Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown/Unable to locate virus/ Op sys & file corruption


  • Please log in to reply
8 replies to this topic

#1 Lexluther64

Lexluther64

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 24 August 2013 - 12:46 PM

Hi, Gang

Quit a bit of experience fixing, repairing, cleaning family and friends computers. This 1 has me stumpped. Can't find any actual infection, although lots of damaged and corrupted files have so far been somewhat addressed.

Computer is HP Pavillion A300N

Running E6750 Intel DuoCore 2.66 GHz

3GB Ram 40 GB HD

Win Home SP3.

Have so far done following:

 

CHKDSK /r /f

SFC /scannow : used none original home sp3 (DELL OEM) disk for files to be copied replaced, many copied

Avast full scan and boot scan: Boot scan showed NTFLUSHKEY bootExecute error:0xc000014D (an i/o initiated by registry failed unrecoverable)

Superantispyware-Adware only Found

RegistryFix 8:

Kaspersky & Gmer Rootkit removers

Norton and McAffee removal Tools

Defrag Drive and Registry

System Cleanup

Reinstalled SP3

Malwarebytes

Combofix scan only: Found replaced corrupted C\win\sys32\ntdll.dll

Recent Boot showed Issas.exe- I/O operation by registry failed unrecoverable Registry could not read in/write out/ or flush files that contain system image of registry.

 

Have all logs of above scans etc. Will post at your request.

System has unusual long boot up lag - 20-30 passes window load bar. Long lag at shut down and random freezes glitches while operating. Not near as bad as when I started with it, but I'm missin something. Need the pros help this time :)

 

Pasted below is the requested DDS file.txt log

 

Thanks for help

Lex

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by Robert Porter at 10:13:27 on 2013-08-24
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3053.2353 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\bak\hkcmd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IgfxTray] c:\windows\system32\bak\igfxtray.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\bak\hpztsb07.exe
mRun: [HotKeysCmds] c:\windows\system32\bak\hkcmd.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoThumbnailCache = dword:1
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1360469935609
DPF: {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} - hxxp://www.realtydirectmd.com/WebResource.axd?d=DGpVDEiDXSQa_uFgwgmBpJbUUG3tclDZ6M0KkxppgjKdIX2OLaS6nca14y_xsvoiZ6nWUcVMe-rVZjmtN7j0Nu5nL6ZPhAqN14xLxecme3L8fkUH-olez8LFsNJz2I2HQkDieZJlAG_5eXSYcgmMMsbwmmMw9xv4wRagoafmnUTqXRQlMdJ0RlA0nh4vqvoc0&t=634663152894029213
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30043.www3.hp.com/ps/en/check/qdiagh.cab?322
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{2451EE87-B4C5-487F-8A0E-253CCD959C13} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{F472D555-09A1-4AF9-864F-11B62D394B1E} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-8-21 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-8-21 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-8-21 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-8-21 369584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-8-21 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-8-21 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-8-21 46808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 VRDVC20;Sony VRD-VC20 [Video Capture];c:\windows\system32\drivers\VRDVC20X.SYS [2009-2-23 31104]
S3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [2007-8-29 47488]
S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [2010-9-22 10112]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2001-8-23 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
S3 WUSB54GV4SRV;Linksys Wireless-G USB Network Adapter Driver;c:\windows\system32\drivers\rt2500usb.sys [2005-3-20 79616]
.
=============== Created Last 30 ================
.
2013-08-24 16:31:36 -------- d-----w- c:\documents and settings\all users\application data\SecTaskMan
2013-08-23 10:38:26 -------- d-sha-r- C:\cmdcons
2013-08-23 03:07:06 45056 -c--a-w- c:\windows\system32\dllcache\aqadmin.dll
2013-08-23 03:06:35 5632 -c--a-w- c:\windows\system32\dllcache\adsiisex.dll
2013-08-23 01:58:41 324120 ----a-r- c:\windows\system32\drivers\iaStor.sys
2013-08-21 09:22:21 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-21 09:22:20 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-21 09:22:19 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-21 09:22:17 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-21 09:20:09 41664 ----a-w- c:\windows\avastSS.scr
2013-08-21 09:17:00 -------- d-----w- c:\program files\AVAST Software
2013-08-21 09:15:42 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2013-08-21 08:47:59 -------- d-----w- C:\I386
2013-08-21 06:25:04 98816 ----a-w- c:\windows\sed.exe
2013-08-21 06:25:04 256000 ----a-w- c:\windows\PEV.exe
2013-08-21 06:25:04 208896 ----a-w- c:\windows\MBR.exe
2013-08-21 05:22:22 -------- d-----w- c:\documents and settings\robert porter\local settings\application data\Google
2013-08-21 05:16:31 -------- d-----w- c:\windows\system32\Adobe
2013-08-21 04:49:04 -------- d-----w- c:\windows\$regcmp$
2013-08-21 04:48:41 -------- d-----w- c:\windows\system32\NtmsData
2013-08-21 00:37:26 -------- d-----w- c:\documents and settings\all users\application data\Fighters
2013-08-21 00:31:00 -------- d-----w- c:\program files\RegistryFix8
2013-08-20 21:44:41 98164940 ----a-w- C:\Registry BKUP Lex 8.20.13.reg
2013-08-20 17:52:48 19569 ----a-w- c:\windows\000001_.tmp
2013-08-20 17:25:21 -------- d-----w- C:\53818ae08bfb975aa4c34a83
2013-08-20 16:53:56 -------- d-----w- c:\documents and settings\robert porter\local settings\application data\ApplicationHistory
2013-08-20 10:44:51 -------- d-----w- c:\windows\system32\URTTEMP
2013-08-20 10:06:46 -------- d-----w- c:\documents and settings\robert porter\local settings\application data\Sun
2013-08-20 10:05:23 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-08-20 10:05:22 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-08-20 10:05:01 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-08-20 09:57:36 -------- d-----w- c:\program files\common files\Windows Live
2013-08-20 09:52:08 -------- d-----w- c:\windows\system32\winrm
2013-08-20 09:52:08 -------- d-----w- c:\windows\system32\GroupPolicy
2013-08-20 09:52:00 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2013-08-20 09:51:15 -------- d-----w- c:\program files\Windows Media Connect 2
2013-08-20 09:39:54 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2013-08-20 05:24:06 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2013-08-20 05:24:05 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2013-08-20 05:24:04 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2013-08-20 05:24:04 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2013-08-20 05:24:03 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2013-08-20 05:23:55 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2013-08-20 05:23:49 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2013-08-20 05:23:47 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2013-08-20 05:23:35 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2013-08-20 05:23:35 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2013-08-20 05:23:33 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2013-08-20 05:22:15 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2013-08-20 05:22:09 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2013-08-20 05:22:08 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2013-08-20 05:20:58 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2013-08-20 05:19:56 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2013-08-20 05:18:53 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2013-08-20 05:18:53 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2013-08-20 05:18:52 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2013-08-20 05:18:51 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2013-08-20 05:18:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2013-08-20 05:18:50 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2013-08-20 05:18:50 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2013-08-20 05:18:50 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2013-08-20 05:18:49 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2013-08-20 05:18:47 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2013-08-20 05:16:59 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2013-08-20 05:15:58 82432 -c--a-w- c:\windows\system32\dllcache\rwia450.dll
2013-08-20 05:14:52 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2013-08-20 05:13:59 29502 -c--a-w- c:\windows\system32\dllcache\pca200e.sys
2013-08-20 05:12:52 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2013-08-20 05:12:32 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2013-08-20 05:12:32 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2013-08-20 05:12:31 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2013-08-20 05:12:24 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2013-08-20 05:12:24 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2013-08-20 05:12:11 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2013-08-20 05:12:10 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2013-08-20 05:12:04 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2013-08-20 05:12:01 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
2013-08-20 05:12:01 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2013-08-20 05:12:00 15872 -c--a-w- c:\windows\system32\dllcache\ne2000.sys
2013-08-20 05:10:57 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2013-08-20 05:10:39 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2013-08-20 05:10:36 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2013-08-20 05:09:51 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2013-08-20 05:09:50 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2013-08-20 05:09:48 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2013-08-20 05:09:35 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2013-08-20 05:09:29 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2013-08-20 05:09:15 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2013-08-20 05:08:58 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2013-08-20 05:08:52 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2013-08-20 05:08:51 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2013-08-20 05:08:46 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2013-08-20 05:08:46 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2013-08-20 05:08:45 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2013-08-20 05:08:44 164586 -c--a-w- c:\windows\system32\dllcache\mdgndis5.sys
2013-08-20 05:08:39 7424 -c--a-w- c:\windows\system32\dllcache\mammoth.sys
2013-08-20 05:03:56 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2013-08-20 05:02:16 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2013-08-20 05:01:59 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2013-08-20 04:59:58 28288 -c--a-w- c:\windows\system32\dllcache\grserial.sys
2013-08-20 04:59:57 82304 -c--a-w- c:\windows\system32\dllcache\grclass.sys
2013-08-20 04:59:56 17408 -c--a-w- c:\windows\system32\dllcache\gpr400.sys
2013-08-20 04:59:49 59136 -c--a-w- c:\windows\system32\dllcache\gckernel.sys
2013-08-20 04:59:48 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys
2013-08-20 04:59:47 322432 -c--a-w- c:\windows\system32\dllcache\g400m.sys
2013-08-20 04:59:46 320384 -c--a-w- c:\windows\system32\dllcache\g200m.sys
2013-08-20 04:59:46 1733120 -c--a-w- c:\windows\system32\dllcache\g400d.dll
2013-08-20 04:59:45 470144 -c--a-w- c:\windows\system32\dllcache\g200d.dll
2013-08-20 04:59:45 454912 -c--a-w- c:\windows\system32\dllcache\fxusbase.sys
2013-08-20 04:59:35 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2013-08-20 04:59:34 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2013-08-20 04:59:33 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
2013-08-20 04:50:51 442240 -c--a-w- c:\windows\system32\dllcache\fpnpbase.sys
2013-08-20 04:50:50 444416 -c--a-w- c:\windows\system32\dllcache\fpcibase.sys
2013-08-20 04:50:50 441728 -c--a-w- c:\windows\system32\dllcache\fpcmbase.sys
2013-08-20 04:50:46 34173 -c--a-w- c:\windows\system32\dllcache\forehe.sys
2013-08-20 04:50:45 71680 -c--a-w- c:\windows\system32\dllcache\fnfilter.dll
2013-08-20 04:50:40 27165 -c--a-w- c:\windows\system32\dllcache\fetnd5.sys
2013-08-20 04:50:39 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys
2013-08-20 04:35:34 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys
2013-08-20 04:34:58 91305 -c--a-w- c:\windows\system32\dllcache\dimaint.sys
2013-08-20 04:33:50 10240 -c--a-w- c:\windows\system32\dllcache\compbatt.sys
2013-08-20 04:32:59 46108 -c--a-w- c:\windows\system32\dllcache\cben5.sys
2013-08-20 04:31:59 871388 -c--a-w- c:\windows\system32\dllcache\bcmdm.sys
2013-08-20 04:30:48 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys
2013-08-20 04:30:47 36224 -c--a-w- c:\windows\system32\dllcache\an983.sys
2013-08-20 04:30:47 12032 -c--a-w- c:\windows\system32\dllcache\amsint.sys
2013-08-20 04:30:46 5248 -c--a-w- c:\windows\system32\dllcache\aliide.sys
2013-08-20 04:30:46 16969 -c--a-w- c:\windows\system32\dllcache\amb8002.sys
2013-08-20 04:30:45 56960 -c--a-w- c:\windows\system32\dllcache\aic78xx.sys
2013-08-20 04:30:45 27678 -c--a-w- c:\windows\system32\dllcache\ali5261.sys
2013-08-20 04:30:45 26624 -c--a-w- c:\windows\system32\dllcache\alifir.sys
2013-08-20 04:30:44 55168 -c--a-w- c:\windows\system32\dllcache\aic78u2.sys
2013-08-20 04:30:40 12800 -c--a-w- c:\windows\system32\dllcache\aha154x.sys
2013-08-20 04:24:59 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2013-08-19 22:56:38 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2013-08-19 22:56:37 -------- d-----w- c:\documents and settings\robert porter\application data\SUPERAntiSpyware.com
2013-08-19 22:55:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-07-29 10:03:57 -------- d-----w- c:\windows\system32\MRT
.
==================== Find3M  ====================
.
2013-08-21 05:16:47 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-21 05:16:44 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-20 10:03:50 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-26 02:47:17 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:47:13 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-07-26 02:47:12 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-07-25 15:52:59 385024 ----a-w- c:\windows\system32\html.iec
2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 03:03:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-28 01:59:37 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2013-05-28 00:41:07 6144 ----a-w- c:\windows\system32\xpsp4res.dll
.
============= FINISH: 10:14:53.81 ===============
 

