Inactive Very slow startup and very slow shut down

1

1Wren1

Posts: 12   +0
Hi,

I have HP Laptop with Windows XP. The issue is that, as of last week, my laptop is taking a very long time (4 minutes or more) to startup. In addition, it does not seem to be running very well - slow - and it sometimes it takes a bit to shut off.

I ran Malware bytes and found funmoods plus some other pup.installer programs. I attempted to remove them, after a three hour scan, but computer is still slow after the "removal."

I'm ready to follow all instructions.

Thanks in advance for taking a look.

Wren
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.29.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
HP Laptop :: HP-B8B7D3543EAB [administrator]

Protection: Enabled

9/29/2012 7:41:33 AM
mbam-log-2012-09-29 (07-41-33).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 319989
Time elapsed: 3 hour(s), 8 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: 05d89ed347c55680ad96e6d447c670c6 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Documents and Settings\HP Laptop\My Documents\Downloads\video_downloader.exe (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully.
C:\Program Files\v-Grabber\Uninstall.exe (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully.

(end)
____________________________\\\\\\\\
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-09-29 14:16:20
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 FUJITSU_MHV2080AH rev.00840096
Running: l6dyxc80.exe; Driver: C:\DOCUME~1\HPLAPT~1\LOCALS~1\Temp\pgndifoc.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
---- EOF - GMER 1.0.15 ----
-------------------------------------------------
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by HP Laptop at 14:18:44 on 2012-09-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.436 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\HP Laptop\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP Laptop\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP Laptop\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP Laptop\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP Laptop\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\hp laptop\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [KGShareApp] c:\program files\kodak\kodak share button app\KGShare_App.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KodakShareButtonApp] c:\program files\kodak\kodak share button app\Listener.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{EAE34BBA-335C-4BB0-9370-DC92A4E09D99} : DhcpNameServer = 192.168.1.254
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-1-29 14776]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-29 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-29 676936]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2010-7-28 88192]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-29 22856]
S0 cerc6;cerc6; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-8-22 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 250568]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-8-22 136176]
S3 PCX500;Cisco Wireless LAN Adapters Driver;c:\windows\system32\drivers\pcx500.sys [2010-7-28 169984]
.
=============== Created Last 30 ================
.
2012-09-29 07:40:1522856----a-w-c:\windows\system32\drivers\mbam.sys
2012-09-29 07:40:15--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-09-08 01:07:3073728----a-w-c:\windows\system32\javacpl.cpl
2012-09-08 01:07:30477168----a-w-c:\windows\system32\npdeployJava1.dll
2012-09-03 04:17:33159744----a-w-c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-09-03 04:17:33159744----a-w-c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-09-03 04:17:33159744----a-w-c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-09-03 04:17:33159744----a-w-c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-09-03 04:17:33159744----a-w-c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-09-03 04:17:33159744----a-w-c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-09-03 04:17:33159744----a-w-c:\program files\internet explorer\plugins\npqtplugin.dll
2012-09-03 04:14:37--------d-----w-c:\documents and settings\hp laptop\local settings\application data\Apple
.
==================== Find3M ====================
.
2012-09-08 01:07:05473072----a-w-c:\windows\system32\deployJava1.dll
2012-08-28 15:14:53916992----a-w-c:\windows\system32\wininet.dll
2012-08-28 15:14:5343520----a-w-c:\windows\system32\licmgr10.dll
2012-08-28 15:14:521469440------w-c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15385024----a-w-c:\windows\system32\html.iec
2012-08-23 01:33:1873416----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-23 01:33:18696520----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-08-14 20:41:329232584----a-w-c:\windows\system32\FlashPlayerInstaller.exe
2012-07-06 13:58:5178336----a-w-c:\windows\system32\browser.dll
2012-07-04 14:05:18139784----a-w-c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:151866112----a-w-c:\windows\system32\win32k.sys
.
============= FINISH: 14:19:51.29 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/28/2010 5:39:49 PM
System Uptime: 9/29/2012 11:08:00 AM (3 hours ago)
.
Motherboard: Hewlett-Packard | | 099C
Processor: Intel(R) Pentium(R) M processor 2.00GHz | JP12 | 2000/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 35.078 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP324: 7/2/2012 6:20:27 PM - System Checkpoint
RP325: 7/5/2012 7:20:38 PM - System Checkpoint
RP326: 7/6/2012 7:25:59 PM - System Checkpoint
RP327: 7/9/2012 2:01:11 PM - System Checkpoint
RP328: 7/11/2012 6:53:30 PM - Software Distribution Service 3.0
RP329: 7/11/2012 9:11:58 PM - Software Distribution Service 3.0
RP330: 7/14/2012 12:39:27 PM - System Checkpoint
RP331: 7/15/2012 3:08:27 PM - System Checkpoint
RP332: 7/17/2012 6:37:19 PM - System Checkpoint
RP333: 7/18/2012 8:03:21 PM - System Checkpoint
RP334: 7/20/2012 12:27:53 PM - System Checkpoint
RP335: 7/21/2012 7:48:30 PM - System Checkpoint
RP336: 7/23/2012 11:14:24 AM - System Checkpoint
RP337: 7/27/2012 6:26:44 PM - System Checkpoint
RP338: 7/30/2012 12:07:14 PM - System Checkpoint
RP339: 7/31/2012 3:19:42 PM - System Checkpoint
RP340: 8/4/2012 9:40:27 AM - Installed KODAK Share Button App.
RP341: 8/5/2012 10:39:02 AM - System Checkpoint
RP342: 8/6/2012 1:31:28 PM - System Checkpoint
RP343: 8/10/2012 5:48:21 PM - System Checkpoint
RP344: 8/11/2012 6:48:41 PM - System Checkpoint
RP345: 8/13/2012 1:25:45 PM - System Checkpoint
RP346: 8/14/2012 8:34:17 PM - System Checkpoint
RP347: 8/14/2012 9:47:58 PM - Software Distribution Service 3.0
RP348: 8/16/2012 9:15:52 PM - System Checkpoint
RP349: 8/18/2012 12:12:32 PM - System Checkpoint
RP350: 8/20/2012 1:19:07 PM - System Checkpoint
RP351: 8/21/2012 8:05:33 PM - System Checkpoint
RP352: 8/23/2012 9:10:54 PM - System Checkpoint
RP353: 8/25/2012 11:35:45 AM - System Checkpoint
RP354: 8/26/2012 2:40:41 PM - System Checkpoint
RP355: 8/31/2012 2:23:11 PM - System Checkpoint
RP356: 9/1/2012 6:53:19 PM - System Checkpoint
RP357: 9/2/2012 9:15:23 PM - Installed QuickTime
RP358: 9/4/2012 7:32:15 PM - System Checkpoint
RP359: 9/5/2012 8:33:14 PM - System Checkpoint
RP360: 9/7/2012 11:49:52 AM - System Checkpoint
RP361: 9/7/2012 6:05:54 PM - Removed Java(TM) 6 Update 31
RP362: 9/7/2012 6:06:56 PM - Installed Java(TM) 6 Update 35
RP363: 9/8/2012 6:58:22 PM - System Checkpoint
RP364: 9/12/2012 9:32:06 PM - Software Distribution Service 3.0
RP365: 9/14/2012 12:09:34 PM - System Checkpoint
RP366: 9/21/2012 8:48:02 AM - Installed BCL ALLPDF Converter 3.0.
RP367: 9/21/2012 5:51:06 PM - Removed BCL ALLPDF Converter 3.0.
RP368: 9/21/2012 6:24:37 PM - Software Distribution Service 3.0
RP369: 9/22/2012 6:43:45 PM - System Checkpoint
RP370: 9/23/2012 6:45:28 PM - System Checkpoint
RP371: 9/28/2012 4:13:46 PM - System Checkpoint
.
==== Installed Programs ======================
.
AbiWord 2.8.6
Acronis True Image Home
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Agere Systems AC'97 Modem
Amazon MP3 Downloader 1.0.12
Apple Application Support
Apple QuickTime Installer
Apple Software Update
Broadcom NetXtreme Ethernet Controller
BufferChm
CCleaner
CCScore
Compatibility Pack for the 2007 Office system
CustomerResearchQFolder
D2300
D2300_Help
DeviceManagementQFolder
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
eSupportQFolder
fflink
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0 Software
HP Photosmart Essential
HP Solution Center 7.0
HP Update
hph_ProductContext
hph_readme
hph_software
hph_software_req
HPPhotoSmartExpress
HPProductAssistant
Intel(R) Graphics Media Accelerator Driver for Mobile
Java Auto Updater
Java(TM) 6 Update 35
JetClean
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KODAK Picture CD
KODAK Share Button App
Malwarebytes Anti-Malware version 1.65.0.1400
MarketResearch
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Napster Download Manager
Nero 7 Ultra Edition
netbrdg
OfotoXMI
OpenOffice.org 3.3
Quick Web Player
QuickTime
Security Task Manager 1.8d
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SFR
SHASTA
skin0001
SKINXSDK
Smart Defrag 2
SolutionCenter
SoundMAX
staticcr
Status
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Toolbox
tooltips
TrayApp
Unload
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VPRINTOL
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WIRELESS
.
==== Event Viewer Messages From Past Week ========
.
9/29/2012 7:38:05 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
9/29/2012 7:38:05 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/29/2012 11:11:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
9/29/2012 11:11:30 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/29/2012 11:11:05 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
9/25/2012 6:31:56 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0013CEDC9679. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
9/25/2012 6:31:51 PM, error: Dhcp [1002] - The IP address lease 192.168.1.65 for the Network Card with network address 0013CEDC9679 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
9/23/2012 12:33:56 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
9/23/2012 12:32:05 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
.
==== End Of File ===========================
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

