Jump to content

Urge

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral
  1. OK, I ran chkdsk again and here is the report... Checking file system on C: The type of the file system is NTFS. Volume label is OS. A disk check has been scheduled. Windows will now check the disk. Cleaning up minor inconsistencies on the drive. Cleaning up 2 unused index entries from index $SII of file 0x9. Cleaning up 2 unused index entries from index $SDH of file 0x9. Cleaning up 2 unused security descriptors. CHKDSK is verifying Usn Journal... Usn Journal verification completed. 15374172 KB total disk space. 5677816 KB in 26952 files. 9116 KB in 4383 indexes. 0 KB in bad sectors. 210884 KB in use by the system. 65536 KB occupied by the log file. 9476356 KB available on disk. 4096 bytes in each allocation unit. 3843543 total allocation units on disk. 2369089 allocation units available on disk. Internal Info: c0 ab 01 00 73 7a 00 00 38 a5 00 00 00 00 00 00 ....sz..8....... f7 00 00 00 02 00 00 00 51 03 00 00 00 00 00 00 ........Q....... 90 4e 5a 03 00 00 00 00 f6 62 f7 0e 00 00 00 00 .NZ......b...... 06 ff 6a 03 00 00 00 00 00 00 00 00 00 00 00 00 ..j............. 00 00 00 00 00 00 00 00 2c e4 09 1d 00 00 00 00 ........,....... 99 9e 36 00 00 00 00 00 08 41 07 00 48 69 00 00 ..6......A..Hi.. 00 00 00 00 00 e0 8b 5a 01 00 00 00 1f 11 00 00 .......Z........ Windows has finished checking your disk. Please wait while your computer restarts. What exactly is it that you see? Where do you see a discrepancy? isn't this just a minor cleanup? I would like to thank you for your help and persistance, we have been going back and forth for a month and a half now. Urge
  2. I ran chkdsk /r. Here are the results: Event Type: Information Event Source: Winlogon Event Category: None Event ID: 1001 Date: 1/8/2012 Time: 1:29:49 PM User: N/A Computer: CATWOMAN Description: Checking file system on C: The type of the file system is NTFS. Volume label is OS. A disk check has been scheduled. Windows will now check the disk. Cleaning up minor inconsistencies on the drive. Cleaning up 5 unused index entries from index $SII of file 0x9. Cleaning up 5 unused index entries from index $SDH of file 0x9. Cleaning up 5 unused security descriptors. CHKDSK is verifying Usn Journal... Usn Journal verification completed. CHKDSK is verifying file data (stage 4 of 5)... File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... Free space verification is complete. 15374172 KB total disk space. 5481288 KB in 26134 files. 8788 KB in 3910 indexes. 0 KB in bad sectors. 212932 KB in use by the system. 65536 KB occupied by the log file. 9671164 KB available on disk. 4096 bytes in each allocation unit. 3843543 total allocation units on disk. 2417791 allocation units available on disk. Internal Info: c0 ab 01 00 68 75 00 00 c1 9e 00 00 00 00 00 00 ....hu.......... f4 00 00 00 02 00 00 00 53 03 00 00 00 00 00 00 ........S....... 06 ff 6a 03 00 00 00 00 a6 e6 7c 0f 00 00 00 00 ..j.......|..... 52 3a 66 03 00 00 00 00 1a f3 e5 f2 00 00 00 00 R:f............. f4 6e a6 46 00 00 00 00 88 b8 e9 56 01 00 00 00 .n.F.......V.... 99 9e 36 00 00 00 00 00 08 41 07 00 16 66 00 00 ..6......A...f.. 00 00 00 00 00 20 8d 4e 01 00 00 00 46 0f 00 00 ..... .N....F... Windows has finished checking your disk. Please wait while your computer restarts. I don't see that. Here is what it repaired: Cleaning up minor inconsistencies on the drive. Cleaning up 5 unused index entries from index $SII of file 0x9. Cleaning up 5 unused index entries from index $SDH of file 0x9. Cleaning up 5 unused security descriptors. Now I don't know but these don't seem like serious issues to me. Am I wrong? I use A utility called Hard Drive Health. I have used it on multiple computers over the years and it has saved me from data loss at least twice when it alerted me to impending hard drive failure. HDD Health is showing that both of my drives are at 100%. In the past that % dropped significantly before I had any issues. I would like to hear your thoughts on this. Urge
  3. Hi, Sorry this took so long. Here are the results. The type of the file system is NTFS. Volume label is OS. WARNING! F parameter not specified. Running CHKDSK in read-only mode. CHKDSK is verifying files (stage 1 of 3)... 0 percent completed. 1 percent completed. 2 percent completed. 3 percent completed. 4 percent completed. 5 percent completed. 6 percent completed. 7 percent completed. 8 percent completed. 9 percent completed. 10 percent completed. 11 percent completed. 12 percent completed. 13 percent completed. 14 percent completed. 15 percent completed. 16 percent completed. 17 percent completed. 18 percent completed. 19 percent completed. 20 percent completed. 21 percent completed. 22 percent completed. 23 percent completed. 24 percent completed. 25 percent completed. 26 percent completed. 27 percent completed. 28 percent completed. 29 percent completed. 30 percent completed. 31 percent completed. 32 percent completed. 33 percent completed. 34 percent completed. 35 percent completed. 36 percent completed. 37 percent completed. 38 percent completed. 39 percent completed. 40 percent completed. 41 percent completed. 42 percent completed. 43 percent completed. 44 percent completed. 45 percent completed. 46 percent completed. 47 percent completed. 48 percent completed. 49 percent completed. 50 percent completed. 51 percent completed. 52 percent completed. 53 percent completed. 54 percent completed. 55 percent completed. 56 percent completed. 57 percent completed. 58 percent completed. 59 percent completed. 60 percent completed. 61 percent completed. 62 percent completed. 63 percent completed. 64 percent completed. 65 percent completed. 66 percent completed. 67 percent completed. 68 percent completed. 69 percent completed. 70 percent completed. 71 percent completed. 72 percent completed. 73 percent completed. 74 percent completed. 75 percent completed. 76 percent completed. 77 percent completed. 78 percent completed. 79 percent completed. 80 percent completed. 81 percent completed. 82 percent completed. 83 percent completed. 84 percent completed. 85 percent completed. 86 percent completed. 87 percent completed. 88 percent completed. 89 percent completed. 90 percent completed. 91 percent completed. 92 percent completed. 93 percent completed. 94 percent completed. 95 percent completed. 96 percent completed. 97 percent completed. 98 percent completed. 99 percent completed. 100 percent completed. File verification completed. CHKDSK is verifying indexes (stage 2 of 3)... 0 percent completed. 1 percent completed. 2 percent completed. 3 percent completed. 4 percent completed. 5 percent completed. 6 percent completed. 7 percent completed. 8 percent completed. 9 percent completed. 10 percent completed. 11 percent completed. 12 percent completed. 13 percent completed. 14 percent completed. 15 percent completed. 16 percent completed. 17 percent completed. 18 percent completed. 19 percent completed. 20 percent completed. 21 percent completed. 22 percent completed. 23 percent completed. 24 percent completed. 25 percent completed. 26 percent completed. 27 percent completed. 28 percent completed. 29 percent completed. 30 percent completed. 31 percent completed. 32 percent completed. 33 percent completed. 34 percent completed. 35 percent completed. 36 percent completed. 37 percent completed. 38 percent completed. 39 percent completed. 40 percent completed. 41 percent completed. 42 percent completed. 43 percent completed. 44 percent completed. 45 percent completed. 46 percent completed. 47 percent completed. 48 percent completed. 49 percent completed. 50 percent completed. 51 percent completed. 52 percent completed. 53 percent completed. 54 percent completed. 55 percent completed. 56 percent completed. 57 percent completed. 58 percent completed. 59 percent completed. 60 percent completed. 61 percent completed. 62 percent completed. 63 percent completed. 64 percent completed. 65 percent completed. 66 percent completed. 67 percent completed. 68 percent completed. 69 percent completed. 70 percent completed. 71 percent completed. 72 percent completed. 73 percent completed. 74 percent completed. 75 percent completed. 76 percent completed. 77 percent completed. 78 percent completed. 79 percent completed. 80 percent completed. 81 percent completed. 82 percent completed. 83 percent completed. 84 percent completed. 85 percent completed. 86 percent completed. 87 percent completed. 88 percent completed. 89 percent completed. 90 percent completed. 91 percent completed. 92 percent completed. 93 percent completed. 94 percent completed. 95 percent completed. 96 percent completed. 97 percent completed. 98 percent completed. 99 percent completed. 100 percent completed. Index verification completed. CHKDSK is verifying security descriptors (stage 3 of 3)... 0 percent completed. 1 percent completed. 2 percent completed. 3 percent completed. 4 percent completed. 5 percent completed. 6 percent completed. 7 percent completed. 8 percent completed. 9 percent completed. 10 percent completed. 11 percent completed. 