Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

[SOLVED] WinXP SP3; IPC error, Shutdown Issues and Taskbar Color issues

This is a discussion on [SOLVED] WinXP SP3; IPC error, Shutdown Issues and Taskbar Color issues within the Resolved HJT Threads forums, part of the Tech Support Forum category. Reposting from this link as advised: https://www.techsupportforum.com/foru...ey-627991.html Hi Experts, I wanted to be update to get best performance and removed


 
 
Thread Tools Search this Thread
Old 02-06-2012, 02:36 PM   #1
Registered Member
 
Join Date: Jun 2011
Posts: 74
OS: xp



Reposting from this link as advised:
https://www.techsupportforum.com/foru...ey-627991.html

Hi Experts,
I wanted to be update to get best performance and removed some services from running along with changes to MSconfig and ended up in mess.. Now Any help from you would be greatly appreciated.

Note: I have followed the attached the DD.TXT and ARk.txt and Attach Zipped as attachment for investigation.

1. When I tried to Open control Panel, I get the following error which I have to say Ok or nothing works
" IPC error: no connection. (SM_RC_ENOCONN)(11)" This dialog box appears twice before control panel displays the list. Please can some one help me resolve it.

Tried the following:
Restor to the date system was working .. But I still have these problems.

2. When I shut down, I am forced to end a strange application it says "End Program - Sample". The shut down procedure does not force this "Whatever weird thing" to close. I see from task manager that there are no Applications running.

3. Windows Task Bar changed color to grey even after restore, this problem remains

Observations
Themes services is running.
I have googled about it and run those regedit commands
regsvr32 mshtml.dll - failed saying "mshtml.dll loaded, but DLLRegisterServer entry point not found" . ..
Did I install any other OS drivers by mistake .. ? How to know ?

4. This is my own making, So while trying to resolve problem 3, I came across Troubleshooting Windows XP, Tweaks and Fixes for Windows XP from google and run all recommended stuff to get back my task bar, themes etc. So I have now a different problem ..

After startup, I get a winxp screen and a arrow nothing else for nearly 2 minutes before winxp gets back to live again..

Any help to resolve these annoying issues will be appreciated.

--------------------------- DDS Text -------------------------------
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Anand at 14:54:00 on 2012-02-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.626 [GMT 13:00]
.
AV: ESET Smart Security 4.0 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = mail.yahoo.com
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/* Yahoo!
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/* Yahoo! SearchBar Home Page
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/* Yahoo!
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/* Yahoo!
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/* Yahoo! SearchBar Home Page
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/* Yahoo!
mSearchAssistant = hxxp://in.rediff.com/index.html
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: AutorunsDisabled - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {A92ED0AE-BE6F-4690-A3FF-5A56717CC3C8} - No File
TB: {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {AEEC7764-290D-4718-A15A-805B726D46D2} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [apoint] "c:\program files\apoint\Apoint.exe"
mRun: [EsetAntiVirus] "c:\program files\eset\eset smart security\egui.exe"
mRun: [AntiVirusKernelNeeded] "c:\program files\eset\eset smart security\ekrn.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
uPolicies-system: SetVisualStyle = c:\windows\resources\themes\Luna.theme
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\dell\bluetooth software\btsendto_ie_ctx.htm
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - c:\program files\hello\PicasaCapture.dll
Trusted Zone: funpeeps.com\www
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - hxxp://www.andhrajyothy.com/wfplayer/tdserver.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204
DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} - hxxps://support.microsoft.com/OAS/ActiveX/odc.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\data\applications\common\yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} - hxxp://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133633412488
DPF: {6F750200-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.co.uk/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{27C373EA-8943-4A2F-96D8-206C323F8BBC} : DhcpNameServer = 192.168.1.1
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: Sebring - c:\windows\system32\LgNotify.dll
AppInit_DLLs: c:\progra~1\google\go333c~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\anand\application data\mozilla\firefox\profiles\0hp50axf.default\
FF - prefs.js: browser.search.selectedEngine - delicious
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - component: c:\documents and settings\anand\application data\mozilla\firefox\profiles\0hp50axf.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\anand\application data\mozilla\firefox\profiles\0hp50axf.default\extensions\[email protected]\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\documents and settings\anand\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\anand\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\anand\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\photodex presenter\npPxPlay.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 750
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-7-22 130936]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-5-14 731840]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-5-11 54760]
R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [2012-1-28 49240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 {E2B953A7-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-B;c:\windows\system32\drivers\wA301b.sys [1980-1-1 33847]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 GoogleDesktopManager-060409-093314;Google Desktop Manager 5.9.906.4286;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-9-29 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-28 133104]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-7-22 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-7-22 1095560]
S3 VRSService;VRS Recording System;c:\program files\nch software\vrs\vrs.exe [2012-1-28 1248772]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-3-19 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 DiskSuiteService;PC Tools Disk Suite;c:\program files\pc tools disk suite\DSService.exe [2009-6-26 394560]
S4 gupdate1ca0f652340fd90;Google Update Service (gupdate1ca0f652340fd90);c:\program files\google\update\GoogleUpdate.exe [2009-7-28 133104]
.
=============== Created Last 30 ================
.
2012-02-04 23:20:59 -------- d-----w- C:\EmergencyUtils
2012-02-04 23:14:32 -------- d-----w- c:\program files\UPHClean
2012-01-28 09:05:55 -------- d-----w- c:\program files\NCH Software
2012-01-28 09:05:54 49240 ----a-w- c:\windows\system32\drivers\stdriver32.sys
2012-01-22 00:51:59 81920 ------r- c:\windows\bwUnin-6.1.4.36-8876480L.exe
2012-01-21 23:05:07 53248 ----a-r- c:\windows\system32\InstMed.exe
2012-01-21 21:55:58 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-01-21 21:54:57 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2012-01-21 21:54:55 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2012-01-21 20:24:26 -------- d-----w- c:\documents and settings\anand\local settings\application data\Temp
2012-01-21 19:29:48 -------- d-----w- C:\Anotopgc
2012-01-21 19:24:09 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-01-21 19:24:09 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-21 19:15:24 -------- d-----w- c:\documents and settings\anand\application data\uTorrent
2012-01-21 05:05:21 -------- d-----w- c:\documents and settings\all users\application data\PCDr
2012-01-21 05:03:17 -------- d-----w- c:\program files\Dell Support Center
2012-01-21 04:55:57 -------- d-----w- c:\documents and settings\anand\application data\PCDr
2012-01-21 02:20:33 -------- d-----w- c:\documents and settings\anand\application data\Intel
2012-01-21 02:16:10 -------- d-----w- c:\program files\common files\Intel
2012-01-21 01:55:52 -------- d-----w- c:\windows\tiinst1
2012-01-18 17:32:33 -------- d-----w- c:\windows\system32\wbem\Logs
2012-01-18 09:43:06 -------- d-----w- c:\program files\Temp File Cleaner
2012-01-18 08:11:04 -------- d-----w- c:\program files\SystemRequirementsLab
2012-01-11 05:11:32 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-11 05:11:32 45016 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-11 05:11:31 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-11 05:11:30 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-07 09:44:43 -------- d-----w- c:\documents and settings\all users\application data\anoto
2012-01-07 09:44:05 -------- d-----w- c:\program files\common files\Anoto
2012-01-07 09:43:23 -------- d-----w- c:\program files\Anoto
2012-01-07 09:41:33 -------- d-----w- c:\documents and settings\all users\application data\SafeNet Sentinel
2012-01-07 09:32:37 -------- d-----w- c:\program files\Vision Objects
2012-01-07 09:32:37 -------- d-----w- c:\documents and settings\all users\application data\Vision Objects
2012-01-07 09:18:20 -------- d-----w- c:\program files\Lifetrons
.
==================== Find3M ====================
.
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-15 04:54:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 14:56:23.92 ===============


----------------------------- DDS END -------------------------------
Attached Files
File Type: zip Ark_Attach.zip (6.8 KB, 47 views)
protocoder is offline  
Sponsored Links
Advertisement
 
Old 02-08-2012, 02:16 PM   #2
Security Manager
Analyst
Rangemaster, TSF Academy
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 39,536
OS: Windows 10 Pro

My System


Hi

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed. Note that if you do not respond within 5 days I shall no longer check this thread for replies.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.


IMPORTANT - for Windows Vista and Windows 7 start all tools by using right click > Run as Administrator.




Combofix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

A guide and tutorial on using ComboFix

Please read all the information carefully! If using Windows XP you should ensure you install the Recovery Console.

You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They may otherwise interfere with our tools and interrupt the cleansing process.

Please include the log C:\ComboFix.txt in your next reply for further review.
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.

PC Safety & Security::PC running a bit slow?::Photographers Corner

Glaswegian is offline  
Old 02-08-2012, 07:50 PM   #3
Registered Member
 
Join Date: Jun 2011
Posts: 74
OS: xp



Hello Iain,

Firstly Thanks a ton for support and valuable time. I have disabled the internet, I do not have the XP SP3 CD. Is there a way I can get the Microsoft Recovery Console for XP SP 3.

Thanks a lot.
Anand
protocoder is offline  
Sponsored Links
Advertisement
 
Old 02-08-2012, 11:29 PM   #4
Registered Member
 
Join Date: Jun 2011
Posts: 74
OS: xp



Hi Iain,

I connected to the Internet till I got my microsoft recovery tool is installed and I have successfully obtained the combofix log.

I wait for your further advice:

-------------------------------combofix log ----------------------------

ComboFix 12-02-08.02 - GR Anand 02/09/2012 18:31:01.1.1 - x86
Running from: c:\documents and settings\GR Anand\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\DirectCDUserNameD.txt
c:\documents and settings\All Users\Application Data\QSLLPSVCShare
c:\documents and settings\GR Anand\Application Data\PriceGong
c:\documents and settings\GR Anand\Application Data\PriceGong\Data\1.xml
c:\documents and settings\GR Anand\Application Data\PriceGong\Data\a.xml
c:\documents and settings\GR Anand\Application Data\PriceGong\Data\b.xml
c:\documents and settings\GR Anand\Application Data\PriceGong\Data\c.xml
c:\documents and settings\GR Anand\Application Data\PriceGong\Data\d.xml
c:\documents and settings\GR Anand\Application Data\PriceGong\Data\e.xml
c:\documents and settings\GR Anand\Application Data\PriceGong\Data\f.xml
c:\documents and settings\GR Anand\Application Data\PriceGong\Data\g.xml
c:\documents and settings\GR Anand\Application Data\PriceGong\Data\h.xml
c:\documents and settings\GR Anand\Application Data\PriceGong\Data\i.xml
c:\documents and settings\GR Anand\Application Data\PriceGong\Data\J.xml
c:\documents and settings\GR Anand\Application Data\PriceGong\Data\k.xml
c:\documents and settings\GR Anand\Application Data\PriceGong\Data\l.xml
c:\documents and settings\GR Anand\Application Data\PriceGong\Data\m.xml
c:\documents and settings\GR Anand\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\GR Anand\Application Data\PriceGong\Data\n.xml
c:\documents and settings\GR Anand\Application Data\PriceGong\Data\o.xml
c:\documents and settings\GR Anand\Application Data\PriceGong\Data\p.xml
c:\documents and settings\GR Anand\Application Data\PriceGong\Data\q.xml
c:\documents and settings\GR Anand\Application Data\PriceGong\Data\r.xml
c:\documents and settings\GR Anand\Application Data\PriceGong\Data\s.xml
c:\documents and settings\GR Anand\Application Data\PriceGong\Data\t.xml
c:\documents and settings\GR Anand\Application Data\PriceGong\Data\u.xml
c:\documents and settings\GR Anand\Application Data\PriceGong\Data\v.xml
c:\documents and settings\GR Anand\Application Data\PriceGong\Data\w.xml
c:\documents and settings\GR Anand\Application Data\PriceGong\Data\x.xml
c:\documents and settings\GR Anand\Application Data\PriceGong\Data\y.xml
c:\documents and settings\GR Anand\Application Data\PriceGong\Data\z.xml
c:\documents and settings\GR Anand\Error.log
c:\documents and settings\GR Anand\WINDOWS
c:\windows\bwUnin-6.1.4.36-8876480L.exe
c:\windows\bwUnin-6.1.4.68-8876480L.exe
c:\windows\Fonts\acrsec.fon
c:\windows\iun6002.exe
c:\windows\jestertb.dll
c:\windows\system32\roboot.exe
c:\windows\system32\zlibwapi.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-01-09 to 2012-02-09 )))))))))))))))))))))))))))))))
.
.
2012-02-08 23:45 . 2012-02-09 06:08 -------- d-----w- c:\windows\system32\wbem\Logs
2012-02-08 05:58 . 2012-02-08 05:58 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-08 05:57 . 2012-02-08 05:57 -------- d-----w- c:\program files\SigmaTel
2012-02-08 05:51 . 2012-02-08 05:51 -------- d-----w- C:\drvrtmp
2012-02-08 05:49 . 2012-02-08 05:49 -------- d-----w- c:\documents and settings\Savitha\Application Data\Intel
2012-02-08 05:49 . 2012-02-08 05:49 -------- d-----w- c:\documents and settings\Ramkishan\Application Data\Intel
2012-02-08 05:49 . 2012-02-08 05:49 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel
2012-02-08 05:49 . 2012-02-08 05:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\Intel
2012-02-08 05:49 . 2012-02-08 05:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intel
2012-02-08 05:45 . 2012-02-08 05:45 -------- d-----w- C:\Anotopgc
2012-02-08 05:45 . 2012-02-08 05:45 -------- d-----w- c:\program files\Common Files\FotoWire
2012-02-08 05:45 . 2012-02-08 05:45 -------- d-----w- c:\documents and settings\GR Anand\Application Data\FotoWire
2012-02-08 05:44 . 2012-02-08 05:44 -------- d-----w- c:\program files\Common Files\snct511
2012-02-04 23:14 . 2012-02-08 05:27 -------- d-----w- c:\program files\UPHClean
2012-01-28 09:08 . 2012-01-28 09:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2012-01-28 09:08 . 2012-01-28 09:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2012-01-28 09:05 . 2012-01-28 09:05 -------- d-----w- c:\documents and settings\GR Anand\Application Data\NCH Swift Sound
2012-01-21 19:15 . 2012-02-08 05:55 -------- d-----w- c:\documents and settings\GR Anand\Application Data\uTorrent(2)
2012-01-21 09:32 . 2010-06-01 15:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-01-21 09:32 . 2010-06-01 15:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-01-21 09:32 . 2010-06-01 15:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2012-01-21 09:32 . 2010-05-25 22:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-01-21 09:32 . 2010-05-25 22:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-01-21 09:32 . 2010-05-25 22:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-01-21 09:32 . 2010-05-25 22:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-01-21 09:32 . 2010-05-25 22:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-01-21 09:32 . 2010-02-03 21:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2012-01-21 09:32 . 2010-02-03 21:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2012-01-21 09:31 . 2010-02-03 21:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2012-01-21 09:31 . 2010-02-03 21:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2012-01-21 09:31 . 2009-09-04 04:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2012-01-21 09:31 . 2009-09-04 04:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2012-01-21 09:31 . 2009-09-04 04:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2012-01-21 09:31 . 2009-09-04 04:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2012-01-21 09:31 . 2009-09-04 04:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2012-01-21 09:31 . 2009-09-04 04:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-01-21 09:31 . 2009-09-04 04:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2012-01-21 09:31 . 2009-03-09 02:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2012-01-21 09:31 . 2009-03-09 02:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2012-01-21 09:31 . 2009-03-09 02:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2012-01-21 09:30 . 2009-09-04 04:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-01-21 09:30 . 2009-03-16 01:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2012-01-21 09:30 . 2009-03-16 01:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2012-01-21 09:30 . 2009-03-16 01:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2012-01-21 05:05 . 2012-01-21 05:05 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr
2012-01-21 05:03 . 2012-02-08 05:52 -------- d-----w- c:\program files\Dell Support Center
2012-01-21 04:55 . 2012-01-21 04:56 -------- d-----w- c:\documents and settings\GR Anand\Application Data\PCDr
2012-01-21 03:27 . 2005-09-19 21:31 135168 ----a-w- c:\windows\system32\igfxres.dll
2012-01-21 03:07 . 2007-03-16 05:10 770048 ----a-w- c:\windows\system32\BCMLogon.dll
2012-01-21 03:07 . 2007-03-16 05:10 33664 ----a-w- c:\windows\system32\drivers\BCMWLNPF.SYS
2012-01-21 03:07 . 2007-03-16 05:10 86016 ----a-w- c:\windows\system32\preflib.dll
2012-01-21 03:07 . 2007-03-16 05:10 44032 ----a-w- c:\windows\system32\wltrynt.dll
2012-01-21 03:07 . 2007-03-16 05:10 253952 ----a-w- c:\windows\system32\bcmwlu00.exe
2012-01-21 03:07 . 2007-03-16 05:10 20480 ----a-w- c:\windows\system32\WLTRYSVC.EXE
2012-01-21 03:07 . 2007-03-16 05:10 1392640 ----a-w- c:\windows\system32\WLTRAY.EXE
2012-01-21 03:07 . 2007-03-16 05:10 69632 ----a-w- c:\windows\system32\bcmwlpkt.dll
2012-01-21 03:07 . 2007-03-16 05:10 1253376 ----a-w- c:\windows\system32\BCMWLTRY.EXE
2012-01-21 03:07 . 2007-03-16 05:10 3395584 ----a-w- c:\windows\system32\BCMWLCPL.CPL
2012-01-21 03:07 . 2007-03-16 05:10 2129920 ----a-w- c:\windows\system32\WLBCGCBPRO731.DLL
2012-01-21 03:07 . 2007-03-16 05:10 757760 ----a-w- c:\windows\system32\bcm1xsup.dll
2012-01-21 03:05 . 2006-06-28 23:12 172032 ----a-w- c:\windows\system32\NicConfigSvc.cpl
2012-01-21 03:05 . 2005-12-04 21:54 307200 ----a-w- c:\windows\system32\BMAPI.dll
2012-01-21 03:03 . 2005-08-12 04:50 16128 ----a-w- c:\windows\system32\drivers\APPDRV.SYS
2012-01-21 03:01 . 2003-01-05 17:44 434252 ----a-w- c:\windows\system32\MSVCRTD.dll
2012-01-21 03:00 . 2004-10-21 13:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2012-01-21 03:00 . 2004-10-21 13:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2012-01-21 03:00 . 2004-10-21 13:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2012-01-21 03:00 . 2004-10-21 13:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2012-01-21 03:00 . 2004-10-21 13:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-01-21 03:00 . 2012-01-21 03:00 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2012-01-21 03:00 . 2012-01-21 03:00 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2012-01-21 02:44 . 2004-04-26 03:16 43539 ----a-w- c:\windows\system32\drivers\btwhid.sys
2012-01-21 02:20 . 2012-01-21 02:20 -------- d-----w- c:\documents and settings\GR Anand\Application Data\Intel
2012-01-21 02:18 . 2009-11-10 15:26 557056 ----a-w- c:\windows\system32\Netw2c32.dll
2012-01-21 02:18 . 2009-11-10 15:26 2732032 ----a-w- c:\windows\system32\Netw2r32.dll
2012-01-21 02:18 . 2009-11-10 15:26 2216064 ----a-w- c:\windows\system32\drivers\w29n51.sys
2012-01-21 02:16 . 2012-01-21 02:16 -------- d-----w- c:\program files\Common Files\Intel
2012-01-21 02:16 . 2012-01-21 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2012-01-21 02:04 . 2012-01-21 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2012-01-21 01:55 . 2012-02-08 05:48 -------- d-----w- c:\windows\tiinst1
2012-01-21 01:38 . 2012-01-21 01:38 5120 ----a-w- c:\windows\DellBIOS.Sys
2012-01-18 09:43 . 2012-01-18 09:43 -------- d-----w- c:\program files\Temp File Cleaner
2012-01-18 08:11 . 2012-01-18 08:11 -------- d-----w- c:\program files\SystemRequirementsLab
2012-01-18 08:08 . 2012-01-18 08:08 -------- d-----w- c:\documents and settings\GR Anand\Application Data\SystemRequirementsLab
2012-01-11 05:11 . 2012-01-29 15:55 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-11 05:11 . 2012-01-29 13:36 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-11 05:11 . 2012-01-29 13:36 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-11 05:11 . 2012-01-29 13:36 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2002-11-01 01:26 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2003-09-25 00:35 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-03-19 08:41 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2005-11-26 14:19 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-03-29 11:48 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-15 04:54 . 2011-05-20 10:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-29 15:55 . 2011-10-06 07:31 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-09-29 08:44 . 2009-09-29 08:44 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-28 1032192]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [N/A]
BTTray.lnk - c:\program files\Dell\Bluetooth Software\BTTray.exe [2004-4-26 561213]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-9-28 24576]
Windows Desktop Search.lnk - c:\program files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe [N/A]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2004-10-19 118784]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-12 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 00:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-01-13 06:17 110592 ----a-w- c:\windows\SYSTEM32\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2009-11-03 02:35 1202448 ----a-w- c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Dell QuickSet"=c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\GR Anand\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\GR Anand\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\data\\applications\\Messenger\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\hasplms.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [7/22/2009 11:00 PM 130936]
R1 ehdrv;ehdrv;c:\windows\SYSTEM32\DRIVERS\ehdrv.sys [5/14/2009 3:47 PM 107256]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 12:01 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 12:01 PM 72944]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [5/14/2009 3:47 PM 731840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 {E2B953A7-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-B;c:\windows\SYSTEM32\DRIVERS\wA301b.sys [1/1/1980 4:00 AM 33847]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [6/2/2011 10:08 AM 11336]
S3 DellBIOS;DellBIOS;c:\windows\DellBIOS.Sys [1/21/2012 2:38 PM 5120]
S3 GoogleDesktopManager-060409-093314;Google Desktop Manager 5.9.906.4286;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/29/2009 9:44 PM 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/28/2009 10:23 PM 133104]
S3 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\Dell Support Center\pcdsrvc.pkms [12/14/2011 2:36 PM 21744]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 12:01 PM 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/22/2009 10:59 PM 348752]
S3 SNCT511;PC Camera (6005 CIF);c:\windows\SYSTEM32\DRIVERS\snct511.sys [1/1/2005 4:21 PM 219136]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [3/19/2004 9:43 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 DiskSuiteService;PC Tools Disk Suite;c:\program files\PC Tools Disk Suite\DSService.exe [6/26/2009 8:16 PM 394560]
S4 gupdate1ca0f652340fd90;Google Update Service (gupdate1ca0f652340fd90);c:\program files\Google\Update\GoogleUpdate.exe [7/28/2009 10:23 PM 133104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2009-10-12 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 01:31]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-28 09:23]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-28 09:23]
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-225981888-670243166-1388584890-1005Core.job
- c:\documents and settings\GR Anand\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-17 07:37]
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-225981888-670243166-1388584890-1005UA.job
- c:\documents and settings\GR Anand\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-17 07:37]
.
2012-02-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-225981888-670243166-1388584890-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 09:09]
.
2012-02-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-225981888-670243166-1388584890-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 09:09]
.
2012-02-09 c:\windows\Tasks\User_Feed_Synchronization-{08E708A2-C53B-475C-86F1-1E4C3451415D}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 16:31]
.
2009-10-12 c:\windows\Tasks\vlc.job
- c:\program files\VideoLAN\VLC\vlc.exe [2005-06-25 15:07]
.
2009-10-12 c:\windows\Tasks\wmplayer.job
- c:\program files\Windows Media Player\wmplayer.exe [2003-04-11 16:16]
.
.
------- Supplementary Scan -------
.
uStart Page = mail.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*Yahoo! SearchBar Home Page
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*Yahoo!
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\Dell\Bluetooth Software\btsendto_ie_ctx.htm
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: funpeeps.com\www
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
FF - ProfilePath - c:\documents and settings\GR Anand\Application Data\Mozilla\Firefox\Profiles\0hp50axf.default\
FF - prefs.js: browser.search.selectedEngine - delicious
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 750
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-PalTalk6_alpha_6.73.1.1 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
disk not found C:\
.
please note that you need administrator rights to perform deep scan
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1176)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\System32\LgNotify.dll
.
- - - - - - - > 'explorer.exe'(3536)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ZCfgSvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\msdtc.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\documents and settings\GR Anand\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2012-02-09 19:18:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-09 06:18
.
Pre-Run: 20,976,398,336 bytes free
Post-Run: 21,073,612,800 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut
.
- - End Of File - - 2269B05372333C0EFBE71B3BCF943660


