Very slow startup and very slow shut down

Inactive
By 1Wren1
Sep 29, 2012
  1. Hi,

    I have HP Laptop with Windows XP. The issue is that, as of last week, my laptop is taking a very long time (4 minutes or more) to startup. In addition, it does not seem to be running very well - slow - and it sometimes it takes a bit to shut off.

    I ran Malware bytes and found funmoods plus some other pup.installer programs. I attempted to remove them, after a three hour scan, but computer is still slow after the "removal."

    I'm ready to follow all instructions.

    Thanks in advance for taking a look.

    Wren
  2. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. 1Wren1

    1Wren1 Newcomer, in training Topic Starter

    Thanks! I'll get on it and post soon.
  4. 1Wren1

    1Wren1 Newcomer, in training Topic Starter

    Malwarebytes Anti-Malware (Trial) 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.09.29.01

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    HP Laptop :: HP-B8B7D3543EAB [administrator]

    Protection: Enabled

    9/29/2012 7:41:33 AM
    mbam-log-2012-09-29 (07-41-33).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 319989
    Time elapsed: 3 hour(s), 8 minute(s), 48 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 2
    HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: 05d89ed347c55680ad96e6d447c670c6 -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Documents and Settings\HP Laptop\My Documents\Downloads\video_downloader.exe (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully.
    C:\Program Files\v-Grabber\Uninstall.exe (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully.

