 Number of processors: 1 586 0x604
06:52:23.867 ComputerName: BARBARA-PC UserName: Julie
06:52:39.617 Initialize success
06:52:58.821 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3
06:52:58.821 Disk 0 Vendor: ST3160815AS 3.AAD Size: 152627MB BusType: 3
06:53:00.899 Disk 0 MBR read successfully
06:53:00.899 Disk 0 MBR scan
06:53:00.914 Disk 0 unknown MBR code
06:53:02.961 Disk 0 scanning sectors +312578048
06:53:03.024 Disk 0 scanning C:\Windows\system32\drivers
06:53:09.821 Service scanning
06:53:12.789 Disk 0 trace - called modules:
06:53:12.805 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys dxgkrnl.sys igdkmd32.sys
06:53:12.805 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85596ac8]
06:53:12.821 3 CLASSPNP.SYS[86ba28b3] -> nt!IofCallDriver -> [0x84ebd918]
06:53:12.821 5 acpi.sys[806896bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-3[0x84565030]
06:53:12.836 Scan finished successfully
06:53:50.126 Disk 0 MBR has been saved successfully to "C:\Users\Julie\Desktop\MBR.dat"
06:53:50.142 The log file has been saved successfully to "C:\Users\Julie\Desktop\aswMBR.txt"

#13
maliprog

Posted 13 May 2011 - 12:24 PM

Trusted Helper

Malware Removal
6,172 posts

OK. Let's check your system for errors. Please do step by step and check your system after each.

Do you use Internet Exporer of Firefox? Do you get errors in each of them.

Step 1

Go to Start -> My Computer
Right click on C: disk and clik on Properties
Click on tab Tools and click on Check now... button
Check Automatically fix system errors and Scan for and attempt recovery of bad sectors
Click Start button
Confirm schedule disk check next time computer starts with Yes button
Restart your system and wait while system checks your disk for errors

Test your system now.

Step 2

Please test your system in safe mode. Check web surfing too.

Please restart in safe mode:

If the computer is running, shut down Windows, and then turn off the power
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe mode with networking option is selected.
Press Enter. The computer then begins to start in Safe mode.

#14
94jewels

Posted 14 May 2011 - 01:33 PM

Member

Topic Starter
Member
18 posts

Good afternoon,

I ran the disk check and then started the computer in safe mode. The security center was disabled and would not allow me to activate it. The web loaded a little faster in safe mode, but once running in normal mode, the computer and the web took an extremely long time to load. The computer is working slower than it ever has and I am now getting popup windows where I hadn't before. Some items in my toolbar have disappeared and a calendar and time clock, which I have never seen before, pop up in the toolbar.