Solved BSOD on boot and IE very slow

Status
Not open for further replies.
S

swker98

Posts: 1,054   +0
Hello, I have a computer that was acting strange, started to give me a BSOD on boot in normal mode (ok in safe mode). I ran TFC and was then able to boot into normal mode.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Patricia at 23:49:02 on 2012-09-27
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2303.1575 [GMT -4:00]
.
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
.
============== Running Processes ===============
.
C:\Program Files\Common Files\Comodo\launcher_service.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\java.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Comodo\tvnserver.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\Comodo\tvnserver.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\COMODO\GeekBuddy\unit_manager.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\COMODO\GeekBuddy\unit.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Shop to Win: {8e51683a-ea9d-4127-ae14-a13294ff6f7c} - c:\program files\shop to win 19\Shop to Win 19.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File
EB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [diagent] "c:\program files\creative\sblive\diagnostics\diagent.exe" startup
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [tvncontrol] "c:\program files\common files\comodo\tvnserver.exe" -controlservice -slave
c:\windows\temp\nsl1c.tmp\temp00
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\startg~1.lnk - c:\program files\comodo\geekbuddy\launcher.exe
mPolicies-explorer: <NO NAME> =
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: microsoft.com\oas.support
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.38.38/ttinst.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} - hxxp://update.hpphoto.com/download/HPSWUpdate.ocx
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{84A02C4F-B5CC-4ED7-8B63-83BC40A4A065} : DhcpNameServer = 192.168.1.1
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [2012-8-3 36112]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2012-3-11 18056]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-3-11 494968]
R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\common files\comodo\launcher_service.exe [2012-8-23 70352]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2012-3-11 1983232]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-26 399432]
R2 tvnserver;TightVNC Server;c:\program files\common files\comodo\tvnserver.exe [2012-1-27 828944]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-26 676936]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-12 250288]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-26 22856]
.
=============== Created Last 30 ================
.
2012-09-28 02:13:19 -------- d-----w- c:\program files\common files\Comodo
2012-09-28 02:08:47 -------- d-----w- c:\documents and settings\all users\application data\CPA_VA
2012-09-28 02:06:11 68577 ----a-w- c:\windows\system32\drivers\sfi.dat
2012-09-28 02:01:42 -------- d-----w- c:\documents and settings\all users\application data\Comodo
2012-09-28 02:01:31 -------- d-----w- c:\program files\COMODO
2012-09-27 05:09:41 -------- d-----w- C:\FRST
2012-09-26 21:28:11 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-26 18:31:15 -------- d-----w- c:\documents and settings\patricia\application data\Malwarebytes
2012-09-26 16:55:39 -------- d-sha-r- C:\cmdcons
2012-09-26 16:48:13 98816 ----a-w- c:\windows\sed.exe
2012-09-26 16:48:13 518144 ----a-w- c:\windows\SWREG.exe
2012-09-26 16:48:13 256000 ----a-w- c:\windows\PEV.exe
2012-09-26 16:48:13 208896 ----a-w- c:\windows\MBR.exe
2012-09-26 05:56:49 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-09-26 05:56:47 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-26 05:56:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-26 00:32:37 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-09-23 19:47:41 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-09-23 19:47:41 -------- d-----w- c:\windows\system32\wbem\Repository
2012-09-15 20:51:01 4096000 ----a-w- c:\program files\GUT2928.tmp
2012-09-15 20:51:01 -------- d-----w- c:\program files\GUM2927.tmp
2012-09-15 02:44:12 -------- d-----w- c:\documents and settings\patricia\local settings\application data\AOL Toolbar
2012-09-15 02:43:28 -------- d-----w- c:\program files\common files\Software Update Utility
2012-09-14 18:33:26 4096000 ----a-w- c:\program files\GUT641C.tmp
2012-09-14 18:33:26 -------- d-----w- c:\program files\GUM641B.tmp
2012-09-09 23:47:50 -------- d-----w- c:\documents and settings\patricia\local settings\application data\StartNow
.
==================== Find3M ====================
.
2012-09-21 23:04:34 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 23:04:30 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec
2012-08-03 14:23:28 36112 ----a-w- c:\windows\system32\drivers\CFRMD.sys
2012-08-03 14:23:28 36112 ----a-w- c:\windows\inf\lps-ca\cfrmd.sys
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet(3).dll
2012-07-02 17:49:33 1212416 ----a-w- c:\windows\system32\urlmon(3).dll
2012-07-02 17:49:33 105984 ----a-w- c:\windows\system32\url(3).dll
.
============= FINISH: 23:54:13.60 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/15/2007 12:38:42 AM
System Uptime: 9/27/2012 11:29:12 PM (0 hours ago)
.
Motherboard: Dell Computer Corp. | | 0W2562
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 45.016 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 9/27/2012 4:24:50 PM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Acrobat.com
Action Replay DSi Code Manager
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.4.7
Adobe Shockwave Player 11.5
AiO_Scan
AIOMinimal
AiOSoftware
AOL Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BCM V.92 56K Modem
BlackBerry Desktop Software 6.0.1
Bob the Builder - Bob's Castle Adventure
Bob the Builder - Bob Builds a Park
Bonjour
BufferChm
Business Cards
C7200
C7200_doccd
c7200_Help
Cards_Calendar_OrderGift_DoMorePlugout
Cars - Radiator Springs Adventures
COMODO Internet Security
Copy
CreativeProjects
CustomerResearchQFolder
Dell Digital Jukebox Driver
Dell ResourceCD
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Disney's Toontown Online
Disney Toontown Online
DocProc
DocProcQFolder
Download Updater (AOL Inc.)
eSupportQFolder
Fax
GameSpy Arcade
GeekBuddy
Google Earth
Google Update Helper
GoToAssist 8.0.0.514
Hex Workshop v6.6
Hot Wheels Stunt Track Challenge
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 9.0
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photo & Imaging 3.1
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.5
HP Photosmart Essential 3.5
HP PSC & OfficeJet 3.0
HP Smart Web Printing 4.60
HP Software Update
HP Solution Center 9.0
HP Update
hpmdtab
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
HPSystemDiagnostics
HxD Hex Editor version 1.7.7.0
iLivid
Imaginext(TM) Battle Castle
InstantShare
InstantShareAlert
Intel(R) PRO Network Adapters and Drivers
iTunes
Java(TM) 6 Update 26
Java(TM) 6 Update 3
JumpStart Learning Games ABC's
Kool Kart Racers
Linksys EasyLink Advisor
Little Bear Rainy Day Activities
Malwarebytes Anti-Malware version 1.65.0.1400
MarketResearch
Memories Disc Creator 2.0
Mickey Mouse Toddler
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MUSICMATCH® Jukebox
NetJet 2.0
NickToons Racing
NVIDIA Windows 2000/XP Display Drivers
OLYMPUS Master 2
Overland
PanoStandAlone
PhotoGallery
PowerDVD
PrintScreen
ProVenture Invoices
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_min
PSSWCORE
Pure Networks Platform
QuickProjects
QuickTime
Readme
Rescue Heroes Meteor Madness
Rescue Heroes Mission Select
Safari
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SkinsHP1
SkinsHP2
SmartWebPrinting
SolutionCenter
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Sound Blaster Live!
SoundMAX
Spider-man
Spybot - Search & Destroy
Status
Stella 2.6.1
Tonka Construction 2
Tonka Power Tools
TONKA Search & Rescue 2
Tonka® On the Job
Toolbox
Transformers Battle Universe
TrayApp
Uninstall TONKA Monster Trucks
Unload
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoToolkit01
WebFldrs XP
WebReg
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format Runtime
Windows XP Service Pack 3
WinRAR 4.11 (32-bit)
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
9/27/2012 9:56:56 PM, error: Service Control Manager [7034] - The WMDM PMSP Service service terminated unexpectedly. It has done this 1 time(s).
9/27/2012 9:31:21 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
9/27/2012 9:31:16 PM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
9/27/2012 9:31:16 PM, error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).
9/27/2012 9:31:15 PM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
9/27/2012 9:31:15 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
9/27/2012 9:31:15 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/27/2012 4:28:03 PM, error: Service Control Manager [7034] - The Linksys Updater service terminated unexpectedly. It has done this 1 time(s).
9/27/2012 11:12:39 AM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
9/27/2012 11:09:44 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
9/26/2012 5:16:15 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 f74ca71d, parameter3 ae645580, parameter4 00000000.
9/26/2012 2:11:51 PM, error: Service Control Manager [7034] - The Updater Service for AMZN service terminated unexpectedly. It has done this 1 time(s).
9/26/2012 2:11:35 PM, error: Service Control Manager [7034] - The NVIDIA Driver Helper Service service terminated unexpectedly. It has done this 1 time(s).
9/26/2012 12:43:32 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm OMCI
9/26/2012 12:10:50 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
9/26/2012 12:10:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
9/26/2012 12:10:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/26/2012 12:07:40 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccHP eeCtrl Fips intelppm OMCI SRTSPX SymIRON SYMTDI
9/26/2012 12:06:41 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/26/2012 12:03:28 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
9/26/2012 12:03:28 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the wlidsvc service.
9/26/2012 12:03:27 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
9/26/2012 11:59:16 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
9/26/2012 10:38:54 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
9/26/2012 10:38:52 PM, error: SRService [104] - The System Restore initialization process failed.
9/24/2012 10:12:57 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
9/24/2012 10:12:09 PM, error: Service Control Manager [7034] - The Workstation service terminated unexpectedly. It has done this 1 time(s).
9/24/2012 10:12:09 PM, error: Service Control Manager [7034] - The Wireless Zero Configuration service terminated unexpectedly. It has done this 1 time(s).
9/24/2012 10:12:09 PM, error: Service Control Manager [7034] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated unexpectedly. It has done this 1 time(s).
9/24/2012 10:12:09 PM, error: Service Control Manager [7034] - The System Restore Service service terminated unexpectedly. It has done this 1 time(s).
9/24/2012 10:12:09 PM, error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 1 time(s).
9/24/2012 10:12:09 PM, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 1 time(s).
9/24/2012 10:12:09 PM, error: Service Control Manager [7034] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s).
9/24/2012 10:12:09 PM, error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s).
9/24/2012 10:12:09 PM, error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s).
9/24/2012 10:12:09 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/24/2012 10:12:09 PM, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
9/23/2012 4:15:45 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/23/2012 4:14:56 PM, error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/23/2012 4:13:53 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/23/2012 4:13:29 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccHP eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss SRTSPX SymIRON SYMTDI Tcpip
9/23/2012 4:13:29 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
9/23/2012 4:13:29 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/23/2012 4:13:29 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/23/2012 4:13:29 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
9/23/2012 4:13:29 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/23/2012 4:13:29 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/23/2012 1:12:55 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
9/23/2012 1:12:55 PM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/23/2012 1:10:58 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/23/2012 1:10:57 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
9/23/2012 1:10:40 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
9/22/2012 12:58:23 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
9/22/2012 12:58:23 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/22/2012 12:57:49 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
9/22/2012 12:57:49 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/21/2012 10:46:57 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NIS service.
.
==== End Of File ===========================
Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.27.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Patricia :: DADS [administrator]
Protection: Disabled
9/27/2012 4:45:00 PM
mbam-log-2012-09-27 (16-45-00).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 364985
Time elapsed: 4 hour(s), 36 minute(s), 22 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:5555 -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\TDSSKiller_Quarantine\26.09.2012_17.25.12\mbr0000\tdlfs0000\tsk0003.dta (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.
(end)