    (end)
    ____________________________\\\\\\\\
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-09-29 14:16:20
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 FUJITSU_MHV2080AH rev.00840096
    Running: l6dyxc80.exe; Driver: C:\DOCUME~1\HPLAPT~1\LOCALS~1\Temp\pgndifoc.sys
    ---- Devices - GMER 1.0.15 ----
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    ---- EOF - GMER 1.0.15 ----
    -------------------------------------------------
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by HP Laptop at 14:18:44 on 2012-09-29
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.436 [GMT -7:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    svchost.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Documents and Settings\HP Laptop\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\HP Laptop\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\HP Laptop\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\HP Laptop\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\HP Laptop\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Google Update] "c:\documents and settings\hp laptop\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [KGShareApp] c:\program files\kodak\kodak share button app\KGShare_App.exe
    mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
    mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
    mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [KodakShareButtonApp] c:\program files\kodak\kodak share button app\Listener.exe
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{EAE34BBA-335C-4BB0-9370-DC92A4E09D99} : DhcpNameServer = 192.168.1.254
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    LSA: Authentication Packages = msv1_0 relog_ap
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-1-29 14776]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-29 399432]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-29 676936]
    R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2010-7-28 88192]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-29 22856]
    S0 cerc6;cerc6; [x]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-8-22 136176]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 250568]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-8-22 136176]
    S3 PCX500;Cisco Wireless LAN Adapters Driver;c:\windows\system32\drivers\pcx500.sys [2010-7-28 169984]
    .
    =============== Created Last 30 ================
    .
    2012-09-29 07:40:1522856----a-w-c:\windows\system32\drivers\mbam.sys
    2012-09-29 07:40:15--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2012-09-08 01:07:3073728----a-w-c:\windows\system32\javacpl.cpl
    2012-09-08 01:07:30477168----a-w-c:\windows\system32\npdeployJava1.dll
    2012-09-03 04:17:33159744----a-w-c:\program files\internet explorer\plugins\npqtplugin7.dll
    2012-09-03 04:17:33159744----a-w-c:\program files\internet explorer\plugins\npqtplugin6.dll
    2012-09-03 04:17:33159744----a-w-c:\program files\internet explorer\plugins\npqtplugin5.dll
    2012-09-03 04:17:33159744----a-w-c:\program files\internet explorer\plugins\npqtplugin4.dll
    2012-09-03 04:17:33159744----a-w-c:\program files\internet explorer\plugins\npqtplugin3.dll
    2012-09-03 04:17:33159744----a-w-c:\program files\internet explorer\plugins\npqtplugin2.dll
    2012-09-03 04:17:33159744----a-w-c:\program files\internet explorer\plugins\npqtplugin.dll
    2012-09-03 04:14:37--------d-----w-c:\documents and settings\hp laptop\local settings\application data\Apple
    .
    ==================== Find3M ====================
    .
    2012-09-08 01:07:05473072----a-w-c:\windows\system32\deployJava1.dll
    2012-08-28 15:14:53916992----a-w-c:\windows\system32\wininet.dll
    2012-08-28 15:14:5343520----a-w-c:\windows\system32\licmgr10.dll
    2012-08-28 15:14:521469440------w-c:\windows\system32\inetcpl.cpl
    2012-08-28 12:07:15385024----a-w-c:\windows\system32\html.iec
    2012-08-23 01:33:1873416----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-23 01:33:18696520----a-w-c:\windows\system32\FlashPlayerApp.exe
    2012-08-14 20:41:329232584----a-w-c:\windows\system32\FlashPlayerInstaller.exe
    2012-07-06 13:58:5178336----a-w-c:\windows\system32\browser.dll
    2012-07-04 14:05:18139784----a-w-c:\windows\system32\drivers\rdpwd.sys
    2012-07-03 13:40:151866112----a-w-c:\windows\system32\win32k.sys
    .
    ============= FINISH: 14:19:51.29 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/28/2010 5:39:49 PM
    System Uptime: 9/29/2012 11:08:00 AM (3 hours ago)
    .
    Motherboard: Hewlett-Packard | | 099C
    Processor: Intel(R) Pentium(R) M processor 2.00GHz | JP12 | 2000/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 75 GiB total, 35.078 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP324: 7/2/2012 6:20:27 PM - System Checkpoint
    RP325: 7/5/2012 7:20:38 PM - System Checkpoint
    RP326: 7/6/2012 7:25:59 PM - System Checkpoint
    RP327: 7/9/2012 2:01:11 PM - System Checkpoint
    RP328: 7/11/2012 6:53:30 PM - Software Distribution Service 3.0
    RP329: 7/11/2012 9:11:58 PM - Software Distribution Service 3.0
    RP330: 7/14/2012 12:39:27 PM - System Checkpoint
    RP331: 7/15/2012 3:08:27 PM - System Checkpoint
    RP332: 7/17/2012 6:37:19 PM - System Checkpoint
    RP333: 7/18/2012 8:03:21 PM - System Checkpoint
    RP334: 7/20/2012 12:27:53 PM - System Checkpoint
    RP335: 7/21/2012 7:48:30 PM - System Checkpoint
    RP336: 7/23/2012 11:14:24 AM - System Checkpoint
    RP337: 7/27/2012 6:26:44 PM - System Checkpoint
    RP338: 7/30/2012 12:07:14 PM - System Checkpoint
    RP339: 7/31/2012 3:19:42 PM - System Checkpoint
    RP340: 8/4/2012 9:40:27 AM - Installed KODAK Share Button App.
    RP341: 8/5/2012 10:39:02 AM - System Checkpoint
    RP342: 8/6/2012 1:31:28 PM - System Checkpoint
    RP343: 8/10/2012 5:48:21 PM - System Checkpoint
    RP344: 8/11/2012 6:48:41 PM - System Checkpoint
    RP345: 8/13/2012 1:25:45 PM - System Checkpoint
    RP346: 8/14/2012 8:34:17 PM - System Checkpoint
    RP347: 8/14/2012 9:47:58 PM - Software Distribution Service 3.0
    RP348: 8/16/2012 9:15:52 PM - System Checkpoint
    RP349: 8/18/2012 12:12:32 PM - System Checkpoint
    RP350: 8/20/2012 1:19:07 PM - System Checkpoint
    RP351: 8/21/2012 8:05:33 PM - System Checkpoint
    RP352: 8/23/2012 9:10:54 PM - System Checkpoint
    RP353: 8/25/2012 11:35:45 AM - System Checkpoint
    RP354: 8/26/2012 2:40:41 PM - System Checkpoint
    RP355: 8/31/2012 2:23:11 PM - System Checkpoint
    RP356: 9/1/2012 6:53:19 PM - System Checkpoint
    RP357: 9/2/2012 9:15:23 PM - Installed QuickTime
    RP358: 9/4/2012 7:32:15 PM - System Checkpoint
    RP359: 9/5/2012 8:33:14 PM - System Checkpoint
    RP360: 9/7/2012 11:49:52 AM - System Checkpoint
    RP361: 9/7/2012 6:05:54 PM - Removed Java(TM) 6 Update 31
    RP362: 9/7/2012 6:06:56 PM - Installed Java(TM) 6 Update 35
    RP363: 9/8/2012 6:58:22 PM - System Checkpoint
    RP364: 9/12/2012 9:32:06 PM - Software Distribution Service 3.0
    RP365: 9/14/2012 12:09:34 PM - System Checkpoint
    RP366: 9/21/2012 8:48:02 AM - Installed BCL ALLPDF Converter 3.0.
    RP367: 9/21/2012 5:51:06 PM - Removed BCL ALLPDF Converter 3.0.
    RP368: 9/21/2012 6:24:37 PM - Software Distribution Service 3.0
    RP369: 9/22/2012 6:43:45 PM - System Checkpoint
    RP370: 9/23/2012 6:45:28 PM - System Checkpoint
    RP371: 9/28/2012 4:13:46 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    AbiWord 2.8.6
    Acronis True Image Home
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.4)
    Agere Systems AC'97 Modem
    Amazon MP3 Downloader 1.0.12
    Apple Application Support
    Apple QuickTime Installer
    Apple Software Update
    Broadcom NetXtreme Ethernet Controller
    BufferChm
    CCleaner
    CCScore
    Compatibility Pack for the 2007 Office system
    CustomerResearchQFolder
    D2300
    D2300_Help
    DeviceManagementQFolder
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSPDock
    ESSSONIC
    ESSTOOLS
    essvatgt
    eSupportQFolder
    fflink
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB945060-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB981793)
    HP Customer Participation Program 7.0
    HP Imaging Device Functions 7.0
    HP Photosmart and Deskjet 7.0 Software
    HP Photosmart Essential
    HP Solution Center 7.0
    HP Update
    hph_ProductContext
    hph_readme
    hph_software
    hph_software_req
    HPPhotoSmartExpress
    HPProductAssistant
    Intel(R) Graphics Media Accelerator Driver for Mobile
    Java Auto Updater
    Java(TM) 6 Update 35
    JetClean
    kgcbaby
    kgcbase
    kgchday
    kgchlwn
    kgcinvt
    kgckids
    kgcmove
    kgcvday
    Kodak EasyShare software
    KODAK Picture CD
    KODAK Share Button App
    Malwarebytes Anti-Malware version 1.65.0.1400
    MarketResearch
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office Professional Edition 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Napster Download Manager
    Nero 7 Ultra Edition
    netbrdg
    OfotoXMI
    OpenOffice.org 3.3
    Quick Web Player
    QuickTime
    Security Task Manager 1.8d
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SFR
    SHASTA
    skin0001
    SKINXSDK
    Smart Defrag 2
    SolutionCenter
    SoundMAX
    staticcr
    Status
    Synaptics Pointing Device Driver
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    Toolbox
    tooltips
    TrayApp
    Unload
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB982632)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VPRINTOL
    WebFldrs XP
    WebReg
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    WIRELESS
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/29/2012 7:38:05 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
    9/29/2012 7:38:05 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/29/2012 11:11:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
    9/29/2012 11:11:30 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/29/2012 11:11:05 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
    9/25/2012 6:31:56 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0013CEDC9679. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    9/25/2012 6:31:51 PM, error: Dhcp [1002] - The IP address lease 192.168.1.65 for the Network Card with network address 0013CEDC9679 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    9/23/2012 12:33:56 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    9/23/2012 12:32:05 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    .
    ==== End Of File ===========================
  5. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ============================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ==============================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  6. 1Wren1