 

 

 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:08 PM

Posted 29 August 2013 - 12:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/505460 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Lexluther64

Lexluther64
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 30 August 2013 - 12:31 PM

thanks for reply and follow up.  In addition to above info I do not have original XP Home SP3 disk. System is 32 bit.

  Have been unable to locate any actual infection,  However system is very slow to boot,  shutdown and seems to have constant freezing and glitches. Above listed scans done before requesting help have made many corrections repairs but still seems something very wrong or damaged. Have all logs from scans above if you want posted let me know.

 

Below are DDS logs just redone and pasted:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by Robert Porter at 10:20:01 on 2013-08-30
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3053.2444 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\bak\hkcmd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\bak\igfxtray.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\bak\hpztsb07.exe
mRun: [HotKeysCmds] c:\windows\system32\bak\hkcmd.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoThumbnailCache = dword:1
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1360469935609
DPF: {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} - hxxp://www.realtydirectmd.com/WebResource.axd?d=DGpVDEiDXSQa_uFgwgmBpJbUUG3tclDZ6M0KkxppgjKdIX2OLaS6nca14y_xsvoiZ6nWUcVMe-rVZjmtN7j0Nu5nL6ZPhAqN14xLxecme3L8fkUH-olez8LFsNJz2I2HQkDieZJlAG_5eXSYcgmMMsbwmmMw9xv4wRagoafmnUTqXRQlMdJ0RlA0nh4vqvoc0&t=634663152894029213
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30043.www3.hp.com/ps/en/check/qdiagh.cab?322
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{2451EE87-B4C5-487F-8A0E-253CCD959C13} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{F472D555-09A1-4AF9-864F-11B62D394B1E} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-8-21 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-8-21 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-8-21 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-8-21 369584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-8-21 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-8-21 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-8-21 46808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 VRDVC20;Sony VRD-VC20 [Video Capture];c:\windows\system32\drivers\VRDVC20X.SYS [2009-2-23 31104]
S3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [2007-8-29 47488]
S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [2010-9-22 10112]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2001-8-23 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
S3 WUSB54GV4SRV;Linksys Wireless-G USB Network Adapter Driver;c:\windows\system32\drivers\rt2500usb.sys [2005-3-20 79616]
.
=============== Created Last 30 ================
.
2013-08-24 16:31:36 -------- d-----w- c:\documents and settings\all users\application data\SecTaskMan
2013-08-23 10:38:26 -------- d-sha-r- C:\cmdcons
2013-08-23 03:07:06 45056 -c--a-w- c:\windows\system32\dllcache\aqadmin.dll
2013-08-23 03:06:35 5632 -c--a-w- c:\windows\system32\dllcache\adsiisex.dll
2013-08-23 01:58:41 324120 ----a-r- c:\windows\system32\drivers\iaStor.sys
2013-08-21 09:22:21 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-21 09:22:20 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-21 09:22:19 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-21 09:22:17 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-21 09:20:09 41664 ----a-w- c:\windows\avastSS.scr
2013-08-21 09:17:00 -------- d-----w- c:\program files\AVAST Software
2013-08-21 09:15:42 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2013-08-21 08:47:59 -------- d-----w- C:\I386
2013-08-21 06:25:04 98816 ----a-w- c:\windows\sed.exe
2013-08-21 06:25:04 256000 ----a-w- c:\windows\PEV.exe
2013-08-21 06:25:04 208896 ----a-w- c:\windows\MBR.exe
2013-08-21 05:22:22 -------- d-----w- c:\documents and settings\robert porter\local settings\application data\Google
2013-08-21 05:16:31 -------- d-----w- c:\windows\system32\Adobe
2013-08-21 04:49:04 -------- d-----w- c:\windows\$regcmp$
2013-08-21 04:48:41 -------- d-----w- c:\windows\system32\NtmsData
2013-08-21 00:37:26 -------- d-----w- c:\documents and settings\all users\application data\Fighters
2013-08-21 00:31:00 -------- d-----w- c:\program files\RegistryFix8
2013-08-20 21:44:41 98164940 ----a-w- C:\Registry BKUP Lex 8.20.13.reg
2013-08-20 17:52:48 19569 ----a-w- c:\windows\000001_.tmp
2013-08-20 17:25:21 -------- d-----w- C:\53818ae08bfb975aa4c34a83
2013-08-20 16:53:56 -------- d-----w- c:\documents and settings\robert porter\local settings\application data\ApplicationHistory
2013-08-20 10:44:51 -------- d-----w- c:\windows\system32\URTTEMP
2013-08-20 10:06:46 -------- d-----w- c:\documents and settings\robert porter\local settings\application data\Sun
2013-08-20 10:05:23 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-08-20 10:05:22 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-08-20 10:05:01 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-08-20 09:57:36 -------- d-----w- c:\program files\common files\Windows Live
2013-08-20 09:52:08 -------- d-----w- c:\windows\system32\winrm
2013-08-20 09:52:08 -------- d-----w- c:\windows\system32\GroupPolicy
2013-08-20 09:52:00 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2013-08-20 09:51:15 -------- d-----w- c:\program files\Windows Media Connect 2
2013-08-20 09:39:54 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2013-08-20 05:24:06 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2013-08-20 05:24:05 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2013-08-20 05:24:04 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2013-08-20 05:24:04 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2013-08-20 05:24:03 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2013-08-20 05:23:55 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2013-08-20 05:23:49 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2013-08-20 05:23:47 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2013-08-20 05:23:35 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2013-08-20 05:23:35 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2013-08-20 05:23:33 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2013-08-20 05:22:15 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2013-08-20 05:22:09 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2013-08-20 05:22:08 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2013-08-20 05:20:58 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2013-08-20 05:19:56 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2013-08-20 05:18:53 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2013-08-20 05:18:53 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2013-08-20 05:18:52 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2013-08-20 05:18:51 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2013-08-20 05:18:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2013-08-20 05:18:50 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2013-08-20 05:18:50 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2013-08-20 05:18:50 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2013-08-20 05:18:49 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2013-08-20 05:18:47 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2013-08-20 05:16:59 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2013-08-20 05:15:58 82432 -c--a-w- c:\windows\system32\dllcache\rwia450.dll
2013-08-20 05:14:52 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2013-08-20 05:13:59 29502 -c--a-w- c:\windows\system32\dllcache\pca200e.sys
2013-08-20 05:12:52 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2013-08-20 05:12:32 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2013-08-20 05:12:32 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2013-08-20 05:12:31 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2013-08-20 05:12:24 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2013-08-20 05:12:24 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2013-08-20 05:12:11 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2013-08-20 05:12:10 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2013-08-20 05:12:04 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2013-08-20 05:12:01 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
2013-08-20 05:12:01 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2013-08-20 05:12:00 15872 -c--a-w- c:\windows\system32\dllcache\ne2000.sys
2013-08-20 05:10:57 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2013-08-20 05:10:39 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2013-08-20 05:10:36 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2013-08-20 05:09:51 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2013-08-20 05:09:50 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2013-08-20 05:09:48 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2013-08-20 05:09:35 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2013-08-20 05:09:29 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2013-08-20 05:09:15 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2013-08-20 05:08:58 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2013-08-20 05:08:52 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2013-08-20 05:08:51 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2013-08-20 05:08:46 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2013-08-20 05:08:46 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2013-08-20 05:08:45 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2013-08-20 05:08:44 164586 -c--a-w- c:\windows\system32\dllcache\mdgndis5.sys
2013-08-20 05:08:39 7424 -c--a-w- c:\windows\system32\dllcache\mammoth.sys
2013-08-20 05:03:56 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2013-08-20 05:02:16 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2013-08-20 05:01:59 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2013-08-20 04:59:58 28288 -c--a-w- c:\windows\system32\dllcache\grserial.sys
2013-08-20 04:59:57 82304 -c--a-w- c:\windows\system32\dllcache\grclass.sys
2013-08-20 04:59:56 17408 -c--a-w- c:\windows\system32\dllcache\gpr400.sys
2013-08-20 04:59:49 59136 -c--a-w- c:\windows\system32\dllcache\gckernel.sys
2013-08-20 04:59:48 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys
2013-08-20 04:59:47 322432 -c--a-w- c:\windows\system32\dllcache\g400m.sys
2013-08-20 04:59:46 320384 -c--a-w- c:\windows\system32\dllcache\g200m.sys
2013-08-20 04:59:46 1733120 -c--a-w- c:\windows\system32\dllcache\g400d.dll
2013-08-20 04:59:45 470144 -c--a-w- c:\windows\system32\dllcache\g200d.dll
2013-08-20 04:59:45 454912 -c--a-w- c:\windows\system32\dllcache\fxusbase.sys
2013-08-20 04:59:35 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2013-08-20 04:59:34 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2013-08-20 04:59:33 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
2013-08-20 04:50:51 442240 -c--a-w- c:\windows\system32\dllcache\fpnpbase.sys
2013-08-20 04:50:50 444416 -c--a-w- c:\windows\system32\dllcache\fpcibase.sys
2013-08-20 04:50:50 441728 -c--a-w- c:\windows\system32\dllcache\fpcmbase.sys
2013-08-20 04:50:46 34173 -c--a-w- c:\windows\system32\dllcache\forehe.sys
2013-08-20 04:50:45 71680 -c--a-w- c:\windows\system32\dllcache\fnfilter.dll
2013-08-20 04:50:40 27165 -c--a-w- c:\windows\system32\dllcache\fetnd5.sys
2013-08-20 04:50:39 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys
2013-08-20 04:35:34 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys
2013-08-20 04:34:58 91305 -c--a-w- c:\windows\system32\dllcache\dimaint.sys
2013-08-20 04:33:50 10240 -c--a-w- c:\windows\system32\dllcache\compbatt.sys
2013-08-20 04:32:59 46108 -c--a-w- c:\windows\system32\dllcache\cben5.sys
2013-08-20 04:31:59 871388 -c--a-w- c:\windows\system32\dllcache\bcmdm.sys
2013-08-20 04:30:48 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys
2013-08-20 04:30:47 36224 -c--a-w- c:\windows\system32\dllcache\an983.sys
2013-08-20 04:30:47 12032 -c--a-w- c:\windows\system32\dllcache\amsint.sys
2013-08-20 04:30:46 5248 -c--a-w- c:\windows\system32\dllcache\aliide.sys
2013-08-20 04:30:46 16969 -c--a-w- c:\windows\system32\dllcache\amb8002.sys
2013-08-20 04:30:45 56960 -c--a-w- c:\windows\system32\dllcache\aic78xx.sys
2013-08-20 04:30:45 27678 -c--a-w- c:\windows\system32\dllcache\ali5261.sys
2013-08-20 04:30:45 26624 -c--a-w- c:\windows\system32\dllcache\alifir.sys
2013-08-20 04:30:44 55168 -c--a-w- c:\windows\system32\dllcache\aic78u2.sys
2013-08-20 04:30:40 12800 -c--a-w- c:\windows\system32\dllcache\aha154x.sys
2013-08-20 04:24:59 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2013-08-19 22:56:38 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2013-08-19 22:56:37 -------- d-----w- c:\documents and settings\robert porter\application data\SUPERAntiSpyware.com
2013-08-19 22:55:10 -------- d-----w- c:\program files\SUPERAntiSpyware
.
==================== Find3M  ====================
.
2013-08-21 05:16:47 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-21 05:16:44 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-20 10:03:50 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-26 02:47:17 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:47:13 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-07-26 02:47:12 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-07-25 15:52:59 385024 ----a-w- c:\windows\system32\html.iec
2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 03:03:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 10:21:59.71 ===============
 

 