--------------------------------- End of Log -------------------------
protocoder is offline  
Old 02-09-2012, 01:54 PM   #5
Security Manager
Analyst
Rangemaster, TSF Academy
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 39,536
OS: Windows 10 Pro

My System


Hi again

That looks better – how is your system running now?


Download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Full Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results. Note that the full scan may take quite some time.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Save it to your desktop.
Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.

PC Safety & Security::PC running a bit slow?::Photographers Corner

Glaswegian is offline  
Old 02-10-2012, 12:42 AM   #6
Registered Member
 
Join Date: Jun 2011
Posts: 74
OS: xp



Hi Iain,

Thank you a lot. I still have problems 1 and 2 mentioned in my first post. I am not sure how to solve them. The good news is that I got my Idle task back in the Task manager so CPU usage is not 100%.

Here is the log of Malwarebyte logs. I notice that it returned with zero issues. I wait for your advice.

-------------------------- Malwarebyte logs ----------------------------
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: v2012.02.10.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Anand :: ANAND [administrator]

Protection: Enabled

2/10/2012 617 PM
mbam-log-2012-02-10 (18-06-17).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 342345
Time elapsed: 2 hour(s), 15 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


--------------------------------END-------------------------------------
protocoder is offline  
Old 02-10-2012, 03:04 PM   #7
Security Manager
Analyst
Rangemaster, TSF Academy
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 39,536
OS: Windows 10 Pro

My System


Hi again

Good that MBAM was clean. Letís see if we can help with some of the other issues.


Combofix
  • Close any open browsers.
  • Open notepad and copy/paste the text in the box below into it:

Code:
ClearJavaCache::

DDS::
uPolicies-system: NoColorChoice
uPolicies-system: NoSizeChoice
uPolicies-system: NoVisualStyleChoice
uPolicies-system: SetVisualStyle
Looking at the image below as an example



Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript onto ComboFix.exe.

If you receive a prompt saying there is an updated version of ComboFix available, please allow it to update.

When finished, it will produce a log for you at "C:\ComboFix.txt"

Do not mouseclick combofix's window whilst it's running. This may cause it to stall.

CAUTION! Anyone else thinking of using the above script does so at their own risk - you may end up having to re-install Windows!


Please post the log C:\ComboFix.txt for further review.
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.

