Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected or not?...


  • This topic is locked This topic is locked
30 replies to this topic

#1 jcfvoygr

jcfvoygr

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Americas
  • Local time:01:00 AM

Posted 04 November 2011 - 07:08 AM

Picked up a virus or something from a coupon site. I think it has been removed. I have run a combination of McAfee, Malwarebytes, Spybot and Super Antispyware. Initially they identified; Coupon Bar, Fraud.Internet Security 2011, Fraud.Windows Recovery. I also notice wuauclt.exe running and using a lot of CPU and memory which looked odd. They seemed to hijack svchost.exe, because I notice the memory use kept climbing to over 500,000K before I killed the process.

I downloaded your dds.scr, and gmer. It could not find the path for dds. The first time I ran gmer it found one instance of malware but I was not able to capture the log file. When I run it now, it is clear. Now, no sign of malware during scans, but IE does not load new tabs or pages, (other than the home page) I usually quit after waiting 10-15 minutes for it to load. Also I can no longer use the Save As function in my MS Office products. It just hangs up.

Last it just seems like it runs slow. I am using safe mode right now in order to post this new topic.

Help, Thanks in advance!!! BTW: You guys/gals rock!

jcfvoygr

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 AM

Posted 09 November 2011 - 07:10 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/426285 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:00 AM

Posted 10 November 2011 - 03:05 PM

Hi,

please try running OTL instead of DDS:
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 jcfvoygr

jcfvoygr
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Americas
  • Local time:01:00 AM

Posted 11 November 2011 - 02:48 PM

will do I am downloading to a SD card and will copy over to that computer. IE is extremely slow when not running in safe mode. So I will try running OTL in safe mode in order to be able to post back to this thread.

Thanks

#5 jcfvoygr

jcfvoygr
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Americas
  • Local time:01:00 AM

Posted 11 November 2011 - 06:36 PM

I accidently closed extra.txt. it did show the when I reran OTL.

OTL.txt

OTL logfile created on: 11/11/2011 5:24:20 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\jfreeman\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.49 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 80.58% Memory free
3.08 Gb Paging File | 2.74 Gb Available in Paging File | 88.84% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 40.70 Gb Free Space | 54.61% Space Free | Partition Type: NTFS
Drive H: | 483.56 Mb Total Space | 356.28 Mb Free Space | 73.68% Space Free | Partition Type: FAT

Computer Name: PC-JFREEMANHOME | User Name: jfreeman | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/11 13:50:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jfreeman\Desktop\OTL.exe
PRC - [2011/08/17 17:21:32 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/06/28 06:01:30 | 001,195,408 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/04/14 13:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/04/14 13:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/08/17 17:21:32 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/07/07 18:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/04/14 13:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 13:01:38 | 000,171,168 | ---- | M] () [Unknown | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/04/14 13:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2008/12/12 17:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/12/05 15:51:06 | 000,206,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/11/13 13:43:49 | 000,204,800 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2002/09/20 18:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Stopped] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2011/08/11 17:49:35 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/11 17:49:35 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/04/14 13:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/04/14 13:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 13:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 13:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/04/14 13:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/04/14 13:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/04/14 13:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 13:01:38 | 000,084,200 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/04/14 13:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 13:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/12/12 17:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 17:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2005/05/17 04:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2004/08/03 11:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 11:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 11:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 11:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 11:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 11:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 11:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 11:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 11:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 11:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 11:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 11:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 11:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 11:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 11:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2004/06/08 12:36:28 | 000,013,105 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2004/06/08 12:35:18 | 000,054,817 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2004/06/08 12:35:08 | 000,071,533 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2003/02/17 06:22:24 | 000,170,880 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2003/02/05 14:22:32 | 000,050,816 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
DRV - [2002/04/04 00:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKU\S-1-5-21-1711705832-2692367831-1681940663-1172\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://green.yahoo.com/
IE - HKU\S-1-5-21-1711705832-2692367831-1681940663-1172\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1711705832-2692367831-1681940663-1172\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1711705832-2692367831-1681940663-1172\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1711705832-2692367831-1681940663-1172\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/03/02 20:17:14 | 000,000,000 | ---D | M]