DDS Attach log:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7/2/2004 10:01:28 PM
System Uptime: 8/24/2013 12:48:01 PM (142 hours ago)
.
Motherboard: Intel Corporation |  | DG33BU
Processor: Intel® Core™2 Duo CPU     E6750  @ 2.66GHz | J1PR | 2666/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 5.674 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2689: 8/20/2013 11:07:19 PM - SLOW-PCfighter Backup
RP2690: 8/20/2013 11:22:03 PM - SLOW-PCfighter Backup
RP2691: 8/21/2013 12:16:58 AM - Lextuneup5 8.21.13
RP2692: 8/21/2013 12:59:50 AM - SLOW-PCfighter Backup
RP2693: 8/21/2013 1:30:58 AM - lextuneup6  8.21.13
RP2694: 8/21/2013 2:16:59 AM - avast! Free Antivirus Setup
RP2695: 8/22/2013 5:43:43 PM - System Checkpoint
RP2696: 8/22/2013 7:01:21 PM - Lex Repair6 8.22.13
RP2697: 8/22/2013 7:26:56 PM - LexRepair7 8.22.13
RP2698: 8/22/2013 8:20:12 PM - Lexrepair8 8.22.13
RP2699: 8/22/2013 8:42:29 PM - SLOW-PCfighter Backup
RP2700: 8/23/2013 8:58:39 PM - System Checkpoint
RP2701: 8/25/2013 12:53:35 AM - System Checkpoint
RP2702: 8/26/2013 4:02:57 AM - System Checkpoint
RP2703: 8/27/2013 7:57:43 AM - System Checkpoint
RP2704: 8/28/2013 10:28:26 AM - System Checkpoint
RP2705: 8/29/2013 11:20:42 AM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Shockwave Player 12.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Bonjour
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon MG5200 series MP Drivers
Canon MG5200 series User Registration
Canon MP Navigator EX 4.0
Canon My Printer
Canon Solution Menu EX
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 5.1.0.880
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
HP Real Estate Marketing Assistant
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Interface
Intel® PRO Network Connections 12.1.12.0
iTunes
Java 7 Update 25
Java Auto Updater
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliType Pro 5.0
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Web Publishing Wizard 1.52
Microsoft Works 7.0
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
Nero Suite
QuickTime
Realtek High Definition Audio Driver
RegistryFix v8.0
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2803821)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Sentrilock Card Utility
Shockwave
SUPERAntiSpyware
swMSM
The Print Shop 12
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2808679)
Update for Windows XP (KB2863058)
Update for Windows XP (KB951978)
Update for Windows XP (KB971029)
WebFldrs XP
Windows Backup Utility
Windows Driver Package - SCM Microsystems Inc. (SCR3xx USB Smart Card Reader) SmartCardReader  (11/07/2006 4.35.00.01)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
8/24/2013 9:18:46 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the BITS service to connect.
8/24/2013 9:18:46 AM, error: Service Control Manager [7000]  - The BITS service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/24/2013 9:18:45 AM, error: DCOM [10005]  - DCOM got error "%1053" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
8/24/2013 12:48:37 PM, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
8/24/2013 12:48:37 PM, error: atapi [5]  - A parity error was detected on \Device\Ide\IdePort0.
8/24/2013 12:48:35 PM, error: Service Control Manager [7000]  - The Sony VRD-VC20 [Video Capture] service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/24/2013 12:48:35 PM, error: Service Control Manager [7000]  - The Parallel port driver service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/24/2013 12:48:22 PM, error: Dhcp [1002]  - The IP address lease 192.168.0.102 for the Network Card with network address 001CC012BBF4 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
8/23/2013 12:18:29 AM, error: atapi [9]  - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
8/23/2013 11:44:20 PM, information: Windows File Protection [64017]  - Windows File Protection file scan completed successfully.
8/23/2013 11:03:15 PM, information: Windows File Protection [64016]  - Windows File Protection file scan was started.
.
==== End Of File ===========================
 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:08 PM

Posted 03 September 2013 - 09:01 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

#5 Lexluther64

Lexluther64
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 03 September 2013 - 04:13 PM

Attached File  MBR.zip   499bytes   0 downloadsHi Nasdaq
Appreciate the help
Downloaded and scanned as requested above.
TDDS found 9 unsigned files, skipped as requested
Pasted below are the 2 requested logs
Attached the requested .dat file as zipped
 
Question for when we finish out.:
As stated above don't have original HP windows home disk, however I do have Dell and Gateway oem win home disks.
Discovered online you can back up wpa.dbl and wpa.bak files from sys32 folder (theese are the win key registry files.)
Would like to run a win REPAIR from one of these disks, reboot when finished to command prompt or safe mode,
copy 2 sys32 files back and reboot. This is supposed to avert win key proplems be puting back in the old registration from original disk.
 
Ever heard this, is it viable to help restore win sys files. would it be any better than windows file protection SFC scan
which I've already done couple times???  Appreciate your input
 
Below are the requested logs:
 
