Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Extremely slow...possible malware


  • This topic is locked This topic is locked
24 replies to this topic

#1 Dave225

Dave225

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 17 August 2011 - 03:00 AM

I have had many pc's and this HP Pavilion runs so slow at times it is un-usable.
It can literally take 30-minutes or more for it to respond to opening a program or going on the Internet.
Then at other times it almost acts normal.
I received a phone call from someons saying they are from Logmein - stating I have a virus and they can walk me through removing it? I could not understand the person too well and assumed it was a hoax so I said thank-you and hung up.
Have you ever heard of such a thing? I do have Logmein installed for me to be able to remotely log into this pc from work.

I would appreciate a closer look at the logs to see if I am infected or not. I can run a quick scan og Malwarebytes with nothing found. I have run an online scan from eset via the web and it returned some errors - they appeared to be HP programs but I let it take the action it found anyway.

Here are the logs: ==========

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_21
Run by Owner at 8:55:02 on 2011-08-16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1175 [GMT -7:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProTray.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://srch-us10.hpwis.com/
mSearch Bar = hxxp://srch-us10.hpwis.com/
uInternet Settings,ProxyOverride = <local>;*.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: IEHlprObj Class: {ce7c3cf0-4b15-11d1-abed-709549c10000} - c:\lotus\org6\organize\iehelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HPHUPD05] c:\program files\hp\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [LTMSG] LTMSG.exe 7
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [Sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe
mRun: [Symantec Backup Exec System Recovery 8.0] "c:\program files\symantec\backup exec system recovery\agent\VProTray.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\HOTSYNC.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\datavi~1.lnk - c:\windows\dvzcommon\DvzMsgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {B4E30F61-16D9-11D3-85D1-005004229569} - {85E0B172-04FA-11D1-B7DA-00A0C90348D6} - c:\lotus\org6\organize\bandobjs.dll
LSP: SpSubLSP.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://socalmls.webex.com/client/T27LB/nbr/ieatgpc.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{6B35AACC-039C-419E-BC46-35AB6257BC10} : DhcpNameServer = 192.168.0.1
Notify: igfxcui - igfxsrvc.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\6il2u4pl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-6-22 53816]
R1 RapportCerberus_29574;RapportCerberus_29574;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\29574\RapportCerberus32_29574.sys [2011-8-10 216912]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-6-22 66360]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-6-22 158904]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-8-14 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-8-14 108392]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-9 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-1-3 47640]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-6-22 870200]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2008-9-11 2436536]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2004-2-16 5120]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-27 105592]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110814.003\NAVENG.SYS [2011-8-15 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110814.003\NAVEX15.SYS [2011-8-15 1576312]
S2 mrtRate;mrtRate; [x]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 SymSnapService;SymSnapService;c:\program files\symantec\backup exec system recovery\shared\drivers\SymSnapService.exe [2008-1-30 1562096]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S4 Backup Exec System Recovery;Backup Exec System Recovery;c:\program files\symantec\backup exec system recovery\agent\VProSvc.exe [2008-2-2 4322656]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2011-08-10 23:16:27 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 23:16:07 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-05 06:33:58 -------- d-----w- c:\program files\ESET
2011-08-05 06:31:56 -------- d-s---w- C:\ComboFix
2011-08-05 02:34:55 -------- d-----w- c:\program files\iPod
2011-08-05 02:34:49 -------- d-----w- c:\program files\iTunes
2011-08-05 02:30:50 -------- d-----w- c:\program files\Bonjour
.
==================== Find3M ====================
.
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-14 18:20:15 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-07-14 18:20:15 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-07-14 18:20:15 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2011-07-14 18:20:15 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-07-12 18:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 18:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 18:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 18:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 01:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-06 01:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-30 16:52:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 01:01:26 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-06-21 18:45:58 832512 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:45:57 78336 ------w- c:\windows\system32\ieencode.dll
2011-06-21 18:45:57 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-06-21 18:45:57 17408 ----a-w- c:\windows\system32\corpol.dll
2011-06-21 11:47:20 389120 ------w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 8:56:13.32 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,762 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 AM

Posted 22 August 2011 - 03:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resouce! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/414781 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Dave225

Dave225
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 22 August 2011 - 04:15 PM

It can literally take 30-minutes or more for it to respond to opening a program or going on the Internet.
Then at other times it is almost acts normal.
I received a phone call from someone saying they are from Logmein - stating I have a virus and they can walk me through removing it? Never heard of that before and in conjuction with the slowness thought I would look to see if I was infected.