12 percent completed. 13 percent completed. 14 percent completed. 15 percent completed. 16 percent completed. 17 percent completed. 18 percent completed. 19 percent completed. 20 percent completed. 21 percent completed. 22 percent completed. 23 percent completed. 24 percent completed. 25 percent completed. 26 percent completed. 27 percent completed. 28 percent completed. 29 percent completed. 30 percent completed. 31 percent completed. 32 percent completed. 33 percent completed. 34 percent completed. 35 percent completed. 36 percent completed. 37 percent completed. 38 percent completed. 39 percent completed. 40 percent completed. 41 percent completed. 42 percent completed. 43 percent completed. 44 percent completed. 45 percent completed. 46 percent completed. 47 percent completed. 48 percent completed. 49 percent completed. 50 percent completed. 51 percent completed. 52 percent completed. 53 percent completed. 54 percent completed. 55 percent completed. 56 percent completed. 57 percent completed. 58 percent completed. 59 percent completed. 60 percent completed. 61 percent completed. 62 percent completed. 63 percent completed. 64 percent completed. 65 percent completed. 66 percent completed. 67 percent completed. 68 percent completed. 69 percent completed. 70 percent completed. 71 percent completed. 72 percent completed. 73 percent completed. 74 percent completed. 75 percent completed. 76 percent completed. 77 percent completed. 78 percent completed. 79 percent completed. 80 percent completed. 81 percent completed. 82 percent completed. 83 percent completed. 84 percent completed. 85 percent completed. 86 percent completed. 87 percent completed. 88 percent completed. 89 percent completed. 90 percent completed. 91 percent completed. 92 percent completed. 93 percent completed. 94 percent completed. 95 percent completed. 96 percent completed. 97 percent completed. 98 percent completed. 99 percent completed. 100 percent completed. Security descriptor verification completed. CHKDSK is verifying Usn Journal... Usn Journal verification completed. CHKDSK discovered free space marked as allocated in the volume bitmap. Windows found problems with the file system. Run CHKDSK with the /F (fix) option to correct these. 15374172 KB total disk space. 5601744 KB in 64520 files. 21628 KB in 7793 indexes. 0 KB in bad sectors. 172892 KB in use by the system. 65536 KB occupied by the log file. 9577908 KB available on disk. 4096 bytes in each allocation unit. 3843543 total allocation units on disk. 2394477 allocation units available on disk. My link I couldn't do the speed tests because the PCPitstop program kept trying to install Flash Player 11 even after I installed it successfully outside of the test. It didn't matter if I said yes or no. I looked thru the troubleshooting section of the pitstop tests but didn't see anything that might help. I should probably run CHKDSK with the /F option but I'll wait until you respond. Urge
  4. Hi, Imagine, taking time off over the holidays-you slacker. No problem brother. I downloaded tdsskiller but 7zip wouldn't unzip the file. This is the 1st time that 7zip has failed to do it's job. I tried with Windows extraction wizard also but no go. I used another computer in my house and downloaded the file and had no problem unzipping and opening it. I renamed it and transferred it to a flash drive and then to the problem computer. It ran with no problems. Here are the logs from all the scans. Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Database version: v2011.12.28.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.13 Bill :: CATWOMAN [limited] 12/28/2011 12:00:40 AM mbam-log-2011-12-28 (00-00-40).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 193199 Time elapsed: 5 minute(s), 29 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) 13:50:22.0132 2648 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16 13:50:24.0132 2648 ============================================================ 13:50:24.0132 2648 Current date / time: 2011/12/28 13:50:24.0132 13:50:24.0132 2648 SystemInfo: 13:50:24.0132 2648 13:50:24.0132 2648 OS Version: 5.1.2600 ServicePack: 3.0 13:50:24.0132 2648 Product type: Workstation 13:50:24.0132 2648 ComputerName: CATWOMAN 13:50:24.0132 2648 UserName: Bill 13:50:24.0132 2648 Windows directory: C:\WINDOWS 13:50:24.0132 2648 System windows directory: C:\WINDOWS 13:50:24.0132 2648 Processor architecture: Intel x86 13:50:24.0132 2648 Number of processors: 1 13:50:24.0132 2648 Page size: 0x1000 13:50:24.0132 2648 Boot type: Normal boot 13:50:24.0132 2648 ============================================================ 13:50:25.0320 2648 Initialize success 13:50:33.0632 2496 ============================================================ 13:50:33.0632 2496 Scan started 13:50:33.0632 2496 Mode: Manual; 13:50:33.0632 2496 ============================================================ 13:50:34.0289 2496 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys 13:50:34.0289 2496 Aavmker4 - ok 13:50:34.0335 2496 Abiosdsk - ok 13:50:34.0382 2496 abp480n5 - ok 13:50:34.0476 2496 ACPI (7517e9b5fe4811cbd7712af820028cc4) C:\WINDOWS\system32\DRIVERS\ACPI.sys 13:50:34.0492 2496 ACPI - ok 13:50:34.0554 2496 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 13:50:34.0554 2496 ACPIEC - ok 13:50:34.0617 2496 adpu160m - ok 13:50:34.0695 2496 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys 13:50:34.0695 2496 aeaudio - ok 13:50:34.0757 2496 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 13:50:34.0757 2496 aec - ok 13:50:34.0835 2496 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 13:50:34.0851 2496 AFD - ok 13:50:34.0929 2496 AFS2K (b34b1ab0a7690a0e2301fec6d17b2fc1) C:\WINDOWS\system32\drivers\AFS2K.sys 13:50:34.0929 2496 AFS2K - ok 13:50:34.0992 2496 agp440 (c2747d85dc39724e0d1cb00accd94494) C:\WINDOWS\system32\DRIVERS\agp440.sys 13:50:35.0007 2496 agp440 - ok 13:50:35.0054 2496 Aha154x - ok 13:50:35.0085 2496 aic78u2 - ok 13:50:35.0132 2496 aic78xx - ok 13:50:35.0210 2496 AliIde - ok 13:50:35.0257 2496 amsint - ok 13:50:35.0320 2496 asc - ok 13:50:35.0367 2496 asc3350p - ok 13:50:35.0398 2496 asc3550 - ok 13:50:35.0523 2496 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys 13:50:35.0523 2496 aswFsBlk - ok 13:50:35.0585 2496 aswFW (9b88d53227e0bc1ce62a981b2fcd67c8) C:\WINDOWS\system32\drivers\aswFW.sys 13:50:35.0585 2496 aswFW - ok 13:50:35.0648 2496 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys 13:50:35.0648 2496 aswMon2 - ok 13:50:35.0710 2496 aswNdis (7b948e3657bea62e437bc46ca6ef6012) C:\WINDOWS\system32\DRIVERS\aswNdis.sys 13:50:35.0710 2496 aswNdis - ok 13:50:35.0773 2496 aswNdis2 (2d26aaee48a48e64129b4ae1d0ab3a3b) C:\WINDOWS\system32\drivers\aswNdis2.sys 13:50:35.0773 2496 aswNdis2 - ok 13:50:35.0820 2496 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys 13:50:35.0820 2496 aswRdr - ok 13:50:35.0914 2496 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys 13:50:35.0929 2496 aswSnx - ok 13:50:36.0007 2496 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys 13:50:36.0007 2496 aswSP - ok 13:50:36.0070 2496 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys 13:50:36.0070 2496 aswTdi - ok 13:50:36.0132 2496 AsyncMac (34c951228c152a248357409cb680ce13) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 13:50:36.0132 2496 AsyncMac - ok 13:50:36.0210 2496 atapi (65ea06f8711fb3a64ec7d323e350f456) C:\WINDOWS\system32\DRIVERS\atapi.sys 13:50:36.0210 2496 atapi - ok 13:50:36.0351 2496 Atdisk - ok 13:50:36.0460 2496 ati2mtaa (2d030c2f6b036ca0bc243e1b16d924d1) C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys 13:50:36.0476 2496 ati2mtaa - ok 13:50:36.0539 2496 Atmarpc (ce372a820e4f4e808b574050ec35c049) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 13:50:36.0539 2496 Atmarpc - ok 13:50:36.0632 2496 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 13:50:36.0648 2496 audstub - ok 13:50:36.0726 2496 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys 13:50:36.0742 2496 BANTExt - ok 13:50:36.0835 2496 BCMModem (2d39d498108c4810ef8cc1103a2a5b73) C:\WINDOWS\system32\DRIVERS\BCMDM.sys 13:50:36.0898 2496 BCMModem - ok 13:50:36.0960 2496 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 13:50:36.0960 2496 Beep - ok 13:50:37.0070 2496 catchme - ok 13:50:37.0132 2496 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 13:50:37.0132 2496 cbidf2k - ok 13:50:37.0179 2496 cd20xrnt - ok 13:50:37.0242 2496 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 13:50:37.0242 2496 Cdaudio - ok 13:50:37.0289 2496 Cdfs (3a8d04c6533a344973ba5cce5be2609b) C:\WINDOWS\system32\drivers\Cdfs.sys 13:50:37.0304 2496 Cdfs - ok 13:50:37.0382 2496 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys 13:50:37.0382 2496 Cdrom - ok 13:50:37.0429 2496 Changer - ok 13:50:37.0507 2496 CmdIde - ok 13:50:37.0601 2496 Cpqarray - ok 13:50:37.0664 2496 dac2w2k - ok 13:50:37.0695 2496 dac960nt - ok 13:50:37.0773 2496 Disk (db7ba51015765db476457bedd53d3cfe) C:\WINDOWS\system32\DRIVERS\disk.sys 13:50:37.0773 2496 Disk - ok 13:50:37.0851 2496 dmboot (ba1f9637c50d105fb8ebe334d57bc16e) C:\WINDOWS\system32\drivers\dmboot.sys 13:50:37.0882 2496 dmboot - ok 13:50:37.0945 2496 dmio (a29d408f65291721091bc21a48ceed00) C:\WINDOWS\system32\drivers\dmio.sys 13:50:37.0945 2496 dmio - ok 13:50:37.0992 2496 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 13:50:37.0992 2496 dmload - ok 13:50:38.0085 2496 DMusic (0fdc464e960b5c9665d89fe00bc972a3) C:\WINDOWS\system32\drivers\DMusic.sys 13:50:38.0085 2496 DMusic - ok 13:50:38.0164 2496 dpti2o - ok 13:50:38.0210 2496 drmkaud (6d5ca8474cf00a2765b6d6b35a57e89c) C:\WINDOWS\system32\drivers\drmkaud.sys 13:50:38.0210 2496 drmkaud - ok 13:50:38.0289 2496 E1000 (854293999e91bf2eb9e786166de4a35f) C:\WINDOWS\system32\DRIVERS\e1000325.sys 13:50:38.0289 2496 E1000 - ok 13:50:38.0351 2496 E100B (98ed0bea10477b0f252cca35eb50f838) C:\WINDOWS\system32\DRIVERS\e100b325.sys 13:50:38.0367 2496 E100B - ok 13:50:38.0492 2496 exFat (3ef58f2eae3aecab45d682152db2f67d) C:\WINDOWS\system32\drivers\exFat.sys 13:50:38.0492 2496 exFat - ok 13:50:38.0570 2496 Fastfat (bb9c87cc84a747f68c4d0e24d5841e61) C:\WINDOWS\system32\drivers\Fastfat.sys 13:50:38.0570 2496 Fastfat - ok 13:50:38.0632 2496 Fdc (bafd3cc668a29f5070da63469c273127) C:\WINDOWS\system32\DRIVERS\fdc.sys 13:50:38.0632 2496 Fdc - ok 13:50:38.0695 2496 Fips (cd7388a0e1f2585d0300c9533f4de221) C:\WINDOWS\system32\drivers\Fips.sys 13:50:38.0695 2496 Fips - ok 13:50:38.0742 2496 Flpydisk (50cd9634d0d4e6c9c6e2e8ea27f8e2f6) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 13:50:38.0757 2496 Flpydisk - ok 13:50:38.0835 2496 FltMgr (d1338fb4160e250ae8a9202f8ac3860f) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 13:50:38.0835 2496 FltMgr - ok 13:50:38.0929 2496 Fs_Rec (c865b83411d7347627a4beec22543fb1) C:\WINDOWS\system32\drivers\Fs_Rec.sys 13:50:38.0929 2496 Fs_Rec - ok 13:50:39.0007 2496 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 13:50:39.0007 2496 Ftdisk - ok 13:50:39.0085 2496 Gpc (8c7faa02a68d9eef68287a2842bb4f71) C:\WINDOWS\system32\DRIVERS\msgpc.sys 13:50:39.0085 2496 Gpc - ok 13:50:39.0179 2496 HidUsb (81d2ffea0965a205f257160f1328f18e) C:\WINDOWS\system32\DRIVERS\hidusb.sys 13:50:39.0179 2496 HidUsb - ok 13:50:39.0226 2496 hpn - ok 13:50:39.0304 2496 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 13:50:39.0304 2496 HPZid412 - ok 13:50:39.0367 2496 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 13:50:39.0367 2496 HPZipr12 - ok 13:50:39.0445 2496 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 13:50:39.0445 2496 HPZius12 - ok 13:50:39.0523 2496 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 13:50:39.0539 2496 HTTP - ok 13:50:39.0601 2496 i2omgmt - ok 13:50:39.0648 2496 i2omp - ok 13:50:39.0726 2496 i8042prt (f641d64e8fd069d91e60511bb5cf4a2d) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 13:50:39.0726 2496 i8042prt - ok 13:50:39.0835 2496 ialm (3ca41cdb9c912aed354b0c7abe4a4654) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 13:50:39.0882 2496 ialm - ok 13:50:39.0945 2496 Imapi (df47d4e6ed89cd0ad7248a7604af706e) C:\WINDOWS\system32\DRIVERS\imapi.sys 13:50:39.0945 2496 Imapi - ok 13:50:40.0023 2496 ini910u - ok 13:50:40.0101 2496 IntelIde (d5dbb6592e6bd9cf2e997c609ed14474) C:\WINDOWS\system32\DRIVERS\intelide.sys 13:50:40.0101 2496 IntelIde - ok 13:50:40.0164 2496 intelppm (09a4677efbe5a0a14e9a090421d851df) C:\WINDOWS\system32\DRIVERS\intelppm.sys 13:50:40.0164 2496 intelppm - ok 13:50:40.0226 2496 Ip6Fw (0f2a14149b767cd62559a4e060d63e0a) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 13:50:40.0226 2496 Ip6Fw - ok 13:50:40.0304 2496 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 13:50:40.0304 2496 IpFilterDriver - ok 13:50:40.0335 2496 IpInIp (f6e4f5f17ead48851b2ca24faf595693) C:\WINDOWS\system32\DRIVERS\ipinip.sys 13:50:40.0351 2496 IpInIp - ok 13:50:40.0414 2496 IpNat (04191cc82eda72c44f9c154bc094ea0d) C:\WINDOWS\system32\DRIVERS\ipnat.sys 13:50:40.0429 2496 IpNat - ok 13:50:40.0492 2496 IPSec (84f6866f355c4c2185eb68206d55c591) C:\WINDOWS\system32\DRIVERS\ipsec.sys 13:50:40.0492 2496 IPSec - ok 13:50:40.0570 2496 IRENUM (ca98b430387b7d73d9b52eb4e0ab9d92) C:\WINDOWS\system32\DRIVERS\irenum.sys 13:50:40.0570 2496 IRENUM - ok 13:50:40.0648 2496 isapnp (5a59964bfb9dca86af0c4ae8cc1d6a32) C:\WINDOWS\system32\DRIVERS\isapnp.sys 13:50:40.0648 2496 isapnp - ok 13:50:40.0726 2496 Kbdclass (4780a418e0fa859b09311c87980d0f7e) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 13:50:40.0726 2496 Kbdclass - ok 13:50:40.0773 2496 kbdhid (e8b24306a700220740daf09f042280a2) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 13:50:40.0789 2496 kbdhid - ok 13:50:40.0867 2496 kmixer (e30be31b27e6fd0c3ab65e87f794e5df) C:\WINDOWS\system32\drivers\kmixer.sys 13:50:40.0867 2496 kmixer - ok 13:50:40.0929 2496 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 13:50:40.0929 2496 KSecDD - ok 13:50:41.0007 2496 L8042Kbd (58759156a6918913edd368f995be3e53) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys 13:50:41.0007 2496 L8042Kbd - ok 13:50:41.0070 2496 L8042mou (973f78482aa2f2760323900b3a501c40) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys 13:50:41.0085 2496 L8042mou - ok 13:50:41.0148 2496 lbrtfdc - ok 13:50:41.0226 2496 LHidFilt (c91206ca84684057118265e8377c77b6) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 13:50:41.0226 2496 LHidFilt - ok 13:50:41.0335 2496 LMouFilt (9f03720fa5e6d14cd4dfea610f2c1a7c) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 13:50:41.0335 2496 LMouFilt - ok 13:50:41.0398 2496 LMouKE (2a3e4db78b20b2cd2c548a48a8e6b1b7) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys 13:50:41.0398 2496 LMouKE - ok 13:50:41.0476 2496 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 13:50:41.0476 2496 mnmdd - ok 13:50:41.0570 2496 Modem (8c0f9f5a284b1db052c31ed629c2a5c3) C:\WINDOWS\system32\drivers\Modem.sys 13:50:41.0570 2496 Modem - ok 13:50:41.0632 2496 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys 13:50:41.0632 2496 MODEMCSA - ok 13:50:41.0695 2496 Mouclass (06515a5d8482b44e55bab35981888a0e) C:\WINDOWS\system32\DRIVERS\mouclass.sys 13:50:41.0695 2496 Mouclass - ok 13:50:41.0757 2496 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 13:50:41.0773 2496 mouhid - ok 13:50:41.0820 2496 MountMgr (8b64fa7814ed005e57d43155de88398a) C:\WINDOWS\system32\drivers\MountMgr.sys 13:50:41.0820 2496 MountMgr - ok 13:50:41.0867 2496 mraid35x - ok 13:50:41.0929 2496 MRxDAV (53cb9e3b300f4ea15d5b2679b102d09f) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 13:50:41.0945 2496 MRxDAV - ok 13:50:42.0039 2496 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 13:50:42.0054 2496 MRxSmb - ok 13:50:42.0148 2496 Msfs (79e4458da04664b431e6728a18199300) C:\WINDOWS\system32\drivers\Msfs.sys 13:50:42.0148 2496 Msfs - ok 13:50:42.0226 2496 MSKSSRV (241e77138dee16d546080a794b80284b) C:\WINDOWS\system32\drivers\MSKSSRV.sys 13:50:42.0226 2496 MSKSSRV - ok 13:50:42.0289 2496 MSPCLOCK (f46de5b07ea15e0727f12eb12e710f71) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 13:50:42.0289 2496 MSPCLOCK - ok 13:50:42.0335 2496 MSPQM (c53927217ac0834dc547b396ffc495d9) C:\WINDOWS\system32\drivers\MSPQM.sys 13:50:42.0351 2496 MSPQM - ok 13:50:42.0414 2496 mssmbios (146e70915c378f02476a10bcec3a95c2) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 13:50:42.0429 2496 mssmbios - ok 13:50:42.0492 2496 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 13:50:42.0507 2496 Mup - ok 13:50:42.0570 2496 NDIS (aff1aed224d17c8bc38174ed932f68b6) C:\WINDOWS\system32\drivers\NDIS.sys 13:50:42.0585 2496 NDIS - ok 13:50:42.0664 2496 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 13:50:42.0664 2496 NdisTapi - ok 13:50:42.0710 2496 Ndisuio (077c330d7e12669d57ed16e4dfabf700) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 13:50:42.0710 2496 Ndisuio - ok 13:50:42.0773 2496 NdisWan (36a503c26f7c81fe7ce71b0b467605dd) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 13:50:42.0773 2496 NdisWan - ok 13:50:42.0851 2496 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 13:50:42.0867 2496 NDProxy - ok 13:50:42.0914 2496 NetBIOS (4977fd4bad4b94188e7b101df0e017ef) C:\WINDOWS\system32\DRIVERS\netbios.sys 13:50:42.0914 2496 NetBIOS - ok 13:50:42.0976 2496 NetBT (3294dc900631ee18c86f49e7c26e416b) C:\WINDOWS\system32\DRIVERS\netbt.sys 13:50:42.0976 2496 NetBT - ok 13:50:43.0117 2496 Npfs (bff3844722d795df4c5066aaae957ec8) C:\WINDOWS\system32\drivers\Npfs.sys 13:50:43.0117 2496 Npfs - ok 13:50:43.0210 2496 Ntfs (d7f8a3f743c54c13d78954176ad483a2) C:\WINDOWS\system32\drivers\Ntfs.sys 13:50:43.0242 2496 Ntfs - ok 13:50:43.0335 2496 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 13:50:43.0335 2496 Null - ok 13:50:43.0398 2496 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 13:50:43.0414 2496 NwlnkFlt - ok 13:50:43.0460 2496 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 13:50:43.0460 2496 NwlnkFwd - ok 13:50:43.0539 2496 Parport (9f84cffa068c474084a99bc68bf3ea63) C:\WINDOWS\system32\DRIVERS\parport.sys 13:50:43.0539 2496 Parport - ok 13:50:43.0601 2496 PartMgr (64fc948a8387d3a5fba3cdeb539b1514) C:\WINDOWS\system32\drivers\PartMgr.sys 13:50:43.0617 