========== Chrome ==========


O1 HOSTS File: ([2011/11/03 06:19:16 | 000,437,335 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15068 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110531121649.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1711705832-2692367831-1681940663-1172\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll File not found
O3 - HKU\S-1-5-21-1711705832-2692367831-1681940663-1172\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe (adi)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.5\masqform.exe (PureEdge™ Solutions Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKU\S-1-5-21-1711705832-2692367831-1681940663-1172..\Run: [googletalk] Reg Error: Invalid data type. File not found
O4 - HKU\S-1-5-21-1711705832-2692367831-1681940663-1172..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1711705832-2692367831-1681940663-1172..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10x_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe (Logitech Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1711705832-2692367831-1681940663-1172\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1711705832-2692367831-1681940663-1172\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1711705832-2692367831-1681940663-1172\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1711705832-2692367831-1681940663-1172\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKLM\..Trusted Domains: alvine.com ([vision] * in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: alvine.com ([vision] * in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: alvine.com ([vision] * in Local intranet)
O15 - HKU\S-1-5-21-1711705832-2692367831-1681940663-1172\..Trusted Domains: alvine.com ([vision] * in Trusted sites)
O15 - HKU\S-1-5-21-1711705832-2692367831-1681940663-1172\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-1711705832-2692367831-1681940663-1172\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135195475192 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = alvine.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CB99C36-6FBD-4A52-BE8F-0F71608BBD7A}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\jfreeman\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\jfreeman\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/11 17:02:45 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jfreeman\Desktop\OTL.exe
[2011/11/11 17:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/11/10 06:58:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/11/07 07:51:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jfreeman\Desktop\1811 Pics
[2011/11/02 17:28:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/11/02 17:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2011/11/02 17:20:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/10/28 06:44:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jfreeman\Desktop\gmer
[2011/10/28 06:35:38 | 000,607,260 | ---- | C] (Swearware) -- C:\Documents and Settings\jfreeman\Desktop\dds.scr
[2011/10/17 14:07:54 | 000,000,000 | ---D | C] -- C:\Program Files\CouponAlert_2pEI
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/11 17:01:42 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/11 17:00:37 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2011/11/11 17:00:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/11 13:50:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jfreeman\Desktop\OTL.exe
[2011/11/10 07:12:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/10 06:55:33 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/08 07:31:38 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/06 22:25:35 | 000,307,938 | ---- | M] () -- C:\Documents and Settings\jfreeman\Desktop\img056.pdf
[2011/11/06 22:24:34 | 000,492,752 | ---- | M] () -- C:\Documents and Settings\jfreeman\Desktop\img055.pdf
[2011/11/06 22:21:55 | 001,583,717 | ---- | M] () -- C:\Documents and Settings\jfreeman\Desktop\img054.pdf
[2011/11/06 17:47:22 | 000,449,010 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/06 17:47:22 | 000,073,964 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/03 06:19:16 | 000,437,335 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/02 18:31:13 | 000,791,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/01 07:12:48 | 000,315,031 | ---- | M] () -- C:\Documents and Settings\jfreeman\Desktop\USAA Mo
[2011/11/01 07:08:58 | 000,404,194 | ---- | M] () -- C:\Documents and Settings\jfreeman\Desktop\Capone 1919
[2011/11/01 07:06:59 | 000,400,486 | ---- | M] () -- C:\Documents and Settings\jfreeman\Desktop\Capone 1453
[2011/10/28 06:43:11 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\jfreeman\Desktop\gmer.zip
[2011/10/28 06:35:42 | 000,607,260 | ---- | M] (Swearware) -- C:\Documents and Settings\jfreeman\Desktop\dds.scr
[2011/10/13 05:56:10 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/12 19:39:41 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/06 22:25:35 | 000,307,938 | ---- | C] () -- C:\Documents and Settings\jfreeman\Desktop\img056.pdf
[2011/11/06 22:24:33 | 000,492,752 | ---- | C] () -- C:\Documents and Settings\jfreeman\Desktop\img055.pdf
[2011/11/06 22:21:37 | 001,583,717 | ---- | C] () -- C:\Documents and Settings\jfreeman\Desktop\img054.pdf
[2011/11/01 07:12:36 | 000,315,031 | ---- | C] () -- C:\Documents and Settings\jfreeman\Desktop\USAA Mo
[2011/11/01 07:08:45 | 000,404,194 | ---- | C] () -- C:\Documents and Settings\jfreeman\Desktop\Capone 1919
[2011/11/01 07:05:50 | 000,400,486 | ---- | C] () -- C:\Documents and Settings\jfreeman\Desktop\Capone 1453
[2011/10/28 06:43:07 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\jfreeman\Desktop\gmer.zip
[2011/04/22 05:30:09 | 000,017,904 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\id5r608u0y766487y835r86i12c32u8
[2011/04/22 05:30:09 | 000,017,904 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\id5r608u0y766487y835r86i12c32u8
[2011/04/19 18:36:48 | 000,016,556 | -HS- | C] () -- C:\Documents and Settings\jfreeman\Local Settings\Application Data\c7nw734w3nj35
[2011/04/19 18:36:48 | 000,016,556 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\c7nw734w3nj35
[2011/03/13 19:55:06 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2011/03/11 07:25:14 | 002,597,936 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/12 16:32:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/08/12 07:02:32 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/08/12 07:02:31 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/08/12 07:02:31 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/08/12 07:02:31 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/08/12 07:02:31 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/08/12 07:02:31 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/08/12 07:02:31 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/08/12 07:02:31 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/08/12 07:02:31 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/08/12 07:02:31 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/08/12 07:02:31 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/08/12 07:02:31 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/08/12 07:02:31 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/08/12 07:02:31 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/08/12 07:02:31 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/08/12 07:02:31 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/05/25 09:36:42 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/03/31 03:03:00 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\E_ADDNET.DAT
[2007/12/31 17:15:38 | 000,001,778 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/17 20:58:53 | 000,003,236 | ---- | C] () -- C:\Documents and Settings\jfreeman\Application Data\wklnhst.dat
[2006/01/19 06:53:49 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/01/19 06:51:14 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/01/18 23:03:51 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVSyf.DLL
[2006/01/18 23:02:18 | 000,000,356 | ---- | C] () -- C:\WINDOWS\System32\CNCASv51.ini
[2006/01/18 23:02:09 | 000,000,599 | ---- | C] () -- C:\WINDOWS\System32\CNCMP51.INI
[2006/01/13 11:46:08 | 000,189,480 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/12/21 14:13:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005/12/21 13:47:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/26 22:32:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/26 22:27:17 | 000,001,058 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/11/26 22:26:43 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/26 22:26:43 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/26 22:26:43 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/26 22:26:43 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/26 22:26:43 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/26 22:26:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/26 22:25:52 | 000,005,025 | ---- | C] () -- C:\WINDOWS\System32\patterns.dat
[2005/11/26 22:25:38 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2004/08/09 08:00:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/09 07:44:32 | 000,449,010 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/09 07:44:32 | 000,073,964 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/09 07:40:44 | 000,791,568 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/09 07:33:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/09 07:28:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 02:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 02:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 02:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 02:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 02:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 02:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 02:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 02:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/28 23:54:42 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\WIN2PDFM.DLL
[2004/02/28 17:05:40 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\WIN2PDFS.DLL
[2002/05/28 02:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 02:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2006/01/18 19:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Authentium
[2010/08/12 08:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/09/04 06:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
[2008/10/17 13:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PureEdge
[2006/05/30 18:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2006/05/30 18:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2006/05/30 18:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2011/03/13 19:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Neat Company
[2009/09/04 06:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865}
[2010/04/12 20:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/23 10:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/13 10:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/10/19 21:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jfreeman\Application Data\Canon
[2011/09/06 15:40:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jfreeman\Application Data\Catalina Marketing Corp
[2010/08/16 15:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jfreeman\Application Data\Epson
[2009/09/04 10:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jfreeman\Application Data\GetRightToGo
[2011/01/25 06:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jfreeman\Application Data\Gradkell Systems, Inc
[2006/01/29 16:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jfreeman\Application Data\InterVideo
[2011/03/13 19:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jfreeman\Application Data\Neat
[2011/03/13 19:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jfreeman\Application Data\Nuance
[2008/10/17 13:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jfreeman\Application Data\PureEdge
[2006/01/19 06:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jfreeman\Application Data\ScanSoft
[2006/11/07 20:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jfreeman\Application Data\Template
[2011/08/17 09:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore

========== Purity Check ==========



< End of report >

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:00 AM

Posted 12 November 2011 - 08:24 AM

Hi,

please run a scan with TDSSKiller next:
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.


wucault.exe is the windows update process, when that suddenly starts spiking it can also mean that you beat the virus and windows is working to catch up on the updates it was missing. This, however, normally dies down after a day or two.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 jcfvoygr

jcfvoygr
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Americas
  • Local time:01:00 AM

Posted 12 November 2011 - 02:21 PM

13:17:44.0093 1164 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
13:17:46.0093 1164 ============================================================
13:17:46.0093 1164 Current date / time: 2011/11/12 13:17:46.0093
13:17:46.0093 1164 SystemInfo:
13:17:46.0093 1164
13:17:46.0093 1164 OS Version: 5.1.2600 ServicePack: 3.0
13:17:46.0093 1164 Product type: Workstation
13:17:46.0093 1164 ComputerName: PC-JFREEMANHOME
13:17:46.0093 1164 UserName: jfreeman
13:17:46.0093 1164 Windows directory: C:\WINDOWS
13:17:46.0093 1164 System windows directory: C:\WINDOWS
13:17:46.0093 1164 Processor architecture: Intel x86
13:17:46.0093 1164 Number of processors: 2
13:17:46.0093 1164 Page size: 0x1000
13:17:46.0093 1164 Boot type: Safe boot with network
13:17:46.0093 1164 ============================================================
13:17:49.0859 1164 Initialize success
13:17:54.0546 2440 ============================================================
13:17:54.0546 2440 Scan started
13:17:54.0546 2440 Mode: Manual;
13:17:54.0546 2440 ============================================================
13:17:58.0046 2440 Abiosdsk - ok
13:17:58.0109 2440 abp480n5 - ok
13:17:58.0187 2440 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
13:17:58.0187 2440 ac97intc - ok
13:17:58.0390 2440 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:17:58.0390 2440 ACPI - ok
13:17:58.0562 2440 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:17:58.0562 2440 ACPIEC - ok
13:17:58.0671 2440 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
13:17:58.0687 2440 adpu160m - ok
13:17:58.0875 2440 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys
13:17:58.0875 2440 adpu320 - ok
13:17:59.0109 2440 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys
13:17:59.0109 2440 aeaudio - ok
13:17:59.0328 2440 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:17:59.0328 2440 aec - ok
13:17:59.0515 2440 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:17:59.0515 2440 AFD - ok
13:17:59.0875 2440 Aha154x - ok
13:17:59.0968 2440 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
13:17:59.0984 2440 aic78u2 - ok
13:18:00.0187 2440 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
13:18:00.0187 2440 aic78xx - ok
13:18:00.0343 2440 AliIde - ok
13:18:00.0453 2440 amsint - ok
13:18:00.0515 2440 asc - ok
13:18:00.0640 2440 asc3350p - ok
13:18:00.0703 2440 asc3550 - ok
13:18:00.0906 2440 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:18:00.0906 2440 AsyncMac - ok
13:18:01.0093 2440 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:18:01.0093 2440 atapi - ok
13:18:01.0265 2440 Atdisk - ok
13:18:01.0359 2440 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:18:01.0359 2440 Atmarpc - ok
13:18:01.0578 2440 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:18:01.0578 2440 audstub - ok
13:18:01.0796 2440 b57w2k (0e72b88b05a5931c46efa7d511d9aeb9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
13:18:01.0812 2440 b57w2k - ok
13:18:02.0046 2440 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:18:02.0046 2440 Beep - ok
13:18:02.0234 2440 Blfp (196cc9b84778fb8046a9af703ca956a2) C:\WINDOWS\system32\DRIVERS\baspxp32.sys
13:18:02.0234 2440 Blfp - ok
13:18:02.0437 2440 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:18:02.0437 2440 cbidf2k - ok
13:18:02.0625 2440 cd20xrnt - ok
13:18:02.0796 2440 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:18:02.0796 2440 Cdaudio - ok
13:18:03.0015 2440 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:18:03.0015 2440 Cdfs - ok
13:18:03.0218 2440 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:18:03.0218 2440 Cdrom - ok
13:18:03.0421 2440 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\WINDOWS\system32\drivers\cfwids.sys
13:18:03.0421 2440 cfwids - ok
13:18:03.0593 2440 Changer - ok
13:18:03.0796 2440 CmdIde - ok
13:18:03.0859 2440 Cpqarray - ok
13:18:04.0062 2440 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
13:18:04.0078 2440 CVirtA - ok
13:18:04.0234 2440 dac2w2k - ok
13:18:04.0312 2440 dac960nt - ok
13:18:04.0484 2440 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:18:04.0500 2440 Disk - ok
13:18:04.0750 2440 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:18:04.0796 2440 dmboot - ok
13:18:05.0031 2440 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:18:05.0062 2440 dmio - ok
13:18:05.0312 2440 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:18:05.0312 2440 dmload - ok
13:18:05.0515 2440 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:18:05.0515 2440 DMusic - ok
13:18:05.0781 2440 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
13:18:05.0781 2440 dpti2o - ok
13:18:06.0000 2440 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:18:06.0000 2440 drmkaud - ok
13:18:06.0437 2440 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
13:18:06.0437 2440 E100B - ok
13:18:06.0750 2440 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:18:06.0765 2440 Fastfat - ok