TDDSKIller was also used to take care of a rootkit
 
Hi! Please do the following:

Please download aswMBR from here
  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below

aswMBR_Scan.jpg


Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
  • Once the scan finishes click Save log to save the log to your Desktop
    aswMBR_SaveLog.png
  • Copy and paste the contents of aswMBR.txt back here for review
 
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-28 16:34:37
-----------------------------
16:34:37.343 OS Version: Windows 5.1.2600 Service Pack 3
16:34:37.343 Number of processors: 1 586 0x209
16:34:37.343 ComputerName: DADS UserName:
16:36:38.937 Initialize success
16:40:41.546 AVAST engine defs: 12092800
16:41:21.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:41:21.343 Disk 0 Vendor: Maxtor_6Y080L0 YAR41BW0 Size: 76293MB BusType: 3
16:41:21.468 Disk 0 MBR read successfully
16:41:21.468 Disk 0 MBR scan
16:41:23.218 Disk 0 Windows XP default MBR code
16:41:23.281 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76285 MB offset 63
16:41:23.515 Disk 0 scanning sectors +156232125
16:41:24.281 Disk 0 scanning C:\WINDOWS\system32\drivers
16:42:57.906 Service scanning
16:44:32.906 Modules scanning
16:45:11.828 Disk 0 trace - called modules:
16:45:11.859 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
16:45:11.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a781ab8]
16:45:12.375 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a74db00]
16:45:14.125 AVAST engine scan C:\WINDOWS
16:46:32.328 AVAST engine scan C:\WINDOWS\system32
17:04:17.875 AVAST engine scan C:\WINDOWS\system32\drivers
17:05:10.921 AVAST engine scan C:\Documents and Settings\Patricia
17:20:26.031 AVAST engine scan C:\Documents and Settings\All Users
17:25:49.312 Scan finished successfully
19:58:51.265 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Patricia\Desktop\MBR.dat"
19:58:51.281 The log file has been saved successfully to "C:\Documents and Settings\Patricia\Desktop\aswMBR.txt"
 