Here is the New DDS log: ( I attached the the other log, but will have to post the GMER log when it finishes; it took hours the first time to complete )

=== New DDS log takes 8-22-11
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_21
Run by Owner at 13:55:36 on 2011-08-22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1166 [GMT -7:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://srch-us10.hpwis.com/
mSearch Bar = hxxp://srch-us10.hpwis.com/
uInternet Settings,ProxyOverride = <local>;*.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: IEHlprObj Class: {ce7c3cf0-4b15-11d1-abed-709549c10000} - c:\lotus\org6\organize\iehelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10t_ActiveX.exe -update activex
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HPHUPD05] c:\program files\hp\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [LTMSG] LTMSG.exe 7
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [Sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe
mRun: [Symantec Backup Exec System Recovery 8.0] "c:\program files\symantec\backup exec system recovery\agent\VProTray.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\HOTSYNC.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\datavi~1.lnk - c:\windows\dvzcommon\DvzMsgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {B4E30F61-16D9-11D3-85D1-005004229569} - {85E0B172-04FA-11D1-B7DA-00A0C90348D6} - c:\lotus\org6\organize\bandobjs.dll
LSP: SpSubLSP.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://socalmls.webex.com/client/T27LB/nbr/ieatgpc.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{6B35AACC-039C-419E-BC46-35AB6257BC10} : DhcpNameServer = 192.168.0.1
Notify: igfxcui - igfxsrvc.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\6il2u4pl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-6-22 53816]
R1 RapportCerberus_29574;RapportCerberus_29574;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\29574\RapportCerberus32_29574.sys [2011-8-10 216912]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-6-22 66360]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-6-22 158904]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-8-14 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-8-14 108392]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-9 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-1-3 47640]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-6-22 870200]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2008-9-11 2436536]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2004-2-16 5120]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-27 105592]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110821.003\NAVENG.SYS [2011-8-21 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110821.003\NAVEX15.SYS [2011-8-21 1576312]
S2 mrtRate;mrtRate; [x]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 SymSnapService;SymSnapService;c:\program files\symantec\backup exec system recovery\shared\drivers\SymSnapService.exe [2008-1-30 1562096]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S4 Backup Exec System Recovery;Backup Exec System Recovery;c:\program files\symantec\backup exec system recovery\agent\VProSvc.exe [2008-2-2 4322656]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2011-08-17 08:22:43 -------- d--h--w- c:\windows\PIF
2011-08-10 23:16:27 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 23:16:07 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-05 06:33:58 -------- d-----w- c:\program files\ESET
2011-08-05 06:31:56 -------- d-s---w- C:\ComboFix
2011-08-05 02:34:55 -------- d-----w- c:\program files\iPod
2011-08-05 02:34:49 -------- d-----w- c:\program files\iTunes
2011-08-05 02:30:50 -------- d-----w- c:\program files\Bonjour
.
==================== Find3M ====================
.
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-14 18:20:15 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-07-14 18:20:15 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-07-14 18:20:15 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2011-07-14 18:20:15 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-07-12 18:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 18:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 18:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 18:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 01:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-06 01:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-30 16:52:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 01:01:26 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-06-21 18:45:58 832512 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:45:57 78336 ------w- c:\windows\system32\ieencode.dll
2011-06-21 18:45:57 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-06-21 18:45:57 17408 ----a-w- c:\windows\system32\corpol.dll
2011-06-21 11:47:20 389120 ------w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 13:56:38.07 ===============

Attached Files



#4 Dave225

Dave225
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 22 August 2011 - 08:24 PM

GMER finally finished - took about 5-hours?
I attached here as ARK_082211.txt

Attached Files



#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,441 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:54 PM

Posted 23 August 2011 - 02:02 AM

Hello, I recommend first of all to uninstall Symantec End Point protection and then see if matters are improved. It wouldn't be the first time that SEP causes such issues.