13:18:06.0984 2440 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:18:06.0984 2440 Fdc - ok
13:18:07.0328 2440 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:18:07.0328 2440 Fips - ok
13:18:07.0515 2440 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:18:07.0515 2440 Flpydisk - ok
13:18:07.0750 2440 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:18:07.0750 2440 FltMgr - ok
13:18:08.0000 2440 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:18:08.0000 2440 Fs_Rec - ok
13:18:08.0265 2440 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:18:08.0265 2440 Ftdisk - ok
13:18:08.0468 2440 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:18:08.0468 2440 GEARAspiWDM - ok
13:18:08.0687 2440 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:18:08.0703 2440 Gpc - ok
13:18:08.0921 2440 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:18:08.0921 2440 HidUsb - ok
13:18:09.0093 2440 hpn - ok
13:18:09.0203 2440 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:18:09.0218 2440 HTTP - ok
13:18:09.0406 2440 i2omgmt - ok
13:18:09.0531 2440 i2omp - ok
13:18:09.0656 2440 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:18:09.0671 2440 i8042prt - ok
13:18:09.0890 2440 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
13:18:09.0906 2440 i81x - ok
13:18:10.0140 2440 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
13:18:10.0156 2440 iAimFP0 - ok
13:18:10.0343 2440 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
13:18:10.0343 2440 iAimFP1 - ok
13:18:10.0531 2440 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
13:18:10.0531 2440 iAimFP2 - ok
13:18:10.0750 2440 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
13:18:10.0750 2440 iAimFP3 - ok
13:18:10.0968 2440 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
13:18:10.0968 2440 iAimFP4 - ok
13:18:11.0234 2440 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
13:18:11.0234 2440 iAimFP5 - ok
13:18:11.0406 2440 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
13:18:11.0406 2440 iAimFP6 - ok
13:18:11.0562 2440 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
13:18:11.0578 2440 iAimFP7 - ok
13:18:11.0734 2440 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
13:18:11.0734 2440 iAimTV0 - ok
13:18:11.0937 2440 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
13:18:11.0937 2440 iAimTV1 - ok
13:18:12.0265 2440 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
13:18:12.0281 2440 iAimTV3 - ok
13:18:12.0484 2440 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
13:18:12.0484 2440 iAimTV4 - ok
13:18:12.0671 2440 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
13:18:12.0687 2440 iAimTV5 - ok
13:18:12.0937 2440 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
13:18:12.0937 2440 iAimTV6 - ok
13:18:13.0296 2440 ialm (a79029861cb69cd3cf4eab9ebfee32dd) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
13:18:13.0312 2440 ialm - ok
13:18:13.0531 2440 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:18:13.0531 2440 Imapi - ok
13:18:13.0734 2440 ini910u - ok
13:18:13.0968 2440 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:18:13.0968 2440 IntelIde - ok
13:18:14.0312 2440 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:18:14.0312 2440 intelppm - ok
13:18:14.0500 2440 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:18:14.0500 2440 Ip6Fw - ok
13:18:14.0703 2440 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:18:14.0703 2440 IpFilterDriver - ok
13:18:14.0890 2440 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:18:14.0890 2440 IpInIp - ok
13:18:14.0968 2440 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:18:14.0984 2440 IpNat - ok
13:18:15.0296 2440 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:18:15.0296 2440 IPSec - ok
13:18:15.0484 2440 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:18:15.0500 2440 IRENUM - ok
13:18:15.0703 2440 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:18:15.0703 2440 isapnp - ok
13:18:15.0906 2440 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:18:15.0906 2440 Kbdclass - ok
13:18:16.0000 2440 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:18:16.0000 2440 kmixer - ok
13:18:16.0406 2440 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:18:16.0406 2440 KSecDD - ok
13:18:16.0609 2440 L8042Kbd (032b0247cabf54094ca7819d14e8036d) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
13:18:16.0625 2440 L8042Kbd - ok
13:18:16.0843 2440 L8042mou (4befd29994327e606c93cc82b208f771) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
13:18:16.0843 2440 L8042mou - ok
13:18:17.0000 2440 lbrtfdc - ok
13:18:17.0250 2440 LMouKE (98e6dc123f52780a6b03cf9747cb1fc7) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
13:18:17.0265 2440 LMouKE - ok
13:18:17.0515 2440 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\WINDOWS\system32\drivers\mfeapfk.sys
13:18:17.0515 2440 mfeapfk - ok
13:18:17.0718 2440 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\WINDOWS\system32\drivers\mfeavfk.sys
13:18:17.0718 2440 mfeavfk - ok
13:18:17.0921 2440 mfebopk (a528b15e330edb83ea649be318d841d5) C:\WINDOWS\system32\drivers\mfebopk.sys
13:18:17.0921 2440 mfebopk - ok
13:18:18.0265 2440 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\WINDOWS\system32\drivers\mfefirek.sys
13:18:18.0281 2440 mfefirek - ok
13:18:18.0500 2440 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\WINDOWS\system32\drivers\mfehidk.sys
13:18:18.0531 2440 mfehidk - ok
13:18:18.0750 2440 mfendisk (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
13:18:18.0750 2440 mfendisk - ok