2496 PartMgr - ok 13:50:43.0664 2496 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 13:50:43.0664 2496 ParVdm - ok 13:50:43.0726 2496 PCI (ef6876118575c85ca4ad39ac6490656c) C:\WINDOWS\system32\DRIVERS\pci.sys 13:50:43.0742 2496 PCI - ok 13:50:43.0789 2496 PCIDump - ok 13:50:43.0851 2496 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys 13:50:43.0867 2496 PCIIde - ok 13:50:43.0929 2496 Pcmcia (c1bc00b2c7a782cf5207f1a13745ab65) C:\WINDOWS\system32\drivers\Pcmcia.sys 13:50:43.0945 2496 Pcmcia - ok 13:50:44.0023 2496 PDCOMP - ok 13:50:44.0132 2496 PDFRAME - ok 13:50:44.0179 2496 PDRELI - ok 13:50:44.0226 2496 PDRFRAME - ok 13:50:44.0273 2496 perc2 - ok 13:50:44.0320 2496 perc2hib - ok 13:50:44.0492 2496 PptpMiniport (7065eaef0b12cc5339425d575e5a71d3) C:\WINDOWS\system32\DRIVERS\raspptp.sys 13:50:44.0492 2496 PptpMiniport - ok 13:50:44.0585 2496 PQNTDrv (474543751522111dd7c0cf09e17f6d9f) C:\WINDOWS\system32\drivers\PQNTDrv.sys 13:50:44.0601 2496 PQNTDrv - ok 13:50:44.0695 2496 PSched (7c8c04b524b0823a29ee6b0818ecbbb3) C:\WINDOWS\system32\DRIVERS\psched.sys 13:50:44.0695 2496 PSched - ok 13:50:44.0773 2496 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 13:50:44.0773 2496 Ptilink - ok 13:50:44.0851 2496 pwdrvio (022542dd0026759a79df532c142e5cda) C:\WINDOWS\system32\pwdrvio.sys 13:50:44.0898 2496 pwdrvio - ok 13:50:44.0992 2496 pwdspio (a838b05740016cb7b5c2e03d63239df8) C:\WINDOWS\system32\pwdspio.sys 13:50:45.0007 2496 pwdspio - ok 13:50:45.0085 2496 ql1080 - ok 13:50:45.0148 2496 Ql10wnt - ok 13:50:45.0195 2496 ql12160 - ok 13:50:45.0242 2496 ql1240 - ok 13:50:45.0289 2496 ql1280 - ok 13:50:45.0351 2496 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 13:50:45.0351 2496 RasAcd - ok 13:50:45.0445 2496 Rasl2tp (1d0743f4b97fd729511ad5022e0bcbc1) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 13:50:45.0445 2496 Rasl2tp - ok 13:50:45.0507 2496 RasPppoe (04a17ced474f4444d6eff7a1ba169a2e) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 13:50:45.0507 2496 RasPppoe - ok 13:50:45.0570 2496 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 13:50:45.0570 2496 Raspti - ok 13:50:45.0648 2496 Rdbss (d2fd6bd47a5ad252745c96b61b55d7be) C:\WINDOWS\system32\DRIVERS\rdbss.sys 13:50:45.0648 2496 Rdbss - ok 13:50:45.0710 2496 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 13:50:45.0710 2496 RDPCDD - ok 13:50:45.0789 2496 rdpdr (00f5b19217f0ea9a513789dd8214c79b) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 13:50:45.0804 2496 rdpdr - ok 13:50:45.0898 2496 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 13:50:45.0898 2496 RDPWD - ok 13:50:45.0976 2496 redbook (bf1bfdad19fd920cc0856886ce91b208) C:\WINDOWS\system32\DRIVERS\redbook.sys 13:50:45.0992 2496 redbook - ok 13:50:46.0148 2496 SASDIFSV (5bf35c4ea3f00fa8d3f1e5bf03d24584) E:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 13:50:46.0148 2496 SASDIFSV - ok 13:50:46.0179 2496 SASENUM (a22f08c98ac2f44587bf3a1fb52bf8cd) E:\Program Files\SUPERAntiSpyware\SASENUM.SYS 13:50:46.0179 2496 SASENUM - ok 13:50:46.0210 2496 SASKUTIL (c7d81c10d3befeee41f3408714637438) E:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 13:50:46.0210 2496 SASKUTIL - ok 13:50:46.0304 2496 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 13:50:46.0320 2496 Secdrv - ok 13:50:46.0382 2496 serenum (19f5a2b382c281ea02525566e8fe6980) C:\WINDOWS\system32\DRIVERS\serenum.sys 13:50:46.0414 2496 serenum - ok 13:50:46.0460 2496 Serial (3dae0c3747f4065d18617ca36f63f104) C:\WINDOWS\system32\DRIVERS\serial.sys 13:50:46.0460 2496 Serial - ok 13:50:46.0554 2496 Sfloppy (0e0d508c42ed31e0ce4877bcbd1dac7e) C:\WINDOWS\system32\drivers\Sfloppy.sys 13:50:46.0570 2496 Sfloppy - ok 13:50:46.0648 2496 Simbad - ok 13:50:46.0757 2496 smwdm (70b8dd8707dbf6142530c106365df67d) C:\WINDOWS\system32\drivers\smwdm.sys 13:50:46.0789 2496 smwdm - ok 13:50:46.0882 2496 snapman380 (5ce1cf27620b144e212d407cdb14d339) C:\WINDOWS\system32\DRIVERS\snman380.sys 13:50:46.0882 2496 snapman380 - ok 13:50:46.0929 2496 Sparrow - ok 13:50:46.0992 2496 splitter (d15d4f064889adae4ef9a44797361a95) C:\WINDOWS\system32\drivers\splitter.sys 13:50:46.0992 2496 splitter - ok 13:50:47.0070 2496 sr (b0a078e4f5c4b11ddca9fe48e860687f) C:\WINDOWS\system32\DRIVERS\sr.sys 13:50:47.0070 2496 sr - ok 13:50:47.0179 2496 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 13:50:47.0195 2496 Srv - ok 13:50:47.0273 2496 swenum (52ca69522d2780008679f486ff2d16a9) C:\WINDOWS\system32\DRIVERS\swenum.sys 13:50:47.0289 2496 swenum - ok 13:50:47.0335 2496 swmidi (d9f7f799db20ce348d2c7f374aae5133) C:\WINDOWS\system32\drivers\swmidi.sys 13:50:47.0335 2496 swmidi - ok 13:50:47.0414 2496 symc810 - ok 13:50:47.0460 2496 symc8xx - ok 13:50:47.0507 2496 sym_hi - ok 13:50:47.0554 2496 sym_u3 - ok 13:50:47.0601 2496 sysaudio (ac17b7e3da6fc911466962bbe1596239) C:\WINDOWS\system32\drivers\sysaudio.sys 13:50:47.0617 2496 sysaudio - ok 13:50:47.0726 2496 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 13:50:47.0757 2496 Tcpip - ok 13:50:47.0820 2496 TDPIPE (acbb991ba7710ca13e3f7c581365eec0) C:\WINDOWS\system32\drivers\TDPIPE.sys 13:50:47.0820 2496 TDPIPE - ok 13:50:47.0945 2496 tdrpman174 (d953f161177dab3c8440844a9ab6e5a2) C:\WINDOWS\system32\DRIVERS\tdrpm174.sys 13:50:47.0992 2496 tdrpman174 - ok 13:50:48.0054 2496 TDTCP (b4b829f1accaa80686a9f9264f2050d0) C:\WINDOWS\system32\drivers\TDTCP.sys 13:50:48.0054 2496 TDTCP - ok 13:50:48.0132 2496 TermDD (9357984830dc4f40c3c82489b56ec95b) C:\WINDOWS\system32\DRIVERS\termdd.sys 13:50:48.0132 2496 TermDD - ok 13:50:48.0210 2496 tifsfilter (6dcb8ddb481cd3c40fa68593723b4d89) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys 13:50:48.0226 2496 tifsfilter - ok 13:50:48.0304 2496 timounter (394fc70b88b7958fa85798bbc76d140a) C:\WINDOWS\system32\DRIVERS\timntr.sys 13:50:48.0335 2496 timounter - ok 13:50:48.0398 2496 TosIde - ok 13:50:48.0492 2496 Udfs (007c5857eca3624845005d800986e400) C:\WINDOWS\system32\drivers\Udfs.sys 13:50:48.0492 2496 Udfs - ok 13:50:48.0539 2496 ultra - ok 13:50:48.0601 2496 Update (4b633414b8231060c8ceac4575fcb00e) C:\WINDOWS\system32\DRIVERS\update.sys 13:50:48.0617 2496 Update - ok 13:50:48.0726 2496 usbccgp (7d9ac2328255cb506a9b74fdf2977ce1) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 13:50:48.0742 2496 usbccgp - ok 13:50:48.0804 2496 usbehci (8e9d9764dd8030160fc42e183001113d) C:\WINDOWS\system32\DRIVERS\usbehci.sys 13:50:48.0804 2496 usbehci - ok 13:50:48.0867 2496 usbhub (32889e8b3bb890d5dbcdf866598a2b45) C:\WINDOWS\system32\DRIVERS\usbhub.sys 13:50:48.0882 2496 usbhub - ok 13:50:48.0945 2496 usbprint (0c92e95006b083ba25c0e805e6e7b1d6) C:\WINDOWS\system32\DRIVERS\usbprint.sys 13:50:48.0960 2496 usbprint - ok 13:50:49.0085 2496 usbscan (bd381322d0db6d18f42c0df992e8a7cb) C:\WINDOWS\system32\DRIVERS\usbscan.sys 13:50:49.0085 2496 usbscan - ok 13:50:49.0132 2496 usbstor (4c11e52f58b8f691099f9c1b0432a6a6) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 13:50:49.0148 2496 usbstor - ok 13:50:49.0226 2496 usbuhci (b4fbc865ce1311f671c18388df73eb80) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 13:50:49.0226 2496 usbuhci - ok 13:50:49.0273 2496 VgaSave (27573609ed1a48065a7174fa6b7f36e5) C:\WINDOWS\System32\drivers\vga.sys 13:50:49.0273 2496 VgaSave - ok 13:50:49.0320 2496 ViaIde - ok 13:50:49.0382 2496 VolSnap (999a7ab63b8f364f4df130d48ba7e972) C:\WINDOWS\system32\drivers\VolSnap.sys 13:50:49.0398 2496 VolSnap - ok 13:50:49.0507 2496 Wanarp (4d91cdfecb032a34c550080b62720e15) C:\WINDOWS\system32\DRIVERS\wanarp.sys 13:50:49.0507 2496 Wanarp - ok 13:50:49.0601 2496 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 13:50:49.0617 2496 Wdf01000 - ok 13:50:49.0679 2496 WDICA - ok 13:50:49.0757 2496 wdmaud (971260ff2bdf0371c11e811fa9c64bd8) C:\WINDOWS\system32\drivers\wdmaud.sys 13:50:49.0757 2496 wdmaud - ok 13:50:50.0023 2496 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 13:50:50.0023 2496 WudfPf - ok 13:50:50.0085 2496 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 13:50:50.0085 2496 WudfRd - ok 13:50:50.0164 2496 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 13:50:50.0351 2496 \Device\Harddisk0\DR0 - ok 13:50:50.0367 2496 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1 13:50:50.0382 2496 \Device\Harddisk1\DR1 - ok 13:50:50.0398 2496 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR11 13:50:50.0414 2496 \Device\Harddisk2\DR11 - ok 13:50:50.0429 2496 Boot (0x1200) (a93d6e9d891f9cf604bab6fef43c0f3b) \Device\Harddisk0\DR0\Partition0 13:50:50.0429 2496 \Device\Harddisk0\DR0\Partition0 - ok 13:50:50.0460 2496 Boot (0x1200) (95f3c4bffc62c7d3c1c3b6eb16a05ee5) \Device\Harddisk0\DR0\Partition1 13:50:50.0460 2496 \Device\Harddisk0\DR0\Partition1 - ok 13:50:50.0492 2496 Boot (0x1200) (f2b0ba1b4ca112ad51006e136643b65e) \Device\Harddisk0\DR0\Partition2 13:50:50.0492 2496 \Device\Harddisk0\DR0\Partition2 - ok 13:50:50.0523 2496 Boot (0x1200) (47fa8a9fee2dcfe01f0387ccaaf9ea56) \Device\Harddisk0\DR0\Partition3 13:50:50.0523 2496 \Device\Harddisk0\DR0\Partition3 - ok 13:50:50.0539 2496 Boot (0x1200) (d17391afdb7cffd0e176864eb35df1ef) \Device\Harddisk1\DR1\Partition0 13:50:50.0554 2496 \Device\Harddisk1\DR1\Partition0 - ok 13:50:50.0570 2496 Boot (0x1200) (a41a22c57026c618c9d80a33ecabdd3c) \Device\Harddisk1\DR1\Partition1 13:50:50.0570 2496 \Device\Harddisk1\DR1\Partition1 - ok 13:50:50.0585 2496 Boot (0x1200) (1cd47d6506d8a29a525c9a098d2a430a) \Device\Harddisk1\DR1\Partition2 13:50:50.0585 2496 \Device\Harddisk1\DR1\Partition2 - ok 13:50:50.0601 2496 Boot (0x1200) (aa288ca921c391538793af9fd326fc48) \Device\Harddisk1\DR1\Partition3 13:50:50.0617 2496 \Device\Harddisk1\DR1\Partition3 - ok 13:50:50.0632 2496 Boot (0x1200) (d896d4dd4054c04aaeb02af0366e0429) \Device\Harddisk1\DR1\Partition4 13:50:50.0648 2496 \Device\Harddisk1\DR1\Partition4 - ok 13:50:50.0664 2496 Boot (0x1200) (e0455fa8c68baa057ea7126b879627bd) \Device\Harddisk2\DR11\Partition0 13:50:50.0664 2496 \Device\Harddisk2\DR11\Partition0 - ok 13:50:50.0679 2496 ============================================================ 13:50:50.0679 2496 Scan finished 13:50:50.0679 2496 ============================================================ 13:50:50.0726 2820 Detected object count: 0 13:50:50.0726 2820 Actual detected object count: 0 ComboFix 11-12-28.03 - Bill 12/28/2011 14:11:10.