11:03:43.0085 3972  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:03:43.0711 3972  ============================================================
11:03:43.0711 3972  Current date / time: 2013/09/03 11:03:43.0711
11:03:43.0711 3972  SystemInfo:
11:03:43.0711 3972 
11:03:43.0711 3972  OS Version: 5.1.2600 ServicePack: 3.0
11:03:43.0711 3972  Product type: Workstation
11:03:43.0711 3972  ComputerName: MICHELLEBELL
11:03:43.0711 3972  UserName: Robert Porter
11:03:43.0711 3972  Windows directory: C:\WINDOWS
11:03:43.0711 3972  System windows directory: C:\WINDOWS
11:03:43.0711 3972  Processor architecture: Intel x86
11:03:43.0711 3972  Number of processors: 2
11:03:43.0711 3972  Page size: 0x1000
11:03:43.0711 3972  Boot type: Normal boot
11:03:43.0711 3972  ============================================================
11:03:46.0008 3972  Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1431, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
11:03:46.0196 3972  ============================================================
11:03:46.0196 3972  \Device\Harddisk0\DR0:
11:03:46.0196 3972  MBR partitions:
11:03:46.0196 3972  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A88DD1
11:03:46.0196 3972  ============================================================
11:03:46.0242 3972  C: <-> \Device\Harddisk0\DR0\Partition1
11:03:46.0242 3972  ============================================================
11:03:46.0242 3972  Initialize success
11:03:46.0242 3972  ============================================================
12:32:47.0372 3828  ============================================================
12:32:47.0372 3828  Scan started
12:32:47.0372 3828  Mode: Manual; SigCheck; TDLFS;
12:32:47.0372 3828  ============================================================
12:32:47.0779 3828  ================ Scan system memory ========================
12:32:47.0779 3828  System memory - ok
12:32:47.0779 3828  ================ Scan services =============================
12:32:48.0279 3828  Abiosdsk - ok
12:32:48.0279 3828  abp480n5 - ok
12:32:48.0451 3828  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:32:51.0842 3828  ACPI - ok
12:32:51.0905 3828  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
12:32:52.0342 3828  ACPIEC - ok
12:32:52.0623 3828  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:32:52.0764 3828  AdobeFlashPlayerUpdateSvc - ok
12:32:52.0780 3828  adpu160m - ok
12:32:52.0874 3828  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
12:32:53.0264 3828  aec - ok
12:32:53.0389 3828  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
12:32:53.0499 3828  AFD - ok
12:32:53.0499 3828  Aha154x - ok
12:32:53.0499 3828  aic78u2 - ok
12:32:53.0514 3828  aic78xx - ok
12:32:55.0218 3828  [ 8D6C30E515717248E0E52B85FD7AC466 ] ALCXWDM         C:\WINDOWS\system32\drivers\ALCXWDM.SYS
12:32:58.0109 3828  ALCXWDM - ok
12:32:58.0187 3828  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
12:32:58.0312 3828  Alerter - ok
12:32:58.0375 3828  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
12:32:58.0516 3828  ALG - ok
12:32:58.0516 3828  AliIde - ok
12:32:58.0516 3828  amsint - ok
12:32:58.0734 3828  [ 4B5AE15E5C73EB4DC8DBEC2788230D41 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
12:32:58.0828 3828  Apple Mobile Device - ok
12:32:58.0828 3828  AppMgmt - ok
12:32:58.0922 3828  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:32:59.0063 3828  Arp1394 - ok
12:32:59.0063 3828  asc - ok
12:32:59.0063 3828  asc3350p - ok
12:32:59.0063 3828  asc3550 - ok
12:32:59.0250 3828  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:32:59.0281 3828  aspnet_state - ok
12:32:59.0360 3828  [ 4AF5F360BA1E8794D32B366E45A64A0A ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys
12:32:59.0406 3828  aswFsBlk - ok
12:32:59.0469 3828  [ 1F7094D4268D46F718C51286DC189791 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
12:32:59.0516 3828  aswMonFlt - ok
12:32:59.0578 3828  [ 7B43265F92257A21CBFD88E7A651044C ] AswRdr          C:\WINDOWS\system32\drivers\AswRdr.sys
12:32:59.0625 3828  AswRdr - ok
12:32:59.0672 3828  [ B680134BA1813B78B47FDD1DFF223CA5 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
12:32:59.0719 3828  aswRvrt - ok
12:33:00.0172 3828  [ CCD565A8A72AF7D45F9A242013870926 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
12:33:00.0876 3828  aswSnx - ok
12:33:01.0094 3828  [ 937300BC7C4CDF7576BCCE44E19BBB9D ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
12:33:01.0454 3828  aswSP - ok
12:33:01.0501 3828  [ 1F71F170D90E42EFDE9633D81D5E12DC ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
12:33:01.0548 3828  aswTdi - ok
12:33:01.0641 3828  [ 8CFAA2B965773A653F48F1207A9CB9C4 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
12:33:01.0751 3828  aswVmm - ok
12:33:01.0782 3828  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:33:01.0891 3828  AsyncMac - ok
12:33:02.0001 3828  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
12:33:02.0110 3828  atapi - ok
12:33:02.0110 3828  Atdisk - ok
12:33:02.0157 3828  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:33:02.0313 3828  Atmarpc - ok
12:33:02.0392 3828  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
12:33:02.0501 3828  AudioSrv - ok
12:33:02.0548 3828  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
12:33:02.0688 3828  audstub - ok
12:33:02.0814 3828  [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:33:02.0829 3828  avast! Antivirus - ok
12:33:02.0892 3828  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
12:33:03.0001 3828  Beep - ok
12:33:03.0267 3828  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
12:33:03.0751 3828  BITS - ok
12:33:03.0923 3828  [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:33:04.0064 3828  Bonjour Service - ok
12:33:04.0158 3828  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
12:33:04.0236 3828  Browser - ok
12:33:04.0283 3828  [ 92A964547B96D697E5E9ED43B4297F5A ] BrScnUsb        C:\WINDOWS\system32\Drivers\BrScnUsb.sys
12:33:04.0314 3828  BrScnUsb - ok
12:33:04.0345 3828  [ D48C13F4A409AEE8DAFADDAC81E34557 ] BrSerIf         C:\WINDOWS\system32\Drivers\BrSerIf.sys
12:33:04.0408 3828  BrSerIf - ok
12:33:04.0423 3828  [ 8FA0AC830A8312912A3AA0C0431CBA0D ] BrUsbSer        C:\WINDOWS\system32\Drivers\BrUsbSer.sys
12:33:04.0455 3828  BrUsbSer - ok
12:33:04.0517 3828  [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5        C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
12:33:04.0580 3828  BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
12:33:04.0580 3828  BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
12:33:04.0767 3828  catchme - ok
12:33:04.0814 3828  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
12:33:04.0970 3828  cbidf2k - ok
12:33:04.0970 3828  cd20xrnt - ok
12:33:05.0158 3828  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
12:33:05.0283 3828  Cdaudio - ok
12:33:05.0377 3828  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
12:33:05.0517 3828  Cdfs - ok
12:33:05.0580 3828  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:33:05.0767 3828  Cdrom - ok
12:33:05.0767 3828  Changer - ok
12:33:05.0814 3828  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc           C:\WINDOWS\system32\cisvc.exe
12:33:05.0955 3828  cisvc - ok
12:33:06.0002 3828  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
12:33:06.0127 3828  ClipSrv - ok
12:33:06.0189 3828  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:33:06.0236 3828  clr_optimization_v2.0.50727_32 - ok
12:33:06.0439 3828  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:33:06.0518 3828  clr_optimization_v4.0.30319_32 - ok
12:33:06.0518 3828  CmdIde - ok
12:33:06.0518 3828  COMSysApp - ok
12:33:06.0518 3828  Cpqarray - ok
12:33:06.0611 3828  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
12:33:06.0768 3828  CryptSvc - ok
12:33:06.0768 3828  dac2w2k - ok
12:33:06.0768 3828  dac960nt - ok
12:33:07.0033 3828  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
12:33:07.0455 3828  DcomLaunch - ok
12:33:07.0580 3828  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
12:33:07.0799 3828  Dhcp - ok
12:33:07.0877 3828  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
12:33:08.0002 3828  Disk - ok
12:33:08.0002 3828  dmadmin - ok
12:33:08.0471 3828  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
12:33:09.0315 3828  dmboot - ok
12:33:09.0440 3828  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
12:33:09.0659 3828  dmio - ok
12:33:09.0721 3828  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
12:33:09.0862 3828  dmload - ok
12:33:09.0909 3828  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
12:33:10.0018 3828  dmserver - ok
12:33:10.0065 3828  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
12:33:10.0206 3828  DMusic - ok
12:33:10.0284 3828  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
12:33:10.0347 3828  Dnscache - ok
12:33:10.0456 3828  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
12:33:10.0675 3828  Dot3svc - ok
12:33:10.0800 3828  [ 3E4B043F8BC6BE1D4820CC6C9C500306 ] dot4            C:\WINDOWS\system32\DRIVERS\Dot4.sys
12:33:11.0034 3828  dot4 - ok