13:18:18.0750 2440 mfendiskmp (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
13:18:18.0750 2440 mfendiskmp - ok
13:18:18.0968 2440 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\WINDOWS\system32\drivers\mferkdet.sys
13:18:18.0968 2440 mferkdet - ok
13:18:19.0296 2440 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
13:18:19.0312 2440 mferkdk - ok
13:18:19.0515 2440 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
13:18:19.0515 2440 mfesmfk - ok
13:18:19.0718 2440 mfetdi2k (25e12c68b49a64ffc873603dfd578236) C:\WINDOWS\system32\drivers\mfetdi2k.sys
13:18:19.0718 2440 mfetdi2k - ok
13:18:19.0953 2440 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:18:19.0953 2440 mnmdd - ok
13:18:20.0468 2440 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:18:20.0468 2440 Modem - ok
13:18:20.0640 2440 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:18:20.0656 2440 Mouclass - ok
13:18:20.0703 2440 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:18:20.0703 2440 mouhid - ok
13:18:20.0921 2440 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:18:20.0937 2440 MountMgr - ok
13:18:21.0203 2440 mraid35x - ok
13:18:21.0437 2440 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:18:21.0437 2440 MRxDAV - ok
13:18:21.0593 2440 MRxSmb - ok
13:18:21.0828 2440 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:18:21.0828 2440 Msfs - ok
13:18:22.0015 2440 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:18:22.0015 2440 MSKSSRV - ok
13:18:22.0406 2440 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:18:22.0406 2440 MSPCLOCK - ok
13:18:22.0593 2440 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:18:22.0593 2440 MSPQM - ok
13:18:22.0765 2440 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:18:22.0765 2440 mssmbios - ok
13:18:22.0968 2440 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:18:22.0968 2440 Mup - ok
13:18:23.0406 2440 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:18:23.0406 2440 NDIS - ok
13:18:23.0609 2440 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:18:23.0609 2440 NdisTapi - ok
13:18:23.0812 2440 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:18:23.0812 2440 Ndisuio - ok
13:18:24.0000 2440 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:18:24.0000 2440 NdisWan - ok
13:18:24.0375 2440 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:18:24.0375 2440 NDProxy - ok
13:18:24.0562 2440 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:18:24.0562 2440 NetBIOS - ok
13:18:24.0687 2440 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:18:24.0687 2440 NetBT - ok
13:18:24.0890 2440 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:18:24.0906 2440 Npfs - ok
13:18:25.0000 2440 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:18:25.0187 2440 Ntfs - ok
13:18:25.0390 2440 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:18:25.0390 2440 Null - ok
13:18:25.0609 2440 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:18:25.0609 2440 NwlnkFlt - ok
13:18:25.0781 2440 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:18:25.0781 2440 NwlnkFwd - ok
13:18:26.0000 2440 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
13:18:26.0000 2440 P3 - ok
13:18:26.0328 2440 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:18:26.0343 2440 Parport - ok
13:18:26.0531 2440 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:18:26.0531 2440 PartMgr - ok
13:18:26.0609 2440 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:18:26.0609 2440 ParVdm - ok
13:18:26.0796 2440 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:18:26.0796 2440 PCI - ok
13:18:26.0953 2440 PCIDump - ok
13:18:27.0281 2440 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:18:27.0281 2440 PCIIde - ok
13:18:27.0484 2440 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:18:27.0484 2440 Pcmcia - ok
13:18:27.0593 2440 PDCOMP - ok
13:18:27.0671 2440 PDFRAME - ok
13:18:27.0750 2440 PDRELI - ok
13:18:27.0796 2440 PDRFRAME - ok
13:18:27.0859 2440 perc2 - ok
13:18:27.0921 2440 perc2hib - ok
13:18:28.0031 2440 pnarp (ce27fc8bdc54b3ac63d53e2d5f6cc929) C:\WINDOWS\system32\DRIVERS\pnarp.sys
13:18:28.0031 2440 pnarp - ok
13:18:28.0296 2440 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:18:28.0296 2440 PptpMiniport - ok
13:18:28.0406 2440 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:18:28.0406 2440 PSched - ok
13:18:28.0546 2440 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:18:28.0546 2440 Ptilink - ok
13:18:28.0796 2440 purendis (f4fd591e86ecb6b5d000c7d6c987416b) C:\WINDOWS\system32\DRIVERS\purendis.sys
13:18:28.0812 2440 purendis - ok
13:18:28.0968 2440 ql1080 - ok
13:18:29.0000 2440 Ql10wnt - ok
13:18:29.0109 2440 ql12160 - ok
13:18:29.0359 2440 ql1240 - ok
13:18:29.0468 2440 ql1280 - ok
13:18:29.0593 2440 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:18:29.0625 2440 RasAcd - ok
13:18:29.0812 2440 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:18:29.0812 2440 Rasl2tp - ok
13:18:29.0968 2440 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:18:29.0984 2440 RasPppoe - ok
13:18:30.0312 2440 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:18:30.0328 2440 Raspti - ok
13:18:30.0531 2440 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:18:30.0531 2440 Rdbss - ok
13:18:30.0796 2440 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:18:30.0796 2440 RDPCDD - ok
13:18:31.0015 2440 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:18:31.0046 2440 rdpdr - ok
13:18:31.0281 2440 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:18:31.0281 2440 RDPWD - ok