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1034 [GMT -5:00] Running from: c:\documents and settings\Bill\Desktop\ComboFix.exe AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-28 ))))))))))))))))))))))))))))))) . . 2011-12-28 19:06 . 2011-12-28 19:09 -------- d-----w- C:\32788R22FWJFW 2011-12-22 15:49 . 2011-12-22 15:56 -------- d-----w- c:\program files\Ultimate Defrag 2011-12-14 16:32 . 2011-12-14 16:32 -------- d-----w- c:\documents and settings\Bill\Application Data\Malwarebytes 2011-12-14 16:31 . 2011-12-14 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-12-14 16:30 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-08 21:17 . 2011-12-08 21:17 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2011-12-08 14:20 . 2011-12-08 14:20 -------- d-----w- c:\documents and settings\Bill\Application Data\Panasonic 2011-12-07 21:14 . 2011-12-07 21:14 -------- d-----w- c:\documents and settings\Bill\Application Data\SUPERAntiSpyware.com 2011-12-07 16:22 . 2011-12-07 16:22 -------- d-----w- c:\documents and settings\Bill\Local Settings\Application Data\Supremus Corporation 2011-12-06 00:25 . 2011-12-06 00:27 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe 2011-12-06 00:22 . 2011-12-06 00:22 -------- d-----w- c:\documents and settings\Bill\Local Settings\Application Data\Help 2011-12-05 23:56 . 2011-12-05 23:56 -------- d-----w- c:\documents and settings\Bill\Application Data\Windows Search 2011-12-05 23:36 . 2011-08-17 21:32 468480 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2011-12-05 23:36 . 2011-08-17 21:32 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll 2011-12-05 23:36 . 2011-08-17 21:32 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll 2011-12-05 23:36 . 2011-08-17 21:32 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2011-12-05 23:36 . 2011-08-17 21:32 63488 -c----w- c:\windows\system32\dllcache\icardie.dll 2011-12-05 23:36 . 2011-08-17 12:21 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe 2011-12-05 23:36 . 2010-07-05 20:32 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat 2011-12-05 23:36 . 2011-08-17 21:32 6076416 -c----w- c:\windows\system32\dllcache\ieframe.dll 2011-12-05 23:24 . 2011-12-05 23:24 -------- d-----w- c:\windows\ServicePackFiles 2011-12-05 23:11 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-12-05 23:11 . 2011-12-05 23:11 -------- d-----w- c:\program files\UPHClean 2011-12-05 23:06 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe 2011-12-05 23:05 . 2010-05-06 17:17 21496 ----a-w- c:\windows\system32\wucltui.dll.mui 2011-12-05 23:05 . 2010-05-06 17:17 44536 ----a-w- c:\windows\system32\wups2.dll 2011-12-05 23:05 . 2010-05-06 17:17 17400 ----a-w- c:\windows\system32\wuaueng.dll.mui 2011-12-05 23:05 . 2010-05-06 17:17 14840 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2011-12-05 23:05 . 2010-05-06 17:17 14840 ----a-w- c:\windows\system32\wuapi.dll.mui 2011-12-05 22:59 . 2009-11-27 17:11 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll 2011-12-05 22:58 . 2009-11-27 16:07 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll 2011-12-05 22:58 . 2009-11-27 16:07 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll 2011-12-05 22:54 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys 2011-12-05 22:50 . 2009-09-06 07:09 126976 -c----w- c:\windows\system32\dllcache\ftpsvc2.dll 2011-12-05 22:42 . 2010-12-09 13:42 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2011-12-05 22:42 . 2010-12-09 13:38 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2011-12-05 22:42 . 2010-12-09 13:07 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2011-12-05 22:40 . 2008-09-30 06:19 57344 -c----w- c:\windows\system32\dllcache\uexfat.dll 2011-12-05 22:40 . 2008-09-30 06:19 57344 ------w- c:\windows\system32\uexfat.dll 2011-12-05 22:40 . 2008-09-29 10:21 133632 -c----w- c:\windows\system32\dllcache\exfat.sys 2011-12-05 22:40 . 2008-09-29 10:21 133632 ------w- c:\windows\system32\drivers\exfat.sys 2011-12-05 22:39 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2011-12-05 22:37 . 2008-05-02 13:25 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll 2011-12-05 22:37 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll 2011-12-05 22:37 . 2008-05-02 13:25 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll 2011-12-05 22:37 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll 2011-12-05 22:37 . 2008-05-02 10:49 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys 2011-12-05 22:36 . 2011-12-08 14:51 -------- d-----w- c:\program files\Windows Desktop Search 2011-12-05 22:34 . 2011-12-05 22:34 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2011-12-05 22:33 . 2004-09-12 14:17 61440 ----a-w- c:\windows\ContextMenuExt.dll 2011-12-05 22:18 . 2007-07-10 18:27 10752 ----a-w- c:\windows\system32\aamd532.dll 2011-12-05 22:18 . 2004-04-26 03:39 53248 ----a-w- c:\windows\system32\SSUBTMR6.DLL 2011-12-05 05:20 . 2011-12-05 05:20 -------- d-----w- c:\documents and settings\Bill\Application Data\pokerth 2011-12-04 05:40 . 2011-12-04 05:40 -------- d-----w- C:\CRIBBAGE 2011-12-03 21:23 . 2011-12-03 21:23 -------- d-----w- c:\program files\Common Files\Java 2011-12-03 15:37 . 2011-12-03 15:37 -------- d-----w- c:\program files\Hewlett-Packard 2011-12-03 15:37 . 2011-12-03 15:37 82380 ----a-w- c:\windows\system32\drivers\AFS2K.SYS 2011-12-03 15:25 . 2011-12-03 15:25 -------- d-----w- c:\windows\system32\NtmsData . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-16 17:44 . 2011-07-24 22:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-28 18:01 . 2010-11-04 20:20 41184 ----a-w- c:\windows\avastSS.scr 2011-11-28 18:01 . 2010-02-03 16:43 199816 ----a-w- c:\windows\system32\aswBoot.exe 2011-11-28 17:54 . 2010-02-03 16:43 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys 2011-11-28 17:53 . 2010-02-03 16:43 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-11-28 17:53 . 2010-02-03 16:43 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-11-28 17:53 . 2010-02-03 16:43 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2011-11-28 17:52 . 2010-02-03 16:43 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-11-28 17:52 . 2010-02-03 16:43 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-11-28 17:52 . 2010-02-03 16:43 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-11-28 17:51 . 2010-02-03 16:43 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-11-28 17:51 . 2010-02-03 16:43 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-11-28 17:48 . 2010-02-03 16:43 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-10-10 14:22 . 2009-11-30 19:49 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-10-03 10:06 . 2010-05-01 14:58 472808 -c--a-w- c:\windows\system32\deployJava1.dll 2011-10-03 07:37 . 2009-11-30 22:06 73728 ----a-w- c:\windows\system32\javacpl.cpl . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-04-13 . 909BD95DDDA5AE308DD365EA6EDF2262 . 1614848 . . [5.1.2600.5508] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2011-12-23_15.59.15 ))))))))))))))))))))))))))))))))))))))))) . + 2011-12-28 18:12 . 2011-12-28 18:12 16384 c:\windows\Temp\Perflib_Perfdata_220.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 122512 ----a-w- e:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "True Transparency"="c:\program files\Utilities\True Transparency\TrueTransparency.exe" [2007-10-28 133120] "hddhealth"="e:\utilities\HDD Health\hddhealth.exe" [2008-06-15 1692672] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-05-25 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-05-25 126976] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136] "Tweak UI"="TWEAKUI.CPL" [2000-06-18 106544] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136] "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-01-21 4359280] "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-01-21 960536] "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-01-21 377232] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "True Transparency"="c:\program files\Utilities\True Transparency\TrueTransparency.exe" [2007-10-28 133120] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ hp psc 2000 Series.lnk - e:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-6 323646] Microsoft Office.lnk - e:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588] What's my computer doing.lnk - e:\program files\What's my computer doing\WhatsMyComputerDoing.exe [2011-12-15 275296] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 19:21 548352 ----a-w- e:\program files\SUPERAntiSpyware\SASWINLO.