PC Safety & Security::PC running a bit slow?::Photographers Corner

Glaswegian is offline  
Old 02-10-2012, 07:02 PM   #8
Registered Member
 
Join Date: Jun 2011
Posts: 74
OS: xp



Hi Iain,

Thank you very much. I have got the log file from a command file. Please advice me.
--------------------------------------------------------------------------
ComboFix 12-02-08.02 - GR Anand 02/11/2012 13:43:48.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.625 [GMT 13:00]
Running from: c:\documents and settings\GR Anand\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\GR Anand\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\QSLLPSVCShare
c:\documents and settings\GR Anand\Error.log
c:\windows\_iserr31.ini
c:\windows\bwUnin-6.1.4.36-8876480L.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-11 to 2012-02-11 )))))))))))))))))))))))))))))))
.
.
2012-02-10 22:58 . 2005-05-27 09:19 106496 ----a-r- c:\windows\system32\lvcoinst.dll
2012-02-10 22:58 . 2005-05-27 09:36 372736 ----a-r- c:\windows\system32\LVUI2RC.dll
2012-02-10 22:58 . 2005-05-27 09:31 22016 ----a-r- c:\windows\system32\drivers\LVUSBSta.sys
2012-02-10 22:58 . 2005-05-27 09:29 204800 ----a-r- c:\windows\system32\LVUI2.dll
2012-02-10 22:58 . 2005-05-27 09:26 204800 ----a-r- c:\windows\system32\lvcodec2.dll
2012-02-10 22:58 . 2005-05-27 09:23 2180096 ----a-r- c:\windows\system32\drivers\lvsvf2.sys
2012-02-10 22:58 . 2005-05-27 09:32 1317152 ----a-r- c:\windows\system32\drivers\lvcm.sys
2012-02-10 22:52 . 2012-02-10 22:52 -------- d-----w- c:\windows\_ISTMP1.DIR
2012-02-08 23:45 . 2012-02-09 06:08 -------- d-----w- c:\windows\system32\wbem\Logs
2012-02-08 05:58 . 2012-02-08 05:58 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-08 05:57 . 2012-02-08 05:57 -------- d-----w- c:\program files\SigmaTel
2012-02-08 05:51 . 2012-02-08 05:51 -------- d-----w- C:\drvrtmp
2012-02-08 05:49 . 2012-02-08 05:49 -------- d-----w- c:\documents and settings\Savitha\Application Data\Intel
2012-02-08 05:49 . 2012-02-08 05:49 -------- d-----w- c:\documents and settings\Ramkishan\Application Data\Intel
2012-02-08 05:49 . 2012-02-08 05:49 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel
2012-02-08 05:49 . 2012-02-08 05:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\Intel
2012-02-08 05:49 . 2012-02-08 05:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intel
2012-02-08 05:45 . 2012-02-08 05:45 -------- d-----w- C:\Anotopgc
2012-02-08 05:45 . 2012-02-08 05:45 -------- d-----w- c:\program files\Common Files\FotoWire
2012-02-08 05:45 . 2012-02-08 05:45 -------- d-----w- c:\documents and settings\GR Anand\Application Data\FotoWire
2012-02-08 05:44 . 2012-02-08 05:44 -------- d-----w- c:\program files\Common Files\snct511
2012-02-04 23:14 . 2012-02-08 05:27 -------- d-----w- c:\program files\UPHClean
2012-01-28 09:08 . 2012-01-28 09:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2012-01-28 09:08 . 2012-01-28 09:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2012-01-28 09:05 . 2012-01-28 09:05 -------- d-----w- c:\documents and settings\GR Anand\Application Data\NCH Swift Sound
2012-01-21 19:15 . 2012-02-08 05:55 -------- d-----w- c:\documents and settings\GR Anand\Application Data\uTorrent(2)
2012-01-21 09:32 . 2010-06-01 15:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-01-21 09:32 . 2010-06-01 15:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-01-21 09:32 . 2010-06-01 15:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2012-01-21 09:32 . 2010-05-25 22:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-01-21 09:32 . 2010-05-25 22:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-01-21 09:32 . 2010-05-25 22:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-01-21 09:32 . 2010-05-25 22:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-01-21 09:32 . 2010-05-25 22:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-01-21 09:32 . 2010-02-03 21:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2012-01-21 09:32 . 2010-02-03 21:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2012-01-21 09:31 . 2010-02-03 21:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2012-01-21 09:31 . 2010-02-03 21:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2012-01-21 09:31 . 2009-09-04 04:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2012-01-21 09:31 . 2009-09-04 04:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2012-01-21 09:31 . 2009-09-04 04:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2012-01-21 09:31 . 2009-09-04 04:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2012-01-21 09:31 . 2009-09-04 04:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2012-01-21 09:31 . 2009-09-04 04:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-01-21 09:31 . 2009-09-04 04:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2012-01-21 09:31 . 2009-03-09 02:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2012-01-21 09:31 . 2009-03-09 02:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2012-01-21 09:31 . 2009-03-09 02:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2012-01-21 09:30 . 2009-09-04 04:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-01-21 09:30 . 2009-03-16 01:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2012-01-21 09:30 . 2009-03-16 01:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2012-01-21 09:30 . 2009-03-16 01:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2012-01-21 05:05 . 2012-01-21 05:05 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr
2012-01-21 05:03 . 2012-02-08 05:52 -------- d-----w- c:\program files\Dell Support Center
2012-01-21 04:55 . 2012-01-21 04:56 -------- d-----w- c:\documents and settings\GR Anand\Application Data\PCDr
2012-01-21 03:27 . 2005-09-19 21:31 135168 ----a-w- c:\windows\system32\igfxres.dll
2012-01-21 03:07 . 2007-03-16 05:10 770048 ----a-w- c:\windows\system32\BCMLogon.dll
2012-01-21 03:07 . 2007-03-16 05:10 33664 ----a-w- c:\windows\system32\drivers\BCMWLNPF.SYS
2012-01-21 03:07 . 2007-03-16 05:10 86016 ----a-w- c:\windows\system32\preflib.dll
2012-01-21 03:07 . 2007-03-16 05:10 44032 ----a-w- c:\windows\system32\wltrynt.dll
2012-01-21 03:07 . 2007-03-16 05:10 253952 ----a-w- c:\windows\system32\bcmwlu00.exe
2012-01-21 03:07 . 2007-03-16 05:10 20480 ----a-w- c:\windows\system32\WLTRYSVC.EXE
2012-01-21 03:07 . 2007-03-16 05:10 1392640 ----a-w- c:\windows\system32\WLTRAY.EXE
2012-01-21 03:07 . 2007-03-16 05:10 69632 ----a-w- c:\windows\system32\bcmwlpkt.dll
2012-01-21 03:07 . 2007-03-16 05:10 1253376 ----a-w- c:\windows\system32\BCMWLTRY.EXE
2012-01-21 03:07 . 2007-03-16 05:10 3395584 ----a-w- c:\windows\system32\BCMWLCPL.CPL
2012-01-21 03:07 . 2007-03-16 05:10 2129920 ----a-w- c:\windows\system32\WLBCGCBPRO731.DLL
2012-01-21 03:07 . 2007-03-16 05:10 757760 ----a-w- c:\windows\system32\bcm1xsup.dll
2012-01-21 03:05 . 2006-06-28 23:12 172032 ----a-w- c:\windows\system32\NicConfigSvc.cpl
2012-01-21 03:05 . 2005-12-04 21:54 307200 ----a-w- c:\windows\system32\BMAPI.dll
2012-01-21 03:03 . 2005-08-12 04:50 16128 ----a-w- c:\windows\system32\drivers\APPDRV.SYS
2012-01-21 03:01 . 2003-01-05 17:44 434252 ----a-w- c:\windows\system32\MSVCRTD.dll
2012-01-21 03:00 . 2004-10-21 13:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2012-01-21 03:00 . 2004-10-21 13:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2012-01-21 03:00 . 2004-10-21 13:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2012-01-21 03:00 . 2004-10-21 13:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2012-01-21 03:00 . 2004-10-21 13:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-01-21 03:00 . 2012-01-21 03:00 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2012-01-21 03:00 . 2012-01-21 03:00 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2012-01-21 02:44 . 2004-04-26 03:16 43539 ----a-w- c:\windows\system32\drivers\btwhid.sys
2012-01-21 02:20 . 2012-01-21 02:20 -------- d-----w- c:\documents and settings\GR Anand\Application Data\Intel
2012-01-21 02:18 . 2009-11-10 15:26 557056 ----a-w- c:\windows\system32\Netw2c32.dll
2012-01-21 02:18 . 2009-11-10 15:26 2732032 ----a-w- c:\windows\system32\Netw2r32.dll
2012-01-21 02:18 . 2009-11-10 15:26 2216064 ----a-w- c:\windows\system32\drivers\w29n51.sys
2012-01-21 02:16 . 2012-01-21 02:16 -------- d-----w- c:\program files\Common Files\Intel
2012-01-21 02:16 . 2012-01-21 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2012-01-21 02:04 . 2012-01-21 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2012-01-21 01:55 . 2012-02-08 05:48 -------- d-----w- c:\windows\tiinst1
2012-01-21 01:38 . 2012-01-21 01:38 5120 ----a-w- c:\windows\DellBIOS.Sys
2012-01-18 09:43 . 2012-01-18 09:43 -------- d-----w- c:\program files\Temp File Cleaner
2012-01-18 08:11 . 2012-01-18 08:11 -------- d-----w- c:\program files\SystemRequirementsLab
2012-01-18 08:08 . 2012-01-18 08:08 -------- d-----w- c:\documents and settings\GR Anand\Application Data\SystemRequirementsLab
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-10 05:05 . 2011-05-11 06:31 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-12-10 02:24 . 2011-05-11 06:31 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2002-11-01 01:26 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2003-09-25 00:35 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-03-19 08:41 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2005-11-26 14:19 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-03-29 11:48 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-15 04:54 . 2011-05-20 10:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-29 15:55 . 2011-10-06 07:31 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-09-29 08:44 . 2009-09-29 08:44 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((( [email protected]_06.08.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-11 01:13 . 2012-02-11 01:13 16384 c:\windows\Temp\Perflib_Perfdata_770.dat
+ 2012-02-11 00:41 . 2012-02-11 00:41 16384 c:\windows\Temp\Perflib_Perfdata_1b0.dat
+ 2012-02-10 22:36 . 2005-06-08 01:38 90112 c:\windows\SYSTEM32\LQCUI2.dll
+ 2012-02-10 22:36 . 2005-06-08 01:31 78336 c:\windows\SYSTEM32\lffax12n.dll
+ 2012-02-10 22:36 . 2005-06-08 01:31 30720 c:\windows\SYSTEM32\lfbmp12n.dll
+ 2012-02-10 22:52 . 2012-02-10 22:52 53248 c:\windows\_ISTMP1.DIR\ZDataI51.dll
+ 2012-02-10 22:52 . 2012-02-10 22:52 46592 c:\windows\_ISTMP1.DIR\_WUTL951.DLL
+ 2012-02-10 22:48 . 2012-02-10 22:48 8854 c:\windows\Installer\{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}\MainApp.exe
+ 2012-02-10 22:58 . 2005-05-27 09:29 159744 c:\windows\TWAIN_32\QuickCam\lvWIAext.dll
+ 2012-02-10 22:36 . 2005-06-08 01:41 466944 c:\windows\SYSTEM32\QCUI2.dll
+ 2012-02-10 22:36 . 2005-06-08 01:31 215552 c:\windows\SYSTEM32\Lvkrn12n.dll
+ 2012-02-10 22:36 . 2005-06-08 01:31 856064 c:\windows\SYSTEM32\Ltwvc12n.dll
+ 2012-02-10 22:36 . 2005-06-08 01:31 406016 c:\windows\SYSTEM32\ltkrn12n.dll
+ 2012-02-10 22:36 . 2005-06-08 01:31 164864 c:\windows\SYSTEM32\ltimg12n.dll
+ 2012-02-10 22:36 . 2005-06-08 01:31 131072 c:\windows\SYSTEM32\ltfil12n.DLL
+ 2012-02-10 22:36 . 2005-06-08 01:31 207872 c:\windows\SYSTEM32\ltefx12n.dll
+ 2012-02-10 22:36 . 2005-06-08 01:31 259072 c:\windows\SYSTEM32\LTDIS12n.dll
+ 2012-02-10 22:36 . 2005-06-08 01:31 141312 c:\windows\SYSTEM32\lftif12n.dll
+ 2012-02-10 22:36 . 2005-06-08 01:31 328704 c:\windows\SYSTEM32\LFCMP12n.DLL
+ 2012-02-10 22:36 . 2005-06-08 02:12 462848 c:\windows\SYSTEM32\LCamCpl.dll
+ 2012-02-10 22:48 . 2012-02-10 22:48 4857856 c:\windows\Installer\82202b.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2012-02-10 16384]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-28 1032192]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
"LogitechImageStudioTray"="c:\program files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [N/A]
BTTray.lnk - c:\program files\Dell\Bluetooth Software\BTTray.exe [2004-4-26 561213]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-9-28 24576]
Windows Desktop Search.lnk - c:\program files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe [N/A]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2004-10-19 118784]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2012-2-11 169472]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-12 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 00:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-01-13 06:17 110592 ----a-w- c:\windows\SYSTEM32\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2009-11-03 02:35 1202448 ----a-w- c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Dell QuickSet"=c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\GR Anand\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\GR Anand\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\data\\applications\\Messenger\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\hasplms.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [7/22/2009 11:00 PM 130936]
R1 ehdrv;ehdrv;c:\windows\SYSTEM32\DRIVERS\ehdrv.sys [5/14/2009 3:47 PM 107256]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 12:01 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 12:01 PM 72944]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [5/14/2009 3:47 PM 731840]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/11/2011 7:31 PM 652360]
R3 MBAMProtector;MBAMProtector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [5/11/2011 7:31 PM 20464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 {E2B953A7-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-B;c:\windows\SYSTEM32\DRIVERS\wA301b.sys [1/1/1980 4:00 AM 33847]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [6/2/2011 10:08 AM 11336]
S3 DellBIOS;DellBIOS;c:\windows\DellBIOS.Sys [1/21/2012 2:38 PM 5120]
S3 GoogleDesktopManager-060409-093314;Google Desktop Manager 5.9.906.4286;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/29/2009 9:44 PM 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/28/2009 10:23 PM 133104]
S3 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys [5/11/2011 7:31 PM 40776]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\Dell Support Center\pcdsrvc.pkms [12/14/2011 2:36 PM 21744]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 12:01 PM 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/22/2009 10:59 PM 348752]
S3 SNCT511;PC Camera (6005 CIF);c:\windows\SYSTEM32\DRIVERS\snct511.sys [1/1/2005 4:21 PM 219136]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [3/19/2004 9:43 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 DiskSuiteService;PC Tools Disk Suite;c:\program files\PC Tools Disk Suite\DSService.exe [6/26/2009 8:16 PM 394560]
S4 gupdate1ca0f652340fd90;Google Update Service (gupdate1ca0f652340fd90);c:\program files\Google\Update\GoogleUpdate.exe [7/28/2009 10:23 PM 133104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2009-10-12 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 01:31]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-28 09:23]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-28 09:23]
.
2012-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-225981888-670243166-1388584890-1005Core.job
- c:\documents and settings\GR Anand\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-17 07:37]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-225981888-670243166-1388584890-1005UA.job
- c:\documents and settings\GR Anand\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-17 07:37]
.
2012-02-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-225981888-670243166-1388584890-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 09:09]
.
2012-02-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-225981888-670243166-1388584890-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 09:09]
.
2012-02-11 c:\windows\Tasks\User_Feed_Synchronization-{08E708A2-C53B-475C-86F1-1E4C3451415D}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 16:31]
.
2009-10-12 c:\windows\Tasks\vlc.job
- c:\program files\VideoLAN\VLC\vlc.exe [2005-06-25 15:07]
.
2009-10-12 c:\windows\Tasks\wmplayer.job
- c:\program files\Windows Media Player\wmplayer.exe [2003-04-11 16:16]
.
.
------- Supplementary Scan -------
.
uStart Page = mail.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*Yahoo! SearchBar Home Page
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*Yahoo!
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\Dell\Bluetooth Software\btsendto_ie_ctx.htm
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: funpeeps.com\www
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
FF - ProfilePath - c:\documents and settings\GR Anand\Application Data\Mozilla\Firefox\Profiles\0hp50axf.default\
FF - prefs.js: browser.search.selectedEngine - delicious
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 750
.
.
**************************************************************************
.
disk not found C:\
.
please note that you need administrator rights to perform deep scan
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1168)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\System32\LgNotify.dll
c:\windows\system32\netprovcredman.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(1944)
c:\windows\system32\WININET.dll
c:\docume~1\GRANAN~1\LOCALS~1\TempIadHide3.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ZCfgSvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\msdtc.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Logitech\ImageStudio\LowLight.exe
c:\program files\Logitech\Video\FxSvr2.exe
.
**************************************************************************
.
Completion time: 2012-02-11 14:28:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-11 01:28
ComboFix2.txt 2012-02-09 06:18
.
Pre-Run: 20,958,330,880 bytes free
Post-Run: 20,955,729,920 bytes free
.
- - End Of File - - 605D1F149A596752BC3D4AFCE40024D8
ComboFix 12-02-08.02 - GR Anand 02/11/2012 13:43:48.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.625 [GMT 13:00]
Running from: c:\documents and settings\GR Anand\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\GR Anand\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\QSLLPSVCShare
c:\documents and settings\GR Anand\Error.log
c:\windows\_iserr31.ini
c:\windows\bwUnin-6.1.4.36-8876480L.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-11 to 2012-02-11 )))))))))))))))))))))))))))))))
.
.
2012-02-10 22:58 . 2005-05-27 09:19 106496 ----a-r- c:\windows\system32\lvcoinst.dll
2012-02-10 22:58 . 2005-05-27 09:36 372736 ----a-r- c:\windows\system32\LVUI2RC.dll
2012-02-10 22:58 . 2005-05-27 09:31 22016 ----a-r- c:\windows\system32\drivers\LVUSBSta.sys
2012-02-10 22:58 . 2005-05-27 09:29 204800 ----a-r- c:\windows\system32\LVUI2.dll
2012-02-10 22:58 . 2005-05-27 09:26 204800 ----a-r- c:\windows\system32\lvcodec2.dll
2012-02-10 22:58 . 2005-05-27 09:23 2180096 ----a-r- c:\windows\system32\drivers\lvsvf2.sys
2012-02-10 22:58 . 2005-05-27 09:32 1317152 ----a-r- c:\windows\system32\drivers\lvcm.sys
2012-02-10 22:52 . 2012-02-10 22:52 -------- d-----w- c:\windows\_ISTMP1.DIR
2012-02-08 23:45 . 2012-02-09 06:08 -------- d-----w- c:\windows\system32\wbem\Logs
2012-02-08 05:58 . 2012-02-08 05:58 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-08 05:57 . 2012-02-08 05:57 -------- d-----w- c:\program files\SigmaTel
2012-02-08 05:51 . 2012-02-08 05:51 -------- d-----w- C:\drvrtmp
2012-02-08 05:49 . 2012-02-08 05:49 -------- d-----w- c:\documents and settings\Savitha\Application Data\Intel
2012-02-08 05:49 . 2012-02-08 05:49 -------- d-----w- c:\documents and settings\Ramkishan\Application Data\Intel
2012-02-08 05:49 . 2012-02-08 05:49 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel
2012-02-08 05:49 . 2012-02-08 05:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\Intel
2012-02-08 05:49 . 2012-02-08 05:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intel
2012-02-08 05:45 . 2012-02-08 05:45 -------- d-----w- C:\Anotopgc
2012-02-08 05:45 . 2012-02-08 05:45 -------- d-----w- c:\program files\Common Files\FotoWire
2012-02-08 05:45 . 2012-02-08 05:45 -------- d-----w- c:\documents and settings\GR Anand\Application Data\FotoWire
2012-02-08 05:44 . 2012-02-08 05:44 -------- d-----w- c:\program files\Common Files\snct511
2012-02-04 23:14 . 2012-02-08 05:27 -------- d-----w- c:\program files\UPHClean
2012-01-28 09:08 . 2012-01-28 09:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2012-01-28 09:08 . 2012-01-28 09:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2012-01-28 09:05 . 2012-01-28 09:05 -------- d-----w- c:\documents and settings\GR Anand\Application Data\NCH Swift Sound
2012-01-21 19:15 . 2012-02-08 05:55 -------- d-----w- c:\documents and settings\GR Anand\Application Data\uTorrent(2)
2012-01-21 09:32 . 2010-06-01 15:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-01-21 09:32 . 2010-06-01 15:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-01-21 09:32 . 2010-06-01 15:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2012-01-21 09:32 . 2010-05-25 22:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-01-21 09:32 . 2010-05-25 22:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-01-21 09:32 . 2010-05-25 22:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-01-21 09:32 . 2010-05-25 22:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-01-21 09:32 . 2010-05-25 22:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-01-21 09:32 . 2010-02-03 21:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2012-01-21 09:32 . 2010-02-03 21:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2012-01-21 09:31 . 2010-02-03 21:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2012-01-21 09:31 . 2010-02-03 21:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2012-01-21 09:31 . 2009-09-04 04:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2012-01-21 09:31 . 2009-09-04 04:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2012-01-21 09:31 . 2009-09-04 04:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2012-01-21 09:31 . 2009-09-04 04:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2012-01-21 09:31 . 2009-09-04 04:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2012-01-21 09:31 . 2009-09-04 04:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-01-21 09:31 . 2009-09-04 04:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2012-01-21 09:31 . 2009-03-09 02:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2012-01-21 09:31 . 2009-03-09 02:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2012-01-21 09:31 . 2009-03-09 02:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2012-01-21 09:30 . 2009-09-04 04:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-01-21 09:30 . 2009-03-16 01:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2012-01-21 09:30 . 2009-03-16 01:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2012-01-21 09:30 . 2009-03-16 01:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2012-01-21 05:05 . 2012-01-21 05:05 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr
2012-01-21 05:03 . 2012-02-08 05:52 -------- d-----w- c:\program files\Dell Support Center
2012-01-21 04:55 . 2012-01-21 04:56 -------- d-----w- c:\documents and settings\GR Anand\Application Data\PCDr
2012-01-21 03:27 . 2005-09-19 21:31 135168 ----a-w- c:\windows\system32\igfxres.dll
2012-01-21 03:07 . 2007-03-16 05:10 770048 ----a-w- c:\windows\system32\BCMLogon.dll
2012-01-21 03:07 . 2007-03-16 05:10 33664 ----a-w- c:\windows\system32\drivers\BCMWLNPF.SYS
2012-01-21 03:07 . 2007-03-16 05:10 86016 ----a-w- c:\windows\system32\preflib.dll
2012-01-21 03:07 . 2007-03-16 05:10 44032 ----a-w- c:\windows\system32\wltrynt.dll
2012-01-21 03:07 . 2007-03-16 05:10 253952 ----a-w- c:\windows\system32\bcmwlu00.exe
2012-01-21 03:07 . 2007-03-16 05:10 20480 ----a-w- c:\windows\system32\WLTRYSVC.EXE
2012-01-21 03:07 . 2007-03-16 05:10 1392640 ----a-w- c:\windows\system32\WLTRAY.EXE
2012-01-21 03:07 . 2007-03-16 05:10 69632 ----a-w- c:\windows\system32\bcmwlpkt.dll
2012-01-21 03:07 . 2007-03-16 05:10 1253376 ----a-w- c:\windows\system32\BCMWLTRY.EXE
2012-01-21 03:07 . 2007-03-16 05:10 3395584 ----a-w- c:\windows\system32\BCMWLCPL.CPL
2012-01-21 03:07 . 2007-03-16 05:10 2129920 ----a-w- c:\windows\system32\WLBCGCBPRO731.DLL
2012-01-21 03:07 . 2007-03-16 05:10 757760 ----a-w- c:\windows\system32\bcm1xsup.dll
2012-01-21 03:05 . 2006-06-28 23:12 172032 ----a-w- c:\windows\system32\NicConfigSvc.cpl
2012-01-21 03:05 . 2005-12-04 21:54 307200 ----a-w- c:\windows\system32\BMAPI.dll
2012-01-21 03:03 . 2005-08-12 04:50 16128 ----a-w- c:\windows\system32\drivers\APPDRV.SYS
2012-01-21 03:01 . 2003-01-05 17:44 434252 ----a-w- c:\windows\system32\MSVCRTD.dll
2012-01-21 03:00 . 2004-10-21 13:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2012-01-21 03:00 . 2004-10-21 13:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2012-01-21 03:00 . 2004-10-21 13:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2012-01-21 03:00 . 2004-10-21 13:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2012-01-21 03:00 . 2004-10-21 13:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-01-21 03:00 . 2012-01-21 03:00 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2012-01-21 03:00 . 2012-01-21 03:00 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2012-01-21 02:44 . 2004-04-26 03:16 43539 ----a-w- c:\windows\system32\drivers\btwhid.sys
2012-01-21 02:20 . 2012-01-21 02:20 -------- d-----w- c:\documents and settings\GR Anand\Application Data\Intel
2012-01-21 02:18 . 2009-11-10 15:26 557056 ----a-w- c:\windows\system32\Netw2c32.dll
2012-01-21 02:18 . 2009-11-10 15:26 2732032 ----a-w- c:\windows\system32\Netw2r32.dll
2012-01-21 02:18 . 2009-11-10 15:26 2216064 ----a-w- c:\windows\system32\drivers\w29n51.sys
2012-01-21 02:16 . 2012-01-21 02:16 -------- d-----w- c:\program files\Common Files\Intel
2012-01-21 02:16 . 2012-01-21 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2012-01-21 02:04 . 2012-01-21 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2012-01-21 01:55 . 2012-02-08 05:48 -------- d-----w- c:\windows\tiinst1
2012-01-21 01:38 . 2012-01-21 01:38 5120 ----a-w- c:\windows\DellBIOS.Sys
2012-01-18 09:43 . 2012-01-18 09:43 -------- d-----w- c:\program files\Temp File Cleaner
2012-01-18 08:11 . 2012-01-18 08:11 -------- d-----w- c:\program files\SystemRequirementsLab
2012-01-18 08:08 . 2012-01-18 08:08 -------- d-----w- c:\documents and settings\GR Anand\Application Data\SystemRequirementsLab
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-10 05:05 . 2011-05-11 06:31 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-12-10 02:24 . 2011-05-11 06:31 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2002-11-01 01:26 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2003-09-25 00:35 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-03-19 08:41 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2005-11-26 14:19 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-03-29 11:48 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-15 04:54 . 2011-05-20 10:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-29 15:55 . 2011-10-06 07:31 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-09-29 08:44 . 2009-09-29 08:44 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((( [email protected]_06.08.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-11 01:13 . 2012-02-11 01:13 16384 c:\windows\Temp\Perflib_Perfdata_770.dat
+ 2012-02-11 00:41 . 2012-02-11 00:41 16384 c:\windows\Temp\Perflib_Perfdata_1b0.dat
+ 2012-02-10 22:36 . 2005-06-08 01:38 90112 c:\windows\SYSTEM32\LQCUI2.dll
+ 2012-02-10 22:36 . 2005-06-08 01:31 78336 c:\windows\SYSTEM32\lffax12n.dll
+ 2012-02-10 22:36 . 2005-06-08 01:31 30720 c:\windows\SYSTEM32\lfbmp12n.dll
+ 2012-02-10 22:52 . 2012-02-10 22:52 53248 c:\windows\_ISTMP1.DIR\ZDataI51.dll
+ 2012-02-10 22:52 . 2012-02-10 22:52 46592 c:\windows\_ISTMP1.DIR\_WUTL951.DLL
+ 2012-02-10 22:48 . 2012-02-10 22:48 8854 c:\windows\Installer\{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}\MainApp.exe
+ 2012-02-10 22:58 . 2005-05-27 09:29 159744 c:\windows\TWAIN_32\QuickCam\lvWIAext.dll
+ 2012-02-10 22:36 . 2005-06-08 01:41 466944 c:\windows\SYSTEM32\QCUI2.dll
+ 2012-02-10 22:36 . 2005-06-08 01:31 215552 c:\windows\SYSTEM32\Lvkrn12n.dll
+ 2012-02-10 22:36 . 2005-06-08 01:31 856064 c:\windows\SYSTEM32\Ltwvc12n.dll
+ 2012-02-10 22:36 . 2005-06-08 01:31 406016 c:\windows\SYSTEM32\ltkrn12n.dll
+ 2012-02-10 22:36 . 2005-06-08 01:31 164864 c:\windows\SYSTEM32\ltimg12n.dll
+ 2012-02-10 22:36 . 2005-06-08 01:31 131072 c:\windows\SYSTEM32\ltfil12n.DLL
+ 2012-02-10 22:36 . 2005-06-08 01:31 207872 c:\windows\SYSTEM32\ltefx12n.dll
+ 2012-02-10 22:36 . 2005-06-08 01:31 259072 c:\windows\SYSTEM32\LTDIS12n.dll
+ 2012-02-10 22:36 . 2005-06-08 01:31 141312 c:\windows\SYSTEM32\lftif12n.dll
+ 2012-02-10 22:36 . 2005-06-08 01:31 328704 c:\windows\SYSTEM32\LFCMP12n.DLL
+ 2012-02-10 22:36 . 2005-06-08 02:12 462848 c:\windows\SYSTEM32\LCamCpl.dll
+ 2012-02-10 22:48 . 2012-02-10 22:48 4857856 c:\windows\Installer\82202b.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2012-02-10 16384]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-28 1032192]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
"LogitechImageStudioTray"="c:\program files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [N/A]
BTTray.lnk - c:\program files\Dell\Bluetooth Software\BTTray.exe [2004-4-26 561213]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-9-28 24576]
Windows Desktop Search.lnk - c:\program files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe [N/A]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2004-10-19 118784]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2012-2-11 169472]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-12 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 00:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-01-13 06:17 110592 ----a-w- c:\windows\SYSTEM32\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2009-11-03 02:35 1202448 ----a-w- c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Dell QuickSet"=c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\GR Anand\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\GR Anand\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\data\\applications\\Messenger\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\hasplms.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [7/22/2009 11:00 PM 130936]
R1 ehdrv;ehdrv;c:\windows\SYSTEM32\DRIVERS\ehdrv.sys [5/14/2009 3:47 PM 107256]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 12:01 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 12:01 PM 72944]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [5/14/2009 3:47 PM 731840]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/11/2011 7:31 PM 652360]
R3 MBAMProtector;MBAMProtector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [5/11/2011 7:31 PM 20464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 {E2B953A7-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-B;c:\windows\SYSTEM32\DRIVERS\wA301b.sys [1/1/1980 4:00 AM 33847]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [6/2/2011 10:08 AM 11336]
S3 DellBIOS;DellBIOS;c:\windows\DellBIOS.Sys [1/21/2012 2:38 PM 5120]
S3 GoogleDesktopManager-060409-093314;Google Desktop Manager 5.9.906.4286;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/29/2009 9:44 PM 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/28/2009 10:23 PM 133104]
S3 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys [5/11/2011 7:31 PM 40776]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\Dell Support Center\pcdsrvc.pkms [12/14/2011 2:36 PM 21744]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 12:01 PM 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/22/2009 10:59 PM 348752]
S3 SNCT511;PC Camera (6005 CIF);c:\windows\SYSTEM32\DRIVERS\snct511.sys [1/1/2005 4:21 PM 219136]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [3/19/2004 9:43 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 DiskSuiteService;PC Tools Disk Suite;c:\program files\PC Tools Disk Suite\DSService.exe [6/26/2009 8:16 PM 394560]
S4 gupdate1ca0f652340fd90;Google Update Service (gupdate1ca0f652340fd90);c:\program files\Google\Update\GoogleUpdate.exe [7/28/2009 10:23 PM 133104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2009-10-12 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 01:31]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-28 09:23]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-28 09:23]
.
2012-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-225981888-670243166-1388584890-1005Core.job
- c:\documents and settings\GR Anand\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-17 07:37]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-225981888-670243166-1388584890-1005UA.job
- c:\documents and settings\GR Anand\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-17 07:37]
.
2012-02-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-225981888-670243166-1388584890-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 09:09]
.
2012-02-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-225981888-670243166-1388584890-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 09:09]
.
2012-02-11 c:\windows\Tasks\User_Feed_Synchronization-{08E708A2-C53B-475C-86F1-1E4C3451415D}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 16:31]
.
2009-10-12 c:\windows\Tasks\vlc.job
- c:\program files\VideoLAN\VLC\vlc.exe [2005-06-25 15:07]
.
2009-10-12 c:\windows\Tasks\wmplayer.job
- c:\program files\Windows Media Player\wmplayer.exe [2003-04-11 16:16]
.
.
------- Supplementary Scan -------
.
uStart Page = mail.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*Yahoo! SearchBar Home Page
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*Yahoo!
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\Dell\Bluetooth Software\btsendto_ie_ctx.htm
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: funpeeps.com\www
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
FF - ProfilePath - c:\documents and settings\GR Anand\Application Data\Mozilla\Firefox\Profiles\0hp50axf.default\
FF - prefs.js: browser.search.selectedEngine - delicious
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 750
.
.
**************************************************************************
.
disk not found C:\
.
please note that you need administrator rights to perform deep scan
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1168)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\System32\LgNotify.dll
c:\windows\system32\netprovcredman.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(1944)
c:\windows\system32\WININET.dll
c:\docume~1\GRANAN~1\LOCALS~1\TempIadHide3.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ZCfgSvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\msdtc.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Logitech\ImageStudio\LowLight.exe
c:\program files\Logitech\Video\FxSvr2.exe
.
**************************************************************************
.
Completion time: 2012-02-11 14:28:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-11 01:28
ComboFix2.txt 2012-02-09 06:18
.
Pre-Run: 20,958,330,880 bytes free
Post-Run: 20,955,729,920 bytes free
.
- - End Of File - - 605D1F149A596752BC3D4AFCE40024D8