Please click HERE and follow the instructions in STEP 2 to download and run the norton removal tool.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#6 Dave225

Dave225
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 23 August 2011 - 03:11 PM

Hello Elise,

Thanks for taking the time to look into my computer issue.

I hear what you are saying regarding Endpoint Anti-Virus. There were many issues with the product on earlier versions.
But I have installed the later version that had those slowness issues resolved.

But I un-installed so we can be on the same page.
I used Add/Remove Programs to uninstall Endpoint as it was a clean install and uninstalled without issue.

I also uninstalled Symantec Backup exec System Recovery as this may share certain Symantec files that may also be causing an issue.

After both programs were un-installed and required a reboot for each, I decided to also attempt to run the Norton tool you referenced even though it did not list Endpoint specifically.

It would not run with a message indicating it had still found Symantec Backup exec System Recovery (BESR) installed. It prompted me to remove it via Add/Remove programs. But it is no longer there as I already removed it.

So I am looking for a tool to remove BESR like Symantec has for Endpoint (called "CleanWipe"). If you know of a tool specifically for BESR, please let me know.

In the meantime can you address these questions for me please:

1. Do any of the logs indicate any type of malware ?

2. Have you ever heard of someone from Logmein call to inform you have a virus?
- and that they will walk you through fixing it ?

3. The length of time it took to finish the GMER log of 4-5 hours is excessive ?
- if so, what would this indicate?

Thank-You !
Dave

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,441 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:54 PM

Posted 23 August 2011 - 03:17 PM

I find it suspicious that someone from LogMeIn would call and I have heard something similar some time ago (nothing conclusive); there are far too many such scams out there, and I think you did well when you did not go in on their offer.

GMER always can take a long time to finish; it is an excellent rootkit scanner, but not the most user friendly (long scanning time and sometimes unstable). It depends also a bit on the objects scanned.

Lets also do an additional rootkit scan. I see no outright malware evidence, but that doesn't mean it isn't there.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#8 Dave225

Dave225
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 23 August 2011 - 05:30 PM

FYI, for my question #2.

I called Logmein and asked if they would ever call a user to give them support.
They replied NO. That they have heard of "scams" that a user gets a phone call like I described hoping that you would fall for it. In walking you through the fixing the virus, they actually have you type in a pin number giving the caller remote access to your pc so they can later take control and do identity theft activity.

#9 Dave225

Dave225
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 23 August 2011 - 05:56 PM

I ran TDSSKiller. It took about 2-minutes, scanned 210 objects, no infection found.