ComboFix

Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:
  • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  • It is important to rename ComboFix before the download.
  • Please do not rename ComboFix to other names, but only the one indicated.
After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on svchost.exe & follow the prompts.
  • It will attempt to install the Recovery Console:
  • When ComboFix finishes, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 
ComboFix 12-09-27.03 - Patricia 09/29/2012 13:44:48.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2303.1863 [GMT -4:00]
Running from: c:\documents and settings\Patricia\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-29 )))))))))))))))))))))))))))))))
.
.
2012-09-29 00:55 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-09-29 00:55 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-09-29 00:54 . 2012-08-21 09:13 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-09-29 00:54 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-09-29 00:54 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-29 00:54 . 2012-08-21 09:13 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-09-29 00:54 . 2012-08-21 09:13 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-09-29 00:54 . 2012-08-21 09:13 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-09-29 00:53 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-09-29 00:52 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-29 00:51 . 2012-09-29 00:51 -------- d-----w- c:\program files\AVAST Software
2012-09-29 00:51 . 2012-09-29 00:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-09-28 04:30 . 2012-09-28 04:30 -------- d-----w- C:\_OTL
2012-09-28 02:14 . 2012-09-28 02:14 -------- d-----w- c:\documents and settings\LocalService\Application Data\TightVNC
2012-09-28 02:13 . 2012-09-28 02:13 -------- d-----w- c:\program files\Common Files\Comodo
2012-09-28 02:08 . 2012-09-28 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\CPA_VA
2012-09-28 02:06 . 2012-09-29 00:34 969920 ----a-w- c:\windows\system32\drivers\sfi.dat
2012-09-28 02:01 . 2012-09-29 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2012-09-28 02:01 . 2012-09-29 00:36 -------- d-----w- c:\program files\COMODO
2012-09-27 05:09 . 2012-09-27 05:09 -------- d-----w- C:\FRST
2012-09-26 18:31 . 2012-09-26 18:31 -------- d-----w- c:\documents and settings\Patricia\Application Data\Malwarebytes
2012-09-26 05:56 . 2012-09-26 05:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-09-26 00:32 . 2008-04-13 23:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-09-23 19:47 . 2012-09-23 19:47 -------- d-----w- c:\windows\system32\wbem\Repository
2012-09-23 19:34 . 2012-09-23 19:34 -------- d-s---w- c:\documents and settings\NetworkService\IECompatCache
2012-09-23 19:33 . 2012-09-23 19:43 -------- d-s---w- c:\documents and settings\Administrator
2012-09-15 20:51 . 2012-09-15 20:51 -------- d-----w- c:\program files\GUM2927.tmp
2012-09-15 20:51 . 2012-09-15 20:51 4096000 ----a-w- c:\program files\GUT2928.tmp
2012-09-15 02:44 . 2012-09-15 02:44 -------- d-----w- c:\documents and settings\Patricia\Local Settings\Application Data\AOL Toolbar
2012-09-15 02:43 . 2012-09-15 02:43 -------- d-----w- c:\program files\Common Files\Software Update Utility
2012-09-14 18:33 . 2012-09-14 18:33 -------- d-----w- c:\program files\GUM641B.tmp
2012-09-14 18:33 . 2012-09-14 18:33 4096000 ----a-w- c:\program files\GUT641C.tmp
2012-09-09 23:47 . 2012-09-09 23:47 -------- d-----w- c:\documents and settings\Patricia\Local Settings\Application Data\StartNow
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 23:04 . 2012-05-13 03:03 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 23:04 . 2011-05-19 22:01 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 15:14 . 2006-06-23 16:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2003-07-16 20:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2003-07-16 20:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2012-08-03 14:23 . 2012-08-03 14:23 36112 ----a-w- c:\windows\system32\drivers\CFRMD.sys
2012-08-03 14:23 . 2012-08-03 14:23 36112 ----a-w- c:\windows\inf\lps-ca\cfrmd.sys
2012-07-06 13:58 . 2003-07-16 20:24 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2007-12-15 05:29 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2003-07-16 20:51 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2006-08-31 01:42 1212416 ----a-w- c:\windows\system32\urlmon(3).dll
2012-07-02 17:49 . 2006-06-23 16:33 916992 ----a-w- c:\windows\system32\wininet(3).dll
2012-07-02 17:49 . 2003-07-16 20:49 105984 ----a-w- c:\windows\system32\url(3).dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E51683A-EA9D-4127-AE14-A13294FF6F7C}]
2010-12-29 18:20 14432 ----a-w- c:\program files\Shop to Win 19\Shop to Win 19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-11-07 00:17 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\12589446.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\64050940.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Start GeekBuddy.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Start GeekBuddy.lnk
backup=c:\windows\pss\Start GeekBuddy.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 05:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-31 00:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 09:59 122880 ----a-w- c:\windows\BCMSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
2002-04-03 06:01 135264 ----a-w- c:\program files\Creative\SBLive\Diagnostics\diagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2003-08-06 06:04 114741 ----a-w- c:\windows\system32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-06-26 22:50 212992 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 02:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 23:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
2008-12-12 22:06 642856 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-10-17 17:52 4800512 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
2003-02-13 06:01 155648 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tvncontrol]
2012-01-27 13:47 828944 ----a-w- c:\program files\Common Files\Comodo\tvnserver.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Comodo\\tvnserver.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [9/28/2012 8:54 PM 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/28/2012 8:55 PM 355632]
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [8/3/2012 10:23 AM 36112]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/28/2012 8:55 PM 21256]
R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\Common Files\Comodo\launcher_service.exe [8/23/2012 10:17 AM 70352]
R2 tvnserver;TightVNC Server;c:\program files\Common Files\Comodo\tvnserver.exe [1/27/2012 9:47 AM 828944]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 5:26 PM 135664]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 3:43 PM 204800]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/12/2012 11:03 PM 250288]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 5:26 PM 135664]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWSNX
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
svcboot_udhxlh REG_MULTI_SZ svcboot_udhxlh
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 23:05]
.
2012-09-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-09-29 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-09-29 09:12]
.
2012-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 21:25]
.
2012-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 21:25]
.
2012-09-29 c:\windows\Tasks\User_Feed_Synchronization-{7263C149-AE38-4CA5-AC4A-A9D4A550AAC8}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
Trusted Zone: microsoft.com\oas.support
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-COMODO Internet Security - c:\program files\COMODO\COMODO Internet Security\cfp.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-29 13:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,74,e9,a2,5c,cd,38,20,43,a2,b8,3b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,74,e9,a2,5c,cd,38,20,43,a2,b8,3b,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e0,bd,73,fa,01,39,8f,4b,84,e5,c1,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(712)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
- - - - - - - > 'explorer.exe'(2032)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-09-29 14:03:39
ComboFix-quarantined-files.txt 2012-09-29 18:03
ComboFix2.txt 2012-09-27 20:43
.
Pre-Run: 48,798,461,952 bytes free
Post-Run: 48,818,380,800 bytes free
.
- - End Of File - - 50FEF50766589BEED3FC2578142427CC
 
AdwCleaner

Download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.
 