12:33:11.0097 3828  [ A93AE4414505A8095EC4820C4312B5DF ] Dot4 HPH11      C:\WINDOWS\system32\DRIVERS\hphid411.sys
12:33:11.0144 3828  Dot4 HPH11 ( UnsignedFile.Multi.Generic ) - warning
12:33:11.0144 3828  Dot4 HPH11 - detected UnsignedFile.Multi.Generic (1)
12:33:11.0175 3828  [ 77CE63A8A34AE23D9FE4C7896D1DEBE7 ] Dot4Print       C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
12:33:11.0300 3828  Dot4Print - ok
12:33:11.0331 3828  [ 4F8681519EA48757148895811F2AA051 ] Dot4Print HPH11 C:\WINDOWS\system32\DRIVERS\hphipr11.sys
12:33:11.0378 3828  Dot4Print HPH11 ( UnsignedFile.Multi.Generic ) - warning
12:33:11.0378 3828  Dot4Print HPH11 - detected UnsignedFile.Multi.Generic (1)
12:33:11.0425 3828  [ DF0A7516E9F803C1C64796B81605495C ] Dot4Storage HPH11 C:\WINDOWS\system32\Drivers\hphs2k11.sys
12:33:11.0488 3828  Dot4Storage HPH11 ( UnsignedFile.Multi.Generic ) - warning
12:33:11.0488 3828  Dot4Storage HPH11 - detected UnsignedFile.Multi.Generic (1)
12:33:11.0550 3828  [ 6EC3AF6BB5B30E488A0C559921F012E1 ] dot4usb         C:\WINDOWS\system32\DRIVERS\dot4usb.sys
12:33:11.0691 3828  dot4usb - ok
12:33:11.0706 3828  [ C6608B2AFB2567F0FA6B4BD8837F1660 ] Dot4Usb HPH11   C:\WINDOWS\system32\drivers\hphius11.sys
12:33:11.0738 3828  Dot4Usb HPH11 ( UnsignedFile.Multi.Generic ) - warning
12:33:11.0738 3828  Dot4Usb HPH11 - detected UnsignedFile.Multi.Generic (1)
12:33:11.0753 3828  dpti2o - ok
12:33:11.0785 3828  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
12:33:11.0878 3828  drmkaud - ok
12:33:12.0081 3828  [ 34AAA3B298A852B3663E6E0D94D12945 ] e1express       C:\WINDOWS\system32\DRIVERS\e1e5132.sys
12:33:12.0191 3828  e1express - ok
12:33:12.0253 3828  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
12:33:12.0394 3828  EapHost - ok
12:33:12.0457 3828  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
12:33:12.0582 3828  ERSvc - ok
12:33:12.0691 3828  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
12:33:12.0847 3828  Eventlog - ok
12:33:13.0019 3828  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\System32\es.dll
12:33:13.0175 3828  EventSystem - ok
12:33:13.0285 3828  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
12:33:13.0472 3828  Fastfat - ok
12:33:13.0597 3828  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:33:13.0707 3828  FastUserSwitchingCompatibility - ok
12:33:13.0894 3828  [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax             C:\WINDOWS\system32\fxssvc.exe
12:33:14.0160 3828  Fax - ok
12:33:14.0223 3828  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
12:33:14.0348 3828  Fdc - ok
12:33:14.0395 3828  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
12:33:14.0520 3828  Fips - ok
12:33:14.0551 3828  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:33:14.0707 3828  Flpydisk - ok
12:33:14.0817 3828  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
12:33:15.0067 3828  FltMgr - ok
12:33:15.0270 3828  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:33:15.0301 3828  FontCache3.0.0.0 - ok
12:33:15.0317 3828  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:33:15.0426 3828  Fs_Rec - ok
12:33:15.0520 3828  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:33:15.0707 3828  Ftdisk - ok
12:33:15.0754 3828  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:33:15.0786 3828  GEARAspiWDM - ok
12:33:15.0848 3828  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:33:15.0989 3828  Gpc - ok
12:33:16.0020 3828  [ FC80052194D5708254A346568F0E77C0 ] GTNDIS5         C:\WINDOWS\system32\GTNDIS5.SYS
12:33:16.0051 3828  GTNDIS5 ( UnsignedFile.Multi.Generic ) - warning
12:33:16.0051 3828  GTNDIS5 - detected UnsignedFile.Multi.Generic (1)
12:33:16.0239 3828  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
12:33:16.0317 3828  gupdate - ok
12:33:16.0379 3828  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
12:33:16.0395 3828  gupdatem - ok
12:33:16.0583 3828  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:33:16.0708 3828  gusvc - ok
12:33:16.0833 3828  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:33:17.0036 3828  HDAudBus - ok
12:33:17.0098 3828  [ CC2C8C23417CC7DDF5EDDB17E60A14DB ] HECI            C:\WINDOWS\system32\DRIVERS\HECI.sys
12:33:17.0130 3828  HECI - ok
12:33:17.0270 3828  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:33:17.0395 3828  helpsvc - ok
12:33:17.0458 3828  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
12:33:17.0567 3828  HidServ - ok
12:33:17.0630 3828  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:33:17.0770 3828  hidusb - ok
12:33:17.0895 3828  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
12:33:18.0052 3828  hkmsvc - ok
12:33:18.0052 3828  hpn - ok
12:33:18.0052 3828  hpt3xx - ok
12:33:18.0239 3828  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
12:33:18.0396 3828  HTTP - ok
12:33:18.0442 3828  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
12:33:18.0567 3828  HTTPFilter - ok
12:33:18.0583 3828  i2omgmt - ok
12:33:18.0583 3828  i2omp - ok
12:33:18.0661 3828  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:33:18.0818 3828  i8042prt - ok
12:33:22.0084 3828  [ 612194ABC69A6DB0E2C49E1544CA93A0 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
12:33:28.0273 3828  ialm - ok
12:33:28.0523 3828  [ 707C1692214B1C290271067197F075F6 ] iaStor          C:\WINDOWS\system32\DRIVERS\iaStor.sys
12:33:28.0539 3828  iaStor - ok
12:33:29.0117 3828  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:33:30.0008 3828  idsvc - ok
12:33:30.0070 3828  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
12:33:30.0195 3828  Imapi - ok
12:33:30.0336 3828  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
12:33:30.0524 3828  ImapiService - ok
12:33:30.0524 3828  ini910u - ok
12:33:33.0071 3828  [ E37589414437A60797E94C0F57C546DB ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:33:37.0822 3828  IntcAzAudAddService - ok
12:33:37.0822 3828  IntelIde - ok
12:33:37.0900 3828  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:33:38.0010 3828  intelppm - ok
12:33:38.0057 3828  [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw           C:\WINDOWS\system32\drivers\ip6fw.sys
12:33:38.0197 3828  ip6fw - ok
12:33:38.0260 3828  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:33:38.0385 3828  IpFilterDriver - ok
12:33:38.0416 3828  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:33:38.0557 3828  IpInIp - ok
12:33:38.0682 3828  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:33:38.0869 3828  IpNat - ok
12:33:39.0213 3828  [ DC434081FBFD27C719473CB0CCE8DECA ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
12:33:39.0666 3828  iPod Service - ok
12:33:39.0745 3828  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:33:39.0901 3828  IPSec - ok
12:33:39.0948 3828  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
12:33:40.0057 3828  IRENUM - ok
12:33:40.0104 3828  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:33:40.0229 3828  isapnp - ok
12:33:40.0510 3828  [ 9ECF00E19736054E019C532AED8228FC ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
12:33:40.0635 3828  JavaQuickStarterService - ok
12:33:40.0714 3828  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:33:40.0839 3828  Kbdclass - ok
12:33:40.0870 3828  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:33:40.0979 3828  kbdhid - ok
12:33:41.0104 3828  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
12:33:41.0198 3828  kmixer - ok
12:33:41.0307 3828  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
12:33:41.0401 3828  KSecDD - ok
12:33:41.0495 3828  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
12:33:41.0589 3828  lanmanserver - ok
12:33:41.0698 3828  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:33:41.0792 3828  lanmanworkstation - ok
12:33:41.0792 3828  lbrtfdc - ok
12:33:41.0839 3828  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
12:33:41.0964 3828  LmHosts - ok
12:33:42.0355 3828  [ 9EE18A5A45552673A67532EA37370377 ] ltmodem5        C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
12:33:43.0105 3828  ltmodem5 - ok
12:33:43.0136 3828  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
12:33:43.0277 3828  Messenger - ok
12:33:43.0339 3828  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
12:33:43.0433 3828  mnmdd - ok
12:33:43.0496 3828  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
12:33:43.0636 3828  mnmsrvc - ok
12:33:43.0714 3828  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
12:33:43.0855 3828  Modem - ok
12:33:43.0886 3828  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:33:44.0011 3828  Mouclass - ok
12:33:44.0043 3828  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:33:44.0152 3828  mouhid - ok
12:33:44.0199 3828  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
12:33:44.0340 3828  MountMgr - ok
12:33:44.0340 3828  mraid35x - ok
12:33:44.0465 3828  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:33:44.0699 3828  MRxDAV - ok
12:33:44.0996 3828  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:33:45.0418 3828  MRxSmb - ok
12:33:45.0465 3828  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