    1Wren1 Newcomer, in training Topic Starter

    07:25:46.0437 2788 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    07:25:47.0093 2788 ============================================================
    07:25:47.0093 2788 Current date / time: 2012/09/30 07:25:47.0093
    07:25:47.0093 2788 SystemInfo:
    07:25:47.0093 2788
    07:25:47.0093 2788 OS Version: 5.1.2600 ServicePack: 3.0
    07:25:47.0093 2788 Product type: Workstation
    07:25:47.0093 2788 ComputerName: HP-B8B7D3543EAB
    07:25:47.0093 2788 UserName: HP Laptop
    07:25:47.0093 2788 Windows directory: C:\WINDOWS
    07:25:47.0093 2788 System windows directory: C:\WINDOWS
    07:25:47.0093 2788 Processor architecture: Intel x86
    07:25:47.0093 2788 Number of processors: 1
    07:25:47.0093 2788 Page size: 0x1000
    07:25:47.0093 2788 Boot type: Normal boot
    07:25:47.0093 2788 ============================================================
    07:25:50.0234 2788 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
    07:25:50.0234 2788 ============================================================
    07:25:50.0234 2788 \Device\Harddisk0\DR0:
    07:25:50.0234 2788 MBR partitions:
    07:25:50.0234 2788 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E0D1
    07:25:50.0234 2788 ============================================================
    07:25:50.0281 2788 C: <-> \Device\Harddisk0\DR0\Partition1
    07:25:50.0281 2788 ============================================================
    07:25:50.0281 2788 Initialize success
    07:25:50.0281 2788 ============================================================
    07:25:53.0015 2092 ============================================================
    07:25:53.0015 2092 Scan started
    07:25:53.0015 2092 Mode: Manual;
    07:25:53.0015 2092 ============================================================
    07:25:55.0093 2092 ================ Scan system memory ========================
    07:25:55.0093 2092 System memory - ok
    07:25:55.0093 2092 ================ Scan services =============================
    07:25:55.0515 2092 Abiosdsk - ok
    07:25:55.0531 2092 abp480n5 - ok
    07:25:56.0031 2092 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    07:25:56.0156 2092 ACPI - ok
    07:25:56.0203 2092 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    07:25:56.0218 2092 ACPIEC - ok
    07:25:56.0453 2092 [ 93E118B465160D9D01907EA3350353CA ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    07:25:56.0562 2092 AcrSch2Svc - ok
    07:25:57.0890 2092 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    07:25:58.0031 2092 AdobeFlashPlayerUpdateSvc - ok
    07:25:58.0046 2092 adpu160m - ok
    07:25:58.0187 2092 [ AD707942E4CCB28D77CEE5ED989C9E55 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
    07:25:58.0234 2092 aeaudio - ok
    07:25:58.0437 2092 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    07:25:58.0515 2092 aec - ok
    07:25:58.0625 2092 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    07:25:58.0906 2092 AFD - ok
    07:25:59.0593 2092 [ 029E01CB2938BEC5AF31BF47B6AF0159 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
    07:26:00.0562 2092 AgereSoftModem - ok
    07:26:00.0578 2092 Aha154x - ok
    07:26:00.0578 2092 aic78u2 - ok
    07:26:00.0593 2092 aic78xx - ok
    07:26:00.0640 2092 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    07:26:00.0656 2092 Alerter - ok
    07:26:00.0937 2092 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
    07:26:00.0937 2092 ALG - ok
    07:26:00.0937 2092 AliIde - ok
    07:26:00.0937 2092 amsint - ok
    07:26:01.0062 2092 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    07:26:01.0171 2092 AppMgmt - ok
    07:26:01.0234 2092 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
    07:26:01.0265 2092 Arp1394 - ok
    07:26:01.0265 2092 asc - ok
    07:26:01.0281 2092 asc3350p - ok
    07:26:01.0281 2092 asc3550 - ok
    07:26:01.0312 2092 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    07:26:01.0328 2092 AsyncMac - ok
    07:26:01.0421 2092 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    07:26:01.0421 2092 atapi - ok
    07:26:01.0421 2092 Atdisk - ok
    07:26:01.0468 2092 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    07:26:01.0515 2092 Atmarpc - ok
    07:26:01.0562 2092 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    07:26:01.0578 2092 AudioSrv - ok
    07:26:01.0609 2092 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    07:26:01.0609 2092 audstub - ok
    07:26:02.0000 2092 [ 2DC524A5D9C4879E7A7CB7100A2D36B4 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    07:26:02.0125 2092 b57w2k - ok
    07:26:02.0187 2092 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    07:26:02.0203 2092 Beep - ok
    07:26:02.0578 2092 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
    07:26:03.0062 2092 BITS - ok
    07:26:03.0156 2092 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
    07:26:03.0187 2092 Browser - ok
    07:26:03.0218 2092 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    07:26:03.0234 2092 cbidf2k - ok
    07:26:03.0234 2092 cd20xrnt - ok
    07:26:03.0281 2092 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    07:26:03.0281 2092 Cdaudio - ok
    07:26:03.0359 2092 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    07:26:03.0406 2092 Cdfs - ok
    07:26:03.0484 2092 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    07:26:03.0515 2092 Cdrom - ok
    07:26:03.0531 2092 cerc6 - ok
    07:26:03.0531 2092 Changer - ok
    07:26:03.0546 2092 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    07:26:03.0562 2092 CiSvc - ok
    07:26:03.0593 2092 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    07:26:03.0625 2092 ClipSrv - ok
    07:26:03.0671 2092 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    07:26:03.0671 2092 CmBatt - ok
    07:26:03.0671 2092 CmdIde - ok
    07:26:03.0703 2092 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
    07:26:03.0703 2092 Compbatt - ok
    07:26:03.0703 2092 COMSysApp - ok
    07:26:03.0718 2092 Cpqarray - ok
    07:26:04.0031 2092 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    07:26:04.0062 2092 CryptSvc - ok
    07:26:04.0062 2092 dac2w2k - ok
    07:26:04.0078 2092 dac960nt - ok
    07:26:04.0359 2092 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    07:26:04.0375 2092 DcomLaunch - ok
    07:26:04.0468 2092 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    07:26:04.0531 2092 Dhcp - ok
    07:26:04.0578 2092 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    07:26:04.0593 2092 Disk - ok
    07:26:04.0609 2092 dmadmin - ok
    07:26:05.0359 2092 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    07:26:06.0093 2092 dmboot - ok
    07:26:06.0234 2092 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    07:26:06.0328 2092 dmio - ok
    07:26:06.0375 2092 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    07:26:06.0375 2092 dmload - ok
    07:26:06.0406 2092 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    07:26:06.0421 2092 dmserver - ok
    07:26:06.0500 2092 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    07:26:06.0531 2092 DMusic - ok
    07:26:06.0593 2092 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    07:26:06.0625 2092 Dnscache - ok
    07:26:06.0718 2092 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    07:26:06.0796 2092 Dot3svc - ok
    07:26:06.0812 2092 dpti2o - ok
    07:26:06.0828 2092 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    07:26:06.0828 2092 drmkaud - ok
    07:26:07.0109 2092 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    07:26:07.0125 2092 EapHost - ok
    07:26:07.0171 2092 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    07:26:07.0265 2092 ERSvc - ok
    07:26:08.0125 2092 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    07:26:08.0250 2092 Eventlog - ok
    07:26:08.0468 2092 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
    07:26:08.0593 2092 EventSystem - ok