Here is the log:
2011/08/23 15:45:23.0468 1604 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/23 15:45:24.0000 1604 ================================================================================
2011/08/23 15:45:24.0000 1604 SystemInfo:
2011/08/23 15:45:24.0000 1604
2011/08/23 15:45:24.0000 1604 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/23 15:45:24.0000 1604 Product type: Workstation
2011/08/23 15:45:24.0000 1604 ComputerName: < I deleted >
2011/08/23 15:45:24.0000 1604 UserName: Owner
2011/08/23 15:45:24.0000 1604 Windows directory: C:\WINDOWS
2011/08/23 15:45:24.0000 1604 System windows directory: C:\WINDOWS
2011/08/23 15:45:24.0000 1604 Processor architecture: Intel x86
2011/08/23 15:45:24.0000 1604 Number of processors: 1
2011/08/23 15:45:24.0000 1604 Page size: 0x1000
2011/08/23 15:45:24.0000 1604 Boot type: Normal boot
2011/08/23 15:45:24.0000 1604 ================================================================================
2011/08/23 15:45:26.0078 1604 Initialize success
2011/08/23 15:47:35.0421 3752 ================================================================================
2011/08/23 15:47:35.0421 3752 Scan started
2011/08/23 15:47:35.0421 3752 Mode: Manual;
2011/08/23 15:47:35.0421 3752 ================================================================================
2011/08/23 15:47:37.0171 3752 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/23 15:47:37.0718 3752 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/23 15:47:38.0625 3752 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/23 15:47:39.0187 3752 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/23 15:47:39.0656 3752 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/08/23 15:47:41.0406 3752 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2011/08/23 15:47:43.0031 3752 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/08/23 15:47:44.0968 3752 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2011/08/23 15:47:45.0937 3752 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/23 15:47:47.0734 3752 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/23 15:47:48.0234 3752 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/23 15:47:49.0109 3752 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/23 15:47:49.0625 3752 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/23 15:47:50.0125 3752 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/23 15:47:50.0812 3752 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/23 15:47:51.0640 3752 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/23 15:47:52.0093 3752 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/23 15:47:52.0562 3752 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/23 15:47:55.0125 3752 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/23 15:47:56.0171 3752 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/23 15:47:57.0078 3752 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/23 15:47:57.0640 3752 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/23 15:47:58.0140 3752 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/23 15:47:59.0015 3752 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/23 15:47:59.0562 3752 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/23 15:48:00.0078 3752 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
2011/08/23 15:48:00.0609 3752 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/23 15:48:01.0093 3752 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/23 15:48:01.0546 3752 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/23 15:48:02.0078 3752 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/23 15:48:02.0593 3752 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/23 15:48:03.0109 3752 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/23 15:48:03.0625 3752 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/23 15:48:04.0109 3752 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/23 15:48:04.0625 3752 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/23 15:48:05.0687 3752 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/23 15:48:07.0093 3752 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/23 15:48:07.0625 3752 ialm (537efe2f9adcd01073f59e9d3d24164e) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/08/23 15:48:08.0109 3752 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/23 15:48:08.0984 3752 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
2011/08/23 15:48:09.0500 3752 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/23 15:48:10.0234 3752 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/23 15:48:10.0687 3752 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/23 15:48:11.0171 3752 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/23 15:48:11.0781 3752 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/23 15:48:12.0281 3752 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/23 15:48:12.0734 3752 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/23 15:48:13.0218 3752 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/23 15:48:13.0781 3752 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/23 15:48:14.0390 3752 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/23 15:48:15.0046 3752 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