12:33:45.0590 3828  MSDTC - ok
12:33:45.0605 3828  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
12:33:45.0746 3828  Msfs - ok
12:33:45.0746 3828  MSIServer - ok
12:33:45.0793 3828  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:33:45.0918 3828  MSKSSRV - ok
12:33:45.0949 3828  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:33:46.0059 3828  MSPCLOCK - ok
12:33:46.0090 3828  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
12:33:46.0199 3828  MSPQM - ok
12:33:46.0246 3828  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:33:46.0356 3828  mssmbios - ok
12:33:46.0465 3828  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
12:33:46.0543 3828  Mup - ok
12:33:46.0746 3828  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
12:33:47.0012 3828  napagent - ok
12:33:47.0168 3828  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
12:33:47.0372 3828  NDIS - ok
12:33:47.0434 3828  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:33:47.0465 3828  NdisTapi - ok
12:33:47.0497 3828  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:33:47.0590 3828  Ndisuio - ok
12:33:47.0653 3828  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:33:47.0809 3828  NdisWan - ok
12:33:47.0887 3828  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
12:33:47.0934 3828  NDProxy - ok
12:33:48.0012 3828  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
12:33:48.0153 3828  NetBIOS - ok
12:33:48.0278 3828  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
12:33:48.0481 3828  NetBT - ok
12:33:48.0591 3828  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
12:33:48.0762 3828  NetDDE - ok
12:33:48.0825 3828  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
12:33:48.0919 3828  NetDDEdsdm - ok
12:33:48.0981 3828  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
12:33:49.0091 3828  Netlogon - ok
12:33:49.0231 3828  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
12:33:49.0466 3828  Netman - ok
12:33:49.0544 3828  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:33:49.0591 3828  NetTcpPortSharing - ok
12:33:49.0685 3828  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:33:49.0888 3828  NIC1394 - ok
12:33:50.0060 3828  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
12:33:50.0232 3828  Nla - ok
12:33:50.0310 3828  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
12:33:50.0435 3828  Npfs - ok
12:33:50.0779 3828  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
12:33:51.0341 3828  Ntfs - ok
12:33:51.0373 3828  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\System32\lsass.exe
12:33:51.0466 3828  NtLmSsp - ok
12:33:51.0763 3828  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
12:33:52.0232 3828  NtmsSvc - ok
12:33:52.0263 3828  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
12:33:52.0373 3828  Null - ok
12:33:52.0420 3828  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:33:52.0529 3828  NwlnkFlt - ok
12:33:52.0576 3828  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:33:52.0701 3828  NwlnkFwd - ok
12:33:53.0076 3828  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:33:53.0482 3828  odserv - ok
12:33:53.0561 3828  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:33:53.0717 3828  ohci1394 - ok
12:33:53.0842 3828  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:33:53.0936 3828  ose - ok
12:33:53.0998 3828  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
12:33:54.0154 3828  Parport - ok
12:33:54.0201 3828  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
12:33:54.0326 3828  PartMgr - ok
12:33:54.0373 3828  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
12:33:54.0483 3828  ParVdm - ok
12:33:54.0545 3828  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
12:33:54.0717 3828  PCI - ok
12:33:54.0717 3828  PCIDump - ok
12:33:54.0764 3828  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
12:33:54.0858 3828  PCIIde - ok
12:33:54.0967 3828  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
12:33:55.0139 3828  Pcmcia - ok
12:33:55.0139 3828  PDCOMP - ok
12:33:55.0155 3828  PDFRAME - ok
12:33:55.0155 3828  PDRELI - ok
12:33:55.0155 3828  PDRFRAME - ok
12:33:55.0155 3828  perc2 - ok
12:33:55.0155 3828  perc2hib - ok
12:33:55.0233 3828  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
12:33:55.0280 3828  PlugPlay - ok
12:33:55.0374 3828  [ 0D337E0CF7041C5F538B27C2F86E48BF ] Pml Driver HPH11 C:\WINDOWS\System32\HPHipm11.exe
12:33:55.0436 3828  Pml Driver HPH11 ( UnsignedFile.Multi.Generic ) - warning
12:33:55.0436 3828  Pml Driver HPH11 - detected UnsignedFile.Multi.Generic (1)
12:33:55.0452 3828  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
12:33:55.0545 3828  PolicyAgent - ok
12:33:55.0608 3828  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:33:55.0733 3828  PptpMiniport - ok
12:33:55.0764 3828  [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
12:33:55.0874 3828  Processor - ok
12:33:55.0889 3828  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:33:55.0983 3828  ProtectedStorage - ok
12:33:56.0030 3828  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
12:33:56.0171 3828  PSched - ok
12:33:56.0202 3828  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:33:56.0327 3828  Ptilink - ok
12:33:56.0389 3828  [ 183EF96BCC2EC3D5294CB2C2C0ECBCD1 ] PxHelp20        C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
12:33:56.0405 3828  PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
12:33:56.0405 3828  PxHelp20 - detected UnsignedFile.Multi.Generic (1)
12:33:56.0421 3828  ql1080 - ok
12:33:56.0421 3828  Ql10wnt - ok
12:33:56.0421 3828  ql12160 - ok
12:33:56.0421 3828  ql1240 - ok
12:33:56.0421 3828  ql1280 - ok
12:33:56.0452 3828  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:33:56.0530 3828  RasAcd - ok
12:33:56.0639 3828  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
12:33:56.0858 3828  RasAuto - ok
12:33:56.0936 3828  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:33:57.0046 3828  Rasl2tp - ok
12:33:57.0202 3828  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
12:33:57.0421 3828  RasMan - ok
12:33:57.0452 3828  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:33:57.0562 3828  RasPppoe - ok
12:33:57.0593 3828  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
12:33:57.0733 3828  Raspti - ok
12:33:57.0859 3828  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:33:58.0062 3828  Rdbss - ok
12:33:58.0093 3828  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:33:58.0187 3828  RDPCDD - ok
12:33:58.0327 3828  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
12:33:58.0437 3828  RDPWD - ok
12:33:58.0562 3828  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
12:33:58.0781 3828  RDSessMgr - ok
12:33:58.0843 3828  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
12:33:58.0984 3828  redbook - ok
12:33:59.0062 3828  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
12:33:59.0187 3828  RemoteAccess - ok
12:33:59.0296 3828  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\System32\locator.exe
12:33:59.0437 3828  RpcLocator - ok
12:33:59.0671 3828  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
12:33:59.0843 3828  RpcSs - ok
12:33:59.0937 3828  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\System32\rsvp.exe
12:34:00.0093 3828  RSVP - ok
12:34:00.0140 3828  [ D507C1400284176573224903819FFDA3 ] rtl8139         C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
12:34:00.0265 3828  rtl8139 - ok
12:34:00.0297 3828  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
12:34:00.0390 3828  SamSs - ok
12:34:00.0484 3828  [ A3281AEC37E0720A2BC28034C2DF2A56 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:34:00.0515 3828  SASDIFSV - ok
12:34:00.0562 3828  [ 61DB0D0756A99506207FD724E3692B25 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
12:34:00.0609 3828  SASKUTIL - ok
12:34:00.0734 3828  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
12:34:00.0891 3828  SCardSvr - ok
12:34:01.0047 3828  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
12:34:01.0266 3828  Schedule - ok
12:34:01.0328 3828  [ A2B0F1AD2919B13C7EB0FC743492BFD1 ] SCR3xx USB Smart Card Reader C:\WINDOWS\system32\DRIVERS\SCR3XX2K.sys
12:34:01.0391 3828  SCR3xx USB Smart Card Reader - ok
12:34:01.0453 3828  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:34:01.0578 3828  Secdrv - ok
12:34:01.0641 3828  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
12:34:01.0766 3828  seclogon - ok
12:34:01.0813 3828  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
12:34:01.0953 3828  SENS - ok
12:34:02.0000 3828  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
12:34:02.0125 3828  serenum - ok
12:34:02.0172 3828  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
12:34:02.0313 3828  Serial - ok
12:34:02.0344 3828  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
12:34:02.0453 3828  Sfloppy - ok
12:34:02.0719 3828  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
12:34:03.0157 3828  SharedAccess - ok
12:34:03.0250 3828  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:34:03.0266 3828  ShellHWDetection - ok
12:34:03.0266 3828  Simbad - ok
12:34:03.0266 3828  Sparrow - ok