    07:26:08.0718 2092 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    07:26:08.0812 2092 Fastfat - ok
    07:26:09.0156 2092 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    07:26:09.0250 2092 FastUserSwitchingCompatibility - ok
    07:26:09.0281 2092 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
    07:26:09.0296 2092 Fdc - ok
    07:26:09.0343 2092 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    07:26:09.0343 2092 Fips - ok
    07:26:09.0375 2092 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
    07:26:09.0390 2092 Flpydisk - ok
    07:26:09.0515 2092 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    07:26:09.0593 2092 FltMgr - ok
    07:26:09.0625 2092 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    07:26:09.0625 2092 Fs_Rec - ok
    07:26:09.0718 2092 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    07:26:09.0796 2092 Ftdisk - ok
    07:26:09.0843 2092 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    07:26:09.0875 2092 Gpc - ok
    07:26:10.0125 2092 [ CA835331825599B938E37525796D3549 ] GTIPCI21 C:\WINDOWS\system32\DRIVERS\gtipci21.sys
    07:26:10.0312 2092 GTIPCI21 - ok
    07:26:10.0531 2092 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    07:26:10.0609 2092 gupdate - ok
    07:26:10.0687 2092 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    07:26:10.0687 2092 gupdatem - ok
    07:26:10.0859 2092 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    07:26:11.0218 2092 gusvc - ok
    07:26:11.0328 2092 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    07:26:11.0343 2092 helpsvc - ok
    07:26:11.0343 2092 HidServ - ok
    07:26:11.0390 2092 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    07:26:11.0406 2092 HidUsb - ok
    07:26:11.0468 2092 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    07:26:11.0515 2092 hkmsvc - ok
    07:26:11.0515 2092 hpn - ok
    07:26:11.0718 2092 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    07:26:11.0828 2092 HTTP - ok
    07:26:11.0890 2092 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    07:26:11.0906 2092 HTTPFilter - ok
    07:26:11.0906 2092 i2omgmt - ok
    07:26:11.0921 2092 i2omp - ok
    07:26:11.0984 2092 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    07:26:12.0125 2092 i8042prt - ok
    07:26:13.0703 2092 [ 9E52A1C2E2D7660612C52BC282259852 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    07:26:14.0656 2092 ialm - ok
    07:26:14.0703 2092 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    07:26:14.0734 2092 Imapi - ok
    07:26:14.0859 2092 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    07:26:14.0921 2092 ImapiService - ok
    07:26:14.0921 2092 ini910u - ok
    07:26:14.0968 2092 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
    07:26:14.0968 2092 IntelIde - ok
    07:26:15.0046 2092 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    07:26:15.0062 2092 intelppm - ok
    07:26:15.0093 2092 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    07:26:15.0125 2092 Ip6Fw - ok
    07:26:15.0421 2092 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    07:26:15.0421 2092 IpFilterDriver - ok
    07:26:15.0437 2092 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    07:26:15.0453 2092 IpInIp - ok
    07:26:15.0562 2092 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    07:26:15.0656 2092 IpNat - ok
    07:26:15.0718 2092 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    07:26:15.0765 2092 IPSec - ok
    07:26:15.0828 2092 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
    07:26:15.0890 2092 irda - ok
    07:26:15.0921 2092 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    07:26:15.0921 2092 IRENUM - ok
    07:26:15.0968 2092 [ 49CC4533CE897CB2E93C1E84A818FDE5 ] Irmon C:\WINDOWS\System32\irmon.dll
    07:26:15.0984 2092 Irmon - ok
    07:26:16.0015 2092 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    07:26:16.0046 2092 isapnp - ok
    07:26:16.0500 2092 [ 0E410EDC8D0527801B899CF29E60597C ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
    07:26:16.0593 2092 JavaQuickStarterService - ok
    07:26:16.0640 2092 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    07:26:16.0656 2092 Kbdclass - ok
    07:26:16.0781 2092 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    07:26:16.0781 2092 kmixer - ok
    07:26:16.0875 2092 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    07:26:16.0890 2092 KSecDD - ok
    07:26:16.0984 2092 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
    07:26:17.0031 2092 LanmanServer - ok
    07:26:17.0390 2092 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    07:26:17.0468 2092 lanmanworkstation - ok
    07:26:17.0468 2092 lbrtfdc - ok
    07:26:17.0531 2092 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    07:26:17.0531 2092 LmHosts - ok
    07:26:17.0593 2092 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
    07:26:17.0593 2092 MBAMProtector - ok
    07:26:17.0875 2092 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    07:26:18.0125 2092 MBAMScheduler - ok
    07:26:18.0796 2092 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    07:26:19.0437 2092 MBAMService - ok
    07:26:19.0484 2092 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    07:26:19.0500 2092 Messenger - ok
    07:26:19.0531 2092 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    07:26:19.0546 2092 mnmdd - ok
    07:26:19.0609 2092 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    07:26:19.0625 2092 mnmsrvc - ok
    07:26:19.0671 2092 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    07:26:19.0687 2092 Modem - ok
    07:26:19.0750 2092 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    07:26:19.0765 2092 Mouclass - ok
    07:26:19.0812 2092 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    07:26:19.0812 2092 mouhid - ok
    07:26:19.0859 2092 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    07:26:19.0890 2092 MountMgr - ok
    07:26:19.0890 2092 mraid35x - ok
    07:26:20.0031 2092 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    07:26:20.0140 2092 MRxDAV - ok
    07:26:20.0687 2092 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    07:26:20.0921 2092 MRxSmb - ok
    07:26:20.0968 2092 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    07:26:20.0968 2092 MSDTC - ok
    07:26:21.0000 2092 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    07:26:21.0015 2092 Msfs - ok
    07:26:21.0015 2092 MSIServer - ok
    07:26:21.0062 2092 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    07:26:21.0125 2092 MSKSSRV - ok
    07:26:21.0140 2092 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    07:26:21.0140 2092 MSPCLOCK - ok
    07:26:21.0390 2092 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    07:26:21.0406 2092 MSPQM - ok
    07:26:21.0453 2092 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    07:26:21.0468 2092 mssmbios - ok
    07:26:21.0578 2092 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    07:26:21.0593 2092 Mup - ok
    07:26:21.0796 2092 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    07:26:21.0984 2092 napagent - ok
    07:26:22.0875 2092 [ 87A00FAEDD703D8D2BDCB29CE5EEEA6B ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    07:26:23.0609 2092 NBService - ok
    07:26:23.0750 2092 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    07:26:23.0859 2092 NDIS - ok
    07:26:23.0906 2092 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    07:26:23.0906 2092 NdisTapi - ok
    07:26:23.0937 2092 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    07:26:23.0953 2092 Ndisuio - ok
    07:26:24.0046 2092 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    07:26:24.0109 2092 NdisWan - ok
    07:26:24.0187 2092 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    07:26:24.0187 2092 NDProxy - ok
    07:26:24.0484 2092 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    07:26:24.0515 2092 NetBIOS - ok
    07:26:24.0625 2092 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    07:26:24.0718 2092 NetBT - ok