13:18:31.0468 2440 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:18:31.0468 2440 redbook - ok
13:18:31.0687 2440 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:18:31.0687 2440 SASDIFSV - ok
13:18:31.0828 2440 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:18:31.0828 2440 SASKUTIL - ok
13:18:32.0093 2440 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:18:32.0140 2440 Secdrv - ok
13:18:32.0343 2440 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:18:32.0359 2440 serenum - ok
13:18:32.0453 2440 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:18:32.0453 2440 Serial - ok
13:18:32.0750 2440 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:18:32.0750 2440 Sfloppy - ok
13:18:32.0890 2440 Simbad - ok
13:18:33.0031 2440 smwdm (fa3368a7039f5abaa4b933703ac34763) C:\WINDOWS\system32\drivers\smwdm.sys
13:18:33.0062 2440 smwdm - ok
13:18:33.0234 2440 Sparrow - ok
13:18:33.0390 2440 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:18:33.0390 2440 splitter - ok
13:18:33.0625 2440 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:18:33.0625 2440 sr - ok
13:18:33.0734 2440 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:18:33.0750 2440 Srv - ok
13:18:33.0984 2440 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:18:33.0984 2440 swenum - ok
13:18:34.0140 2440 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:18:34.0140 2440 swmidi - ok
13:18:34.0312 2440 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
13:18:34.0312 2440 symc810 - ok
13:18:34.0406 2440 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
13:18:34.0406 2440 symc8xx - ok
13:18:34.0640 2440 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\system32\DRIVERS\symmpi.sys
13:18:34.0640 2440 Symmpi - ok
13:18:34.0843 2440 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
13:18:34.0859 2440 sym_hi - ok
13:18:35.0015 2440 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
13:18:35.0015 2440 sym_u3 - ok
13:18:35.0203 2440 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:18:35.0218 2440 sysaudio - ok
13:18:35.0437 2440 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:18:35.0468 2440 Tcpip - ok
13:18:35.0671 2440 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:18:35.0671 2440 TDPIPE - ok
13:18:35.0734 2440 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:18:35.0734 2440 TDTCP - ok
13:18:35.0890 2440 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:18:35.0890 2440 TermDD - ok
13:18:36.0015 2440 TosIde - ok
13:18:36.0156 2440 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:18:36.0156 2440 Udfs - ok
13:18:36.0296 2440 ultra - ok
13:18:36.0437 2440 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:18:36.0453 2440 Update - ok
13:18:36.0703 2440 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys
13:18:36.0703 2440 USBAAPL - ok
13:18:36.0890 2440 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:18:36.0890 2440 usbccgp - ok
13:18:37.0093 2440 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:18:37.0109 2440 usbehci - ok
13:18:37.0453 2440 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:18:37.0453 2440 usbhub - ok
13:18:37.0562 2440 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:18:37.0562 2440 usbprint - ok
13:18:37.0750 2440 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:18:37.0750 2440 usbscan - ok
13:18:37.0953 2440 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:18:37.0953 2440 USBSTOR - ok
13:18:38.0421 2440 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:18:38.0421 2440 usbuhci - ok
13:18:38.0718 2440 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:18:38.0718 2440 VgaSave - ok
13:18:38.0921 2440 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
13:18:38.0921 2440 ViaIde - ok
13:18:39.0328 2440 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:18:39.0375 2440 VolSnap - ok
13:18:39.0531 2440 vsdatant - ok
13:18:39.0750 2440 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:18:39.0750 2440 Wanarp - ok
13:18:39.0812 2440 WDICA - ok
13:18:39.0921 2440 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:18:39.0921 2440 wdmaud - ok
13:18:40.0328 2440 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:18:40.0328 2440 WudfPf - ok
13:18:40.0515 2440 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:18:40.0515 2440 WudfRd - ok
13:18:40.0781 2440 {6080A529-897E-4629-A488-ABA0C29B635E} (3ee36328e860fbf102b54608a055c6be) C:\WINDOWS\system32\drivers\ialmsbw.sys
13:18:40.0781 2440 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
13:18:41.0000 2440 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (17f39a1916733ed228eb46ad67c35426) C:\WINDOWS\system32\drivers\ialmkchw.sys
13:18:41.0000 2440 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
13:18:41.0046 2440 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk0\DR0
13:18:41.0296 2440 \Device\Harddisk0\DR0 - ok
13:18:41.0312 2440 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR4
13:18:41.0312 2440 \Device\Harddisk3\DR4 - ok
13:18:41.0328 2440 Boot (0x1200) (a6e897f71bbd3cd7f1e5550667504ffd) \Device\Harddisk0\DR0\Partition0
13:18:41.0343 2440 \Device\Harddisk0\DR0\Partition0 - ok
13:18:41.0359 2440 Boot (0x1200) (d7f4045f7e4d94d9694536821d1a1e11) \Device\Harddisk3\DR4\Partition0
13:18:41.0359 2440 \Device\Harddisk3\DR4\Partition0 - ok
13:18:41.0375 2440 ============================================================
13:18:41.0375 2440 Scan finished
13:18:41.0375 2440 ============================================================
13:18:41.0421 2268 Detected object count: 0
13:18:41.0421 2268 Actual detected object count: 0