============================

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

==============================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
07:25:46.0437 2788 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
07:25:47.0093 2788 ============================================================
07:25:47.0093 2788 Current date / time: 2012/09/30 07:25:47.0093
07:25:47.0093 2788 SystemInfo:
07:25:47.0093 2788
07:25:47.0093 2788 OS Version: 5.1.2600 ServicePack: 3.0
07:25:47.0093 2788 Product type: Workstation
07:25:47.0093 2788 ComputerName: HP-B8B7D3543EAB
07:25:47.0093 2788 UserName: HP Laptop
07:25:47.0093 2788 Windows directory: C:\WINDOWS
07:25:47.0093 2788 System windows directory: C:\WINDOWS
07:25:47.0093 2788 Processor architecture: Intel x86
07:25:47.0093 2788 Number of processors: 1
07:25:47.0093 2788 Page size: 0x1000
07:25:47.0093 2788 Boot type: Normal boot
07:25:47.0093 2788 ============================================================
07:25:50.0234 2788 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
07:25:50.0234 2788 ============================================================
07:25:50.0234 2788 \Device\Harddisk0\DR0:
07:25:50.0234 2788 MBR partitions:
07:25:50.0234 2788 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E0D1
07:25:50.0234 2788 ============================================================
07:25:50.0281 2788 C: <-> \Device\Harddisk0\DR0\Partition1
07:25:50.0281 2788 ============================================================
07:25:50.0281 2788 Initialize success
07:25:50.0281 2788 ============================================================
07:25:53.0015 2092 ============================================================
07:25:53.0015 2092 Scan started
07:25:53.0015 2092 Mode: Manual;
07:25:53.0015 2092 ============================================================
07:25:55.0093 2092 ================ Scan system memory ========================
07:25:55.0093 2092 System memory - ok
07:25:55.0093 2092 ================ Scan services =============================
07:25:55.0515 2092 Abiosdsk - ok
07:25:55.0531 2092 abp480n5 - ok
07:25:56.0031 2092 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:25:56.0156 2092 ACPI - ok
07:25:56.0203 2092 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
07:25:56.0218 2092 ACPIEC - ok
07:25:56.0453 2092 [ 93E118B465160D9D01907EA3350353CA ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
07:25:56.0562 2092 AcrSch2Svc - ok
07:25:57.0890 2092 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
07:25:58.0031 2092 AdobeFlashPlayerUpdateSvc - ok
07:25:58.0046 2092 adpu160m - ok
07:25:58.0187 2092 [ AD707942E4CCB28D77CEE5ED989C9E55 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
07:25:58.0234 2092 aeaudio - ok
07:25:58.0437 2092 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
07:25:58.0515 2092 aec - ok
07:25:58.0625 2092 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
07:25:58.0906 2092 AFD - ok
07:25:59.0593 2092 [ 029E01CB2938BEC5AF31BF47B6AF0159 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
07:26:00.0562 2092 AgereSoftModem - ok
07:26:00.0578 2092 Aha154x - ok
07:26:00.0578 2092 aic78u2 - ok
07:26:00.0593 2092 aic78xx - ok
07:26:00.0640 2092 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
07:26:00.0656 2092 Alerter - ok
07:26:00.0937 2092 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
07:26:00.0937 2092 ALG - ok
07:26:00.0937 2092 AliIde - ok
07:26:00.0937 2092 amsint - ok
07:26:01.0062 2092 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
07:26:01.0171 2092 AppMgmt - ok
07:26:01.0234 2092 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
07:26:01.0265 2092 Arp1394 - ok
07:26:01.0265 2092 asc - ok
07:26:01.0281 2092 asc3350p - ok
07:26:01.0281 2092 asc3550 - ok
07:26:01.0312 2092 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:26:01.0328 2092 AsyncMac - ok
07:26:01.0421 2092 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
07:26:01.0421 2092 atapi - ok
07:26:01.0421 2092 Atdisk - ok
07:26:01.0468 2092 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:26:01.0515 2092 Atmarpc - ok
07:26:01.0562 2092 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
07:26:01.0578 2092 AudioSrv - ok
07:26:01.0609 2092 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
07:26:01.0609 2092 audstub - ok
07:26:02.0000 2092 [ 2DC524A5D9C4879E7A7CB7100A2D36B4 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
07:26:02.0125 2092 b57w2k - ok
07:26:02.0187 2092 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
07:26:02.0203 2092 Beep - ok
07:26:02.0578 2092 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
07:26:03.0062 2092 BITS - ok
07:26:03.0156 2092 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
07:26:03.0187 2092 Browser - ok
07:26:03.0218 2092 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
07:26:03.0234 2092 cbidf2k - ok
07:26:03.0234 2092 cd20xrnt - ok
07:26:03.0281 2092 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
07:26:03.0281 2092 Cdaudio - ok
07:26:03.0359 2092 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
07:26:03.0406 2092 Cdfs - ok
07:26:03.0484 2092 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:26:03.0515 2092 Cdrom - ok
07:26:03.0531 2092 cerc6 - ok
07:26:03.0531 2092 Changer - ok
07:26:03.0546 2092 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
07:26:03.0562 2092 CiSvc - ok
07:26:03.0593 2092 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
07:26:03.0625 2092 ClipSrv - ok
07:26:03.0671 2092 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
07:26:03.0671 2092 CmBatt - ok
07:26:03.0671 2092 CmdIde - ok
07:26:03.0703 2092 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
07:26:03.0703 2092 Compbatt - ok
07:26:03.0703 2092 COMSysApp - ok
07:26:03.0718 2092 Cpqarray - ok
07:26:04.0031 2092 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
07:26:04.0062 2092 CryptSvc - ok
07:26:04.0062 2092 dac2w2k - ok
07:26:04.0078 2092 dac960nt - ok
07:26:04.0359 2092 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