    07:26:24.0828 2092 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    07:26:24.0906 2092 NetDDE - ok
    07:26:24.0968 2092 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    07:26:24.0968 2092 NetDDEdsdm - ok
    07:26:25.0000 2092 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    07:26:25.0000 2092 Netlogon - ok
    07:26:25.0156 2092 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    07:26:25.0500 2092 Netman - ok
    07:26:25.0593 2092 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
    07:26:25.0625 2092 NIC1394 - ok
    07:26:25.0796 2092 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    07:26:25.0796 2092 Nla - ok
    07:26:25.0875 2092 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    07:26:25.0890 2092 Npfs - ok
    07:26:26.0515 2092 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    07:26:26.0890 2092 Ntfs - ok
    07:26:26.0921 2092 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    07:26:26.0921 2092 NtLmSsp - ok
    07:26:27.0203 2092 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    07:26:27.0859 2092 NtmsSvc - ok
    07:26:27.0875 2092 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    07:26:27.0875 2092 Null - ok
    07:26:27.0937 2092 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    07:26:27.0937 2092 NwlnkFlt - ok
    07:26:27.0984 2092 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    07:26:28.0000 2092 NwlnkFwd - ok
    07:26:28.0078 2092 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    07:26:28.0156 2092 ohci1394 - ok
    07:26:28.0265 2092 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    07:26:28.0656 2092 ose - ok
    07:26:28.0812 2092 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
    07:26:28.0859 2092 Parport - ok
    07:26:28.0890 2092 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    07:26:28.0890 2092 PartMgr - ok
    07:26:28.0937 2092 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    07:26:28.0953 2092 ParVdm - ok
    07:26:29.0015 2092 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    07:26:29.0046 2092 PCI - ok
    07:26:29.0062 2092 PCIDump - ok
    07:26:29.0078 2092 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
    07:26:29.0078 2092 PCIIde - ok
    07:26:29.0218 2092 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    07:26:29.0578 2092 Pcmcia - ok
    07:26:29.0734 2092 [ 592B9D0FB93647C35B6F6883C988D225 ] PCX500 C:\WINDOWS\system32\DRIVERS\pcx500.sys
    07:26:29.0843 2092 PCX500 - ok
    07:26:29.0843 2092 PDCOMP - ok
    07:26:29.0843 2092 PDFRAME - ok
    07:26:29.0859 2092 PDRELI - ok
    07:26:29.0859 2092 PDRFRAME - ok
    07:26:29.0875 2092 perc2 - ok
    07:26:29.0875 2092 perc2hib - ok
    07:26:29.0968 2092 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    07:26:29.0968 2092 PlugPlay - ok
    07:26:30.0062 2092 [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
    07:26:30.0109 2092 Pml Driver HPZ12 - ok
    07:26:30.0140 2092 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    07:26:30.0140 2092 PolicyAgent - ok
    07:26:30.0218 2092 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    07:26:30.0234 2092 PptpMiniport - ok
    07:26:30.0250 2092 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    07:26:30.0250 2092 ProtectedStorage - ok
    07:26:30.0328 2092 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    07:26:30.0625 2092 PSched - ok
    07:26:30.0671 2092 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    07:26:30.0687 2092 Ptilink - ok
    07:26:30.0765 2092 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
    07:26:30.0796 2092 PxHelp20 - ok
    07:26:30.0796 2092 ql1080 - ok
    07:26:30.0796 2092 Ql10wnt - ok
    07:26:30.0812 2092 ql12160 - ok
    07:26:30.0812 2092 ql1240 - ok
    07:26:30.0828 2092 ql1280 - ok
    07:26:30.0875 2092 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    07:26:30.0875 2092 RasAcd - ok
    07:26:30.0953 2092 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    07:26:31.0031 2092 RasAuto - ok
    07:26:31.0093 2092 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
    07:26:31.0093 2092 Rasirda - ok
    07:26:31.0156 2092 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    07:26:31.0187 2092 Rasl2tp - ok
    07:26:31.0578 2092 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    07:26:31.0671 2092 RasMan - ok
    07:26:31.0703 2092 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    07:26:31.0734 2092 RasPppoe - ok
    07:26:31.0765 2092 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    07:26:31.0781 2092 Raspti - ok
    07:26:31.0921 2092 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    07:26:32.0031 2092 Rdbss - ok
    07:26:32.0062 2092 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    07:26:32.0062 2092 RDPCDD - ok
    07:26:32.0234 2092 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    07:26:32.0593 2092 rdpdr - ok
    07:26:32.0734 2092 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    07:26:32.0828 2092 RDPWD - ok
    07:26:32.0937 2092 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    07:26:33.0015 2092 RDSessMgr - ok
    07:26:33.0078 2092 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    07:26:33.0109 2092 redbook - ok
    07:26:33.0328 2092 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    07:26:33.0609 2092 RemoteAccess - ok
    07:26:33.0765 2092 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    07:26:33.0796 2092 RemoteRegistry - ok
    07:26:33.0890 2092 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
    07:26:33.0953 2092 RpcLocator - ok
    07:26:34.0203 2092 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
    07:26:34.0218 2092 RpcSs - ok
    07:26:34.0343 2092 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    07:26:34.0687 2092 RSVP - ok
    07:26:34.0718 2092 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    07:26:34.0718 2092 SamSs - ok
    07:26:34.0875 2092 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    07:26:34.0953 2092 SCardSvr - ok
    07:26:35.0140 2092 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    07:26:35.0250 2092 Schedule - ok
    07:26:35.0328 2092 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
    07:26:35.0640 2092 sdbus - ok
    07:26:35.0703 2092 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    07:26:35.0718 2092 Secdrv - ok
    07:26:36.0375 2092 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    07:26:36.0390 2092 seclogon - ok
    07:26:36.0671 2092 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    07:26:36.0687 2092 SENS - ok
    07:26:36.0718 2092 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    07:26:36.0734 2092 serenum - ok
    07:26:36.0812 2092 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
    07:26:36.0843 2092 Serial - ok
    07:26:36.0875 2092 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    07:26:36.0875 2092 Sfloppy - ok
    07:26:37.0093 2092 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    07:26:37.0281 2092 SharedAccess - ok
    07:26:37.0390 2092 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    07:26:37.0390 2092 ShellHWDetection - ok
    07:26:37.0390 2092 Simbad - ok
    07:26:37.0703 2092 [ 14BB60A4F1C5291217A05D5728C403E6 ] SmartDefragDriver C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
    07:26:37.0718 2092 SmartDefragDriver - ok
    07:26:37.0765 2092 [ 707647A1AA0EDB6CBEF61B0C75C28ED3 ] SMCIRDA C:\WINDOWS\system32\DRIVERS\smcirda.sys
    07:26:37.0796 2092 SMCIRDA - ok
    07:26:38.0000 2092 [ 858934C454BDC6664C752BF0CD3EAEAE ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
    07:26:38.0125 2092 smwdm - ok
    07:26:38.0234 2092 [ E78C98378A071CE4D48A7C514FA98FA1 ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys
    07:26:38.0312 2092 snapman - ok
    07:26:38.0390 2092 [ 3978F082274F723AD5A0A8058C2417DD ] SoundMAX Agent Service (default) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    07:26:38.0656 2092 SoundMAX Agent Service (default) - ok