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:00 AM

Posted 12 November 2011 - 07:50 PM

Hi,

the log is clean. Do you still get the spikes in usages or has that died down?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 jcfvoygr

jcfvoygr
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Americas
  • Local time:01:00 AM

Posted 14 November 2011 - 02:14 PM

No it does not appear to have that issue but, when I run it now other than the home page, IE loads new tabs or pages extremely slowly. I usually quit after waiting anywhere from 5 minutes to 15 minutes for it to load one page like www.bleepingcomputer.com or to download tools like your request for me to download Kapersky. Otherwise it seems to run ok. I am using safe mode right now in order to post this topic. It make IE totally unusable.

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:00 AM

Posted 14 November 2011 - 06:35 PM

Hi,

could you please reset IE and let me know if that helps: support.microsoft.com/kb/923737

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 jcfvoygr

jcfvoygr
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Americas
  • Local time:01:00 AM

Posted 14 November 2011 - 11:07 PM

Hi Myrti,

Nope. It still drags. Yahoo Green is my home page. It loads fine (less than 15-30 seconds). When I type in google or anything else in regular mode it take 2 to 3 minutes for it to load that one page.

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:00 AM

Posted 15 November 2011 - 03:18 AM

Hi,
Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
Click Go and post the result.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 jcfvoygr

jcfvoygr
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Americas
  • Local time:01:00 AM

Posted 15 November 2011 - 08:03 PM

2:00 a.m. Really, you are a workaholic.