07:26:04.0375 2092 DcomLaunch - ok
07:26:04.0468 2092 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
07:26:04.0531 2092 Dhcp - ok
07:26:04.0578 2092 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
07:26:04.0593 2092 Disk - ok
07:26:04.0609 2092 dmadmin - ok
07:26:05.0359 2092 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
07:26:06.0093 2092 dmboot - ok
07:26:06.0234 2092 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
07:26:06.0328 2092 dmio - ok
07:26:06.0375 2092 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
07:26:06.0375 2092 dmload - ok
07:26:06.0406 2092 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
07:26:06.0421 2092 dmserver - ok
07:26:06.0500 2092 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
07:26:06.0531 2092 DMusic - ok
07:26:06.0593 2092 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
07:26:06.0625 2092 Dnscache - ok
07:26:06.0718 2092 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
07:26:06.0796 2092 Dot3svc - ok
07:26:06.0812 2092 dpti2o - ok
07:26:06.0828 2092 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
07:26:06.0828 2092 drmkaud - ok
07:26:07.0109 2092 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
07:26:07.0125 2092 EapHost - ok
07:26:07.0171 2092 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
07:26:07.0265 2092 ERSvc - ok
07:26:08.0125 2092 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
07:26:08.0250 2092 Eventlog - ok
07:26:08.0468 2092 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
07:26:08.0593 2092 EventSystem - ok
07:26:08.0718 2092 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
07:26:08.0812 2092 Fastfat - ok
07:26:09.0156 2092 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
07:26:09.0250 2092 FastUserSwitchingCompatibility - ok
07:26:09.0281 2092 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
07:26:09.0296 2092 Fdc - ok
07:26:09.0343 2092 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
07:26:09.0343 2092 Fips - ok
07:26:09.0375 2092 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
07:26:09.0390 2092 Flpydisk - ok
07:26:09.0515 2092 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
07:26:09.0593 2092 FltMgr - ok
07:26:09.0625 2092 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:26:09.0625 2092 Fs_Rec - ok
07:26:09.0718 2092 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:26:09.0796 2092 Ftdisk - ok
07:26:09.0843 2092 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:26:09.0875 2092 Gpc - ok
07:26:10.0125 2092 [ CA835331825599B938E37525796D3549 ] GTIPCI21 C:\WINDOWS\system32\DRIVERS\gtipci21.sys
07:26:10.0312 2092 GTIPCI21 - ok
07:26:10.0531 2092 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
07:26:10.0609 2092 gupdate - ok
07:26:10.0687 2092 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
07:26:10.0687 2092 gupdatem - ok
07:26:10.0859 2092 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
07:26:11.0218 2092 gusvc - ok
07:26:11.0328 2092 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
07:26:11.0343 2092 helpsvc - ok
07:26:11.0343 2092 HidServ - ok
07:26:11.0390 2092 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:26:11.0406 2092 HidUsb - ok
07:26:11.0468 2092 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
07:26:11.0515 2092 hkmsvc - ok
07:26:11.0515 2092 hpn - ok
07:26:11.0718 2092 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
07:26:11.0828 2092 HTTP - ok
07:26:11.0890 2092 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
07:26:11.0906 2092 HTTPFilter - ok
07:26:11.0906 2092 i2omgmt - ok
07:26:11.0921 2092 i2omp - ok
07:26:11.0984 2092 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:26:12.0125 2092 i8042prt - ok
07:26:13.0703 2092 [ 9E52A1C2E2D7660612C52BC282259852 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
07:26:14.0656 2092 ialm - ok
07:26:14.0703 2092 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
07:26:14.0734 2092 Imapi - ok
07:26:14.0859 2092 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
07:26:14.0921 2092 ImapiService - ok
07:26:14.0921 2092 ini910u - ok
07:26:14.0968 2092 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
07:26:14.0968 2092 IntelIde - ok
07:26:15.0046 2092 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:26:15.0062 2092 intelppm - ok
07:26:15.0093 2092 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
07:26:15.0125 2092 Ip6Fw - ok
07:26:15.0421 2092 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:26:15.0421 2092 IpFilterDriver - ok
07:26:15.0437 2092 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:26:15.0453 2092 IpInIp - ok
07:26:15.0562 2092 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:26:15.0656 2092 IpNat - ok
07:26:15.0718 2092 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:26:15.0765 2092 IPSec - ok
07:26:15.0828 2092 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
07:26:15.0890 2092 irda - ok
07:26:15.0921 2092 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
07:26:15.0921 2092 IRENUM - ok
07:26:15.0968 2092 [ 49CC4533CE897CB2E93C1E84A818FDE5 ] Irmon C:\WINDOWS\System32\irmon.dll
07:26:15.0984 2092 Irmon - ok
07:26:16.0015 2092 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:26:16.0046 2092 isapnp - ok
07:26:16.0500 2092 [ 0E410EDC8D0527801B899CF29E60597C ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
07:26:16.0593 2092 JavaQuickStarterService - ok
07:26:16.0640 2092 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:26:16.0656 2092 Kbdclass - ok
07:26:16.0781 2092 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
07:26:16.0781 2092 kmixer - ok
07:26:16.0875 2092 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
07:26:16.0890 2092 KSecDD - ok
07:26:16.0984 2092 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
07:26:17.0031 2092 LanmanServer - ok
07:26:17.0390 2092 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
07:26:17.0468 2092 lanmanworkstation - ok
07:26:17.0468 2092 lbrtfdc - ok
07:26:17.0531 2092 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