12:34:03.0329 3828  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
12:34:03.0501 3828  splitter - ok
12:34:03.0579 3828  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
12:34:03.0657 3828  Spooler - ok
12:34:03.0751 3828  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
12:34:03.0891 3828  sr - ok
12:34:04.0048 3828  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
12:34:04.0251 3828  srservice - ok
12:34:04.0501 3828  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
12:34:04.0860 3828  Srv - ok
12:34:04.0954 3828  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
12:34:05.0282 3828  SSDPSRV - ok
12:34:05.0313 3828  [ F843301BDADB2728822C83413EF5F132 ] ssmirrdr        C:\WINDOWS\system32\DRIVERS\ssmirrdr.sys
12:34:05.0329 3828  ssmirrdr - ok
12:34:05.0564 3828  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
12:34:06.0064 3828  stisvc - ok
12:34:06.0189 3828  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
12:34:06.0298 3828  swenum - ok
12:34:06.0345 3828  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
12:34:06.0486 3828  swmidi - ok
12:34:06.0486 3828  SwPrv - ok
12:34:06.0501 3828  symc810 - ok
12:34:06.0501 3828  symc8xx - ok
12:34:06.0501 3828  sym_hi - ok
12:34:06.0501 3828  sym_u3 - ok
12:34:06.0548 3828  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
12:34:06.0736 3828  sysaudio - ok
12:34:06.0814 3828  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
12:34:07.0017 3828  SysmonLog - ok
12:34:07.0330 3828  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
12:34:07.0580 3828  TapiSrv - ok
12:34:07.0830 3828  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:34:08.0220 3828  Tcpip - ok
12:34:08.0267 3828  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
12:34:08.0392 3828  TDPIPE - ok
12:34:08.0424 3828  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
12:34:08.0549 3828  TDTCP - ok
12:34:08.0596 3828  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
12:34:08.0736 3828  TermDD - ok
12:34:08.0955 3828  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
12:34:09.0236 3828  TermService - ok
12:34:09.0330 3828  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
12:34:09.0346 3828  Themes - ok
12:34:09.0346 3828  TosIde - ok
12:34:09.0408 3828  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
12:34:09.0565 3828  TrkWks - ok
12:34:09.0627 3828  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
12:34:09.0768 3828  Udfs - ok
12:34:09.0768 3828  ultra - ok
12:34:10.0033 3828  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
12:34:10.0471 3828  Update - ok
12:34:10.0627 3828  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
12:34:10.0830 3828  upnphost - ok
12:34:10.0862 3828  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
12:34:10.0987 3828  UPS - ok
12:34:11.0065 3828  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
12:34:11.0221 3828  usbaudio - ok
12:34:11.0252 3828  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:34:11.0378 3828  usbccgp - ok
12:34:11.0424 3828  [ 6B5E4D5E6E5ECD6ACD14AED59768CE5C ] USBCCID         C:\WINDOWS\system32\DRIVERS\usbccid.sys
12:34:11.0487 3828  USBCCID - ok
12:34:11.0518 3828  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:34:11.0690 3828  usbehci - ok
12:34:11.0753 3828  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:34:11.0893 3828  usbhub - ok
12:34:11.0940 3828  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:34:12.0065 3828  usbprint - ok
12:34:12.0112 3828  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:34:12.0221 3828  usbscan - ok
12:34:12.0268 3828  [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:34:12.0393 3828  usbstor - ok
12:34:12.0425 3828  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:34:12.0534 3828  usbuhci - ok
12:34:12.0581 3828  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
12:34:12.0722 3828  VgaSave - ok
12:34:12.0722 3828  ViaIde - ok
12:34:12.0768 3828  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
12:34:12.0894 3828  VolSnap - ok
12:34:12.0956 3828  [ EA630566440BA12053CD599919AFFD33 ] VRDVC20         C:\WINDOWS\system32\Drivers\VRDVC20X.SYS
12:34:13.0003 3828  VRDVC20 ( UnsignedFile.Multi.Generic ) - warning
12:34:13.0003 3828  VRDVC20 - detected UnsignedFile.Multi.Generic (1)
12:34:13.0206 3828  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
12:34:13.0503 3828  VSS - ok
12:34:13.0644 3828  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
12:34:13.0894 3828  W32Time - ok
12:34:13.0925 3828  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:34:14.0050 3828  Wanarp - ok
12:34:14.0050 3828  WDICA - ok
12:34:14.0159 3828  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
12:34:14.0300 3828  wdmaud - ok
12:34:14.0394 3828  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
12:34:14.0535 3828  WebClient - ok
12:34:14.0722 3828  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
12:34:14.0894 3828  winmgmt - ok
12:34:15.0550 3828  [ 18F347402DA544A780949B8FDF83351B ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
12:34:16.0676 3828  WinRM - ok
12:34:16.0723 3828  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
12:34:16.0754 3828  WmdmPmSN - ok
12:34:16.0879 3828  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
12:34:17.0051 3828  WmiApSrv - ok
12:34:17.0645 3828  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
12:34:18.0614 3828  WMPNetworkSvc - ok
12:34:19.0161 3828  [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:34:19.0880 3828  WPFFontCache_v0400 - ok
12:34:19.0911 3828  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:34:20.0052 3828  WS2IFSL - ok
12:34:20.0145 3828  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
12:34:20.0302 3828  wscsvc - ok
12:34:20.0333 3828  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
12:34:20.0442 3828  wuauserv - ok
12:34:20.0520 3828  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:34:20.0614 3828  WudfPf - ok
12:34:20.0677 3828  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:34:20.0770 3828  WudfRd - ok
12:34:20.0817 3828  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
12:34:20.0880 3828  WudfSvc - ok
12:34:20.0974 3828  [ 0F82A97056EA208183C0085589F83050 ] WUSB54GV4SRV    C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
12:34:21.0036 3828  WUSB54GV4SRV - ok
12:34:21.0364 3828  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
12:34:21.0880 3828  WZCSVC - ok
12:34:21.0990 3828  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
12:34:22.0146 3828  xmlprov - ok
12:34:22.0161 3828  ================ Scan global ===============================
12:34:22.0224 3828  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
12:34:22.0443 3828  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
12:34:22.0771 3828  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
12:34:22.0865 3828  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
12:34:22.0880 3828  [Global] - ok
12:34:22.0880 3828  ================ Scan MBR ==================================
12:34:22.0912 3828  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
12:34:23.0427 3828  \Device\Harddisk0\DR0 - ok
12:34:23.0427 3828  ================ Scan VBR ==================================
12:34:23.0427 3828  [ 67D94996929AC35169F8F91246C67A61 ] \Device\Harddisk0\DR0\Partition1
12:34:23.0443 3828  \Device\Harddisk0\DR0\Partition1 - ok
12:34:23.0443 3828  ============================================================
12:34:23.0443 3828  Scan finished
12:34:23.0443 3828  ============================================================
12:34:23.0552 1424  Detected object count: 9
12:34:23.0552 1424  Actual detected object count: 9
12:37:59.0028 1424  BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:59.0028 1424  BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:59.0028 1424  Dot4 HPH11 ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:59.0028 1424  Dot4 HPH11 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:59.0028 1424  Dot4Print HPH11 ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:59.0028 1424  Dot4Print HPH11 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:59.0028 1424  Dot4Storage HPH11 ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:59.0028 1424  Dot4Storage HPH11 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:59.0028 1424  Dot4Usb HPH11 ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:59.0028 1424  Dot4Usb HPH11 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:59.0028 1424  GTNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:59.0028 1424  GTNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:59.0028 1424  Pml Driver HPH11 ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:59.0028 1424  Pml Driver HPH11 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:59.0028 1424  PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:59.0028 1424  PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:59.0028 1424  VRDVC20 ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:59.0028 1424  VRDVC20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:40:19.0688 4064  Deinitialize success
 