Problems trying to resolve
1. When I tried to Open control Panel, I get the following error which I have to say Ok or nothing works
" IPC error: no connection. (SM_RC_ENOCONN)(11)" This dialog box appears twice before control panel displays the list. Please can some one help me resolve it.

2. When I shut down, I am forced to end a strange application it says "End Program - Sample". The shut down procedure does not force this "Whatever weird thing" to close. I see from task manager that there are no Applications running.

Thanks a ton.
--Anand
protocoder is offline  
Old 02-10-2012, 07:39 PM   #9
Registered Member
 
Join Date: Jun 2011
Posts: 74
OS: xp



Hi Iain,

Just forgot to mention: In both the times, combofix was executed till now, It prompted a message that rootkit activity is detected and forced me to reboot the computer. Do you think it is advisable that backlight tool will help here to remove rootkit related bad stuff.

Regards and Thanks
--Anand
protocoder is offline  
Old 02-11-2012, 08:52 AM   #10
Security Manager
Analyst
Rangemaster, TSF Academy
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 39,536
OS: Windows 10 Pro

My System


Hi again Anand

No need for Blacklight at this stage Ė please do not run any tools or scanners unless I specifically ask you to do so. We need to clear any malware before addressing the Control Panel issues.


Please download TDSSKiller.zip and extract TDSSKiller.exe to your desktop.

Execute TDSSKiller.exe by doubleclicking on it. Press Start Scan.


  • If Malicious objects are found, ensure Cure is selected (it should be by default)



  • Click Continue then click Reboot now



  • Once complete, a log will be produced at the root drive which is typically C:\

    For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt.

Please attach that log.




Start Malwarebytes' Anti-Malware.

Choose the 'Update' tab and click Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
You can also access the log by doing the following:

-> Click on the Malwarebytes' Anti-Malware icon to launch the program.
-> Click on the Logs tab.
-> Click on the log at the bottom of those listed to highlight it.
-> Click Open.

Copy & Paste the entire report in your next reply.
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.