# AdwCleaner v2.003 - Logfile created 09/30/2012 at 17:28:52
# Updated 23/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Patricia - DADS
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Patricia\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
File Deleted : C:\Documents and Settings\Patricia\My Documents\Uninstall.exe
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Premium
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\TheBflix
Folder Deleted : C:\Documents and Settings\Louis James\Application Data\searchquband
Folder Deleted : C:\Documents and Settings\Louis James\Application Data\Searchqutoolbar
Folder Deleted : C:\Documents and Settings\Louis\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Patricia\Application Data\searchquband
Folder Deleted : C:\Documents and Settings\Patricia\Application Data\Searchqutoolbar
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Program Files\Ilivid
***** [Registry] *****
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKCU\Software\searchqutoolbar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\Software\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\Software\Viewpoint
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
-\\ Mozilla Firefox v [Unable to get version]
*************************
AdwCleaner[R1].txt - [7993 octets] - [30/09/2012 17:28:10]
AdwCleaner[S1].txt - [8439 octets] - [30/09/2012 17:28:52]
########## EOF - C:\AdwCleaner[S1].txt - [8499 octets] ##########

Everything is runnig ok....however iE8 is still very choppy, even as I am typing this is lags behind about 4 words before they appear.
 
What about the ESET scan?

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death
 
Eset was clear. The biggest issue is occasionally ie will use over 250mb ram and operate very slowly. I did a "master" reset for IE but the problem occasionally occurs.
 