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter] 2009-03-24 02:00 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu] 2009-03-18 01:40 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "e:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"= "e:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"= "e:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"= . R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2/3/2010 11:43 AM 12112] R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2/3/2010 11:43 AM 195416] R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2/3/2010 11:43 AM 111320] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/3/2010 11:43 AM 435032] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/3/2010 11:43 AM 314456] R1 SASDIFSV;SASDIFSV;e:\program files\SUPERAntiSpyware\sasdifsv.sys [11/23/2009 8:43 AM 9968] R1 SASKUTIL;SASKUTIL;e:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 8:43 AM 74480] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/3/2010 11:43 AM 20568] S2 avast! Firewall;avast! Firewall;e:\program files\Alwil Software\Avast5\afwServ.exe [2/3/2010 11:43 AM 127192] S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [7/20/2011 3:43 PM 16456] S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [7/20/2011 3:43 PM 11088] S3 SASENUM;SASENUM;e:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 8:43 AM 7408] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 12948040 *Deregistered* - 12948040 *Deregistered* - uphcleanhlp . Contents of the 'Scheduled Tasks' folder . 2011-12-03 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8322926644.job - e:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 05:52] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Bill\Application Data\Mozilla\Firefox\Profiles\haiix58h.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-12-28 14:24 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 . CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process. device: opened successfully user: error reading MBR kernel: MBR read successfully user != kernel MBR !!! . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1260) e:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(1232) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-12-28 14:28:31 ComboFix-quarantined-files.txt 2011-12-28 19:28 ComboFix2.txt 2011-12-23 16:03 . Pre-Run: 10,356,797,440 bytes free Post-Run: 10,384,093,184 bytes free . - - End Of File - - C7F2B787095EFB00921EA0F21F6014D4 ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK esets_scanner_update returned -1 esets_gle=1 # version=7 # IEXPLORE.EXE=7.00.6000.17103 (vista_gdr.110816-1000) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=bb4d9c0862357e498de9f43c340bf322 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-12-28 08:25:42 # local_time=2011-12-28 03:25:42 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=768 16777215 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=55583 # found=0 # cleaned=0 # scan_time=2696 This computer runs slow but more relevant is that it hangs and everything sort of freezes on the screen. I can't always close programs or turn it off the normal way. Sometimes I can play around with it and make programs or windows close. The problem is not high CPU usage. It appears that all these scans turned up nothing so maybe I need to reinstall Windows? Are there other steps to take? Urge
  5. I installed and ran everything, here are the logs. ComboFix 11-12-23.01 - Bill 12/23/2011 10:45:59.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1134 [GMT -5:00] Running from: c:\documents and settings\Bill\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Bill\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk c:\windows\system32\default_user_class.dat.LOG c:\windows\system32\oobe\isperror c:\windows\system32\oobe\isperror\ispcnerr.htm c:\windows\system32\oobe\isperror\ispdtone.htm c:\windows\system32\oobe\isperror\isphdshk.htm c:\windows\system32\oobe\isperror\ispins.htm c:\windows\system32\oobe\isperror\ispnoanw.htm c:\windows\system32\oobe\isperror\isppberr.htm c:\windows\system32\oobe\isperror\ispphbsy.htm c:\windows\system32\oobe\isperror\ispsbusy.htm . . ((((((((((((((((((((((((( Files Created from 2011-11-23 to 2011-12-23 ))))))))))))))))))))))))))))))) . . 2011-12-22 15:49 . 2011-12-22 15:56 -------- d-----w- c:\program files\Ultimate Defrag 2011-12-14 16:32 . 2011-12-14 16:32 -------- d-----w- c:\documents and settings\Bill\Application Data\Malwarebytes 2011-12-14 16:31 . 2011-12-14 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-12-14 16:30 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-08 21:17 . 2011-12-08 21:17 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2011-12-08 14:20 . 2011-12-08 14:20 -------- d-----w- c:\documents and settings\Bill\Application Data\Panasonic 2011-12-07 21:14 . 2011-12-07 21:14 -------- d-----w- c:\documents and settings\Bill\Application Data\SUPERAntiSpyware.com 2011-12-07 16:22 . 2011-12-07 16:22 -------- d-----w- c:\documents and settings\Bill\Local Settings\Application Data\Supremus Corporation 2011-12-06 00:25 . 2011-12-06 00:27 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe 2011-12-06 00:22 . 2011-12-06 00:22 -------- d-----w- c:\documents and settings\Bill\Local Settings\Application Data\Help 2011-12-05 23:56 . 2011-12-05 23:56 -------- d-----w- c:\documents and settings\Bill\Application Data\Windows Search 2011-12-05 23:36 . 2011-08-17 21:32 468480 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2011-12-05 23:36 . 2011-08-17 21:32 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll 2011-12-05 23:36 . 2011-08-17 21:32 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll 2011-12-05 23:36 . 2011-08-17 21:32 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2011-12-05 23:36 . 2011-08-17 21:32 63488 -c----w- c:\windows\system32\dllcache\icardie.dll 2011-12-05 23:36 . 2011-08-17 12:21 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe 2011-12-05 23:36 . 2010-07-05 20:32 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat 2011-12-05 23:36 . 2011-08-17 21:32 6076416 -c----w- c:\windows\system32\dllcache\ieframe.dll 2011-12-05 23:24 . 2011-12-05 23:24 -------- d-----w- c:\windows\ServicePackFiles 2011-12-05 23:11 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-12-05 23:11 . 2011-12-05 23:11 -------- d-----w- c:\program files\UPHClean 2011-12-05 23:06 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe 2011-12-05 23:05 . 2010-05-06 17:17 21496 ----a-w- c:\windows\system32\wucltui.dll.mui 2011-12-05 23:05 . 2010-05-06 17:17 44536 ----a-w- c:\windows\system32\wups2.dll 2011-12-05 23:05 . 2010-05-06 17:17 17400 ----a-w- c:\windows\system32\wuaueng.dll.mui 2011-12-05 23:05 . 2010-05-06 17:17 14840 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2011-12-05 23:05 . 2010-05-06 17:17 14840 ----a-w- c:\windows\system32\wuapi.dll.mui 2011-12-05 22:59 . 2009-11-27 17:11 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll 2011-12-05 22:58 . 2009-11-27 16:07 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll 2011-12-05 22:58 . 2009-11-27 16:07 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll 2011-12-05 22:54 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys 2011-12-05 22:50 . 2009-09-06 07:09 126976 -c----w- c:\windows\system32\dllcache\ftpsvc2.dll 2011-12-05 22:42 . 2010-12-09 13:42 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2011-12-05 22:42 . 2010-12-09 13:38 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2011-12-05 22:42 . 2010-12-09 13:07 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2011-12-05 22:40 . 2008-09-30 06:19 57344 -c----w- c:\windows\system32\dllcache\uexfat.dll 2011-12-05 22:40 . 2008-09-30 06:19 57344 ------w- c:\windows\system32\uexfat.dll 2011-12-05 22:40 . 2008-09-29 10:21 133632 -c----w- c:\windows\system32\dllcache\exfat.sys 2011-12-05 22:40 . 2008-09-29 10:21 133632 ------w- c:\windows\system32\drivers\exfat.sys 2011-12-05 22:39 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2011-12-05 22:37 . 2008-05-02 13:25 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll 2011-12-05 22:37 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll 2011-12-05 22:37 . 2008-05-02 13:25 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll 2011-12-05 22:37 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll 2011-12-05 22:37 . 