PC Safety & Security::PC running a bit slow?::Photographers Corner

Glaswegian is offline  
Old 02-11-2012, 05:20 PM   #11
Registered Member
 
Join Date: Jun 2011
Posts: 74
OS: xp



Hi Iain,

Thank you very much. As advised, here is the log from TDSSkiller. I wait for your further advice. The scan is completed with zero objects affected.
-------------------------------- Log start---------------------------------------
13:08:12.0256 3356 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
13:08:13.0678 3356 ============================================================
13:08:13.0678 3356 Current date / time: 2012/02/12 13:08:13.0678
13:08:13.0678 3356 SystemInfo:
13:08:13.0678 3356
13:08:13.0678 3356 OS Version: 5.1.2600 ServicePack: 3.0
13:08:13.0678 3356 Product type: Workstation
13:08:13.0678 3356 ComputerName: ANAND
13:08:13.0678 3356 UserName: GR Anand
13:08:13.0678 3356 Windows directory: C:\WINDOWS
13:08:13.0678 3356 System windows directory: C:\WINDOWS
13:08:13.0678 3356 Processor architecture: Intel x86
13:08:13.0688 3356 Number of processors: 1
13:08:13.0688 3356 Page size: 0x1000
13:08:13.0688 3356 Boot type: Normal boot
13:08:13.0688 3356 ============================================================
13:08:25.0085 3356 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:08:25.0125 3356 \Device\Harddisk0\DR0:
13:08:25.0125 3356 MBR used
13:08:25.0125 3356 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x6FB03FA
13:08:25.0125 3356 Initialize success
13:08:25.0125 3356 ============================================================
13:09:28.0155 2964 ============================================================
13:09:28.0155 2964 Scan started
13:09:28.0155 2964 Mode: Manual; SigCheck; TDLFS;
13:09:28.0155 2964 ============================================================
13:09:28.0215 2964 Abiosdsk - ok
13:09:28.0235 2964 abp480n5 - ok
13:09:28.0245 2964 ACPI - ok
13:09:28.0265 2964 ACPIEC - ok
13:09:28.0285 2964 adpu160m - ok
13:09:28.0295 2964 aec - ok
13:09:28.0315 2964 AFD - ok
13:09:28.0325 2964 agp440 - ok
13:09:28.0336 2964 agpCPQ - ok
13:09:28.0356 2964 Aha154x - ok
13:09:28.0376 2964 aic78u2 - ok
13:09:28.0396 2964 aic78xx - ok
13:09:28.0406 2964 aksfridge - ok
13:09:28.0426 2964 AliIde - ok
13:09:28.0446 2964 alim1541 - ok
13:09:28.0456 2964 amdagp - ok
13:09:28.0476 2964 amsint - ok
13:09:28.0496 2964 ApfiltrService - ok
13:09:28.0536 2964 APPDRV - ok
13:09:28.0556 2964 Arp1394 - ok
13:09:28.0576 2964 asc - ok
13:09:28.0586 2964 asc3350p - ok
13:09:28.0606 2964 asc3550 - ok
13:09:28.0666 2964 AsyncMac - ok
13:09:28.0676 2964 atapi - ok
13:09:28.0696 2964 Atdisk - ok
13:09:28.0706 2964 Atmarpc - ok
13:09:28.0726 2964 audstub - ok
13:09:28.0766 2964 Beep - ok
13:09:28.0796 2964 BthEnum - ok
13:09:28.0816 2964 BTHMODEM - ok
13:09:28.0836 2964 BthPan - ok
13:09:28.0846 2964 BTHPORT - ok
13:09:28.0876 2964 BTHUSB - ok
13:09:28.0896 2964 BTKRNL - ok
13:09:28.0926 2964 BTWUSB - ok
13:09:28.0946 2964 bvrp_pci - ok
13:09:28.0956 2964 catchme - ok
13:09:28.0976 2964 cbidf - ok
13:09:28.0986 2964 cbidf2k - ok
13:09:29.0006 2964 CCDECODE - ok
13:09:29.0016 2964 cd20xrnt - ok
13:09:29.0037 2964 Cdaudio - ok
13:09:29.0057 2964 Cdfs - ok
13:09:29.0077 2964 Cdr4_xp - ok
13:09:29.0087 2964 Cdralw2k - ok
13:09:29.0107 2964 Cdrom - ok
13:09:29.0117 2964 cdudf_xp - ok
13:09:29.0137 2964 Changer - ok
13:09:29.0197 2964 CmBatt - ok
13:09:29.0217 2964 CmdIde - ok
13:09:29.0237 2964 Compbatt - ok
13:09:29.0277 2964 Cpqarray - ok
13:09:29.0287 2964 cpudrv - ok
13:09:29.0317 2964 dac2w2k - ok
13:09:29.0327 2964 dac960nt - ok
13:09:29.0357 2964 DellBIOS - ok
13:09:29.0377 2964 Disk - ok
13:09:29.0407 2964 dmboot - ok
13:09:29.0427 2964 dmio - ok
13:09:29.0457 2964 dmload - ok
13:09:29.0477 2964 DMusic - ok
13:09:29.0507 2964 dpti2o - ok
13:09:29.0527 2964 drmkaud - ok
13:09:29.0547 2964 dvd_2K - ok
13:09:29.0557 2964 E100B - ok
13:09:29.0577 2964 eamon - ok
13:09:29.0597 2964 ehdrv - ok
13:09:29.0627 2964 epfw - ok
13:09:29.0647 2964 Epfwndis - ok
13:09:29.0667 2964 epfwtdi - ok
13:09:29.0717 2964 Fastfat - ok
13:09:29.0758 2964 Fdc - ok
13:09:29.0768 2964 Fips - ok
13:09:29.0788 2964 Flpydisk - ok
13:09:29.0808 2964 FltMgr - ok
13:09:29.0828 2964 fssfltr - ok
13:09:29.0848 2964 Fs_Rec - ok
13:09:29.0868 2964 Ftdisk - ok
13:09:29.0898 2964 Gpc - ok
13:09:29.0958 2964 gv3 - ok
13:09:29.0978 2964 hardlock - ok
13:09:30.0018 2964 HidUsb - ok
13:09:30.0048 2964 hpn - ok
13:09:30.0058 2964 HSFHWICH - ok
13:09:30.0078 2964 HSF_DP - ok
13:09:30.0088 2964 HSF_DPV - ok
13:09:30.0108 2964 HTTP - ok
13:09:30.0138 2964 i2omgmt - ok
13:09:30.0148 2964 i2omp - ok
13:09:30.0168 2964 i8042prt - ok
13:09:30.0188 2964 ialm - ok
13:09:30.0198 2964 Icam4USB - ok
13:09:30.0248 2964 Imapi - ok
13:09:30.0278 2964 ini910u - ok
13:09:30.0308 2964 IntelIde - ok
13:09:30.0328 2964 intelppm - ok
13:09:30.0348 2964 ip6fw - ok
13:09:30.0358 2964 IpFilterDriver - ok
13:09:30.0378 2964 IpInIp - ok
13:09:30.0398 2964 IpNat - ok
13:09:30.0408 2964 IPSec - ok
13:09:30.0429 2964 irda - ok
13:09:30.0449 2964 IRENUM - ok
13:09:30.0469 2964 isapnp - ok
13:09:30.0489 2964 Kbdclass - ok
13:09:30.0509 2964 kbdhid - ok
13:09:30.0529 2964 kmixer - ok
13:09:30.0539 2964 KSecDD - ok
13:09:30.0569 2964 lbrtfdc - ok
13:09:30.0609 2964 LVUSBSta - ok
13:09:30.0629 2964 MASPINT - ok
13:09:30.0649 2964 MBAMProtector - ok
13:09:30.0669 2964 MBAMSwissArmy - ok
13:09:30.0689 2964 MDC8021X - ok
13:09:30.0709 2964 mdmxsdk - ok
13:09:30.0729 2964 mmc_2K - ok
13:09:30.0749 2964 mnmdd - ok
13:09:30.0769 2964 Modem - ok
13:09:30.0789 2964 Mouclass - ok
13:09:30.0809 2964 mouhid - ok
13:09:30.0829 2964 MountMgr - ok
13:09:30.0839 2964 mraid35x - ok
13:09:30.0859 2964 MREMPR5 - ok
13:09:30.0869 2964 MRENDIS5 - ok
13:09:30.0889 2964 MRxDAV - ok
13:09:30.0909 2964 MRxSmb - ok
13:09:30.0949 2964 Msfs - ok
13:09:30.0959 2964 MSIRCOMM - ok
13:09:30.0979 2964 MSKSSRV - ok
13:09:30.0989 2964 MSPCLOCK - ok
13:09:31.0009 2964 MSPQM - ok
13:09:31.0029 2964 mssmbios - ok
13:09:31.0039 2964 MSTEE - ok
13:09:31.0059 2964 Mup - ok
13:09:31.0069 2964 n558 - ok
13:09:31.0079 2964 NABTSFEC - ok
13:09:31.0099 2964 NDIS - ok
13:09:31.0120 2964 NdisIP - ok
13:09:31.0130 2964 NdisTapi - ok
13:09:31.0150 2964 Ndisuio - ok
13:09:31.0160 2964 NdisWan - ok
13:09:31.0180 2964 NDProxy - ok
13:09:31.0200 2964 NetBIOS - ok
13:09:31.0210 2964 NetBT - ok
13:09:31.0280 2964 NIC1394 - ok
13:09:31.0320 2964 Npfs - ok
13:09:31.0330 2964 Ntfs - ok
13:09:31.0360 2964 Null - ok
13:09:31.0380 2964 NwlnkFlt - ok
13:09:31.0400 2964 NwlnkFwd - ok
13:09:31.0430 2964 ohci1394 - ok
13:09:31.0440 2964 omci - ok
13:09:31.0480 2964 Parport - ok
13:09:31.0490 2964 PartMgr - ok
13:09:31.0500 2964 ParVdm - ok
13:09:31.0520 2964 PCDSRVC{E9D79540-57D5953E-06020101}_0 - ok
13:09:31.0540 2964 PCI - ok
13:09:31.0550 2964 PCIDump - ok
13:09:31.0570 2964 PCIIde - ok
13:09:31.0590 2964 Pcmcia - ok
13:09:31.0600 2964 PCTCore - ok
13:09:31.0620 2964 PDCOMP - ok
13:09:31.0640 2964 PDFRAME - ok
13:09:31.0650 2964 PDRELI - ok
13:09:31.0670 2964 PDRFRAME - ok
13:09:31.0700 2964 perc2 - ok
13:09:31.0720 2964 perc2hib - ok
13:09:31.0760 2964 pfc - ok
13:09:31.0800 2964 PptpMiniport - ok
13:09:31.0821 2964 Processor - ok
13:09:31.0841 2964 PSched - ok
13:09:31.0861 2964 Ptilink - ok
13:09:31.0871 2964 pwd_2k - ok
13:09:31.0891 2964 PxHelp20 - ok
13:09:31.0911 2964 QCMerced - ok
13:09:31.0921 2964 ql1080 - ok
13:09:31.0941 2964 Ql10wnt - ok
13:09:31.0961 2964 ql12160 - ok
13:09:31.0971 2964 ql1240 - ok
13:09:31.0991 2964 ql1280 - ok
13:09:32.0001 2964 RasAcd - ok
13:09:32.0031 2964 Rasirda - ok
13:09:32.0051 2964 Rasl2tp - ok
13:09:32.0071 2964 RasPppoe - ok
13:09:32.0091 2964 Raspti - ok
13:09:32.0111 2964 Rdbss - ok
13:09:32.0131 2964 RDPCDD - ok
13:09:32.0151 2964 rdpdr - ok
13:09:32.0171 2964 RDPWD - ok
13:09:32.0201 2964 redbook - ok
13:09:32.0251 2964 RFCOMM - ok
13:09:32.0301 2964 s24trans - ok
13:09:32.0321 2964 SASDIFSV - ok
13:09:32.0341 2964 SASENUM - ok
13:09:32.0361 2964 SASKUTIL - ok
13:09:32.0441 2964 Secdrv - ok
13:09:32.0471 2964 Sentinel - ok
13:09:32.0491 2964 serenum - ok
13:09:32.0512 2964 Serial - ok
13:09:32.0572 2964 Sfloppy - ok
13:09:32.0602 2964 Simbad - ok
13:09:32.0622 2964 sisagp - ok
13:09:32.0632 2964 SLIP - ok
13:09:32.0652 2964 SMCIRDA - ok
13:09:32.0682 2964 SNCT511 - ok
13:09:32.0692 2964 SNP2STD - ok
13:09:32.0712 2964 SONYPVU1 - ok
13:09:32.0722 2964 Sparrow - ok
13:09:32.0742 2964 splitter - ok
13:09:32.0762 2964 sr - ok
13:09:32.0782 2964 Srv - ok
13:09:32.0812 2964 STAC97 - ok
13:09:32.0832 2964 streamip - ok
13:09:32.0852 2964 swenum - ok
13:09:32.0862 2964 swmidi - ok
13:09:32.0902 2964 symc810 - ok
13:09:32.0912 2964 symc8xx - ok
13:09:32.0922 2964 sym_hi - ok
13:09:32.0942 2964 sym_u3 - ok
13:09:32.0962 2964 sysaudio - ok
13:09:32.0992 2964 Tcpip - ok
13:09:33.0012 2964 TDPIPE - ok
13:09:33.0022 2964 TDTCP - ok
13:09:33.0042 2964 TermDD - ok
13:09:33.0082 2964 tmcomm - ok
13:09:33.0092 2964 TosIde - ok
13:09:33.0142 2964 UdfReadr_xp - ok
13:09:33.0152 2964 Udfs - ok
13:09:33.0172 2964 UIUSys - ok
13:09:33.0192 2964 ultra - ok
13:09:33.0213 2964 Update - ok
13:09:33.0243 2964 usbaudio - ok
13:09:33.0263 2964 usbccgp - ok
13:09:33.0283 2964 usbehci - ok
13:09:33.0293 2964 usbhub - ok
13:09:33.0313 2964 usbprint - ok
13:09:33.0323 2964 usbscan - ok
13:09:33.0343 2964 USBSTOR - ok
13:09:33.0363 2964 usbuhci - ok
13:09:33.0383 2964 VgaSave - ok
13:09:33.0403 2964 viaagp - ok
13:09:33.0413 2964 ViaIde - ok
13:09:33.0433 2964 VolSnap - ok
13:09:33.0473 2964 w22n51 - ok
13:09:33.0493 2964 w29n51 - ok
13:09:33.0523 2964 Wanarp - ok
13:09:33.0533 2964 WDICA - ok
13:09:33.0553 2964 wdmaud - ok
13:09:33.0573 2964 winachsf - ok
13:09:33.0613 2964 WinDriver6 - ok
13:09:33.0743 2964 WpdUsb - ok
13:09:33.0763 2964 WS2IFSL - ok
13:09:33.0793 2964 WSTCODEC - ok
13:09:33.0823 2964 WudfPf - ok
13:09:33.0833 2964 WUDFRd - ok
13:09:33.0893 2964 zebrbus - ok
13:09:33.0904 2964 zebrceb - ok
13:09:33.0924 2964 zebrmdfl - ok
13:09:33.0954 2964 zebrmdm - ok
13:09:33.0974 2964 zebrmdmc - ok
13:09:34.0004 2964 zebrsce - ok
13:09:34.0094 2964 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
13:09:34.0144 2964 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
13:09:34.0174 2964 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55} - ok
13:09:34.0194 2964 {E2B953A7-195A-44F9-9BA3-3D5F4E32BB55} - ok
13:09:34.0254 2964 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:09:35.0125 2964 \Device\Harddisk0\DR0 - ok
13:09:35.0175 2964 Boot (0x1200) (098a8fa4a8ca5cd11d5f37f13c3b0b10) \Device\Harddisk0\DR0\Partition0
13:09:35.0235 2964 \Device\Harddisk0\DR0\Partition0 - ok
13:09:35.0235 2964 ============================================================
13:09:35.0235 2964 Scan finished
13:09:35.0235 2964 ============================================================
13:09:35.0296 0168 Detected object count: 0
13:09:35.0296 0168 Actual detected object count: 0
13:10:46.0388 3312 ============================================================
13:10:46.0388 3312 Scan started
13:10:46.0388 3312 Mode: Manual; SigCheck; TDLFS;
13:10:46.0388 3312 ============================================================
13:10:46.0448 3312 Abiosdsk - ok
13:10:46.0468 3312 abp480n5 - ok
13:10:46.0488 3312 ACPI - ok
13:10:46.0498 3312 ACPIEC - ok
13:10:46.0518 3312 adpu160m - ok
13:10:46.0528 3312 aec - ok
13:10:46.0548 3312 AFD - ok
13:10:46.0568 3312 agp440 - ok
13:10:46.0578 3312 agpCPQ - ok
13:10:46.0598 3312 Aha154x - ok
13:10:46.0608 3312 aic78u2 - ok
13:10:46.0628 3312 aic78xx - ok
13:10:46.0648 3312 aksfridge - ok
13:10:46.0678 3312 AliIde - ok
13:10:46.0698 3312 alim1541 - ok
13:10:46.0718 3312 amdagp - ok
13:10:46.0738 3312 amsint - ok
13:10:46.0748 3312 ApfiltrService - ok
13:10:46.0768 3312 APPDRV - ok
13:10:46.0788 3312 Arp1394 - ok
13:10:46.0798 3312 asc - ok
13:10:46.0828 3312 asc3350p - ok
13:10:46.0838 3312 asc3550 - ok
13:10:46.0908 3312 AsyncMac - ok
13:10:46.0919 3312 atapi - ok
13:10:46.0939 3312 Atdisk - ok
13:10:46.0949 3312 Atmarpc - ok
13:10:46.0979 3312 audstub - ok
13:10:47.0009 3312 Beep - ok
13:10:47.0039 3312 BthEnum - ok
13:10:47.0059 3312 BTHMODEM - ok
13:10:47.0069 3312 BthPan - ok
13:10:47.0079 3312 BTHPORT - ok
13:10:47.0109 3312 BTHUSB - ok
13:10:47.0129 3312 BTKRNL - ok
13:10:47.0159 3312 BTWUSB - ok
13:10:47.0179 3312 bvrp_pci - ok
13:10:47.0189 3312 catchme - ok
13:10:47.0209 3312 cbidf - ok
13:10:47.0219 3312 cbidf2k - ok
13:10:47.0239 3312 CCDECODE - ok