No threats were found...
17:04:10.0281 3952 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
17:04:10.0546 3952 ============================================================
17:04:10.0546 3952 Current date / time: 2012/10/01 17:04:10.0546
17:04:10.0546 3952 SystemInfo:
17:04:10.0546 3952
17:04:10.0546 3952 OS Version: 5.1.2600 ServicePack: 3.0
17:04:10.0546 3952 Product type: Workstation
17:04:10.0546 3952 ComputerName: DADS
17:04:10.0546 3952 UserName: Patricia
17:04:10.0546 3952 Windows directory: C:\WINDOWS
17:04:10.0546 3952 System windows directory: C:\WINDOWS
17:04:10.0546 3952 Processor architecture: Intel x86
17:04:10.0546 3952 Number of processors: 1
17:04:10.0546 3952 Page size: 0x1000
17:04:10.0546 3952 Boot type: Normal boot
17:04:10.0546 3952 ============================================================
17:04:16.0390 3952 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:04:16.0406 3952 ============================================================
17:04:16.0406 3952 \Device\Harddisk0\DR0:
17:04:16.0437 3952 MBR partitions:
17:04:16.0437 3952 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94FE97E
17:04:16.0437 3952 ============================================================
17:04:16.0687 3952 C: <-> \Device\Harddisk0\DR0\Partition1
17:04:16.0703 3952 ============================================================
17:04:16.0703 3952 Initialize success
17:04:16.0703 3952 ============================================================
17:04:29.0390 0904 ============================================================
17:04:29.0390 0904 Scan started
17:04:29.0390 0904 Mode: Manual;
17:04:29.0390 0904 ============================================================
17:04:30.0203 0904 ================ Scan system memory ========================
17:04:30.0203 0904 System memory - ok
17:04:30.0203 0904 ================ Scan services =============================
17:04:31.0734 0904 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
17:04:31.0750 0904 Aavmker4 - ok
17:04:31.0750 0904 Abiosdsk - ok
17:04:31.0765 0904 abp480n5 - ok
17:04:31.0968 0904 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:04:32.0031 0904 ACPI - ok
17:04:32.0218 0904 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:04:32.0250 0904 ACPIEC - ok
17:04:32.0500 0904 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:04:32.0625 0904 AdobeFlashPlayerUpdateSvc - ok
17:04:32.0640 0904 adpu160m - ok
17:04:32.0750 0904 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
17:04:32.0750 0904 aeaudio - ok
17:04:32.0843 0904 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:04:32.0890 0904 aec - ok
17:04:33.0015 0904 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:04:33.0046 0904 AFD - ok
17:04:33.0203 0904 [ 0EBB674888CBDEFD5773341C16DD6A07 ] AFS2K C:\WINDOWS\system32\drivers\AFS2K.sys
17:04:33.0203 0904 AFS2K - ok
17:04:33.0281 0904 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
17:04:33.0296 0904 agp440 - ok
17:04:33.0312 0904 Aha154x - ok
17:04:33.0328 0904 aic78u2 - ok
17:04:33.0343 0904 aic78xx - ok
17:04:33.0406 0904 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:04:33.0406 0904 Alerter - ok
17:04:33.0468 0904 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
17:04:33.0484 0904 ALG - ok
17:04:33.0500 0904 AliIde - ok
17:04:33.0515 0904 amsint - ok
17:04:33.0703 0904 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:04:33.0703 0904 Apple Mobile Device - ok
17:04:33.0718 0904 AppMgmt - ok
17:04:33.0734 0904 asc - ok
17:04:33.0750 0904 asc3350p - ok
17:04:33.0750 0904 asc3550 - ok
17:04:34.0156 0904 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:04:34.0343 0904 aspnet_state - ok
17:04:34.0468 0904 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
17:04:34.0468 0904 aswFsBlk - ok
17:04:34.0500 0904 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
17:04:34.0500 0904 aswMon2 - ok
17:04:34.0546 0904 [ B7D5E4486BA658ED08624D8084ABB830 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
17:04:34.0546 0904 AswRdr - ok
17:04:34.0796 0904 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
17:04:34.0796 0904 aswSnx - ok
17:04:34.0937 0904 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
17:04:34.0937 0904 aswSP - ok
17:04:34.0984 0904 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
17:04:34.0984 0904 aswTdi - ok
17:04:35.0078 0904 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:04:35.0093 0904 AsyncMac - ok
17:04:35.0171 0904 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:04:35.0171 0904 atapi - ok
17:04:35.0203 0904 Atdisk - ok
17:04:35.0250 0904 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:04:35.0265 0904 Atmarpc - ok
17:04:35.0359 0904 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:04:35.0359 0904 AudioSrv - ok
17:04:35.0437 0904 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:04:35.0437 0904 audstub - ok
17:04:35.0593 0904 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:04:35.0593 0904 avast! Antivirus - ok
17:04:35.0953 0904 [ 41347688046D49CDE0F6D138A534F73D ] BCMModem C:\WINDOWS\system32\DRIVERS\BCMSM.sys
17:04:36.0406 0904 BCMModem - ok
17:04:36.0484 0904 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:04:36.0484 0904 Beep - ok
17:04:36.0656 0904 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
17:04:36.0796 0904 BITS - ok
17:04:37.0000 0904 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:04:37.0171 0904 Bonjour Service - ok
17:04:37.0281 0904 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
17:04:37.0328 0904 Browser - ok
17:04:37.0390 0904 catchme - ok
17:04:37.0453 0904 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:04:37.0453 0904 cbidf2k - ok
17:04:37.0468 0904 cd20xrnt - ok
17:04:37.0531 0904 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:04:37.0562 0904 Cdaudio - ok
17:04:37.0640 0904 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:04:37.0656 0904 Cdfs - ok
17:04:37.0687 0904 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:04:37.0703 0904 Cdrom - ok
17:04:37.0718 0904 Changer - ok
17:04:37.0781 0904 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:04:37.0812 0904 CiSvc - ok
17:04:37.0890 0904 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:04:37.0906 0904 ClipSrv - ok
17:04:38.0000 0904 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:04:38.0078 0904 clr_optimization_v2.0.50727_32 - ok
17:04:38.0093 0904 CmdIde - ok
17:04:38.0109 0904 COMSysApp - ok
17:04:38.0140 0904 Cpqarray - ok
17:04:38.0234 0904 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.exe
17:04:38.0281 0904 Creative Service for CDROM Access - ok
17:04:38.0359 0904 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:04:38.0375 0904 CryptSvc - ok
17:04:38.0468 0904 [ B459AE4AFCA570088ADDDBE55EABBC92 ] ctsfm2k C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
17:04:38.0515 0904 ctsfm2k - ok
17:04:38.0531 0904 dac2w2k - ok
17:04:38.0531 0904 dac960nt - ok
17:04:38.0703 0904 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:04:38.0812 0904 DcomLaunch - ok
17:04:38.0921 0904 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:04:38.0953 0904 Dhcp - ok
17:04:39.0031 0904 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:04:39.0031 0904 Disk - ok
17:04:39.0046 0904 dmadmin - ok
17:04:39.0328 0904 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:04:39.0562 0904 dmboot - ok
17:04:39.0656 0904 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:04:39.0703 0904 dmio - ok
17:04:39.0765 0904 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:04:39.0765 0904 dmload - ok
17:04:39.0828 0904 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:04:39.0828 0904 dmserver - ok
17:04:39.0906 0904 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:04:39.0921 0904 DMusic - ok
17:04:40.0000 0904 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:04:40.0015 0904 Dnscache - ok
17:04:40.0125 0904 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:04:40.0171 0904 Dot3svc - ok
17:04:40.0171 0904 dpti2o - ok
17:04:40.0218 0904 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:04:40.0218 0904 drmkaud - ok
17:04:40.0312 0904 [ 7F056A52BCBA3102D2D37A4A2646C807 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
17:04:40.0343 0904 drvmcdb - ok
17:04:40.0375 0904 [ D3C1E501ED42E77574B3095309DD4075 ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys
17:04:40.0390 0904 drvnddm - ok
17:04:41.0625 0904 [ 98B46B331404A951CABAD8B4877E1276 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:04:41.0640 0904 E100B - ok
17:04:41.0718 0904 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:04:41.0734 0904 EapHost - ok