07:26:17.0531 2092 LmHosts - ok
07:26:17.0593 2092 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
07:26:17.0593 2092 MBAMProtector - ok
07:26:17.0875 2092 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
07:26:18.0125 2092 MBAMScheduler - ok
07:26:18.0796 2092 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
07:26:19.0437 2092 MBAMService - ok
07:26:19.0484 2092 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
07:26:19.0500 2092 Messenger - ok
07:26:19.0531 2092 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
07:26:19.0546 2092 mnmdd - ok
07:26:19.0609 2092 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
07:26:19.0625 2092 mnmsrvc - ok
07:26:19.0671 2092 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
07:26:19.0687 2092 Modem - ok
07:26:19.0750 2092 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:26:19.0765 2092 Mouclass - ok
07:26:19.0812 2092 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:26:19.0812 2092 mouhid - ok
07:26:19.0859 2092 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
07:26:19.0890 2092 MountMgr - ok
07:26:19.0890 2092 mraid35x - ok
07:26:20.0031 2092 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:26:20.0140 2092 MRxDAV - ok
07:26:20.0687 2092 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:26:20.0921 2092 MRxSmb - ok
07:26:20.0968 2092 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
07:26:20.0968 2092 MSDTC - ok
07:26:21.0000 2092 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
07:26:21.0015 2092 Msfs - ok
07:26:21.0015 2092 MSIServer - ok
07:26:21.0062 2092 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:26:21.0125 2092 MSKSSRV - ok
07:26:21.0140 2092 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:26:21.0140 2092 MSPCLOCK - ok
07:26:21.0390 2092 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
07:26:21.0406 2092 MSPQM - ok
07:26:21.0453 2092 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:26:21.0468 2092 mssmbios - ok
07:26:21.0578 2092 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
07:26:21.0593 2092 Mup - ok
07:26:21.0796 2092 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
07:26:21.0984 2092 napagent - ok
07:26:22.0875 2092 [ 87A00FAEDD703D8D2BDCB29CE5EEEA6B ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
07:26:23.0609 2092 NBService - ok
07:26:23.0750 2092 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
07:26:23.0859 2092 NDIS - ok
07:26:23.0906 2092 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:26:23.0906 2092 NdisTapi - ok
07:26:23.0937 2092 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:26:23.0953 2092 Ndisuio - ok
07:26:24.0046 2092 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:26:24.0109 2092 NdisWan - ok
07:26:24.0187 2092 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
07:26:24.0187 2092 NDProxy - ok
07:26:24.0484 2092 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
07:26:24.0515 2092 NetBIOS - ok
07:26:24.0625 2092 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
07:26:24.0718 2092 NetBT - ok
07:26:24.0828 2092 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
07:26:24.0906 2092 NetDDE - ok
07:26:24.0968 2092 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
07:26:24.0968 2092 NetDDEdsdm - ok
07:26:25.0000 2092 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
07:26:25.0000 2092 Netlogon - ok
07:26:25.0156 2092 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
07:26:25.0500 2092 Netman - ok
07:26:25.0593 2092 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
07:26:25.0625 2092 NIC1394 - ok
07:26:25.0796 2092 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
07:26:25.0796 2092 Nla - ok
07:26:25.0875 2092 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
07:26:25.0890 2092 Npfs - ok
07:26:26.0515 2092 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
07:26:26.0890 2092 Ntfs - ok
07:26:26.0921 2092 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
07:26:26.0921 2092 NtLmSsp - ok
07:26:27.0203 2092 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
07:26:27.0859 2092 NtmsSvc - ok
07:26:27.0875 2092 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
07:26:27.0875 2092 Null - ok
07:26:27.0937 2092 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:26:27.0937 2092 NwlnkFlt - ok
07:26:27.0984 2092 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:26:28.0000 2092 NwlnkFwd - ok
07:26:28.0078 2092 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
07:26:28.0156 2092 ohci1394 - ok
07:26:28.0265 2092 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:26:28.0656 2092 ose - ok
07:26:28.0812 2092 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
07:26:28.0859 2092 Parport - ok
07:26:28.0890 2092 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
07:26:28.0890 2092 PartMgr - ok
07:26:28.0937 2092 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
07:26:28.0953 2092 ParVdm - ok
07:26:29.0015 2092 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
07:26:29.0046 2092 PCI - ok
07:26:29.0062 2092 PCIDump - ok
07:26:29.0078 2092 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
07:26:29.0078 2092 PCIIde - ok
07:26:29.0218 2092 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
07:26:29.0578 2092 Pcmcia - ok
07:26:29.0734 2092 [ 592B9D0FB93647C35B6F6883C988D225 ] PCX500 C:\WINDOWS\system32\DRIVERS\pcx500.sys
07:26:29.0843 2092 PCX500 - ok
07:26:29.0843 2092 PDCOMP - ok
07:26:29.0843 2092 PDFRAME - ok
07:26:29.0859 2092 PDRELI - ok
07:26:29.0859 2092 PDRFRAME - ok
07:26:29.0875 2092 perc2 - ok
07:26:29.0875 2092 perc2hib - ok
07:26:29.0968 2092 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
07:26:29.0968 2092 PlugPlay - ok
07:26:30.0062 2092 [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
07:26:30.0109 2092 Pml Driver HPZ12 - ok
07:26:30.0140 2092 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
07:26:30.0140 2092 PolicyAgent - ok
07:26:30.0218 2092 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:26:30.0234 2092 PptpMiniport - ok