 
 
 
 
 
 
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-03 12:53:51
-----------------------------
12:53:51.093    OS Version: Windows 5.1.2600 Service Pack 3
12:53:51.093    Number of processors: 2 586 0xF0B
12:53:51.093    ComputerName: MICHELLEBELL  UserName:
12:53:53.171    Initialize success
12:53:53.312    AVAST engine defs: 13090300
12:54:22.843    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
12:54:22.843    Disk 0 Vendor: WDC_WD400EB-11CPF0 06.04G06 Size: 38166MB BusType: 3
12:54:23.031    Disk 0 MBR read successfully
12:54:23.031    Disk 0 MBR scan
12:54:23.031    Disk 0 Windows XP default MBR code
12:54:23.031    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        38161 MB offset 63
12:54:23.046    Disk 0 scanning sectors +78155280
12:54:23.265    Disk 0 scanning C:\WINDOWS\system32\drivers
12:54:51.000    Service scanning
12:55:37.562    Modules scanning
12:56:03.078    Disk 0 trace - called modules:
12:56:03.109    ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
12:56:03.109    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac87ab8]
12:56:03.109    3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8ad1cd98]
12:56:05.000    AVAST engine scan C:\WINDOWS
12:56:51.671    AVAST engine scan C:\WINDOWS\system32
13:05:20.890    AVAST engine scan C:\WINDOWS\system32\drivers
13:05:51.781    AVAST engine scan C:\Documents and Settings\Robert Porter
13:19:04.359    AVAST engine scan C:\Documents and Settings\All Users
13:21:31.062    Scan finished successfully
13:57:48.921    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Robert Porter\Desktop\MBR.dat"
13:57:48.937    The log file has been saved successfully to "C:\Documents and Settings\Robert Porter\Desktop\aswMBR.txt"
 
 
 
 

 
 
 
 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:08 PM

Posted 04 September 2013 - 09:03 AM

Question for when we finish out.:
As stated above don't have original HP windows home disk, however I do have Dell and Gateway oem win home disks.
Discovered online you can back up wpa.dbl and wpa.bak files from sys32 folder (theese are the win key registry files.)
Would like to run a win REPAIR from one of these disks, reboot when finished to command prompt or safe mode,
copy 2 sys32 files back and reboot. This is supposed to avert win key proplems be puting back in the old registration from original disk.

Ever heard this, is it viable to help restore win sys files. would it be any better than windows file protection SFC scan
which I've already done couple times??? Appreciate your input


This question should be asked in the XP forum
http://www.bleepingcomputer.com/forums/forum56.html

One wrong change and you may have to use the Computer as a door holder.
===

shutdown and seems to have constant freezing and glitches

This may be caused by a running program.

Before you shutdown, close all windows, browsers and disconnect from the net.

If all is well this would indicate that one or more of the applications is/are the culprit.


Next time you shutdown, close all of the applications except one.

By trial and error you may be able to find the reason for this issue.
===

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#7 Lexluther64

Lexluther64
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 04 September 2013 - 09:32 AM

Thanks for info on repair with possible backup up win key registration files, will ask elsewhere.. Just for clarification from above quote...freezes and glitches are during regular operation...just hangs for while or total freeze requiring reboot. Shut down just seem very long and delayed, but understand about rennuning program possible problem, however has never gone as far as requesting a forced shutdown due to program not closing.

 

Below is requested FSS file:

 

Farbar Service Scanner Version: 28-08-2013
Ran by Robert Porter (administrator) on 04-09-2013 at 07:25:25
Running from "C:\Documents and Settings\Robert Porter\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(9) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x09000000050000000100000002000000030000000400000009000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:08 PM

Posted 04 September 2013 - 10:24 AM


This is not required at start up.

mRun: [IgfxTray] c:\windows\system32\bak\igfxtray.exe

http://www.bleepingcomputer.com/startups/igfxtray.exe-2147.html

Disable it via msconfig.
===

p.s.
Why are some of the processes located in the \bak forlder.
check the DDS log.
===

Try this also.

Download ATF Cleaner by Atribune from here hereand save it to your Desktop.
Follow the instructions for the browser you use.

Read the instructions about the cookies. Delete what you do not need.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
*Prefetch (Windows XP) only.
Java Cache


The rest are optional - if you want to remove the lot, check "Select All".
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.

If you use the Firefox or Opera browsers, you can use this program as a quick way to tidy those up as well.

When you have finished, click on the Exit button in the Main menu.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

* The purpose of Prefetch folder is to increase the speed at which you can access the programs that you use on your PC. Unfortunately, Windows doesn't differentiate between a program you use every day and one you use every blue moon, which means that it may be prefetching a lot of stuff that you rarely use, adding to your startup time.
You may find that the first time you boot up after cleaning out this folder, your PC takes longer to get into gear - the second, and subsequent, boots should be quicker.

#9 Lexluther64

Lexluther64
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 04 September 2013 - 11:20 AM

Disabled IGFXTRAY throug msconfig/starup per request.

 

No clue why there is a BAK folder in sys32 folder.

Computer sent to me after someone else tried fixxing.

May be why I found no actual virus/trojan/rootkit issues

Howverever I have certainly come across extensive damaged and corrupted

or missing files so far, which I presume are from past infections.

 

Downloaded ATF cleaner...couldn't find any instruction related to cookies...choose to select all for removal.

Eliminated 173MB from drive.

 

Posting this before shutdown and restart from above actions.... Takes me bit to navigated back here each time I log out

Will reboot couple times and navavigate around and see if things seem better then repost






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users