17:04:41.0796 0904 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:04:41.0796 0904 ERSvc - ok
17:04:41.0890 0904 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
17:04:41.0953 0904 Eventlog - ok
17:04:42.0062 0904 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
17:04:42.0187 0904 EventSystem - ok
17:04:42.0281 0904 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:04:42.0312 0904 Fastfat - ok
17:04:42.0406 0904 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:04:42.0437 0904 FastUserSwitchingCompatibility - ok
17:04:42.0500 0904 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
17:04:42.0500 0904 Fdc - ok
17:04:42.0578 0904 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:04:42.0593 0904 Fips - ok
17:04:42.0625 0904 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:04:42.0625 0904 Flpydisk - ok
17:04:42.0718 0904 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:04:42.0765 0904 FltMgr - ok
17:04:42.0859 0904 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:04:42.0875 0904 FontCache3.0.0.0 - ok
17:04:42.0921 0904 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:04:42.0921 0904 Fs_Rec - ok
17:04:42.0968 0904 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:04:43.0015 0904 Ftdisk - ok
17:04:43.0078 0904 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
17:04:43.0078 0904 gameenum - ok
17:04:43.0156 0904 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:04:43.0156 0904 GEARAspiWDM - ok
17:04:43.0296 0904 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
17:04:43.0296 0904 GoToAssist - ok
17:04:43.0375 0904 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:04:43.0390 0904 Gpc - ok
17:04:43.0390 0904 gupdate - ok
17:04:43.0406 0904 gupdatem - ok
17:04:43.0531 0904 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:04:43.0546 0904 helpsvc - ok
17:04:43.0593 0904 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
17:04:43.0609 0904 HidServ - ok
17:04:43.0703 0904 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:04:43.0703 0904 HidUsb - ok
17:04:43.0796 0904 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:04:43.0812 0904 hkmsvc - ok
17:04:43.0828 0904 hpn - ok
17:04:44.0078 0904 [ CE0FCEC4D4D860F36D972759B11EAF0F ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
17:04:44.0109 0904 hpqcxs08 - ok
17:04:44.0218 0904 [ 99ED733F614660EB32199BF889DFB7E2 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
17:04:44.0218 0904 hpqddsvc - ok
17:04:44.0312 0904 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:04:44.0328 0904 HPZid412 - ok
17:04:44.0390 0904 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:04:44.0406 0904 HPZipr12 - ok
17:04:44.0515 0904 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:04:44.0515 0904 HPZius12 - ok
17:04:44.0656 0904 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:04:44.0656 0904 HTTP - ok
17:04:44.0750 0904 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:04:44.0796 0904 HTTPFilter - ok
17:04:44.0812 0904 i2omgmt - ok
17:04:44.0812 0904 i2omp - ok
17:04:44.0906 0904 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:04:44.0921 0904 i8042prt - ok
17:04:45.0421 0904 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
17:04:45.0640 0904 IDriverT - ok
17:04:46.0390 0904 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:04:46.0859 0904 idsvc - ok
17:04:46.0921 0904 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:04:46.0937 0904 Imapi - ok
17:04:47.0062 0904 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
17:04:47.0125 0904 ImapiService - ok
17:04:47.0140 0904 ini910u - ok
17:04:47.0156 0904 IntelIde - ok
17:04:47.0406 0904 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:04:47.0437 0904 intelppm - ok
17:04:47.0625 0904 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:04:47.0687 0904 ip6fw - ok
17:04:47.0781 0904 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:04:47.0796 0904 IpFilterDriver - ok
17:04:47.0875 0904 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:04:47.0906 0904 IpInIp - ok
17:04:48.0187 0904 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:04:48.0265 0904 IpNat - ok
17:04:48.0843 0904 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:04:49.0265 0904 iPod Service - ok
17:04:49.0921 0904 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:04:50.0046 0904 IPSec - ok
17:04:50.0359 0904 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:04:50.0359 0904 IRENUM - ok
17:04:50.0671 0904 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:04:50.0718 0904 isapnp - ok
17:04:50.0921 0904 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:04:50.0968 0904 Kbdclass - ok
17:04:51.0234 0904 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:04:51.0265 0904 kbdhid - ok
17:04:51.0812 0904 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:04:51.0859 0904 kmixer - ok
17:04:52.0140 0904 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:04:52.0234 0904 KSecDD - ok
17:04:52.0359 0904 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:04:52.0406 0904 lanmanserver - ok
17:04:52.0562 0904 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:04:52.0609 0904 lanmanworkstation - ok
17:04:52.0625 0904 lbrtfdc - ok
17:04:52.0937 0904 [ 06DC2FDC6282F0D68910417B1150C848 ] LinksysUpdater C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
17:04:52.0984 0904 LinksysUpdater - ok
17:04:53.0062 0904 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:04:53.0093 0904 LmHosts - ok
17:04:53.0484 0904 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:04:53.0531 0904 Messenger - ok
17:04:53.0609 0904 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:04:53.0640 0904 mnmdd - ok
17:04:54.0250 0904 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
17:04:54.0281 0904 mnmsrvc - ok
17:04:54.0359 0904 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:04:54.0390 0904 Modem - ok
17:04:54.0546 0904 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
17:04:54.0578 0904 MODEMCSA - ok
17:04:54.0625 0904 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:04:54.0656 0904 Mouclass - ok
17:04:54.0765 0904 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:04:54.0812 0904 mouhid - ok
17:04:54.0859 0904 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:04:54.0906 0904 MountMgr - ok
17:04:54.0906 0904 mraid35x - ok
17:04:55.0187 0904 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:04:55.0265 0904 MRxDAV - ok
17:04:56.0046 0904 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:04:56.0359 0904 MRxSmb - ok
17:04:56.0453 0904 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
17:04:56.0484 0904 MSDTC - ok
17:04:56.0765 0904 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:04:56.0765 0904 Msfs - ok
17:04:56.0781 0904 MSIServer - ok
17:04:57.0250 0904 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:04:57.0265 0904 MSKSSRV - ok
17:04:57.0468 0904 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:04:57.0484 0904 MSPCLOCK - ok
17:04:57.0515 0904 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:04:57.0515 0904 MSPQM - ok
17:04:57.0593 0904 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:04:57.0609 0904 mssmbios - ok
17:04:57.0718 0904 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:04:57.0765 0904 Mup - ok
17:04:57.0906 0904 [ E91FC8B52D21E38317DC61A3C7CCFA4B ] MxlW2k C:\WINDOWS\system32\drivers\MxlW2k.sys
17:04:57.0937 0904 MxlW2k - ok
17:04:58.0109 0904 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
17:04:58.0234 0904 napagent - ok
17:04:58.0375 0904 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:04:58.0421 0904 NDIS - ok
17:04:58.0515 0904 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:04:58.0515 0904 NdisTapi - ok
17:04:58.0609 0904 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:04:58.0625 0904 Ndisuio - ok
17:04:58.0671 0904 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:04:58.0718 0904 NdisWan - ok
17:04:58.0781 0904 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:04:58.0796 0904 NDProxy - ok
17:04:58.0875 0904 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\System32\HPZinw12.dll
17:04:58.0906 0904 Net Driver HPZ12 - ok
17:04:59.0015 0904 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:04:59.0015 0904 NetBIOS - ok
17:04:59.0140 0904 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:04:59.0187 0904 NetBT - ok
17:04:59.0328 0904 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
17:04:59.0421 0904 NetDDE - ok
17:04:59.0468 0904 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:04:59.0468 0904 NetDDEdsdm - ok