07:26:30.0250 2092 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
07:26:30.0250 2092 ProtectedStorage - ok
07:26:30.0328 2092 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
07:26:30.0625 2092 PSched - ok
07:26:30.0671 2092 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:26:30.0687 2092 Ptilink - ok
07:26:30.0765 2092 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
07:26:30.0796 2092 PxHelp20 - ok
07:26:30.0796 2092 ql1080 - ok
07:26:30.0796 2092 Ql10wnt - ok
07:26:30.0812 2092 ql12160 - ok
07:26:30.0812 2092 ql1240 - ok
07:26:30.0828 2092 ql1280 - ok
07:26:30.0875 2092 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:26:30.0875 2092 RasAcd - ok
07:26:30.0953 2092 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
07:26:31.0031 2092 RasAuto - ok
07:26:31.0093 2092 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
07:26:31.0093 2092 Rasirda - ok
07:26:31.0156 2092 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:26:31.0187 2092 Rasl2tp - ok
07:26:31.0578 2092 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
07:26:31.0671 2092 RasMan - ok
07:26:31.0703 2092 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:26:31.0734 2092 RasPppoe - ok
07:26:31.0765 2092 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
07:26:31.0781 2092 Raspti - ok
07:26:31.0921 2092 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:26:32.0031 2092 Rdbss - ok
07:26:32.0062 2092 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:26:32.0062 2092 RDPCDD - ok
07:26:32.0234 2092 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:26:32.0593 2092 rdpdr - ok
07:26:32.0734 2092 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
07:26:32.0828 2092 RDPWD - ok
07:26:32.0937 2092 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
07:26:33.0015 2092 RDSessMgr - ok
07:26:33.0078 2092 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
07:26:33.0109 2092 redbook - ok
07:26:33.0328 2092 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
07:26:33.0609 2092 RemoteAccess - ok
07:26:33.0765 2092 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
07:26:33.0796 2092 RemoteRegistry - ok
07:26:33.0890 2092 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
07:26:33.0953 2092 RpcLocator - ok
07:26:34.0203 2092 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
07:26:34.0218 2092 RpcSs - ok
07:26:34.0343 2092 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
07:26:34.0687 2092 RSVP - ok
07:26:34.0718 2092 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
07:26:34.0718 2092 SamSs - ok
07:26:34.0875 2092 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
07:26:34.0953 2092 SCardSvr - ok
07:26:35.0140 2092 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
07:26:35.0250 2092 Schedule - ok
07:26:35.0328 2092 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
07:26:35.0640 2092 sdbus - ok
07:26:35.0703 2092 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:26:35.0718 2092 Secdrv - ok
07:26:36.0375 2092 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
07:26:36.0390 2092 seclogon - ok
07:26:36.0671 2092 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
07:26:36.0687 2092 SENS - ok
07:26:36.0718 2092 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
07:26:36.0734 2092 serenum - ok
07:26:36.0812 2092 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
07:26:36.0843 2092 Serial - ok
07:26:36.0875 2092 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
07:26:36.0875 2092 Sfloppy - ok
07:26:37.0093 2092 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
07:26:37.0281 2092 SharedAccess - ok
07:26:37.0390 2092 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
07:26:37.0390 2092 ShellHWDetection - ok
07:26:37.0390 2092 Simbad - ok
07:26:37.0703 2092 [ 14BB60A4F1C5291217A05D5728C403E6 ] SmartDefragDriver C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
07:26:37.0718 2092 SmartDefragDriver - ok
07:26:37.0765 2092 [ 707647A1AA0EDB6CBEF61B0C75C28ED3 ] SMCIRDA C:\WINDOWS\system32\DRIVERS\smcirda.sys
07:26:37.0796 2092 SMCIRDA - ok
07:26:38.0000 2092 [ 858934C454BDC6664C752BF0CD3EAEAE ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
07:26:38.0125 2092 smwdm - ok
07:26:38.0234 2092 [ E78C98378A071CE4D48A7C514FA98FA1 ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys
07:26:38.0312 2092 snapman - ok
07:26:38.0390 2092 [ 3978F082274F723AD5A0A8058C2417DD ] SoundMAX Agent Service (default) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
07:26:38.0656 2092 SoundMAX Agent Service (default) - ok
07:26:38.0656 2092 Sparrow - ok
07:26:38.0703 2092 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
07:26:38.0718 2092 splitter - ok
07:26:38.0812 2092 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
07:26:38.0843 2092 Spooler - ok
07:26:38.0921 2092 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
07:26:38.0968 2092 sr - ok
07:26:39.0078 2092 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
07:26:39.0187 2092 srservice - ok
07:26:39.0703 2092 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
07:26:39.0890 2092 Srv - ok
07:26:40.0000 2092 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
07:26:40.0015 2092 SSDPSRV - ok
07:26:40.0281 2092 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
07:26:40.0718 2092 stisvc - ok
07:26:40.0750 2092 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
07:26:40.0750 2092 swenum - ok
07:26:40.0812 2092 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
07:26:40.0843 2092 swmidi - ok
07:26:40.0859 2092 SwPrv - ok
07:26:40.0859 2092 symc810 - ok
07:26:40.0875 2092 symc8xx - ok
07:26:40.0875 2092 sym_hi - ok
07:26:40.0890 2092 sym_u3 - ok
07:26:41.0125 2092 [ B828ECD5AC65A37E0043BFDD8BD692D4 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
07:26:41.0281 2092 SynTP - ok
07:26:41.0343 2092 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
07:26:41.0390 2092 sysaudio - ok
07:26:41.0718 2092 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