2011/08/23 15:48:15.0546 3752 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
2011/08/23 15:48:16.0406 3752 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2011/08/23 15:48:17.0156 3752 ltmodem5 (3070246fba35aa2e0c2251d55f5848f8) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
2011/08/23 15:48:17.0625 3752 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/23 15:48:18.0109 3752 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/23 15:48:18.0562 3752 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/23 15:48:19.0015 3752 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/23 15:48:20.0312 3752 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/23 15:48:21.0046 3752 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/23 15:48:21.0750 3752 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/23 15:48:22.0203 3752 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/23 15:48:22.0671 3752 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/23 15:48:23.0125 3752 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/23 15:48:23.0609 3752 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/23 15:48:24.0125 3752 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/23 15:48:24.0609 3752 MxlW2k (e91fc8b52d21e38317dc61a3c7ccfa4b) C:\WINDOWS\system32\drivers\MxlW2k.sys
2011/08/23 15:48:25.0171 3752 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/23 15:48:25.0718 3752 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/23 15:48:26.0203 3752 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/23 15:48:26.0703 3752 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/23 15:48:27.0234 3752 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/23 15:48:27.0734 3752 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/23 15:48:28.0250 3752 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/23 15:48:28.0890 3752 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/23 15:48:29.0343 3752 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/23 15:48:30.0015 3752 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/23 15:48:30.0781 3752 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/23 15:48:31.0937 3752 nv (694de491fbf0573625ffe6a8a474b7b5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/23 15:48:32.0468 3752 NVENET (2afa043b0243137d0edc8cfb8305551b) C:\WINDOWS\system32\DRIVERS\NVENET.sys
2011/08/23 15:48:32.0968 3752 nv_agp (01621905ae34bc24aaa2fddb93977299) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
2011/08/23 15:48:33.0421 3752 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/23 15:48:33.0890 3752 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/23 15:48:34.0406 3752 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/23 15:48:34.0921 3752 PalmUSBD (803cf09c795290825607505d37819135) C:\WINDOWS\system32\drivers\PalmUSBD.sys
2011/08/23 15:48:35.0421 3752 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/23 15:48:35.0906 3752 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/23 15:48:36.0375 3752 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/23 15:48:36.0890 3752 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/23 15:48:37.0765 3752 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/23 15:48:38.0328 3752 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/23 15:48:41.0421 3752 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2011/08/23 15:48:41.0921 3752 PMEM (2b85237f904c5bdf7ad386f0ede19bd3) C:\WINDOWS\system32\drivers\pmemnt.sys
2011/08/23 15:48:42.0437 3752 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/23 15:48:42.0921 3752 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/08/23 15:48:43.0437 3752 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
2011/08/23 15:48:43.0953 3752 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/23 15:48:44.0453 3752 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/23 15:48:44.0937 3752 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/08/23 15:48:47.0234 3752 RapportCerberus_29574 (dda98cc4f34977914c731b8155e1cbd5) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys
2011/08/23 15:48:47.0406 3752 RapportEI (ebb483bb8e50345bcf3228e3b47a7b78) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
2011/08/23 15:48:47.0921 3752 RapportKELL (2641560e667c74a08a0826828417ddb7) C:\WINDOWS\system32\Drivers\RapportKELL.sys
2011/08/23 15:48:48.0187 3752 RapportPG (69a0ecb8291bb6d2027c845d6cbef6b8) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