17:04:59.0609 0904 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:04:59.0625 0904 Netlogon - ok
17:04:59.0781 0904 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
17:04:59.0859 0904 Netman - ok
17:05:00.0062 0904 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:05:00.0250 0904 NetTcpPortSharing - ok
17:05:00.0390 0904 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
17:05:00.0406 0904 Nla - ok
17:05:00.0781 0904 [ CD2FE9C33CFD0FE0AF124E05907E5C3D ] nmservice C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
17:05:00.0953 0904 nmservice - ok
17:05:01.0062 0904 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:05:01.0078 0904 Npfs - ok
17:05:01.0328 0904 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:05:01.0531 0904 Ntfs - ok
17:05:01.0546 0904 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
17:05:01.0546 0904 NtLmSsp - ok
17:05:01.0796 0904 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:05:01.0968 0904 NtmsSvc - ok
17:05:02.0093 0904 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:05:02.0125 0904 Null - ok
17:05:02.0812 0904 [ 1AA2270491A46E90E454E143EA8AC775 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:05:02.0828 0904 nv - ok
17:05:02.0890 0904 [ 85A2A4AD01B86098317F8140B22C58B7 ] NVSvc C:\WINDOWS\System32\nvsvc32.exe
17:05:02.0921 0904 NVSvc - ok
17:05:03.0140 0904 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:05:03.0171 0904 NwlnkFlt - ok
17:05:03.0250 0904 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:05:03.0328 0904 NwlnkFwd - ok
17:05:03.0484 0904 [ CEC7E2C6C1FA00C7AB2F5434F848AE51 ] OMCI C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
17:05:03.0515 0904 OMCI - ok
17:05:03.0687 0904 [ C720C25B2D0C93DC425155F5B6A707F3 ] ossrv C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
17:05:03.0734 0904 ossrv - ok
17:05:04.0250 0904 [ 13026E137486D916A0677D276144EA7F ] P16X C:\WINDOWS\system32\drivers\P16X.sys
17:05:04.0687 0904 P16X - ok
17:05:04.0781 0904 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
17:05:04.0859 0904 Parport - ok
17:05:04.0906 0904 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:05:04.0921 0904 PartMgr - ok
17:05:05.0046 0904 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:05:05.0078 0904 ParVdm - ok
17:05:05.0171 0904 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:05:05.0265 0904 PCI - ok
17:05:05.0281 0904 PCIDump - ok
17:05:05.0406 0904 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:05:05.0421 0904 PCIIde - ok
17:05:05.0546 0904 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:05:05.0609 0904 Pcmcia - ok
17:05:05.0609 0904 PDCOMP - ok
17:05:05.0625 0904 PDFRAME - ok
17:05:05.0640 0904 PDRELI - ok
17:05:05.0656 0904 PDRFRAME - ok
17:05:05.0671 0904 perc2 - ok
17:05:05.0687 0904 perc2hib - ok
17:05:05.0781 0904 [ C8A2D6FF660AC601B7BB9A9B16A5C25E ] PfModNT C:\WINDOWS\system32\drivers\PfModNT.sys
17:05:05.0796 0904 PfModNT - ok
17:05:05.0859 0904 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
17:05:05.0859 0904 PlugPlay - ok
17:05:05.0968 0904 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\System32\HPZipm12.dll
17:05:06.0015 0904 Pml Driver HPZ12 - ok
17:05:06.0093 0904 [ CE27FC8BDC54B3AC63D53E2D5F6CC929 ] pnarp C:\WINDOWS\system32\DRIVERS\pnarp.sys
17:05:06.0109 0904 pnarp - ok
17:05:06.0125 0904 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:05:06.0156 0904 PolicyAgent - ok
17:05:06.0281 0904 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:05:06.0328 0904 PptpMiniport - ok
17:05:06.0375 0904 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
17:05:06.0406 0904 Processor - ok
17:05:06.0484 0904 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:05:06.0515 0904 ProtectedStorage - ok
17:05:06.0578 0904 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:05:06.0640 0904 PSched - ok
17:05:06.0734 0904 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:05:06.0734 0904 Ptilink - ok
17:05:06.0843 0904 [ F4FD591E86ECB6B5D000C7D6C987416B ] purendis C:\WINDOWS\system32\DRIVERS\purendis.sys
17:05:06.0843 0904 purendis - ok
17:05:06.0953 0904 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
17:05:06.0984 0904 PxHelp20 - ok
17:05:07.0000 0904 ql1080 - ok
17:05:07.0031 0904 Ql10wnt - ok
17:05:07.0046 0904 ql12160 - ok
17:05:07.0046 0904 ql1240 - ok
17:05:07.0062 0904 ql1280 - ok
17:05:07.0156 0904 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:05:07.0187 0904 RasAcd - ok
17:05:07.0281 0904 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:05:07.0343 0904 RasAuto - ok
17:05:07.0406 0904 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:05:07.0437 0904 Rasl2tp - ok
17:05:07.0609 0904 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:05:07.0671 0904 RasMan - ok
17:05:07.0687 0904 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:05:07.0703 0904 RasPppoe - ok
17:05:07.0765 0904 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:05:07.0781 0904 Raspti - ok
17:05:07.0937 0904 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:05:08.0000 0904 Rdbss - ok
17:05:08.0078 0904 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:05:08.0125 0904 RDPCDD - ok
17:05:08.0265 0904 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:05:08.0312 0904 RDPWD - ok
17:05:08.0437 0904 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:05:08.0500 0904 RDSessMgr - ok
17:05:08.0546 0904 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:05:08.0609 0904 redbook - ok
17:05:08.0734 0904 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:05:08.0765 0904 RemoteAccess - ok
17:05:08.0859 0904 [ 92D33F76769A028DDC54A863EB7DE4A2 ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
17:05:08.0890 0904 RimUsb - ok
17:05:08.0953 0904 [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
17:05:08.0984 0904 RimVSerPort - ok
17:05:09.0125 0904 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
17:05:09.0140 0904 ROOTMODEM - ok
17:05:09.0234 0904 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
17:05:09.0265 0904 RpcLocator - ok
17:05:09.0453 0904 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
17:05:09.0484 0904 RpcSs - ok
17:05:09.0593 0904 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
17:05:09.0656 0904 RSVP - ok
17:05:09.0718 0904 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
17:05:09.0718 0904 SamSs - ok
17:05:09.0812 0904 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:05:09.0859 0904 SCardSvr - ok
17:05:10.0062 0904 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:05:10.0156 0904 Schedule - ok
17:05:10.0281 0904 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:05:10.0343 0904 Secdrv - ok
17:05:10.0453 0904 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
17:05:10.0484 0904 seclogon - ok
17:05:10.0562 0904 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
17:05:10.0578 0904 SENS - ok
17:05:10.0656 0904 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:05:10.0703 0904 serenum - ok
17:05:10.0734 0904 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
17:05:10.0750 0904 Serial - ok
17:05:10.0828 0904 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:05:10.0828 0904 Sfloppy - ok
17:05:11.0046 0904 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:05:11.0203 0904 SharedAccess - ok
17:05:11.0343 0904 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:05:11.0343 0904 ShellHWDetection - ok
17:05:11.0359 0904 Simbad - ok
17:05:11.0687 0904 [ 31FD0707C7DBE715234F2823B27214FE ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
17:05:11.0906 0904 smwdm - ok
17:05:11.0921 0904 Sparrow - ok
17:05:12.0000 0904 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:05:12.0031 0904 splitter - ok
17:05:12.0171 0904 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:05:12.0218 0904 Spooler - ok
17:05:12.0328 0904 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:05:12.0343 0904 sr - ok
17:05:12.0484 0904 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
17:05:12.0578 0904 srservice - ok
17:05:12.0750 0904 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:05:12.0875 0904 Srv - ok
17:05:12.0921 0904 [ 328E8BB94EC58480F60458FB4B8437A7 ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys
17:05:12.0937 0904 sscdbhk5 - ok
17:05:13.0015 0904 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:05:13.0062 0904 SSDPSRV - ok
17:05:13.0156 0904 [ 7EC8B427CEE5C0CDAC066320B93F1355 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys
17:05:13.0203 0904 ssrtln - ok
17:05:13.0500 0904 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:05:13.0703 0904 stisvc - ok