13:10:47.0259 3312 cd20xrnt - ok
13:10:47.0279 3312 Cdaudio - ok
13:10:47.0299 3312 Cdfs - ok
13:10:47.0319 3312 Cdr4_xp - ok
13:10:47.0329 3312 Cdralw2k - ok
13:10:47.0349 3312 Cdrom - ok
13:10:47.0359 3312 cdudf_xp - ok
13:10:47.0379 3312 Changer - ok
13:10:47.0429 3312 CmBatt - ok
13:10:47.0439 3312 CmdIde - ok
13:10:47.0459 3312 Compbatt - ok
13:10:47.0499 3312 Cpqarray - ok
13:10:47.0509 3312 cpudrv - ok
13:10:47.0529 3312 dac2w2k - ok
13:10:47.0549 3312 dac960nt - ok
13:10:47.0579 3312 DellBIOS - ok
13:10:47.0599 3312 Disk - ok
13:10:47.0630 3312 dmboot - ok
13:10:47.0650 3312 dmio - ok
13:10:47.0660 3312 dmload - ok
13:10:47.0680 3312 DMusic - ok
13:10:47.0710 3312 dpti2o - ok
13:10:47.0730 3312 drmkaud - ok
13:10:47.0740 3312 dvd_2K - ok
13:10:47.0760 3312 E100B - ok
13:10:47.0770 3312 eamon - ok
13:10:47.0790 3312 ehdrv - ok
13:10:47.0820 3312 epfw - ok
13:10:47.0840 3312 Epfwndis - ok
13:10:47.0860 3312 epfwtdi - ok
13:10:47.0910 3312 Fastfat - ok
13:10:47.0930 3312 Fdc - ok
13:10:47.0950 3312 Fips - ok
13:10:47.0960 3312 Flpydisk - ok
13:10:47.0980 3312 FltMgr - ok
13:10:48.0000 3312 fssfltr - ok
13:10:48.0030 3312 Fs_Rec - ok
13:10:48.0040 3312 Ftdisk - ok
13:10:48.0070 3312 Gpc - ok
13:10:48.0100 3312 gv3 - ok
13:10:48.0120 3312 hardlock - ok
13:10:48.0160 3312 HidUsb - ok
13:10:48.0180 3312 hpn - ok
13:10:48.0190 3312 HSFHWICH - ok
13:10:48.0210 3312 HSF_DP - ok
13:10:48.0230 3312 HSF_DPV - ok
13:10:48.0240 3312 HTTP - ok
13:10:48.0270 3312 i2omgmt - ok
13:10:48.0290 3312 i2omp - ok
13:10:48.0300 3312 i8042prt - ok
13:10:48.0321 3312 ialm - ok
13:10:48.0331 3312 Icam4USB - ok
13:10:48.0381 3312 Imapi - ok
13:10:48.0411 3312 ini910u - ok
13:10:48.0441 3312 IntelIde - ok
13:10:48.0461 3312 intelppm - ok
13:10:48.0471 3312 ip6fw - ok
13:10:48.0491 3312 IpFilterDriver - ok
13:10:48.0511 3312 IpInIp - ok
13:10:48.0521 3312 IpNat - ok
13:10:48.0541 3312 IPSec - ok
13:10:48.0561 3312 irda - ok
13:10:48.0581 3312 IRENUM - ok
13:10:48.0601 3312 isapnp - ok
13:10:48.0631 3312 Kbdclass - ok
13:10:48.0641 3312 kbdhid - ok
13:10:48.0661 3312 kmixer - ok
13:10:48.0671 3312 KSecDD - ok
13:10:48.0701 3312 lbrtfdc - ok
13:10:48.0741 3312 LVUSBSta - ok
13:10:48.0761 3312 MASPINT - ok
13:10:48.0781 3312 MBAMProtector - ok
13:10:48.0801 3312 MBAMSwissArmy - ok
13:10:48.0821 3312 MDC8021X - ok
13:10:48.0841 3312 mdmxsdk - ok
13:10:48.0871 3312 mmc_2K - ok
13:10:48.0891 3312 mnmdd - ok
13:10:48.0901 3312 Modem - ok
13:10:48.0911 3312 Mouclass - ok
13:10:48.0921 3312 mouhid - ok
13:10:48.0941 3312 MountMgr - ok
13:10:48.0951 3312 mraid35x - ok
13:10:48.0971 3312 MREMPR5 - ok
13:10:48.0981 3312 MRENDIS5 - ok
13:10:49.0001 3312 MRxDAV - ok
13:10:49.0012 3312 MRxSmb - ok
13:10:49.0052 3312 Msfs - ok
13:10:49.0072 3312 MSIRCOMM - ok
13:10:49.0092 3312 MSKSSRV - ok
13:10:49.0112 3312 MSPCLOCK - ok
13:10:49.0122 3312 MSPQM - ok
13:10:49.0142 3312 mssmbios - ok
13:10:49.0152 3312 MSTEE - ok
13:10:49.0172 3312 Mup - ok
13:10:49.0192 3312 n558 - ok
13:10:49.0202 3312 NABTSFEC - ok
13:10:49.0222 3312 NDIS - ok
13:10:49.0232 3312 NdisIP - ok
13:10:49.0252 3312 NdisTapi - ok
13:10:49.0262 3312 Ndisuio - ok
13:10:49.0282 3312 NdisWan - ok
13:10:49.0302 3312 NDProxy - ok
13:10:49.0312 3312 NetBIOS - ok
13:10:49.0332 3312 NetBT - ok
13:10:49.0402 3312 NIC1394 - ok
13:10:49.0492 3312 Npfs - ok
13:10:49.0532 3312 Ntfs - ok
13:10:49.0612 3312 Null - ok
13:10:49.0662 3312 NwlnkFlt - ok
13:10:49.0713 3312 NwlnkFwd - ok
13:10:49.0763 3312 ohci1394 - ok
13:10:49.0823 3312 omci - ok
13:10:49.0893 3312 Parport - ok
13:10:49.0933 3312 PartMgr - ok
13:10:49.0963 3312 ParVdm - ok
13:10:50.0033 3312 PCDSRVC{E9D79540-57D5953E-06020101}_0 - ok
13:10:50.0083 3312 PCI - ok
13:10:50.0113 3312 PCIDump - ok
13:10:50.0163 3312 PCIIde - ok
13:10:50.0213 3312 Pcmcia - ok
13:10:50.0243 3312 PCTCore - ok
13:10:50.0303 3312 PDCOMP - ok
13:10:50.0333 3312 PDFRAME - ok
13:10:50.0383 3312 PDRELI - ok
13:10:50.0434 3312 PDRFRAME - ok
13:10:50.0464 3312 perc2 - ok
13:10:50.0484 3312 perc2hib - ok
13:10:50.0534 3312 pfc - ok
13:10:50.0564 3312 PptpMiniport - ok
13:10:50.0574 3312 Processor - ok
13:10:50.0594 3312 PSched - ok
13:10:50.0614 3312 Ptilink - ok
13:10:50.0634 3312 pwd_2k - ok
13:10:50.0644 3312 PxHelp20 - ok
13:10:50.0664 3312 QCMerced - ok
13:10:50.0674 3312 ql1080 - ok
13:10:50.0694 3312 Ql10wnt - ok
13:10:50.0714 3312 ql12160 - ok
13:10:50.0734 3312 ql1240 - ok
13:10:50.0744 3312 ql1280 - ok
13:10:50.0754 3312 RasAcd - ok
13:10:50.0784 3312 Rasirda - ok
13:10:50.0794 3312 Rasl2tp - ok
13:10:50.0824 3312 RasPppoe - ok
13:10:50.0834 3312 Raspti - ok
13:10:50.0854 3312 Rdbss - ok
13:10:50.0874 3312 RDPCDD - ok
13:10:50.0894 3312 rdpdr - ok
13:10:50.0924 3312 RDPWD - ok
13:10:50.0944 3312 redbook - ok
13:10:50.0994 3312 RFCOMM - ok
13:10:51.0095 3312 s24trans - ok
13:10:51.0115 3312 SASDIFSV - ok
13:10:51.0145 3312 SASENUM - ok
13:10:51.0165 3312 SASKUTIL - ok
13:10:51.0255 3312 Secdrv - ok
13:10:51.0305 3312 Sentinel - ok
13:10:51.0325 3312 serenum - ok
13:10:51.0345 3312 Serial - ok
13:10:51.0425 3312 Sfloppy - ok
13:10:51.0465 3312 Simbad - ok
13:10:51.0485 3312 sisagp - ok
13:10:51.0515 3312 SLIP - ok
13:10:51.0615 3312 SMCIRDA - ok
13:10:51.0665 3312 SNCT511 - ok
13:10:51.0685 3312 SNP2STD - ok
13:10:51.0705 3312 SONYPVU1 - ok
13:10:51.0725 3312 Sparrow - ok
13:10:51.0745 3312 splitter - ok
13:10:51.0765 3312 sr - ok
13:10:51.0796 3312 Srv - ok
13:10:51.0826 3312 STAC97 - ok
13:10:51.0856 3312 streamip - ok
13:10:51.0876 3312 swenum - ok
13:10:51.0886 3312 swmidi - ok
13:10:51.0916 3312 symc810 - ok
13:10:51.0946 3312 symc8xx - ok
13:10:51.0956 3312 sym_hi - ok
13:10:51.0976 3312 sym_u3 - ok
13:10:51.0996 3312 sysaudio - ok
13:10:52.0036 3312 Tcpip - ok
13:10:52.0046 3312 TDPIPE - ok
13:10:52.0066 3312 TDTCP - ok
13:10:52.0086 3312 TermDD - ok
13:10:52.0126 3312 tmcomm - ok
13:10:52.0146 3312 TosIde - ok
13:10:52.0196 3312 UdfReadr_xp - ok
13:10:52.0206 3312 Udfs - ok
13:10:52.0226 3312 UIUSys - ok
13:10:52.0246 3312 ultra - ok
13:10:52.0256 3312 Update - ok
13:10:52.0286 3312 usbaudio - ok
13:10:52.0306 3312 usbccgp - ok
13:10:52.0326 3312 usbehci - ok
13:10:52.0346 3312 usbhub - ok
13:10:52.0366 3312 usbprint - ok
13:10:52.0376 3312 usbscan - ok
13:10:52.0396 3312 USBSTOR - ok
13:10:52.0406 3312 usbuhci - ok
13:10:52.0436 3312 VgaSave - ok
13:10:52.0456 3312 viaagp - ok
13:10:52.0466 3312 ViaIde - ok
13:10:52.0497 3312 VolSnap - ok
13:10:52.0537 3312 w22n51 - ok
13:10:52.0557 3312 w29n51 - ok
13:10:52.0587 3312 Wanarp - ok
13:10:52.0607 3312 WDICA - ok
13:10:52.0627 3312 wdmaud - ok
13:10:52.0647 3312 winachsf - ok
13:10:52.0687 3312 WinDriver6 - ok
13:10:52.0847 3312 WpdUsb - ok
13:10:52.0877 3312 WS2IFSL - ok
13:10:52.0907 3312 WSTCODEC - ok
13:10:52.0927 3312 WudfPf - ok
13:10:52.0947 3312 WUDFRd - ok
13:10:52.0997 3312 zebrbus - ok
13:10:53.0027 3312 zebrceb - ok
13:10:53.0047 3312 zebrmdfl - ok
13:10:53.0067 3312 zebrmdm - ok
13:10:53.0077 3312 zebrmdmc - ok
13:10:53.0097 3312 zebrsce - ok
13:10:53.0157 3312 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
13:10:53.0198 3312 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
13:10:53.0228 3312 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55} - ok
13:10:53.0248 3312 {E2B953A7-195A-44F9-9BA3-3D5F4E32BB55} - ok
13:10:53.0278 3312 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:10:54.0720 3312 \Device\Harddisk0\DR0 - ok
13:10:54.0770 3312 Boot (0x1200) (098a8fa4a8ca5cd11d5f37f13c3b0b10) \Device\Harddisk0\DR0\Partition0
13:10:54.0770 3312 \Device\Harddisk0\DR0\Partition0 - ok
13:10:54.0780 3312 ============================================================
13:10:54.0780 3312 Scan finished
13:10:54.0780 3312 ============================================================
13:10:54.0830 2188 Detected object count: 0
13:10:54.0830 2188 Actual detected object count: 0
13:12:04.0800 2092 ============================================================
13:12:04.0800 2092 Scan started
13:12:04.0800 2092 Mode: Manual; SigCheck; TDLFS;
13:12:04.0800 2092 ============================================================
13:12:04.0871 2092 Abiosdsk - ok
13:12:04.0881 2092 abp480n5 - ok
13:12:04.0901 2092 ACPI - ok
13:12:04.0911 2092 ACPIEC - ok
13:12:04.0931 2092 adpu160m - ok
13:12:04.0941 2092 aec - ok
13:12:04.0961 2092 AFD - ok
13:12:04.0981 2092 agp440 - ok
13:12:04.0991 2092 agpCPQ - ok
13:12:05.0011 2092 Aha154x - ok
13:12:05.0031 2092 aic78u2 - ok
13:12:05.0041 2092 aic78xx - ok
13:12:05.0061 2092 aksfridge - ok
13:12:05.0091 2092 AliIde - ok
13:12:05.0111 2092 alim1541 - ok
13:12:05.0121 2092 amdagp - ok
13:12:05.0151 2092 amsint - ok
13:12:05.0161 2092 ApfiltrService - ok
13:12:05.0171 2092 APPDRV - ok
13:12:05.0201 2092 Arp1394 - ok
13:12:05.0211 2092 asc - ok
13:12:05.0231 2092 asc3350p - ok
13:12:05.0241 2092 asc3550 - ok
13:12:05.0301 2092 AsyncMac - ok
13:12:05.0311 2092 atapi - ok
13:12:05.0331 2092 Atdisk - ok
13:12:05.0341 2092 Atmarpc - ok
13:12:05.0361 2092 audstub - ok
13:12:05.0391 2092 Beep - ok
13:12:05.0421 2092 BthEnum - ok
13:12:05.0431 2092 BTHMODEM - ok
13:12:05.0451 2092 BthPan - ok
13:12:05.0461 2092 BTHPORT - ok
13:12:05.0481 2092 BTHUSB - ok
13:12:05.0501 2092 BTKRNL - ok
13:12:05.0522 2092 BTWUSB - ok
13:12:05.0532 2092 bvrp_pci - ok
13:12:05.0552 2092 catchme - ok
13:12:05.0562 2092 cbidf - ok
13:12:05.0572 2092 cbidf2k - ok
13:12:05.0592 2092 CCDECODE - ok
13:12:05.0602 2092 cd20xrnt - ok
13:12:05.0622 2092 Cdaudio - ok
13:12:05.0642 2092 Cdfs - ok
13:12:05.0652 2092 Cdr4_xp - ok
13:12:05.0672 2092 Cdralw2k - ok
13:12:05.0692 2092 Cdrom - ok
13:12:05.0702 2092 cdudf_xp - ok
13:12:05.0712 2092 Changer - ok
13:12:05.0762 2092 CmBatt - ok
13:12:05.0772 2092 CmdIde - ok
13:12:05.0792 2092 Compbatt - ok
13:12:05.0822 2092 Cpqarray - ok
13:12:05.0832 2092 cpudrv - ok
13:12:05.0862 2092 dac2w2k - ok
13:12:05.0872 2092 dac960nt - ok
13:12:05.0902 2092 DellBIOS - ok
13:12:05.0922 2092 Disk - ok
13:12:05.0952 2092 dmboot - ok
13:12:05.0962 2092 dmio - ok
13:12:05.0982 2092 dmload - ok
13:12:06.0002 2092 DMusic - ok
13:12:06.0032 2092 dpti2o - ok
13:12:06.0052 2092 drmkaud - ok
13:12:06.0062 2092 dvd_2K - ok
13:12:06.0082 2092 E100B - ok
13:12:06.0082 2092 eamon - ok
13:12:06.0112 2092 ehdrv - ok
13:12:06.0142 2092 epfw - ok
13:12:06.0152 2092 Epfwndis - ok
13:12:06.0172 2092 epfwtdi - ok
13:12:06.0213 2092 Fastfat - ok
13:12:06.0243 2092 Fdc - ok
13:12:06.0263 2092 Fips - ok
13:12:06.0273 2092 Flpydisk - ok
13:12:06.0323 2092 FltMgr - ok
13:12:06.0383 2092 fssfltr - ok
13:12:06.0443 2092 Fs_Rec - ok
13:12:06.0483 2092 Ftdisk - ok
13:12:06.0543 2092 Gpc - ok
13:12:06.0623 2092 gv3 - ok
13:12:06.0643 2092 hardlock - ok
13:12:06.0763 2092 HidUsb - ok
13:12:06.0793 2092 hpn - ok
13:12:06.0833 2092 HSFHWICH - ok
13:12:06.0873 2092 HSF_DP - ok
13:12:06.0893 2092 HSF_DPV - ok
13:12:06.0944 2092 HTTP - ok
13:12:07.0014 2092 i2omgmt - ok
13:12:07.0034 2092 i2omp - ok
13:12:07.0064 2092 i8042prt - ok
13:12:07.0124 2092 ialm - ok
13:12:07.0154 2092 Icam4USB - ok
13:12:07.0234 2092 Imapi - ok
13:12:07.0264 2092 ini910u - ok
13:12:07.0284 2092 IntelIde - ok
13:12:07.0304 2092 intelppm - ok
13:12:07.0324 2092 ip6fw - ok
13:12:07.0334 2092 IpFilterDriver - ok
13:12:07.0344 2092 IpInIp - ok
13:12:07.0364 2092 IpNat - ok
13:12:07.0384 2092 IPSec - ok
13:12:07.0394 2092 irda - ok
13:12:07.0404 2092 IRENUM - ok
13:12:07.0434 2092 isapnp - ok
13:12:07.0464 2092 Kbdclass - ok
13:12:07.0474 2092 kbdhid - ok
13:12:07.0494 2092 kmixer - ok
13:12:07.0504 2092 KSecDD - ok
13:12:07.0534 2092 lbrtfdc - ok
13:12:07.0574 2092 LVUSBSta - ok
13:12:07.0605 2092 MASPINT - ok
13:12:07.0625 2092 MBAMProtector - ok
13:12:07.0645 2092 MBAMSwissArmy - ok
13:12:07.0665 2092 MDC8021X - ok
13:12:07.0685 2092 mdmxsdk - ok
13:12:07.0705 2092 mmc_2K - ok
13:12:07.0725 2092 mnmdd - ok
13:12:07.0745 2092 Modem - ok
13:12:07.0765 2092 Mouclass - ok
13:12:07.0785 2092 mouhid - ok
13:12:07.0795 2092 MountMgr - ok
13:12:07.0815 2092 mraid35x - ok
13:12:07.0825 2092 MREMPR5 - ok
13:12:07.0845 2092 MRENDIS5 - ok
13:12:07.0865 2092 MRxDAV - ok
13:12:07.0885 2092 MRxSmb - ok
13:12:07.0915 2092 Msfs - ok
13:12:07.0935 2092 MSIRCOMM - ok
13:12:07.0955 2092 MSKSSRV - ok
13:12:07.0985 2092 MSPCLOCK - ok
13:12:08.0005 2092 MSPQM - ok
13:12:08.0025 2092 mssmbios - ok
13:12:08.0055 2092 MSTEE - ok
13:12:08.0095 2092 Mup - ok
13:12:08.0115 2092 n558 - ok
13:12:08.0145 2092 NABTSFEC - ok
13:12:08.0175 2092 NDIS - ok
13:12:08.0185 2092 NdisIP - ok
13:12:08.0205 2092 NdisTapi - ok