2008-05-02 10:49 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys 2011-12-05 22:36 . 2011-12-08 14:51 -------- d-----w- c:\program files\Windows Desktop Search 2011-12-05 22:34 . 2011-12-05 22:34 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2011-12-05 22:33 . 2004-09-12 14:17 61440 ----a-w- c:\windows\ContextMenuExt.dll 2011-12-05 22:18 . 2007-07-10 18:27 10752 ----a-w- c:\windows\system32\aamd532.dll 2011-12-05 22:18 . 2004-04-26 03:39 53248 ----a-w- c:\windows\system32\SSUBTMR6.DLL 2011-12-05 05:20 . 2011-12-05 05:20 -------- d-----w- c:\documents and settings\Bill\Application Data\pokerth 2011-12-04 05:40 . 2011-12-04 05:40 -------- d-----w- C:\CRIBBAGE 2011-12-03 21:23 . 2011-12-03 21:23 -------- d-----w- c:\program files\Common Files\Java 2011-12-03 15:37 . 2011-12-03 15:37 -------- d-----w- c:\program files\Hewlett-Packard 2011-12-03 15:37 . 2011-12-03 15:37 82380 ----a-w- c:\windows\system32\drivers\AFS2K.SYS 2011-12-03 15:25 . 2011-12-03 15:25 -------- d-----w- c:\windows\system32\NtmsData . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-16 17:44 . 2011-07-24 22:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-28 18:01 . 2010-11-04 20:20 41184 ----a-w- c:\windows\avastSS.scr 2011-11-28 18:01 . 2010-02-03 16:43 199816 ----a-w- c:\windows\system32\aswBoot.exe 2011-11-28 17:54 . 2010-02-03 16:43 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys 2011-11-28 17:53 . 2010-02-03 16:43 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-11-28 17:53 . 2010-02-03 16:43 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-11-28 17:53 . 2010-02-03 16:43 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2011-11-28 17:52 . 2010-02-03 16:43 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-11-28 17:52 . 2010-02-03 16:43 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-11-28 17:52 . 2010-02-03 16:43 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-11-28 17:51 . 2010-02-03 16:43 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-11-28 17:51 . 2010-02-03 16:43 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-11-28 17:48 . 2010-02-03 16:43 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-10-10 14:22 . 2009-11-30 19:49 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-10-03 10:06 . 2010-05-01 14:58 472808 -c--a-w- c:\windows\system32\deployJava1.dll 2011-10-03 07:37 . 2009-11-30 22:06 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-09-28 07:06 . 2008-03-21 00:35 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 16:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 16:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 16:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-04-13 . 909BD95DDDA5AE308DD365EA6EDF2262 . 1614848 . . [5.1.2600.5508] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 122512 ----a-w- e:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "True Transparency"="c:\program files\Utilities\True Transparency\TrueTransparency.exe" [2007-10-28 133120] "hddhealth"="e:\utilities\HDD Health\hddhealth.exe" [2008-06-15 1692672] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-05-25 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-05-25 126976] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136] "Tweak UI"="TWEAKUI.CPL" [2000-06-18 106544] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136] "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-01-21 4359280] "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-01-21 960536] "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-01-21 377232] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "True Transparency"="c:\program files\Utilities\True Transparency\TrueTransparency.exe" [2007-10-28 133120] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ hp psc 2000 Series.lnk - e:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-6 323646] Microsoft Office.lnk - e:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588] What's my computer doing.lnk - e:\program files\What's my computer doing\WhatsMyComputerDoing.exe [2011-12-15 275296] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 19:21 548352 ----a-w- e:\program files\SUPERAntiSpyware\SASWINLO.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter] 2009-03-24 02:00 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu] 2009-03-18 01:40 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "e:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"= "e:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"= "e:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"= . R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2/3/2010 11:43 AM 12112] R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2/3/2010 11:43 AM 195416] R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2/3/2010 11:43 AM 111320] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/3/2010 11:43 AM 435032] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/3/2010 11:43 AM 314456] R1 SASDIFSV;SASDIFSV;e:\program files\SUPERAntiSpyware\sasdifsv.sys [11/23/2009 8:43 AM 9968] R1 SASKUTIL;SASKUTIL;e:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 8:43 AM 74480] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/3/2010 11:43 AM 20568] S2 avast! Firewall;avast! Firewall;e:\program files\Alwil Software\Avast5\afwServ.exe [2/3/2010 11:43 AM 127192] S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [7/20/2011 3:43 PM 16456] S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [7/20/2011 3:43 PM 11088] S3 SASENUM;SASENUM;e:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 8:43 AM 7408] . --- Other Services/Drivers In Memory --- . *Deregistered* - uphcleanhlp . Contents of the 'Scheduled Tasks' folder . 2011-12-03 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8322926644.job - e:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 05:52] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Bill\Application Data\Mozilla\Firefox\Profiles\haiix58h.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-12-23 10:58 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 . CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process. device: opened successfully user: error reading MBR kernel: MBR read successfully user != kernel MBR !!! . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1324) e:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll . Completion time: 2011-12-23 11:03:53 ComboFix-quarantined-files.txt 2011-12-23 16:03 . Pre-Run: 10,379,886,592 bytes free Post-Run: 10,616,483,840 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - BE4D0356921995BBCC801829A430D90C . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_29 Run by Bill at 11:18:34 on 2011-12-23 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.976 [GMT -5:00] . AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: avast! Internet Security *Disabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe E:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter E:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\UPHClean\uphclean.exe E:\Program Files\RealVNC\VNC4\WinVNC4.exe E:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe E:\Utilities\HDD Health\hddhealth.exe E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\system32\HPZipm12.exe E:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - e:\program files\alwil software\avast5\aswWebRepIE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - e:\program files\alwil software\avast5\aswWebRepIE.dll uRun: [True Transparency] "c:\program files\utilities\true transparency\TrueTransparency.exe" uRun: [hddhealth] e:\utilities\hdd health\hddhealth.exe -wl mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE mRun: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dRun: [True Transparency] "c:\program files\utilities\true transparency\TrueTransparency.exe" dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - e:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - e:\program files\microsoft office\office\OSA9.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\what's~1.lnk - e:\program files\what's my computer doing\WhatsMyComputerDoing.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{8AD73092-2144-4B27-9D2D-BCA31730FA97} : DhcpNameServer = 192.168.1.1 Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll Notify: !SASWinLogon - e:\program files\superantispyware\SASWINLO.dll Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - e:\program files\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\bill\application data\mozilla\firefox\profiles\haiix58h.