    07:26:38.0656 2092 Sparrow - ok
    07:26:38.0703 2092 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    07:26:38.0718 2092 splitter - ok
    07:26:38.0812 2092 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    07:26:38.0843 2092 Spooler - ok
    07:26:38.0921 2092 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    07:26:38.0968 2092 sr - ok
    07:26:39.0078 2092 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    07:26:39.0187 2092 srservice - ok
    07:26:39.0703 2092 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    07:26:39.0890 2092 Srv - ok
    07:26:40.0000 2092 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    07:26:40.0015 2092 SSDPSRV - ok
    07:26:40.0281 2092 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    07:26:40.0718 2092 stisvc - ok
    07:26:40.0750 2092 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    07:26:40.0750 2092 swenum - ok
    07:26:40.0812 2092 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    07:26:40.0843 2092 swmidi - ok
    07:26:40.0859 2092 SwPrv - ok
    07:26:40.0859 2092 symc810 - ok
    07:26:40.0875 2092 symc8xx - ok
    07:26:40.0875 2092 sym_hi - ok
    07:26:40.0890 2092 sym_u3 - ok
    07:26:41.0125 2092 [ B828ECD5AC65A37E0043BFDD8BD692D4 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
    07:26:41.0281 2092 SynTP - ok
    07:26:41.0343 2092 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    07:26:41.0390 2092 sysaudio - ok
    07:26:41.0718 2092 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    07:26:41.0781 2092 SysmonLog - ok
    07:26:41.0968 2092 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    07:26:42.0093 2092 TapiSrv - ok
    07:26:42.0390 2092 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    07:26:42.0812 2092 Tcpip - ok
    07:26:42.0875 2092 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    07:26:42.0906 2092 TDPIPE - ok
    07:26:42.0968 2092 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    07:26:42.0984 2092 TDTCP - ok
    07:26:43.0031 2092 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    07:26:43.0109 2092 TermDD - ok
    07:26:43.0375 2092 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    07:26:43.0843 2092 TermService - ok
    07:26:43.0937 2092 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    07:26:43.0953 2092 Themes - ok
    07:26:44.0109 2092 [ F779BA4CD37963AB4600C9871B7752A3 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
    07:26:44.0109 2092 tifm21 - ok
    07:26:44.0281 2092 [ D352FFF2A623B916C08CEACBFC8B5C32 ] tifsfilter C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
    07:26:44.0281 2092 tifsfilter - ok
    07:26:44.0765 2092 [ 64694B2A5C772E1C61FEAC300ED90CA6 ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys
    07:26:45.0000 2092 timounter - ok
    07:26:45.0109 2092 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
    07:26:45.0156 2092 TlntSvr - ok
    07:26:45.0171 2092 TosIde - ok
    07:26:45.0250 2092 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    07:26:45.0296 2092 TrkWks - ok
    07:26:45.0359 2092 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    07:26:45.0390 2092 Udfs - ok
    07:26:45.0406 2092 ultra - ok
    07:26:45.0890 2092 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    07:26:46.0140 2092 Update - ok
    07:26:46.0281 2092 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    07:26:46.0390 2092 upnphost - ok
    07:26:46.0437 2092 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    07:26:46.0812 2092 UPS - ok
    07:26:48.0093 2092 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    07:26:48.0140 2092 usbccgp - ok
    07:26:48.0171 2092 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    07:26:48.0203 2092 usbehci - ok
    07:26:48.0281 2092 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    07:26:48.0312 2092 usbhub - ok
    07:26:48.0359 2092 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    07:26:48.0375 2092 usbprint - ok
    07:26:48.0437 2092 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    07:26:48.0453 2092 usbscan - ok
    07:26:48.0531 2092 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    07:26:48.0546 2092 USBSTOR - ok
    07:26:48.0687 2092 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    07:26:48.0828 2092 usbuhci - ok
    07:26:48.0875 2092 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    07:26:48.0890 2092 VgaSave - ok
    07:26:48.0890 2092 ViaIde - ok
    07:26:48.0953 2092 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    07:26:48.0984 2092 VolSnap - ok
    07:26:49.0203 2092 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    07:26:49.0375 2092 VSS - ok
    07:26:51.0218 2092 [ D6006DE6A6ED423D8016A03BC50CBE6B ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys
    07:26:53.0125 2092 w29n51 - ok
    07:26:53.0328 2092 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
    07:26:53.0437 2092 W32Time - ok
    07:26:53.0484 2092 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    07:26:53.0515 2092 Wanarp - ok
    07:26:53.0515 2092 WDICA - ok
    07:26:53.0593 2092 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    07:26:53.0640 2092 wdmaud - ok
    07:26:53.0718 2092 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    07:26:54.0015 2092 WebClient - ok
    07:26:54.0234 2092 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    07:26:54.0312 2092 winmgmt - ok
    07:26:54.0375 2092 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    07:26:54.0406 2092 WmdmPmSN - ok
    07:26:55.0000 2092 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
    07:26:55.0015 2092 Wmi - ok
    07:26:55.0046 2092 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    07:26:55.0046 2092 WmiAcpi - ok
    07:26:55.0171 2092 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    07:26:55.0250 2092 WmiApSrv - ok
    07:26:55.0906 2092 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
    07:26:56.0468 2092 WMPNetworkSvc - ok
    07:26:56.0578 2092 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    07:26:56.0640 2092 wscsvc - ok
    07:26:56.0687 2092 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    07:26:56.0968 2092 wuauserv - ok
    07:26:57.0046 2092 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    07:26:57.0093 2092 WudfPf - ok
    07:26:57.0187 2092 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    07:26:57.0234 2092 WudfRd - ok
    07:26:57.0312 2092 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    07:26:57.0343 2092 WudfSvc - ok
    07:26:57.0703 2092 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    07:26:58.0031 2092 WZCSVC - ok
    07:26:58.0171 2092 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    07:26:58.0250 2092 xmlprov - ok
    07:26:58.0281 2092 ================ Scan global ===============================
    07:26:58.0468 2092 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    07:26:58.0796 2092 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    07:26:59.0109 2092 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    07:26:59.0203 2092 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    07:26:59.0203 2092 [Global] - ok
    07:26:59.0203 2092 ================ Scan MBR ==================================
    07:26:59.0250 2092 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    07:27:00.0671 2092 \Device\Harddisk0\DR0 - ok
    07:27:00.0687 2092 ================ Scan VBR ==================================
    07:27:00.0687 2092 [ 43C84164637EB1294F770489A450427C ] \Device\Harddisk0\DR0\Partition1
    07:27:00.0687 2092 \Device\Harddisk0\DR0\Partition1 - ok
    07:27:00.0703 2092 ============================================================
    07:27:00.0703 2092 Scan finished
    07:27:00.0703 2092 ============================================================
    07:27:00.0703 2600 Detected object count: 0
    07:27:00.0703 2600 Actual detected object count: 0
    ================
  7. 1Wren1