13:12:08.0225 2092 Ndisuio - ok
13:12:08.0235 2092 NdisWan - ok
13:12:08.0255 2092 NDProxy - ok
13:12:08.0275 2092 NetBIOS - ok
13:12:08.0296 2092 NetBT - ok
13:12:08.0386 2092 NIC1394 - ok
13:12:08.0426 2092 Npfs - ok
13:12:08.0436 2092 Ntfs - ok
13:12:08.0506 2092 Null - ok
13:12:08.0526 2092 NwlnkFlt - ok
13:12:08.0536 2092 NwlnkFwd - ok
13:12:08.0666 2092 ohci1394 - ok
13:12:08.0686 2092 omci - ok
13:12:08.0726 2092 Parport - ok
13:12:08.0736 2092 PartMgr - ok
13:12:08.0756 2092 ParVdm - ok
13:12:08.0776 2092 PCDSRVC{E9D79540-57D5953E-06020101}_0 - ok
13:12:08.0796 2092 PCI - ok
13:12:08.0816 2092 PCIDump - ok
13:12:08.0836 2092 PCIIde - ok
13:12:08.0856 2092 Pcmcia - ok
13:12:08.0876 2092 PCTCore - ok
13:12:08.0886 2092 PDCOMP - ok
13:12:08.0906 2092 PDFRAME - ok
13:12:08.0926 2092 PDRELI - ok
13:12:08.0946 2092 PDRFRAME - ok
13:12:08.0987 2092 perc2 - ok
13:12:09.0007 2092 perc2hib - ok
13:12:09.0067 2092 pfc - ok
13:12:09.0097 2092 PptpMiniport - ok
13:12:09.0127 2092 Processor - ok
13:12:09.0157 2092 PSched - ok
13:12:09.0167 2092 Ptilink - ok
13:12:09.0197 2092 pwd_2k - ok
13:12:09.0217 2092 PxHelp20 - ok
13:12:09.0237 2092 QCMerced - ok
13:12:09.0247 2092 ql1080 - ok
13:12:09.0267 2092 Ql10wnt - ok
13:12:09.0287 2092 ql12160 - ok
13:12:09.0307 2092 ql1240 - ok
13:12:09.0327 2092 ql1280 - ok
13:12:09.0337 2092 RasAcd - ok
13:12:09.0377 2092 Rasirda - ok
13:12:09.0397 2092 Rasl2tp - ok
13:12:09.0427 2092 RasPppoe - ok
13:12:09.0447 2092 Raspti - ok
13:12:09.0457 2092 Rdbss - ok
13:12:09.0487 2092 RDPCDD - ok
13:12:09.0507 2092 rdpdr - ok
13:12:09.0537 2092 RDPWD - ok
13:12:09.0567 2092 redbook - ok
13:12:09.0617 2092 RFCOMM - ok
13:12:09.0678 2092 s24trans - ok
13:12:09.0728 2092 SASDIFSV - ok
13:12:09.0738 2092 SASENUM - ok
13:12:09.0748 2092 SASKUTIL - ok
13:12:09.0858 2092 Secdrv - ok
13:12:09.0918 2092 Sentinel - ok
13:12:09.0928 2092 serenum - ok
13:12:09.0958 2092 Serial - ok
13:12:10.0038 2092 Sfloppy - ok
13:12:10.0088 2092 Simbad - ok
13:12:10.0108 2092 sisagp - ok
13:12:10.0128 2092 SLIP - ok
13:12:10.0148 2092 SMCIRDA - ok
13:12:10.0198 2092 SNCT511 - ok
13:12:10.0208 2092 SNP2STD - ok
13:12:10.0228 2092 SONYPVU1 - ok
13:12:10.0248 2092 Sparrow - ok
13:12:10.0268 2092 splitter - ok
13:12:10.0298 2092 sr - ok
13:12:10.0328 2092 Srv - ok
13:12:10.0358 2092 STAC97 - ok
13:12:10.0389 2092 streamip - ok
13:12:10.0399 2092 swenum - ok
13:12:10.0419 2092 swmidi - ok
13:12:10.0459 2092 symc810 - ok
13:12:10.0479 2092 symc8xx - ok
13:12:10.0499 2092 sym_hi - ok
13:12:10.0509 2092 sym_u3 - ok
13:12:10.0519 2092 sysaudio - ok
13:12:10.0559 2092 Tcpip - ok
13:12:10.0579 2092 TDPIPE - ok
13:12:10.0609 2092 TDTCP - ok
13:12:10.0629 2092 TermDD - ok
13:12:10.0669 2092 tmcomm - ok
13:12:10.0699 2092 TosIde - ok
13:12:10.0739 2092 UdfReadr_xp - ok
13:12:10.0759 2092 Udfs - ok
13:12:10.0779 2092 UIUSys - ok
13:12:10.0789 2092 ultra - ok
13:12:10.0819 2092 Update - ok
13:12:10.0849 2092 usbaudio - ok
13:12:10.0869 2092 usbccgp - ok
13:12:10.0899 2092 usbehci - ok
13:12:10.0909 2092 usbhub - ok
13:12:10.0929 2092 usbprint - ok
13:12:10.0949 2092 usbscan - ok
13:12:10.0959 2092 USBSTOR - ok
13:12:10.0979 2092 usbuhci - ok
13:12:11.0009 2092 VgaSave - ok
13:12:11.0029 2092 viaagp - ok
13:12:11.0039 2092 ViaIde - ok
13:12:11.0059 2092 VolSnap - ok
13:12:11.0100 2092 w22n51 - ok
13:12:11.0120 2092 w29n51 - ok
13:12:11.0150 2092 Wanarp - ok
13:12:11.0170 2092 WDICA - ok
13:12:11.0190 2092 wdmaud - ok
13:12:11.0220 2092 winachsf - ok
13:12:11.0260 2092 WinDriver6 - ok
13:12:11.0400 2092 WpdUsb - ok
13:12:11.0420 2092 WS2IFSL - ok
13:12:11.0450 2092 WSTCODEC - ok
13:12:11.0480 2092 WudfPf - ok
13:12:11.0500 2092 WUDFRd - ok
13:12:11.0550 2092 zebrbus - ok
13:12:11.0570 2092 zebrceb - ok
13:12:11.0590 2092 zebrmdfl - ok
13:12:11.0610 2092 zebrmdm - ok
13:12:11.0630 2092 zebrmdmc - ok
13:12:11.0650 2092 zebrsce - ok
13:12:11.0710 2092 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
13:12:11.0750 2092 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
13:12:11.0771 2092 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55} - ok
13:12:11.0801 2092 {E2B953A7-195A-44F9-9BA3-3D5F4E32BB55} - ok
13:12:11.0841 2092 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:12:13.0102 2092 \Device\Harddisk0\DR0 - ok
13:12:13.0132 2092 Boot (0x1200) (098a8fa4a8ca5cd11d5f37f13c3b0b10) \Device\Harddisk0\DR0\Partition0
13:12:13.0132 2092 \Device\Harddisk0\DR0\Partition0 - ok
13:12:13.0132 2092 ============================================================
13:12:13.0132 2092 Scan finished
13:12:13.0152 2092 ============================================================
13:12:13.0223 3472 Detected object count: 0
13:12:13.0223 3472 Actual detected object count: 0
13:12:25.0660 0952 ============================================================
13:12:25.0660 0952 Scan started
13:12:25.0660 0952 Mode: Manual;
13:12:25.0660 0952 ============================================================
13:12:25.0721 0952 Abiosdsk - ok
13:12:25.0731 0952 abp480n5 - ok
13:12:25.0751 0952 ACPI - ok
13:12:25.0761 0952 ACPIEC - ok
13:12:25.0781 0952 adpu160m - ok
13:12:25.0801 0952 aec - ok
13:12:25.0821 0952 AFD - ok
13:12:25.0831 0952 agp440 - ok
13:12:25.0851 0952 agpCPQ - ok
13:12:25.0871 0952 Aha154x - ok
13:12:25.0891 0952 aic78u2 - ok
13:12:25.0901 0952 aic78xx - ok
13:12:25.0921 0952 aksfridge - ok
13:12:25.0951 0952 AliIde - ok
13:12:25.0971 0952 alim1541 - ok
13:12:25.0981 0952 amdagp - ok
13:12:26.0011 0952 amsint - ok
13:12:26.0021 0952 ApfiltrService - ok
13:12:26.0041 0952 APPDRV - ok
13:12:26.0061 0952 Arp1394 - ok
13:12:26.0081 0952 asc - ok
13:12:26.0091 0952 asc3350p - ok
13:12:26.0111 0952 asc3550 - ok
13:12:26.0171 0952 AsyncMac - ok
13:12:26.0191 0952 atapi - ok
13:12:26.0201 0952 Atdisk - ok
13:12:26.0221 0952 Atmarpc - ok
13:12:26.0241 0952 audstub - ok
13:12:26.0271 0952 Beep - ok
13:12:26.0311 0952 BthEnum - ok
13:12:26.0321 0952 BTHMODEM - ok
13:12:26.0331 0952 BthPan - ok
13:12:26.0351 0952 BTHPORT - ok
13:12:26.0372 0952 BTHUSB - ok
13:12:26.0392 0952 BTKRNL - ok
13:12:26.0422 0952 BTWUSB - ok
13:12:26.0442 0952 bvrp_pci - ok
13:12:26.0462 0952 catchme - ok
13:12:26.0482 0952 cbidf - ok
13:12:26.0492 0952 cbidf2k - ok
13:12:26.0512 0952 CCDECODE - ok
13:12:26.0532 0952 cd20xrnt - ok
13:12:26.0552 0952 Cdaudio - ok
13:12:26.0562 0952 Cdfs - ok
13:12:26.0582 0952 Cdr4_xp - ok
13:12:26.0592 0952 Cdralw2k - ok
13:12:26.0612 0952 Cdrom - ok
13:12:26.0632 0952 cdudf_xp - ok
13:12:26.0652 0952 Changer - ok
13:12:26.0702 0952 CmBatt - ok
13:12:26.0712 0952 CmdIde - ok
13:12:26.0722 0952 Compbatt - ok
13:12:26.0762 0952 Cpqarray - ok
13:12:26.0782 0952 cpudrv - ok
13:12:26.0812 0952 dac2w2k - ok
13:12:26.0812 0952 dac960nt - ok
13:12:26.0832 0952 DellBIOS - ok
13:12:26.0862 0952 Disk - ok
13:12:26.0892 0952 dmboot - ok
13:12:26.0902 0952 dmio - ok
13:12:26.0922 0952 dmload - ok
13:12:26.0932 0952 DMusic - ok
13:12:26.0962 0952 dpti2o - ok
13:12:26.0982 0952 drmkaud - ok
13:12:26.0992 0952 dvd_2K - ok
13:12:27.0002 0952 E100B - ok
13:12:27.0022 0952 eamon - ok
13:12:27.0042 0952 ehdrv - ok
13:12:27.0073 0952 epfw - ok
13:12:27.0093 0952 Epfwndis - ok
13:12:27.0103 0952 epfwtdi - ok
13:12:27.0153 0952 Fastfat - ok
13:12:27.0183 0952 Fdc - ok
13:12:27.0193 0952 Fips - ok
13:12:27.0203 0952 Flpydisk - ok
13:12:27.0213 0952 FltMgr - ok
13:12:27.0243 0952 fssfltr - ok
13:12:27.0263 0952 Fs_Rec - ok
13:12:27.0273 0952 Ftdisk - ok
13:12:27.0343 0952 Gpc - ok
13:12:27.0433 0952 gv3 - ok
13:12:27.0463 0952 hardlock - ok
13:12:27.0573 0952 HidUsb - ok
13:12:27.0613 0952 hpn - ok
13:12:27.0643 0952 HSFHWICH - ok
13:12:27.0693 0952 HSF_DP - ok
13:12:27.0713 0952 HSF_DPV - ok
13:12:27.0743 0952 HTTP - ok
13:12:27.0814 0952 i2omgmt - ok
13:12:27.0844 0952 i2omp - ok
13:12:27.0874 0952 i8042prt - ok
13:12:27.0914 0952 ialm - ok
13:12:27.0934 0952 Icam4USB - ok
13:12:28.0044 0952 Imapi - ok
13:12:28.0154 0952 ini910u - ok
13:12:28.0214 0952 IntelIde - ok
13:12:28.0234 0952 intelppm - ok
13:12:28.0244 0952 ip6fw - ok
13:12:28.0264 0952 IpFilterDriver - ok
13:12:28.0284 0952 IpInIp - ok
13:12:28.0294 0952 IpNat - ok
13:12:28.0314 0952 IPSec - ok
13:12:28.0324 0952 irda - ok
13:12:28.0344 0952 IRENUM - ok
13:12:28.0374 0952 isapnp - ok
13:12:28.0404 0952 Kbdclass - ok
13:12:28.0414 0952 kbdhid - ok
13:12:28.0424 0952 kmixer - ok
13:12:28.0444 0952 KSecDD - ok
13:12:28.0475 0952 lbrtfdc - ok
13:12:28.0515 0952 LVUSBSta - ok
13:12:28.0535 0952 MASPINT - ok
13:12:28.0545 0952 MBAMProtector - ok
13:12:28.0595 0952 MBAMSwissArmy - ok
13:12:28.0615 0952 MDC8021X - ok
13:12:28.0635 0952 mdmxsdk - ok
13:12:28.0655 0952 mmc_2K - ok
13:12:28.0675 0952 mnmdd - ok
13:12:28.0695 0952 Modem - ok
13:12:28.0705 0952 Mouclass - ok
13:12:28.0725 0952 mouhid - ok
13:12:28.0745 0952 MountMgr - ok
13:12:28.0755 0952 mraid35x - ok
13:12:28.0775 0952 MREMPR5 - ok
13:12:28.0785 0952 MRENDIS5 - ok
13:12:28.0805 0952 MRxDAV - ok
13:12:28.0825 0952 MRxSmb - ok
13:12:28.0865 0952 Msfs - ok
13:12:28.0895 0952 MSIRCOMM - ok
13:12:28.0905 0952 MSKSSRV - ok
13:12:28.0925 0952 MSPCLOCK - ok
13:12:28.0935 0952 MSPQM - ok
13:12:28.0955 0952 mssmbios - ok
13:12:28.0975 0952 MSTEE - ok
13:12:28.0995 0952 Mup - ok
13:12:29.0005 0952 n558 - ok
13:12:29.0025 0952 NABTSFEC - ok
13:12:29.0095 0952 NDIS - ok
13:12:29.0115 0952 NdisIP - ok
13:12:29.0125 0952 NdisTapi - ok
13:12:29.0145 0952 Ndisuio - ok
13:12:29.0166 0952 NdisWan - ok
13:12:29.0186 0952 NDProxy - ok
13:12:29.0216 0952 NetBIOS - ok
13:12:29.0226 0952 NetBT - ok
13:12:29.0306 0952 NIC1394 - ok
13:12:29.0336 0952 Npfs - ok
13:12:29.0356 0952 Ntfs - ok
13:12:29.0396 0952 Null - ok
13:12:29.0416 0952 NwlnkFlt - ok
13:12:29.0426 0952 NwlnkFwd - ok
13:12:29.0456 0952 ohci1394 - ok
13:12:29.0476 0952 omci - ok
13:12:29.0606 0952 Parport - ok
13:12:29.0616 0952 PartMgr - ok
13:12:29.0636 0952 ParVdm - ok
13:12:29.0656 0952 PCDSRVC{E9D79540-57D5953E-06020101}_0 - ok
13:12:29.0676 0952 PCI - ok
13:12:29.0696 0952 PCIDump - ok
13:12:29.0706 0952 PCIIde - ok
13:12:29.0726 0952 Pcmcia - ok
13:12:29.0746 0952 PCTCore - ok
13:12:29.0766 0952 PDCOMP - ok
13:12:29.0786 0952 PDFRAME - ok
13:12:29.0806 0952 PDRELI - ok
13:12:29.0816 0952 PDRFRAME - ok
13:12:29.0857 0952 perc2 - ok
13:12:29.0877 0952 perc2hib - ok
13:12:29.0917 0952 pfc - ok
13:12:29.0957 0952 PptpMiniport - ok
13:12:29.0977 0952 Processor - ok
13:12:30.0007 0952 PSched - ok
13:12:30.0017 0952 Ptilink - ok
13:12:30.0037 0952 pwd_2k - ok
13:12:30.0047 0952 PxHelp20 - ok
13:12:30.0067 0952 QCMerced - ok
13:12:30.0087 0952 ql1080 - ok
13:12:30.0097 0952 Ql10wnt - ok
13:12:30.0107 0952 ql12160 - ok
13:12:30.0127 0952 ql1240 - ok
13:12:30.0147 0952 ql1280 - ok
13:12:30.0167 0952 RasAcd - ok
13:12:30.0187 0952 Rasirda - ok
13:12:30.0197 0952 Rasl2tp - ok
13:12:30.0227 0952 RasPppoe - ok
13:12:30.0247 0952 Raspti - ok
13:12:30.0257 0952 Rdbss - ok
13:12:30.0287 0952 RDPCDD - ok
13:12:30.0307 0952 rdpdr - ok
13:12:30.0327 0952 RDPWD - ok
13:12:30.0357 0952 redbook - ok
13:12:30.0407 0952 RFCOMM - ok
13:12:30.0457 0952 s24trans - ok
13:12:30.0477 0952 SASDIFSV - ok
13:12:30.0497 0952 SASENUM - ok
13:12:30.0507 0952 SASKUTIL - ok
13:12:30.0588 0952 Secdrv - ok
13:12:30.0618 0952 Sentinel - ok
13:12:30.0638 0952 serenum - ok
13:12:30.0658 0952 Serial - ok
13:12:30.0738 0952 Sfloppy - ok
13:12:30.0778 0952 Simbad - ok
13:12:30.0798 0952 sisagp - ok
13:12:30.0818 0952 SLIP - ok
13:12:30.0828 0952 SMCIRDA - ok
13:12:30.0868 0952 SNCT511 - ok
13:12:30.0888 0952 SNP2STD - ok
13:12:30.0898 0952 SONYPVU1 - ok
13:12:30.0918 0952 Sparrow - ok
13:12:30.0938 0952 splitter - ok
13:12:30.0968 0952 sr - ok
13:12:30.0998 0952 Srv - ok
13:12:31.0028 0952 STAC97 - ok
13:12:31.0048 0952 streamip - ok
13:12:31.0068 0952 swenum - ok
13:12:31.0088 0952 swmidi - ok
13:12:31.0118 0952 symc810 - ok
13:12:31.0128 0952 symc8xx - ok
13:12:31.0148 0952 sym_hi - ok
13:12:31.0168 0952 sym_u3 - ok
13:12:31.0188 0952 sysaudio - ok
13:12:31.0218 0952 Tcpip - ok
13:12:31.0239 0952 TDPIPE - ok
13:12:31.0249 0952 TDTCP - ok
13:12:31.0269 0952 TermDD - ok
13:12:31.0319 0952 tmcomm - ok
13:12:31.0329 0952 TosIde - ok
13:12:31.0379 0952 UdfReadr_xp - ok
13:12:31.0389 0952 Udfs - ok
13:12:31.0409 0952 UIUSys - ok
13:12:31.0419 0952 ultra - ok
13:12:31.0439 0952 Update - ok
13:12:31.0479 0952 usbaudio - ok
13:12:31.0489 0952 usbccgp - ok
13:12:31.0509 0952 usbehci - ok
13:12:31.0529 0952 usbhub - ok
13:12:31.0539 0952 usbprint - ok
13:12:31.0559 0952 usbscan - ok