17:05:13.0765 0904 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:05:13.0812 0904 swenum - ok
17:05:13.0875 0904 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:05:13.0921 0904 swmidi - ok
17:05:13.0937 0904 SwPrv - ok
17:05:13.0968 0904 symc810 - ok
17:05:13.0968 0904 symc8xx - ok
17:05:13.0984 0904 sym_hi - ok
17:05:14.0000 0904 sym_u3 - ok
17:05:14.0156 0904 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:05:14.0218 0904 sysaudio - ok
17:05:14.0312 0904 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:05:14.0375 0904 SysmonLog - ok
17:05:14.0515 0904 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:05:14.0609 0904 TapiSrv - ok
17:05:14.0796 0904 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:05:14.0906 0904 Tcpip - ok
17:05:14.0984 0904 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:05:14.0984 0904 TDPIPE - ok
17:05:15.0015 0904 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:05:15.0015 0904 TDTCP - ok
17:05:15.0109 0904 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:05:15.0187 0904 TermDD - ok
17:05:15.0421 0904 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
17:05:15.0562 0904 TermService - ok
17:05:15.0703 0904 [ C229BF90443BE8D3BD2B65D7F3AC0F35 ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys
17:05:15.0734 0904 tfsnboio - ok
17:05:15.0750 0904 [ 79EE9FCD7728E54AB8FBC30962F0416F ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys
17:05:15.0765 0904 tfsncofs - ok
17:05:15.0781 0904 [ 9EFB37E7DE17D783A059B653F7E8AFAD ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys
17:05:15.0781 0904 tfsndrct - ok
17:05:15.0796 0904 [ 130254995EBEDCB34D62E8D78EC9DBD0 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys
17:05:15.0812 0904 tfsndres - ok
17:05:15.0859 0904 [ 9B40E1E4AEED849812A2E43A388A7E77 ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys
17:05:15.0890 0904 tfsnifs - ok
17:05:15.0906 0904 [ 818047AD850B312705AA17CA96B9427D ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys
17:05:15.0921 0904 tfsnopio - ok
17:05:15.0937 0904 [ 4603E813BCC6DD465CD8D2AFD37FA90D ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys
17:05:15.0937 0904 tfsnpool - ok
17:05:15.0968 0904 [ 6FC2CD904A9A55ACFDFC780A611A75ED ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys
17:05:16.0000 0904 tfsnudf - ok
17:05:16.0062 0904 [ D4AFA4D00F8DB3FD1C15B3FE49C3A96C ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys
17:05:16.0078 0904 tfsnudfa - ok
17:05:16.0187 0904 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
17:05:16.0187 0904 Themes - ok
17:05:16.0203 0904 TosIde - ok
17:05:16.0328 0904 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:05:16.0406 0904 TrkWks - ok
17:05:16.0531 0904 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:05:16.0562 0904 Udfs - ok
17:05:16.0578 0904 ultra - ok
17:05:16.0656 0904 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
17:05:16.0718 0904 UMWdf - ok
17:05:17.0015 0904 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:05:17.0281 0904 Update - ok
17:05:17.0437 0904 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:05:17.0515 0904 upnphost - ok
17:05:17.0609 0904 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
17:05:17.0656 0904 UPS - ok
17:05:17.0781 0904 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
17:05:17.0812 0904 USBAAPL - ok
17:05:17.0968 0904 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:05:17.0968 0904 usbccgp - ok
17:05:18.0062 0904 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:05:18.0156 0904 usbehci - ok
17:05:18.0265 0904 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:05:18.0296 0904 usbhub - ok
17:05:18.0359 0904 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:05:18.0375 0904 usbprint - ok
17:05:18.0390 0904 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:05:18.0421 0904 usbscan - ok
17:05:18.0468 0904 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:05:18.0484 0904 USBSTOR - ok
17:05:18.0531 0904 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:05:18.0578 0904 usbuhci - ok
17:05:18.0640 0904 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:05:18.0671 0904 VgaSave - ok
17:05:18.0687 0904 ViaIde - ok
17:05:18.0781 0904 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:05:18.0843 0904 VolSnap - ok
17:05:19.0031 0904 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
17:05:19.0125 0904 VSS - ok
17:05:19.0328 0904 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
17:05:19.0406 0904 W32Time - ok
17:05:19.0531 0904 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:05:19.0578 0904 Wanarp - ok
17:05:19.0593 0904 wanatw - ok
17:05:19.0812 0904 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
17:05:20.0015 0904 Wdf01000 - ok
17:05:20.0015 0904 WDICA - ok
17:05:20.0093 0904 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:05:20.0156 0904 wdmaud - ok
17:05:20.0265 0904 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:05:20.0296 0904 WebClient - ok
17:05:20.0546 0904 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:05:20.0593 0904 winmgmt - ok
17:05:21.0312 0904 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:05:21.0937 0904 wlidsvc - ok
17:05:22.0046 0904 [ 581176F60885AEF8F78C6E38DCC3CDF9 ] WMDM PMSP Service C:\WINDOWS\System32\MsPMSPSv.exe
17:05:22.0093 0904 WMDM PMSP Service - ok
17:05:22.0171 0904 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
17:05:22.0234 0904 WmdmPmSN - ok
17:05:22.0359 0904 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
17:05:22.0421 0904 WmiApSrv - ok
17:05:22.0453 0904 [ 1385E5AA9C9821790D33A9563B8D2DD0 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
17:05:22.0468 0904 WpdUsb - ok
17:05:22.0562 0904 [ 6B579993E3C456B1D1043E58B5069663 ] Wpsnuio C:\WINDOWS\system32\DRIVERS\wpsnuio.sys
17:05:22.0578 0904 Wpsnuio - ok
17:05:22.0687 0904 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:05:22.0718 0904 WS2IFSL - ok
17:05:22.0875 0904 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:05:22.0906 0904 wscsvc - ok
17:05:23.0015 0904 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:05:23.0093 0904 wuauserv - ok
17:05:23.0375 0904 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:05:23.0609 0904 WZCSVC - ok
17:05:23.0687 0904 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:05:23.0765 0904 xmlprov - ok
17:05:23.0765 0904 ================ Scan global ===============================
17:05:23.0812 0904 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
17:05:23.0984 0904 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:05:24.0281 0904 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:05:24.0375 0904 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
17:05:24.0390 0904 [Global] - ok
17:05:24.0390 0904 ================ Scan MBR ==================================
17:05:24.0437 0904 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
17:05:25.0578 0904 \Device\Harddisk0\DR0 - ok
17:05:25.0578 0904 ================ Scan VBR ==================================
17:05:25.0609 0904 [ EB52BBC5ECC08B1BC1AAC233FD35DF28 ] \Device\Harddisk0\DR0\Partition1
17:05:25.0640 0904 \Device\Harddisk0\DR0\Partition1 - ok
17:05:25.0640 0904 ============================================================
17:05:25.0640 0904 Scan finished
17:05:25.0640 0904 ============================================================
17:05:25.0656 1284 Detected object count: 0
17:05:25.0656 1284 Actual detected object count: 0
17:05:37.0390 0228 Deinitialize success
 
Your logs are clean. Let's finish up at this time, please...

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to move them to the Cookies to Keep window.
* Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
 
Thanks Again for the help.....heres the secutiy check, you can mark this thread solved.
Results of screen317's Security Check version 0.99.51
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Free Antivirus
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Java 7 Update 7
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 1%
````````````````````End of Log``````````````````````
 
Adobe Reader Update!

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

Personal Tips on Preventing Malware

See this page for more info about malware and prevention.

Any other questions before I mark this topic solved?
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
797
uber_beetle
uber_beetle
A
Microsoft breaks users' PCs again with latest Windows 11 update
Replies
19
Views
399
trparky
T
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back