07:26:41.0781 2092 SysmonLog - ok
07:26:41.0968 2092 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
07:26:42.0093 2092 TapiSrv - ok
07:26:42.0390 2092 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:26:42.0812 2092 Tcpip - ok
07:26:42.0875 2092 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
07:26:42.0906 2092 TDPIPE - ok
07:26:42.0968 2092 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
07:26:42.0984 2092 TDTCP - ok
07:26:43.0031 2092 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
07:26:43.0109 2092 TermDD - ok
07:26:43.0375 2092 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
07:26:43.0843 2092 TermService - ok
07:26:43.0937 2092 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
07:26:43.0953 2092 Themes - ok
07:26:44.0109 2092 [ F779BA4CD37963AB4600C9871B7752A3 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
07:26:44.0109 2092 tifm21 - ok
07:26:44.0281 2092 [ D352FFF2A623B916C08CEACBFC8B5C32 ] tifsfilter C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
07:26:44.0281 2092 tifsfilter - ok
07:26:44.0765 2092 [ 64694B2A5C772E1C61FEAC300ED90CA6 ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys
07:26:45.0000 2092 timounter - ok
07:26:45.0109 2092 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
07:26:45.0156 2092 TlntSvr - ok
07:26:45.0171 2092 TosIde - ok
07:26:45.0250 2092 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
07:26:45.0296 2092 TrkWks - ok
07:26:45.0359 2092 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
07:26:45.0390 2092 Udfs - ok
07:26:45.0406 2092 ultra - ok
07:26:45.0890 2092 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
07:26:46.0140 2092 Update - ok
07:26:46.0281 2092 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
07:26:46.0390 2092 upnphost - ok
07:26:46.0437 2092 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
07:26:46.0812 2092 UPS - ok
07:26:48.0093 2092 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:26:48.0140 2092 usbccgp - ok
07:26:48.0171 2092 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:26:48.0203 2092 usbehci - ok
07:26:48.0281 2092 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:26:48.0312 2092 usbhub - ok
07:26:48.0359 2092 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
07:26:48.0375 2092 usbprint - ok
07:26:48.0437 2092 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:26:48.0453 2092 usbscan - ok
07:26:48.0531 2092 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:26:48.0546 2092 USBSTOR - ok
07:26:48.0687 2092 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:26:48.0828 2092 usbuhci - ok
07:26:48.0875 2092 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
07:26:48.0890 2092 VgaSave - ok
07:26:48.0890 2092 ViaIde - ok
07:26:48.0953 2092 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
07:26:48.0984 2092 VolSnap - ok
07:26:49.0203 2092 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
07:26:49.0375 2092 VSS - ok
07:26:51.0218 2092 [ D6006DE6A6ED423D8016A03BC50CBE6B ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys
07:26:53.0125 2092 w29n51 - ok
07:26:53.0328 2092 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
07:26:53.0437 2092 W32Time - ok
07:26:53.0484 2092 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:26:53.0515 2092 Wanarp - ok
07:26:53.0515 2092 WDICA - ok
07:26:53.0593 2092 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
07:26:53.0640 2092 wdmaud - ok
07:26:53.0718 2092 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
07:26:54.0015 2092 WebClient - ok
07:26:54.0234 2092 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
07:26:54.0312 2092 winmgmt - ok
07:26:54.0375 2092 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
07:26:54.0406 2092 WmdmPmSN - ok
07:26:55.0000 2092 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
07:26:55.0015 2092 Wmi - ok
07:26:55.0046 2092 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
07:26:55.0046 2092 WmiAcpi - ok
07:26:55.0171 2092 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
07:26:55.0250 2092 WmiApSrv - ok
07:26:55.0906 2092 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
07:26:56.0468 2092 WMPNetworkSvc - ok
07:26:56.0578 2092 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
07:26:56.0640 2092 wscsvc - ok
07:26:56.0687 2092 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
07:26:56.0968 2092 wuauserv - ok
07:26:57.0046 2092 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
07:26:57.0093 2092 WudfPf - ok
07:26:57.0187 2092 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
07:26:57.0234 2092 WudfRd - ok
07:26:57.0312 2092 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
07:26:57.0343 2092 WudfSvc - ok
07:26:57.0703 2092 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
07:26:58.0031 2092 WZCSVC - ok
07:26:58.0171 2092 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
07:26:58.0250 2092 xmlprov - ok
07:26:58.0281 2092 ================ Scan global ===============================
07:26:58.0468 2092 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
07:26:58.0796 2092 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
07:26:59.0109 2092 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
07:26:59.0203 2092 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
07:26:59.0203 2092 [Global] - ok
07:26:59.0203 2092 ================ Scan MBR ==================================
07:26:59.0250 2092 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
07:27:00.0671 2092 \Device\Harddisk0\DR0 - ok
07:27:00.0687 2092 ================ Scan VBR ==================================
07:27:00.0687 2092 [ 43C84164637EB1294F770489A450427C ] \Device\Harddisk0\DR0\Partition1
07:27:00.0687 2092 \Device\Harddisk0\DR0\Partition1 - ok
07:27:00.0703 2092 ============================================================
07:27:00.0703 2092 Scan finished
07:27:00.0703 2092 ============================================================
07:27:00.0703 2600 Detected object count: 0
07:27:00.0703 2600 Actual detected object count: 0
================
 