2011/08/23 15:48:48.0671 3752 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/23 15:48:49.0156 3752 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/23 15:48:49.0656 3752 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/23 15:48:50.0125 3752 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/23 15:48:50.0671 3752 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/23 15:48:51.0218 3752 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/23 15:48:51.0750 3752 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/23 15:48:52.0281 3752 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/23 15:48:52.0781 3752 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
2011/08/23 15:48:53.0609 3752 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/23 15:48:54.0093 3752 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/23 15:48:54.0546 3752 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/23 15:48:55.0031 3752 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/23 15:48:56.0109 3752 SiS315 (7a363269d1b57526410fa23fc92cdfa1) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
2011/08/23 15:48:56.0781 3752 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
2011/08/23 15:48:57.0218 3752 SiSkp (7ef8e5c266133638e7e06be03fcbeff3) C:\WINDOWS\system32\DRIVERS\srvkp.sys
2011/08/23 15:48:58.0125 3752 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/23 15:48:58.0671 3752 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/23 15:48:59.0343 3752 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/23 15:48:59.0984 3752 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/08/23 15:49:00.0531 3752 SunkFilt (f658d6420b14bedb49c19e39e7d03594) C:\WINDOWS\System32\Drivers\sunkfilt.sys
2011/08/23 15:49:01.0437 3752 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/23 15:49:01.0968 3752 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/23 15:49:03.0406 3752 symsnap (4b016fa3594b04506b9246d8e3eb0b66) C:\WINDOWS\system32\DRIVERS\symsnap.sys
2011/08/23 15:49:05.0015 3752 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/23 15:49:05.0750 3752 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/23 15:49:06.0375 3752 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/23 15:49:06.0843 3752 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/23 15:49:07.0296 3752 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/23 15:49:08.0265 3752 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/23 15:49:09.0375 3752 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/23 15:49:10.0109 3752 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/23 15:49:10.0625 3752 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/23 15:49:11.0125 3752 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/23 15:49:11.0640 3752 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/23 15:49:12.0125 3752 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/08/23 15:49:12.0593 3752 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/23 15:49:13.0078 3752 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/23 15:49:13.0578 3752 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/23 15:49:14.0046 3752 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/23 15:49:14.0531 3752 v2imount (b4d63048d6358e7c6ab61b98b8cff263) C:\WINDOWS\system32\DRIVERS\v2imount.sys
2011/08/23 15:49:14.0984 3752 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/23 15:49:15.0453 3752 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
2011/08/23 15:49:15.0953 3752 viagfx (29d6a65fdc694cb1ef2cc6bbe5f79b3b) C:\WINDOWS\system32\DRIVERS\vtmini.sys
2011/08/23 15:49:16.0687 3752 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2011/08/23 15:49:17.0140 3752 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/23 15:49:17.0609 3752 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/23 15:49:18.0093 3752 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
2011/08/23 15:49:18.0968 3752 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/23 15:49:19.0625 3752 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/08/23 15:49:20.0156 3752 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/23 15:49:20.0656 3752 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/23 15:49:21.0218 3752 {6080A529-897E-4629-A488-ABA0C29B635E} (e6c22d34baef5196e1b23a4492c275b7) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/08/23 15:49:21.0718 3752 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (6e53bd96b0ebad721cdd6320dbfc3f5f) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/08/23 15:49:21.0828 3752 MBR (0x1B8) (bad0263fbe81b49f5f07b32dc9d198b3) \Device\Harddisk0\DR0
2011/08/23 15:49:21.0859 3752 Boot (0x1200) (c2a9f2f8eeb8b58704cf31ac2e700073) \Device\Harddisk0\DR0\Partition0
2011/08/23 15:49:21.0906 3752 Boot (0x1200) (3d96e53ea8b78c4b5d4650b78f68442d) \Device\Harddisk0\DR0\Partition1
2011/08/23 15:49:21.0921 3752 ================================================================================
2011/08/23 15:49:21.0921 3752 Scan finished
2011/08/23 15:49:21.0921 3752 ================================================================================
2011/08/23 15:49:21.0968 1952 Detected object count: 0
2011/08/23 15:49:21.0968 1952 Actual detected object count: 0