MiniToolBox by Farbar
Ran by jfreeman (administrator) on 15-11-2011 at 18:53:20
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com

There are 15071 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : pc-jfreemanhome

Primary Dns Suffix . . . . . . . : alvine.com

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : alvine.com

om.cox.net



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : om.cox.net

Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet for hp

Physical Address. . . . . . . . . : 00-15-60-5A-CD-B2

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.101

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 68.105.28.11

68.105.29.11

68.105.28.12

Lease Obtained. . . . . . . . . . : Tuesday, November 15, 2011 6:39:51 PM

Lease Expires . . . . . . . . . . : Wednesday, November 16, 2011 6:39:51 PM

Server: cdns1.cox.net
Address: 68.105.28.11

DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 173.194.64.99, 173.194.64.103, 173.194.64.104, 173.194.64.105
173.194.64.106, 173.194.64.147



Pinging google.com [173.194.64.106] with 32 bytes of data:



Reply from 173.194.64.106: bytes=32 time=35ms TTL=48

Reply from 173.194.64.106: bytes=32 time=62ms TTL=48



Ping statistics for 173.194.64.106:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 35ms, Maximum = 62ms, Average = 48ms

Server: cdns1.cox.net
Address: 68.105.28.11

Name: yahoo.com.alvine.com
Address: 72.215.225.9



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=37ms TTL=55

Reply from 209.191.122.70: bytes=32 time=29ms TTL=55



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 29ms, Maximum = 37ms, Average = 33ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 15 60 5a cd b2 ...... Broadcom NetXtreme Gigabit Ethernet for hp - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.101 192.168.1.101 20
192.168.1.101 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.101 192.168.1.101 20
224.0.0.0 240.0.0.0 192.168.1.101 192.168.1.101 20
255.255.255.255 255.255.255.255 192.168.1.101 192.168.1.101 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/15/2011 06:40:32 PM) (Source: UserInit) (User: )
Description: Could not execute the following script accounting.bat. The system cannot find the file specified.
.

Error: (11/15/2011 06:40:29 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot obtain the domain controller name for your computer network. (The workstation driver is not installed. ). Group Policy processing aborted.

Error: (11/15/2011 06:40:29 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot obtain the domain controller name for your computer network. (The workstation driver is not installed. ). Group Policy processing aborted.

Error: (11/15/2011 06:34:20 PM) (Source: UserInit) (User: )
Description: Could not execute the following script accounting.bat. The system cannot find the file specified.
.

Error: (11/15/2011 06:34:16 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x80070836). The workstation driver is not installed.
Enrollment will not be performed.

Error: (11/15/2011 06:34:09 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot obtain the domain controller name for your computer network. (The workstation driver is not installed. ). Group Policy processing aborted.

Error: (11/15/2011 06:34:09 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot obtain the domain controller name for your computer network. (The workstation driver is not installed. ). Group Policy processing aborted.

Error: (11/14/2011 09:21:10 PM) (Source: UserInit) (User: )
Description: Could not execute the following script accounting.bat. The system cannot find the file specified.
.

Error: (11/14/2011 09:21:07 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x80070836). The workstation driver is not installed.
Enrollment will not be performed.

Error: (11/14/2011 09:21:05 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot obtain the domain controller name for your computer network. (The workstation driver is not installed. ). Group Policy processing aborted.


System errors:
=============
Error: (11/15/2011 06:51:02 PM) (Source: DCOM) (User: jfreeman)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/15/2011 06:42:10 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service McNaiAnn with arguments ""
in order to run the server:
{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error: (11/15/2011 06:42:10 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service McNaiAnn with arguments ""
in order to run the server:
{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error: (11/15/2011 06:42:10 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service McNaiAnn with arguments ""
in order to run the server:
{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error: (11/15/2011 06:42:10 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service McNaiAnn with arguments ""
in order to run the server:
{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error: (11/15/2011 06:42:10 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service McNaiAnn with arguments ""
in order to run the server:
{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error: (11/15/2011 06:42:10 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service McNaiAnn with arguments ""
in order to run the server:
{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error: (11/15/2011 06:42:09 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service McNaiAnn with arguments ""
in order to run the server:
{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error: (11/15/2011 06:42:09 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service McNaiAnn with arguments ""
in order to run the server:
{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error: (11/15/2011 06:41:25 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1066


Microsoft Office Sessions:
=========================

**** End of log ****

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:00 AM

Posted 16 November 2011 - 03:13 AM

Hi,

easy to appear a workaholic, when you're actually in a different timezone :wink: It's 9am here :lol:

It seems your DNS servers are slow, could you try setting OpenDNS as your DNS server and see if that helps: https://store.opendns.com/setup/device/windows-xp/

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 jcfvoygr

jcfvoygr
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Americas
  • Local time:01:00 AM

Posted 16 November 2011 - 12:49 PM

Timezones...ahh ha!

I will try the OpenDNS. Would that account for the significant IE speed difference between safe mode and regular?

J




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users