RogueKiller V8.1.0 [09/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : HP Laptop [Admin rights]
Mode : Scan -- Date : 09/30/2012 07:32:08

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 mpa.one.microsoft.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHV2080AH +++++
--- User ---
[MBR] 228ea168b26c4ea6a8fa94f60c9e52d5
[BSP] 5d8d4cc451f842aaeede96d5c46aae4a : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt
 
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-30 07:35:50
-----------------------------
07:35:50.703 OS Version: Windows 5.1.2600 Service Pack 3
07:35:50.703 Number of processors: 1 586 0xD08
07:35:50.703 ComputerName: HP-B8B7D3543EAB UserName: HP Laptop
07:35:53.796 Initialize success
07:36:06.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
07:36:06.640 Disk 0 Vendor: FUJITSU_MHV2080AH 00840096 Size: 76319MB BusType: 3
07:36:06.671 Disk 0 MBR read successfully
07:36:06.671 Disk 0 MBR scan
07:36:06.671 Disk 0 Windows XP default MBR code
07:36:06.671 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63
07:36:06.687 Disk 0 scanning sectors +156295440
07:36:06.828 Disk 0 scanning C:\WINDOWS\system32\drivers
07:36:28.109 Service scanning
07:37:11.484 Modules scanning
07:37:32.578 Disk 0 trace - called modules:
07:37:32.593 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys
07:37:32.593 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864e5ab8]
07:37:32.593 3 CLASSPNP.SYS[f75e7fd7] -> nt!IofCallDriver -> \Device\00000080[0x865509e8]
07:37:33.125 5 ACPI.sys[f745e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x864ead98]
07:37:33.125 Scan finished successfully
07:39:19.343 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP Laptop\Desktop\MBR.dat"
07:39:19.343 The log file has been saved successfully to "C:\Documents and Settings\HP Laptop\Desktop\aswMBR.txt"
 
Okay - all steps followed except I accidentally did not say okay to Avast! Thanks for helping me again.
 
Create new restore point before proceeding with the next step....
How to:
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

================================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If restarting doesn't help use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
It says I have AVG running but I can't find AVG. If I have it, I don't see it and I can't find it. I attempted it again and it gave me the same message as well as a new message saying I couldn't rename combofix.exe as combofix.exe1 or something like that - only I had not attempted to rename it at all. I did handle the restore point instructions so we are all set there.
 