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,441 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:54 PM

Posted 24 August 2011 - 05:32 AM

Hi again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#11 Dave225

Dave225
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 25 August 2011 - 01:37 AM

Hello,

I ran Combofix and attached the log below.

FYI, I have been watching the Task Manager and I never can get to a consistent System Idle state.
It fluctuates between System Idle and "Svchost.exe" from 98% / 00% to 64%idle / 33% Svchost.exe.
IT will never stop the above scenario with 98% to 64% idle every 2-seconds.

A normal Boot takes about 8-minutes of using about 100% cpu to this idle / svchost state above.
Note: if I cancel the SVChost.exe process using task manager, it immediately launches again.
- there are eleven "svchost.exe" process running.

Here is the log=========

ComboFix 11-08-24.06 - Owner 08/24/2011 22:44:55.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1489 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\dav_virus del\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-25 to 2011-08-25 )))))))))))))))))))))))))))))))
.
.
2011-08-21 17:00 . 2011-08-21 17:00 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-08-17 08:22 . 2011-08-17 08:22 -------- d--h--w- c:\windows\PIF
2011-08-10 23:16 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 23:16 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-05 06:33 . 2011-08-05 06:33 -------- d-----w- c:\program files\ESET
2011-08-05 02:34 . 2011-08-05 02:34 -------- d-----w- c:\program files\iPod
2011-08-05 02:34 . 2011-08-05 02:35 -------- d-----w- c:\program files\iTunes
2011-08-05 02:30 . 2011-08-05 02:30 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:29 . 2004-01-21 00:04 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-14 18:20 . 2010-01-03 23:01 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-07-14 18:20 . 2010-01-03 23:01 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-07-14 18:20 . 2010-01-03 23:01 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-07-14 18:20 . 2010-01-03 23:01 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-07-12 18:20 . 2011-07-12 18:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 18:20 . 2011-07-12 18:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 18:20 . 2011-07-12 18:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 18:20 . 2011-07-12 18:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-08 14:02 . 2004-02-16 18:46 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-07 02:52 . 2008-12-04 03:41 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-07 02:52 . 2008-12-04 03:41 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 01:37 . 2011-07-06 01:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-06 01:37 . 2011-07-06 01:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-30 16:52 . 2011-06-30 16:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-24 14:10 . 2004-02-16 18:46 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:45 . 2004-01-21 23:16 832512 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:45 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
2011-06-21 18:45 . 2004-02-16 19:13 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-06-21 18:45 . 2004-02-16 19:13 17408 ----a-w- c:\windows\system32\corpol.dll
2011-06-21 11:47 . 2004-08-04 05:59 389120 ------w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-01-21 00:04 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02 . 2004-01-21 00:04 1858944 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTMSG"="LTMSG.exe 7" [X]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-01-21 151597]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2003-11-04 221184]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-12-06 3022848]
"nwiz"="nwiz.exe" [2003-12-06 753664]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-10-29 135168]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-03 61440]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-20 421736]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2004-4-13 299008]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
DataViz Messenger.lnk - c:\windows\DvzCommon\DvzMsgr.exe [2003-2-6 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-12-15 73728]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-07-14 18:20 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Fanbase.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Fanbase.lnk
backup=c:\windows\pss\Fanbase.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
"Backup Exec System Recovery"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [8/21/2011 10:00 AM 53816]
R1 RapportCerberus_29574;RapportCerberus_29574;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys [8/10/2011 5:14 PM 216912]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [8/21/2011 10:00 AM 66360]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [8/21/2011 10:00 AM 158904]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [10/9/2010 12:20 PM 374152]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [8/21/2011 10:00 AM 870200]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 1:41 PM 12856]
S2 mrtRate;mrtRate; [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 5:06 PM 11520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://srch-us10.hpwis.com/
mSearch Bar = hxxp://srch-us10.hpwis.com/
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{B4E30F61-16D9-11D3-85D1-005004229569} - {85E0B172-04FA-11D1-B7DA-00A0C90348D6} - c:\lotus\org6\organize\bandobjs.dll
LSP: SpSubLSP.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\6il2u4pl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-24 22:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'lsass.exe'(760)
c:\windows\system32\SpSubLSP.dll
.
- - - - - - - > 'explorer.exe'(408)
c:\windows\system32\WININET.dll
c:\docume~1\Owner\LOCALS~1\Temp\catchme.dll
.
Completion time: 2011-08-24 22:59:52
ComboFix-quarantined-files.txt 2011-08-25 05:59
.
Pre-Run: 120,479,055,872 bytes free
Post-Run: 120,672,239,616 bytes free
.
- - End Of File - - 81288BC414C47D286B4602826A7E02BF

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,441 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:54 PM

Posted 25 August 2011 - 05:19 AM

Please uninstall SpamSubtract and see if that makes any difference.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#13 Dave225

Dave225
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 25 August 2011 - 11:02 PM

Hello Elise,

It looks like SpamSubtract came with the computer as trial ware - I never used it, so I uninstalled.

I found out about the 30% SVCHOST.exe process always in use. It is an HP PML Driver "HPZ12". It is running when HP Network Devices Support service autostarts. Looks like its sole purpose is to monitor for any HP devices attached to my network. But the constant 30% spike in CPU does not seem to be a good bang for the buck so I stopped the HP service and now my System Idle Process is 98%.

So other than the "slow" ( about 6-8 minutes ) for Boot startup, maybe I do not have any "malware" running in the shadows ?

Does it look like the pc is clean ?

Thanks !

Dave

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,441 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:54 PM

Posted 26 August 2011 - 03:47 AM

Hi, in that case I would try to completely uninstall some of these unnecessary HP applications. You can also run StartupLite to disable some unnecessary startup entries.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#15 Dave225

Dave225
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 29 August 2011 - 02:53 PM

Hello,

I used Startup lite to disable a few of the tasks.
It only suggested I turn off one HP task.

So I will continue to tweak the list to see if it helps.

But before we close this out, can you tell me that in your opinion I do not have any malware running ?

If not it looks like I just have a lot of vendor tasks running that when combined tend to slow things down.

Do you agree ?

Thank-You your your support !

Dave




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users