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - plugin: e:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll FF - plugin: e:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: e:\program files\java\jre6\bin\new_plugin\npjp2.dll FF - plugin: e:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: e:\program files\videolan\vlc\npvlc.dll . ============= SERVICES / DRIVERS =============== . R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2010-2-3 12112] R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2010-2-3 195416] R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2010-2-3 111320] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-2-3 435032] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-3 314456] R1 SASDIFSV;SASDIFSV;e:\program files\superantispyware\sasdifsv.sys [2009-11-23 9968] R1 SASKUTIL;SASKUTIL;e:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 74480] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-3 20568] R2 avast! Antivirus;avast! Antivirus;e:\program files\alwil software\avast5\AvastSvc.exe [2010-2-3 44768] S2 avast! Firewall;avast! Firewall;e:\program files\alwil software\avast5\afwServ.exe [2010-2-3 127192] S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2011-7-20 16456] S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2011-7-20 11088] S3 SASENUM;SASENUM;e:\program files\superantispyware\SASENUM.SYS [2009-11-23 7408] . =============== Created Last 30 ================ . 2011-12-23 15:44:25 -------- d-sha-r- C:\cmdcons 2011-12-23 15:42:56 98816 ----a-w- c:\windows\sed.exe 2011-12-23 15:42:56 518144 ----a-w- c:\windows\SWREG.exe 2011-12-23 15:42:56 256000 ----a-w- c:\windows\PEV.exe 2011-12-23 15:42:56 208896 ----a-w- c:\windows\MBR.exe 2011-12-22 15:49:31 -------- d-----w- c:\program files\Ultimate Defrag 2011-12-14 16:32:14 -------- d-----w- c:\documents and settings\bill\application data\Malwarebytes 2011-12-14 16:31:00 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2011-12-14 16:30:56 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-08 21:17:13 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2011-12-07 21:14:23 -------- d-----w- c:\documents and settings\bill\application data\SUPERAntiSpyware.com 2011-12-07 18:21:41 -------- d-----w- c:\windows\system32\PreInstall 2011-12-07 16:22:19 -------- d-----w- c:\documents and settings\bill\local settings\application data\Supremus Corporation 2011-12-06 00:25:25 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe 2011-12-06 00:22:35 -------- d-----w- c:\documents and settings\bill\local settings\application data\Help 2011-12-05 23:56:17 -------- d-----w- c:\documents and settings\bill\application data\Windows Search 2011-12-05 23:36:21 468480 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2011-12-05 23:36:21 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll 2011-12-05 23:36:21 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll 2011-12-05 23:36:20 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2011-12-05 23:36:19 63488 -c----w- c:\windows\system32\dllcache\icardie.dll 2011-12-05 23:36:19 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe 2011-12-05 23:36:18 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat 2011-12-05 23:36:15 6076416 -c----w- c:\windows\system32\dllcache\ieframe.dll 2011-12-05 23:24:01 -------- d-----w- c:\windows\ServicePackFiles 2011-12-05 23:11:30 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-12-05 23:11:22 -------- d-----w- c:\program files\UPHClean 2011-12-05 23:06:46 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe 2011-12-05 23:05:12 21496 ----a-w- c:\windows\system32\wucltui.dll.mui 2011-12-05 23:05:12 -------- d-----w- c:\windows\system32\SoftwareDistribution 2011-12-05 23:05:11 17400 ----a-w- c:\windows\system32\wuaueng.dll.mui 2011-12-05 23:05:10 14840 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2011-12-05 23:05:10 14840 ----a-w- c:\windows\system32\wuapi.dll.mui 2011-12-05 22:59:18 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll 2011-12-05 22:58:10 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll 2011-12-05 22:58:09 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll 2011-12-05 22:54:18 265728 -c----w- c:\windows\system32\dllcache\http.sys 2011-12-05 22:50:16 126976 -c----w- c:\windows\system32\dllcache\ftpsvc2.dll 2011-12-05 22:42:46 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2011-12-05 22:42:45 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2011-12-05 22:42:43 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2011-12-05 22:40:54 57344 -c----w- c:\windows\system32\dllcache\uexfat.dll 2011-12-05 22:40:54 57344 ------w- c:\windows\system32\uexfat.dll 2011-12-05 22:40:54 133632 -c----w- c:\windows\system32\dllcache\exfat.sys 2011-12-05 22:40:54 133632 ------w- c:\windows\system32\drivers\exfat.sys 2011-12-05 22:39:27 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2011-12-05 22:37:33 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys 2011-12-05 22:37:33 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll 2011-12-05 22:37:33 465920 ------w- c:\windows\system32\imapi2fs.dll 2011-12-05 22:37:33 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll 2011-12-05 22:37:33 317952 ------w- c:\windows\system32\imapi2.dll 2011-12-05 22:36:46 -------- d-----w- c:\program files\Windows Desktop Search 2011-12-05 22:34:14 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2011-12-05 22:33:55 61440 ----a-w- c:\windows\ContextMenuExt.dll 2011-12-05 22:18:12 53248 ----a-w- c:\windows\system32\SSUBTMR6.DLL 2011-12-05 22:18:12 10752 ----a-w- c:\windows\system32\aamd532.dll 2011-12-05 05:20:55 -------- d-----w- c:\documents and settings\bill\application data\pokerth 2011-12-04 05:40:17 -------- d-----w- C:\CRIBBAGE 2011-12-03 15:37:10 82380 ----a-w- c:\windows\system32\drivers\AFS2K.SYS 2011-12-03 15:25:01 -------- d-----w- c:\windows\system32\NtmsData . ==================== Find3M ==================== . 2011-12-16 17:44:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr 2011-11-28 17:54:38 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys 2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-11-28 17:53:22 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-10-03 10:06:03 472808 -c--a-w- c:\windows\system32\deployJava1.dll 2011-10-03 07:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 . CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process. device: opened successfully user: error reading MBR . Disk trace: called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS c:\docume~1\bill\locals~1\temp\catchme.sys 1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x898A9AB8] 3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\Ide\IdeDeviceP0T0L0-4[0x8990EB00] kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; } user != kernel MBR !!! . ============= FINISH: 11:19:45.12 =============== Attach.zip
  6. OK, I updated mbam and ran a quick scan. Here are the results: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8399 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 12/19/2011 6:31:51 PM mbam-log-2011-12-19 (18-31-51).txt Scan type: Quick scan Objects scanned: 196255 Time elapsed: 6 minute(s), 45 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Urge
  7. OK, I ran mbam-clean.exe, reinstalled the latest Malwarebytes' Anti-Malware, updated it and set exclusions. I then ran a scan. I had errands to do so I left and when I came back I was looking at my desktop. I opened mbam and looked for the log file but it was empty. In the settings tab these entries are both checked... Automatically save log file after scan completes. Open log file immediately after saving. Is this a sign of some malware interfering with mbam? When I was setting the exclusions in Avast's File System Shield these entries were already there: ?:\PageFile.sys *\System.da? *\User.da? *.fon *.txt *.log *.ini *\Bootstrap.dat *\firefox\profiles\*sessionstore*.js R and W were checked for all except-*\firefox\profiles\*sessionstore*.js which had only W checked. Is this normal? What next? Urge
  8. This computer has been living at a small business that my wife and I own. I recently built a new computer to replace it and brought this one home. I didn't really use it at work but when I played with it here I have observed all sorts of abnormal behavior. It seems to be running very slow. It hangs and locks up for no good reason. Online, this computer is very slow! I understand that it is older and maybe I'm spoiled with newer computers but it kept reminding me of dialup days of long ago. The computer is a Dell Dimension 4550 with a 1.8GHz pentium 4 processor and 1.5Gs of memory. I decided to scan for malware today and ran both Malwarebytes and Superantispyware. I had previously run Avast antivirus scan which turned up nothing. I had problems with both antispyware programs and ended up uninstalling Malwarebytes antispyware v. 1.42 and installing v. 1.52. I ran a scan but didn't stay to watch it. when I returned the program had closed and there were no current logs for the new install. I did this twice but both times I wasn't there when it finished and no logs either time. I had trouble updating both antispyware programs but was eventually able to update the newer version of Malwarebytes and Superantispyware. I got 2 error messages when trying to update Malwarebytes: 732(0,0) on v. 1.42 and 11004,0 no address found on v. 1.52. I actually hope that I have some sort of malware cause I need to use this computer until I can afford to build another and it is SO slow! Thanks for looking, Urge dds.txt attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.