    1Wren1 Newcomer, in training Topic Starter

    RogueKiller V8.1.0 [09/28/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : HP Laptop [Admin rights]
    Mode : Scan -- Date : 09/30/2012 07:32:08

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 1 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 localhost
    127.0.0.1 mpa.one.microsoft.com


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: FUJITSU MHV2080AH +++++
    --- User ---
    [MBR] 228ea168b26c4ea6a8fa94f60c9e52d5
    [BSP] 5d8d4cc451f842aaeede96d5c46aae4a : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt
  8. 1Wren1

    1Wren1 Newcomer, in training Topic Starter

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-30 07:35:50
    -----------------------------
    07:35:50.703 OS Version: Windows 5.1.2600 Service Pack 3
    07:35:50.703 Number of processors: 1 586 0xD08
    07:35:50.703 ComputerName: HP-B8B7D3543EAB UserName: HP Laptop
    07:35:53.796 Initialize success
    07:36:06.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
    07:36:06.640 Disk 0 Vendor: FUJITSU_MHV2080AH 00840096 Size: 76319MB BusType: 3
    07:36:06.671 Disk 0 MBR read successfully
    07:36:06.671 Disk 0 MBR scan
    07:36:06.671 Disk 0 Windows XP default MBR code
    07:36:06.671 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63
    07:36:06.687 Disk 0 scanning sectors +156295440
    07:36:06.828 Disk 0 scanning C:\WINDOWS\system32\drivers
    07:36:28.109 Service scanning
    07:37:11.484 Modules scanning
    07:37:32.578 Disk 0 trace - called modules:
    07:37:32.593 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys
    07:37:32.593 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864e5ab8]
    07:37:32.593 3 CLASSPNP.SYS[f75e7fd7] -> nt!IofCallDriver -> \Device\00000080[0x865509e8]
    07:37:33.125 5 ACPI.sys[f745e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x864ead98]
    07:37:33.125 Scan finished successfully
    07:39:19.343 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP Laptop\Desktop\MBR.dat"
    07:39:19.343 The log file has been saved successfully to "C:\Documents and Settings\HP Laptop\Desktop\aswMBR.txt"
  9. 1Wren1

    1Wren1 Newcomer, in training Topic Starter

    Okay - all steps followed except I accidentally did not say okay to Avast! Thanks for helping me again.
  10. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ================================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If restarting doesn't help use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  11. 1Wren1

    1Wren1 Newcomer, in training Topic Starter

    It says I have AVG running but I can't find AVG. If I have it, I don't see it and I can't find it. I attempted it again and it gave me the same message as well as a new message saying I couldn't rename combofix.exe as combofix.exe1 or something like that - only I had not attempted to rename it at all. I did handle the restore point instructions so we are all set there.
     