ComboFix 12-09-30.01 - HP Laptop 09/30/2012 9:19.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.594 [GMT -7:00]
Running from: c:\documents and settings\HP Laptop\My Documents\Downloads\Wren_one.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\Search Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-30 )))))))))))))))))))))))))))))))
.
.
2012-09-29 07:40 . 2012-09-29 07:40--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-09-29 07:40 . 2012-09-08 00:0422856----a-w-c:\windows\system32\drivers\mbam.sys
2012-09-08 01:07 . 2012-09-08 01:0773728----a-w-c:\windows\system32\javacpl.cpl
2012-09-08 01:07 . 2012-09-08 01:07477168----a-w-c:\windows\system32\npdeployJava1.dll
2012-09-08 01:05 . 2012-09-08 01:05--------d-----w-c:\documents and settings\All Users\Application Data\McAfee
2012-09-03 04:17 . 2012-09-03 04:17159744----a-w-c:\program files\Internet Explorer\plugins\npqtplugin7.dll
2012-09-03 04:17 . 2012-09-03 04:17159744----a-w-c:\program files\Internet Explorer\plugins\npqtplugin6.dll
2012-09-03 04:17 . 2012-09-03 04:17159744----a-w-c:\program files\Internet Explorer\plugins\npqtplugin5.dll
2012-09-03 04:17 . 2012-09-03 04:17159744----a-w-c:\program files\Internet Explorer\plugins\npqtplugin4.dll
2012-09-03 04:17 . 2012-09-03 04:17159744----a-w-c:\program files\Internet Explorer\plugins\npqtplugin3.dll
2012-09-03 04:17 . 2012-09-03 04:17159744----a-w-c:\program files\Internet Explorer\plugins\npqtplugin2.dll
2012-09-03 04:17 . 2012-09-03 04:17159744----a-w-c:\program files\Internet Explorer\plugins\npqtplugin.dll
2012-09-03 04:16 . 2012-09-03 04:17--------d-----w-c:\program files\QuickTime
2012-09-03 04:16 . 2012-09-03 04:16--------d-----w-c:\documents and settings\All Users\Application Data\Apple Computer
2012-09-03 04:14 . 2012-09-03 04:14--------d-----w-c:\program files\Common Files\Apple
2012-09-03 04:14 . 2012-09-03 04:14--------d-----w-c:\documents and settings\HP Laptop\Local Settings\Application Data\Apple
2012-09-03 04:14 . 2012-09-03 04:14--------d-----w-c:\program files\Apple Software Update
2012-09-03 04:14 . 2012-09-03 04:14--------d-----w-c:\documents and settings\All Users\Application Data\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-08 01:07 . 2011-03-18 03:45473072----a-w-c:\windows\system32\deployJava1.dll
2012-08-28 15:14 . 2008-04-13 23:00916992----a-w-c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2008-04-13 23:0043520----a-w-c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2008-04-13 23:001469440------w-c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-13 23:00385024----a-w-c:\windows\system32\html.iec
2012-08-23 01:33 . 2012-03-31 17:59696520----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-08-23 01:33 . 2011-05-15 19:0273416----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-14 20:41 . 2012-07-27 02:419232584----a-w-c:\windows\system32\FlashPlayerInstaller.exe
2012-07-06 13:58 . 2008-04-13 23:0078336----a-w-c:\windows\system32\browser.dll
2012-07-04 14:05 . 2010-07-29 00:32139784----a-w-c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2008-04-13 23:001866112----a-w-c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KGShareApp"="c:\program files\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-06-26 394752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2007-06-19 101144]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2007-06-19 84760]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2007-06-19 125720]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-14 815104]
"AGRSMMSG"="AGRSMMSG.exe" [2005-11-16 88209]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-17 1164912]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-17 1941784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"KodakShareButtonApp"="c:\program files\Kodak\KODAK Share Button App\Listener.exe" [2012-06-26 108032]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]
.
[HKLM\~\startupfolder\C:^Documents and Settings^HP Laptop^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\HP Laptop\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\removeiMeshdatamngr]
RD [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\removeiMeshtoolbar]
RD [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2006-10-17 04:1387584----a-w-c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-27 20:5135768----a-w-c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-05-09 23:16136176----atw-c:\documents and settings\HP Laptop\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 22:40155648----a-w-c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 21:02254696----a-w-c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2012-08-23 01:3339408----a-w-c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [1/29/2011 8:21 PM 14776]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/29/2012 12:40 AM 399432]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [7/28/2010 6:04 PM 88192]
S0 cerc6;cerc6; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/22/2012 6:33 PM 136176]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/29/2012 12:40 AM 676936]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/31/2012 10:59 AM 250568]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/22/2012 6:33 PM 136176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/29/2012 12:40 AM 22856]
S3 PCX500;Cisco Wireless LAN Adapters Driver;c:\windows\system32\drivers\pcx500.sys [7/28/2010 5:55 PM 169984]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 84935594
*NewlyCreated* - ASWMBR
*NewlyCreated* - TRUESIGHT
*Deregistered* - 84935594
*Deregistered* - aswMBR
*Deregistered* - TrueSight
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 01:33]
.
2012-09-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-23 01:33]
.
2012-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-23 01:33]
.
2012-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1390067357-1801674531-1003Core.job
- c:\documents and settings\HP Laptop\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-09 23:16]
.
2012-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1390067357-1801674531-1003UA.job
- c:\documents and settings\HP Laptop\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-09 23:16]
.
2012-09-30 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-01-30 01:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-10 - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-Advanced SystemCare 3 - c:\program files\IObit\Advanced SystemCare 3\AWC.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-30 09:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\docume~1\HPLAPT~1\LOCALS~1\Temp\Perflib_Perfdata_678.dat 16384 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1084)
c:\windows\system32\relog_ap.dll
.
Completion time: 2012-09-30 09:31:59
ComboFix-quarantined-files.txt 2012-09-30 16:31
.
Pre-Run: 37,368,938,496 bytes free
Post-Run: 37,320,433,664 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 4AF68FAAAA88AB547C0C3B4C7DDA2D78
 
Update on performance: The computer is still very slow to start. Thanks again for all your help. Please let me know what other steps I might take.
 
Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/30/2012 09:07:22 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\system32\HPZipm12.exe (PID: 428) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 localhost
127.0.0.1 mpa.one.microsoft.com

Program finished at: 09/30/2012 09:08:38 AM
Execution time: 0 hours(s), 1 minute(s), and 15 seconds(s)
 
I don't see much there...

In this forum, we make sure, your computer is free of malware and your computer is clean :)
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Good luck!
 
Well, you did manage to help - funmoods eliminated! Thanks again and I'll move my issue to the Windows section as suggested.

Take care.
 
You must log in or register to reply here.

Similar threads

T
System Slow During Certain Events
Replies
6
Views
1K
TheBorgInva
T
Bubbajim
Customer service chatbot gets foul-mouthed and calls its own company "useless"
Replies
8
Views
208
PurpaFur
PurpaFur
N
This startup uses wood chips to make graphite for EV batteries
Replies
6
Views
326
Mr Majestyk
M

Latest posts

Back