  12. 1Wren1

    1Wren1 Newcomer, in training Topic Starter

    ComboFix 12-09-30.01 - HP Laptop 09/30/2012 9:19.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.594 [GMT -7:00]
    Running from: c:\documents and settings\HP Laptop\My Documents\Downloads\Wren_one.exe
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\program files\Search Toolbar
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-30 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-29 07:40 . 2012-09-29 07:40--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2012-09-29 07:40 . 2012-09-08 00:0422856----a-w-c:\windows\system32\drivers\mbam.sys
    2012-09-08 01:07 . 2012-09-08 01:0773728----a-w-c:\windows\system32\javacpl.cpl
    2012-09-08 01:07 . 2012-09-08 01:07477168----a-w-c:\windows\system32\npdeployJava1.dll
    2012-09-08 01:05 . 2012-09-08 01:05--------d-----w-c:\documents and settings\All Users\Application Data\McAfee
    2012-09-03 04:17 . 2012-09-03 04:17159744----a-w-c:\program files\Internet Explorer\plugins\npqtplugin7.dll
    2012-09-03 04:17 . 2012-09-03 04:17159744----a-w-c:\program files\Internet Explorer\plugins\npqtplugin6.dll
    2012-09-03 04:17 . 2012-09-03 04:17159744----a-w-c:\program files\Internet Explorer\plugins\npqtplugin5.dll
    2012-09-03 04:17 . 2012-09-03 04:17159744----a-w-c:\program files\Internet Explorer\plugins\npqtplugin4.dll
    2012-09-03 04:17 . 2012-09-03 04:17159744----a-w-c:\program files\Internet Explorer\plugins\npqtplugin3.dll
    2012-09-03 04:17 . 2012-09-03 04:17159744----a-w-c:\program files\Internet Explorer\plugins\npqtplugin2.dll
    2012-09-03 04:17 . 2012-09-03 04:17159744----a-w-c:\program files\Internet Explorer\plugins\npqtplugin.dll
    2012-09-03 04:16 . 2012-09-03 04:17--------d-----w-c:\program files\QuickTime
    2012-09-03 04:16 . 2012-09-03 04:16--------d-----w-c:\documents and settings\All Users\Application Data\Apple Computer
    2012-09-03 04:14 . 2012-09-03 04:14--------d-----w-c:\program files\Common Files\Apple
    2012-09-03 04:14 . 2012-09-03 04:14--------d-----w-c:\documents and settings\HP Laptop\Local Settings\Application Data\Apple
    2012-09-03 04:14 . 2012-09-03 04:14--------d-----w-c:\program files\Apple Software Update
    2012-09-03 04:14 . 2012-09-03 04:14--------d-----w-c:\documents and settings\All Users\Application Data\Apple
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-08 01:07 . 2011-03-18 03:45473072----a-w-c:\windows\system32\deployJava1.dll
    2012-08-28 15:14 . 2008-04-13 23:00916992----a-w-c:\windows\system32\wininet.dll
    2012-08-28 15:14 . 2008-04-13 23:0043520----a-w-c:\windows\system32\licmgr10.dll
    2012-08-28 15:14 . 2008-04-13 23:001469440------w-c:\windows\system32\inetcpl.cpl
    2012-08-28 12:07 . 2008-04-13 23:00385024----a-w-c:\windows\system32\html.iec
    2012-08-23 01:33 . 2012-03-31 17:59696520----a-w-c:\windows\system32\FlashPlayerApp.exe
    2012-08-23 01:33 . 2011-05-15 19:0273416----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-14 20:41 . 2012-07-27 02:419232584----a-w-c:\windows\system32\FlashPlayerInstaller.exe
    2012-07-06 13:58 . 2008-04-13 23:0078336----a-w-c:\windows\system32\browser.dll
    2012-07-04 14:05 . 2010-07-29 00:32139784----a-w-c:\windows\system32\drivers\rdpwd.sys
    2012-07-03 13:40 . 2008-04-13 23:001866112----a-w-c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "KGShareApp"="c:\program files\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-06-26 394752]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2007-06-19 101144]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2007-06-19 84760]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2007-06-19 125720]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-14 815104]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-11-16 88209]
    "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-17 1164912]
    "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-17 1941784]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "KodakShareButtonApp"="c:\program files\Kodak\KODAK Share Button App\Listener.exe" [2012-06-26 108032]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
    Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^HP Laptop^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
    path=c:\documents and settings\HP Laptop\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
    backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\removeiMeshdatamngr]
    RD [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\removeiMeshtoolbar]
    RD [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
    2006-10-17 04:1387584----a-w-c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2012-07-27 20:5135768----a-w-c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2011-05-09 23:16136176----atw-c:\documents and settings\HP Laptop\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2006-01-12 22:40155648----a-w-c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2012-01-18 21:02254696----a-w-c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2012-08-23 01:3339408----a-w-c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "JavaQuickStarterService"=2 (0x2)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    .
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [1/29/2011 8:21 PM 14776]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/29/2012 12:40 AM 399432]
    R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [7/28/2010 6:04 PM 88192]
    S0 cerc6;cerc6; [x]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/22/2012 6:33 PM 136176]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/29/2012 12:40 AM 676936]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/31/2012 10:59 AM 250568]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/22/2012 6:33 PM 136176]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/29/2012 12:40 AM 22856]
    S3 PCX500;Cisco Wireless LAN Adapters Driver;c:\windows\system32\drivers\pcx500.sys [7/28/2010 5:55 PM 169984]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 84935594
    *NewlyCreated* - ASWMBR
    *NewlyCreated* - TRUESIGHT
    *Deregistered* - 84935594
    *Deregistered* - aswMBR
    *Deregistered* - TrueSight
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-30 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 01:33]
    .
    2012-09-03 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
    .
    2012-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-08-23 01:33]
    .
    2012-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-08-23 01:33]
    .
    2012-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1390067357-1801674531-1003Core.job
    - c:\documents and settings\HP Laptop\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-09 23:16]
    .
    2012-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1390067357-1801674531-1003UA.job
    - c:\documents and settings\HP Laptop\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-09 23:16]
    .
    2012-09-30 c:\windows\Tasks\SmartDefrag_Startup.job
    - c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-01-30 01:14]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.254
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    Toolbar-10 - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    MSConfigStartUp-Advanced SystemCare 3 - c:\program files\IObit\Advanced SystemCare 3\AWC.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-09-30 09:28
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    .
    c:\docume~1\HPLAPT~1\LOCALS~1\Temp\Perflib_Perfdata_678.dat 16384 bytes
    .
    scan completed successfully
    hidden files: 1
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(1084)
    c:\windows\system32\relog_ap.dll
    .
    Completion time: 2012-09-30 09:31:59
    ComboFix-quarantined-files.txt 2012-09-30 16:31
    .
    Pre-Run: 37,368,938,496 bytes free
    Post-Run: 37,320,433,664 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - 4AF68FAAAA88AB547C0C3B4C7DDA2D78
  13. 1Wren1

    1Wren1 Newcomer, in training Topic Starter

    Update on performance: The computer is still very slow to start. Thanks again for all your help. Please let me know what other steps I might take.
  14. 1Wren1

    1Wren1 Newcomer, in training Topic Starter

    Rkill 2.4.3 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2012 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 09/30/2012 09:07:22 AM in x86 mode.
    Windows Version: Microsoft Windows XP Service Pack 3

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * C:\WINDOWS\system32\HPZipm12.exe (PID: 428) [WD-HEUR]

    1 proccess terminated!

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * No issues found.

    Checking Windows Service Integrity:

    * RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]

    Searching for Missing Digital Signatures:

    * No issues found.

    Checking HOSTS File:

    * Cannot edit the HOSTS file.
    * Permissions Fixed. Administrators can now edit the HOSTS file.

    * HOSTS file entries found:

    127.0.0.1 localhost
    127.0.0.1 mpa.one.microsoft.com

    Program finished at: 09/30/2012 09:08:38 AM
    Execution time: 0 hours(s), 1 minute(s), and 15 seconds(s)
  15. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    I don't see much there...

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.

    Good luck!
  16. 1Wren1

    1Wren1 Newcomer, in training Topic Starter

    Well, you did manage to help - funmoods eliminated! Thanks again and I'll move my issue to the Windows section as suggested.

    Take care.
  17. Broni

    Broni Malware Annihilator Posts: 46,321   +252



Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.