13:12:31.0579 0952 USBSTOR - ok
13:12:31.0589 0952 usbuhci - ok
13:12:31.0619 0952 VgaSave - ok
13:12:31.0639 0952 viaagp - ok
13:12:31.0649 0952 ViaIde - ok
13:12:31.0669 0952 VolSnap - ok
13:12:31.0709 0952 w22n51 - ok
13:12:31.0729 0952 w29n51 - ok
13:12:31.0759 0952 Wanarp - ok
13:12:31.0779 0952 WDICA - ok
13:12:31.0799 0952 wdmaud - ok
13:12:31.0819 0952 winachsf - ok
13:12:31.0859 0952 WinDriver6 - ok
13:12:31.0990 0952 WpdUsb - ok
13:12:32.0010 0952 WS2IFSL - ok
13:12:32.0040 0952 WSTCODEC - ok
13:12:32.0060 0952 WudfPf - ok
13:12:32.0080 0952 WUDFRd - ok
13:12:32.0120 0952 zebrbus - ok
13:12:32.0140 0952 zebrceb - ok
13:12:32.0160 0952 zebrmdfl - ok
13:12:32.0170 0952 zebrmdm - ok
13:12:32.0190 0952 zebrmdmc - ok
13:12:32.0200 0952 zebrsce - ok
13:12:32.0260 0952 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
13:12:32.0300 0952 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
13:12:32.0320 0952 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55} - ok
13:12:32.0340 0952 {E2B953A7-195A-44F9-9BA3-3D5F4E32BB55} - ok
13:12:32.0390 0952 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:12:32.0791 0952 \Device\Harddisk0\DR0 - ok
13:12:32.0811 0952 Boot (0x1200) (098a8fa4a8ca5cd11d5f37f13c3b0b10) \Device\Harddisk0\DR0\Partition0
13:12:32.0821 0952 \Device\Harddisk0\DR0\Partition0 - ok
13:12:32.0821 0952 ============================================================
13:12:32.0821 0952 Scan finished
13:12:32.0821 0952 ============================================================
13:12:32.0871 2856 Detected object count: 0
13:12:32.0871 2856 Actual detected object count: 0
13:13:09.0564 0784 ============================================================
13:13:09.0564 0784 Scan started
13:13:09.0564 0784 Mode: Manual; SigCheck; TDLFS;
13:13:09.0564 0784 ============================================================
13:13:09.0634 0784 Abiosdsk - ok
13:13:09.0644 0784 abp480n5 - ok
13:13:09.0694 0784 ACPI - ok
13:13:09.0714 0784 ACPIEC - ok
13:13:09.0724 0784 adpu160m - ok
13:13:09.0734 0784 aec - ok
13:13:09.0774 0784 AFD - ok
13:13:09.0784 0784 agp440 - ok
13:13:09.0794 0784 agpCPQ - ok
13:13:09.0844 0784 Aha154x - ok
13:13:09.0864 0784 aic78u2 - ok
13:13:09.0894 0784 aic78xx - ok
13:13:09.0924 0784 aksfridge - ok
13:13:09.0954 0784 AliIde - ok
13:13:09.0974 0784 alim1541 - ok
13:13:10.0004 0784 amdagp - ok
13:13:10.0024 0784 amsint - ok
13:13:10.0044 0784 ApfiltrService - ok
13:13:10.0074 0784 APPDRV - ok
13:13:10.0094 0784 Arp1394 - ok
13:13:10.0134 0784 asc - ok
13:13:10.0154 0784 asc3350p - ok
13:13:10.0164 0784 asc3550 - ok
13:13:10.0245 0784 AsyncMac - ok
13:13:10.0255 0784 atapi - ok
13:13:10.0295 0784 Atdisk - ok
13:13:10.0315 0784 Atmarpc - ok
13:13:10.0335 0784 audstub - ok
13:13:10.0395 0784 Beep - ok
13:13:10.0425 0784 BthEnum - ok
13:13:10.0465 0784 BTHMODEM - ok
13:13:10.0475 0784 BthPan - ok
13:13:10.0495 0784 BTHPORT - ok
13:13:10.0535 0784 BTHUSB - ok
13:13:10.0545 0784 BTKRNL - ok
13:13:10.0565 0784 BTWUSB - ok
13:13:10.0605 0784 bvrp_pci - ok
13:13:10.0625 0784 catchme - ok
13:13:10.0645 0784 cbidf - ok
13:13:10.0655 0784 cbidf2k - ok
13:13:10.0695 0784 CCDECODE - ok
13:13:10.0755 0784 cd20xrnt - ok
13:13:10.0775 0784 Cdaudio - ok
13:13:10.0785 0784 Cdfs - ok
13:13:10.0795 0784 Cdr4_xp - ok
13:13:10.0845 0784 Cdralw2k - ok
13:13:10.0855 0784 Cdrom - ok
13:13:10.0876 0784 cdudf_xp - ok
13:13:10.0906 0784 Changer - ok
13:13:10.0976 0784 CmBatt - ok
13:13:10.0986 0784 CmdIde - ok
13:13:10.0996 0784 Compbatt - ok
13:13:11.0056 0784 Cpqarray - ok
13:13:11.0076 0784 cpudrv - ok
13:13:11.0096 0784 dac2w2k - ok
13:13:11.0116 0784 dac960nt - ok
13:13:11.0146 0784 DellBIOS - ok
13:13:11.0166 0784 Disk - ok
13:13:11.0196 0784 dmboot - ok
13:13:11.0216 0784 dmio - ok
13:13:11.0236 0784 dmload - ok
13:13:11.0266 0784 DMusic - ok
13:13:11.0296 0784 dpti2o - ok
13:13:11.0316 0784 drmkaud - ok
13:13:11.0326 0784 dvd_2K - ok
13:13:11.0346 0784 E100B - ok
13:13:11.0366 0784 eamon - ok
13:13:11.0396 0784 ehdrv - ok
13:13:11.0426 0784 epfw - ok
13:13:11.0436 0784 Epfwndis - ok
13:13:11.0456 0784 epfwtdi - ok
13:13:11.0506 0784 Fastfat - ok
13:13:11.0546 0784 Fdc - ok
13:13:11.0556 0784 Fips - ok
13:13:11.0577 0784 Flpydisk - ok
13:13:11.0587 0784 FltMgr - ok
13:13:11.0607 0784 fssfltr - ok
13:13:11.0637 0784 Fs_Rec - ok
13:13:11.0647 0784 Ftdisk - ok
13:13:11.0677 0784 Gpc - ok
13:13:11.0717 0784 gv3 - ok
13:13:11.0737 0784 hardlock - ok
13:13:11.0777 0784 HidUsb - ok
13:13:11.0807 0784 hpn - ok
13:13:11.0817 0784 HSFHWICH - ok
13:13:11.0827 0784 HSF_DP - ok
13:13:11.0837 0784 HSF_DPV - ok
13:13:11.0857 0784 HTTP - ok
13:13:11.0877 0784 i2omgmt - ok
13:13:11.0897 0784 i2omp - ok
13:13:11.0907 0784 i8042prt - ok
13:13:11.0917 0784 ialm - ok
13:13:11.0927 0784 Icam4USB - ok
13:13:11.0977 0784 Imapi - ok
13:13:12.0007 0784 ini910u - ok
13:13:12.0027 0784 IntelIde - ok
13:13:12.0057 0784 intelppm - ok
13:13:12.0077 0784 ip6fw - ok
13:13:12.0087 0784 IpFilterDriver - ok
13:13:12.0097 0784 IpInIp - ok
13:13:12.0117 0784 IpNat - ok
13:13:12.0127 0784 IPSec - ok
13:13:12.0147 0784 irda - ok
13:13:12.0157 0784 IRENUM - ok
13:13:12.0187 0784 isapnp - ok
13:13:12.0207 0784 Kbdclass - ok
13:13:12.0217 0784 kbdhid - ok
13:13:12.0237 0784 kmixer - ok
13:13:12.0257 0784 KSecDD - ok
13:13:12.0288 0784 lbrtfdc - ok
13:13:12.0318 0784 LVUSBSta - ok
13:13:12.0348 0784 MASPINT - ok
13:13:12.0368 0784 MBAMProtector - ok
13:13:12.0388 0784 MBAMSwissArmy - ok
13:13:12.0398 0784 MDC8021X - ok
13:13:12.0428 0784 mdmxsdk - ok
13:13:12.0448 0784 mmc_2K - ok
13:13:12.0458 0784 mnmdd - ok
13:13:12.0488 0784 Modem - ok
13:13:12.0498 0784 Mouclass - ok
13:13:12.0508 0784 mouhid - ok
13:13:12.0528 0784 MountMgr - ok
13:13:12.0548 0784 mraid35x - ok
13:13:12.0558 0784 MREMPR5 - ok
13:13:12.0578 0784 MRENDIS5 - ok
13:13:12.0588 0784 MRxDAV - ok
13:13:12.0608 0784 MRxSmb - ok
13:13:12.0648 0784 Msfs - ok
13:13:12.0658 0784 MSIRCOMM - ok
13:13:12.0688 0784 MSKSSRV - ok
13:13:12.0698 0784 MSPCLOCK - ok
13:13:12.0718 0784 MSPQM - ok
13:13:12.0738 0784 mssmbios - ok
13:13:12.0758 0784 MSTEE - ok
13:13:12.0768 0784 Mup - ok
13:13:12.0788 0784 n558 - ok
13:13:12.0808 0784 NABTSFEC - ok
13:13:12.0828 0784 NDIS - ok
13:13:12.0838 0784 NdisIP - ok
13:13:12.0868 0784 NdisTapi - ok
13:13:12.0878 0784 Ndisuio - ok
13:13:12.0898 0784 NdisWan - ok
13:13:12.0908 0784 NDProxy - ok
13:13:12.0928 0784 NetBIOS - ok
13:13:12.0948 0784 NetBT - ok
13:13:13.0009 0784 NIC1394 - ok
13:13:13.0039 0784 Npfs - ok
13:13:13.0049 0784 Ntfs - ok
13:13:13.0079 0784 Null - ok
13:13:13.0099 0784 NwlnkFlt - ok
13:13:13.0109 0784 NwlnkFwd - ok
13:13:13.0139 0784 ohci1394 - ok
13:13:13.0149 0784 omci - ok
13:13:13.0179 0784 Parport - ok
13:13:13.0199 0784 PartMgr - ok
13:13:13.0209 0784 ParVdm - ok
13:13:13.0229 0784 PCDSRVC{E9D79540-57D5953E-06020101}_0 - ok
13:13:13.0239 0784 PCI - ok
13:13:13.0259 0784 PCIDump - ok
13:13:13.0279 0784 PCIIde - ok
13:13:13.0289 0784 Pcmcia - ok
13:13:13.0309 0784 PCTCore - ok
13:13:13.0319 0784 PDCOMP - ok
13:13:13.0329 0784 PDFRAME - ok
13:13:13.0359 0784 PDRELI - ok
13:13:13.0369 0784 PDRFRAME - ok
13:13:13.0399 0784 perc2 - ok
13:13:13.0419 0784 perc2hib - ok
13:13:13.0469 0784 pfc - ok
13:13:13.0499 0784 PptpMiniport - ok
13:13:13.0519 0784 Processor - ok
13:13:13.0549 0784 PSched - ok
13:13:13.0569 0784 Ptilink - ok
13:13:13.0589 0784 pwd_2k - ok
13:13:13.0609 0784 PxHelp20 - ok
13:13:13.0619 0784 QCMerced - ok
13:13:13.0629 0784 ql1080 - ok
13:13:13.0649 0784 Ql10wnt - ok
13:13:13.0670 0784 ql12160 - ok
13:13:13.0680 0784 ql1240 - ok
13:13:13.0710 0784 ql1280 - ok
13:13:13.0720 0784 RasAcd - ok
13:13:13.0740 0784 Rasirda - ok
13:13:13.0760 0784 Rasl2tp - ok
13:13:13.0790 0784 RasPppoe - ok
13:13:13.0810 0784 Raspti - ok
13:13:13.0820 0784 Rdbss - ok
13:13:13.0830 0784 RDPCDD - ok
13:13:13.0860 0784 rdpdr - ok
13:13:13.0890 0784 RDPWD - ok
13:13:13.0940 0784 redbook - ok
13:13:14.0010 0784 RFCOMM - ok
13:13:14.0080 0784 s24trans - ok
13:13:14.0110 0784 SASDIFSV - ok
13:13:14.0110 0784 SASENUM - ok
13:13:14.0130 0784 SASKUTIL - ok
13:13:14.0210 0784 Secdrv - ok
13:13:14.0250 0784 Sentinel - ok
13:13:14.0310 0784 serenum - ok
13:13:14.0330 0784 Serial - ok
13:13:14.0401 0784 Sfloppy - ok
13:13:14.0431 0784 Simbad - ok
13:13:14.0451 0784 sisagp - ok
13:13:14.0461 0784 SLIP - ok
13:13:14.0481 0784 SMCIRDA - ok
13:13:14.0501 0784 SNCT511 - ok
13:13:14.0511 0784 SNP2STD - ok
13:13:14.0531 0784 SONYPVU1 - ok
13:13:14.0561 0784 Sparrow - ok
13:13:14.0661 0784 splitter - ok
13:13:14.0701 0784 sr - ok
13:13:14.0721 0784 Srv - ok
13:13:14.0751 0784 STAC97 - ok
13:13:14.0771 0784 streamip - ok
13:13:14.0791 0784 swenum - ok
13:13:14.0801 0784 swmidi - ok
13:13:14.0841 0784 symc810 - ok
13:13:14.0871 0784 symc8xx - ok
13:13:14.0881 0784 sym_hi - ok
13:13:14.0911 0784 sym_u3 - ok
13:13:14.0921 0784 sysaudio - ok
13:13:14.0961 0784 Tcpip - ok
13:13:14.0981 0784 TDPIPE - ok
13:13:15.0001 0784 TDTCP - ok
13:13:15.0021 0784 TermDD - ok
13:13:15.0072 0784 tmcomm - ok
13:13:15.0092 0784 TosIde - ok
13:13:15.0132 0784 UdfReadr_xp - ok
13:13:15.0152 0784 Udfs - ok
13:13:15.0172 0784 UIUSys - ok
13:13:15.0192 0784 ultra - ok
13:13:15.0202 0784 Update - ok
13:13:15.0242 0784 usbaudio - ok
13:13:15.0262 0784 usbccgp - ok
13:13:15.0282 0784 usbehci - ok
13:13:15.0292 0784 usbhub - ok
13:13:15.0312 0784 usbprint - ok
13:13:15.0322 0784 usbscan - ok
13:13:15.0342 0784 USBSTOR - ok
13:13:15.0362 0784 usbuhci - ok
13:13:15.0392 0784 VgaSave - ok
13:13:15.0402 0784 viaagp - ok
13:13:15.0422 0784 ViaIde - ok
13:13:15.0442 0784 VolSnap - ok
13:13:15.0482 0784 w22n51 - ok
13:13:15.0502 0784 w29n51 - ok
13:13:15.0532 0784 Wanarp - ok
13:13:15.0542 0784 WDICA - ok
13:13:15.0562 0784 wdmaud - ok
13:13:15.0582 0784 winachsf - ok
13:13:15.0622 0784 WinDriver6 - ok
13:13:15.0803 0784 WpdUsb - ok
13:13:15.0873 0784 WS2IFSL - ok
13:13:15.0933 0784 WSTCODEC - ok
13:13:16.0043 0784 WudfPf - ok
13:13:16.0073 0784 WUDFRd - ok
13:13:16.0153 0784 zebrbus - ok
13:13:16.0203 0784 zebrceb - ok
13:13:16.0243 0784 zebrmdfl - ok
13:13:16.0283 0784 zebrmdm - ok
13:13:16.0333 0784 zebrmdmc - ok
13:13:16.0363 0784 zebrsce - ok
13:13:16.0494 0784 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
13:13:16.0564 0784 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
13:13:16.0624 0784 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55} - ok
13:13:16.0654 0784 {E2B953A7-195A-44F9-9BA3-3D5F4E32BB55} - ok
13:13:16.0734 0784 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:13:18.0086 0784 \Device\Harddisk0\DR0 - ok
13:13:18.0116 0784 Boot (0x1200) (098a8fa4a8ca5cd11d5f37f13c3b0b10) \Device\Harddisk0\DR0\Partition0
13:13:18.0116 0784 \Device\Harddisk0\DR0\Partition0 - ok
13:13:18.0126 0784 ============================================================
13:13:18.0126 0784 Scan finished
13:13:18.0126 0784 ============================================================
13:13:18.0186 2756 Detected object count: 0
13:13:18.0186 2756 Actual detected object count: 0
13:17:01.0557 0660 Deinitialize success

------------------------------- Log End---------------------------------------
protocoder is offline  
Old 02-12-2012, 01:25 PM   #12
Security Manager
Analyst
Rangemaster, TSF Academy
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 39,536
OS: Windows 10 Pro

My System


Hi Anand

Did you also run MBAM? If so can you please post the log.
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.

PC Safety & Security::PC running a bit slow?::Photographers Corner

Glaswegian is offline  
Old 02-13-2012, 01:48 AM   #13
Registered Member
 
Join Date: Jun 2011
Posts: 74
OS: xp



Hi Iain,
Apologies my mistake. Yes I ran the Mbam again today. Here is the log:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: v2012.02.13.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
GR Anand :: ANAND [administrator]

Protection: Disabled

2/13/2012 7:44:56 PM
mbam-log-2012-02-13 (19-44-56).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 346002
Time elapsed: 1 hour(s), 51 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
protocoder is offline  
Old 02-13-2012, 02:08 PM   #14
Security Manager
Analyst
Rangemaster, TSF Academy
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 39,536
OS: Windows 10 Pro

My System


Hi Anand

How is your system running now?
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.

PC Safety & Security::PC running a bit slow?::Photographers Corner

Glaswegian is offline  
Old 02-13-2012, 06:42 PM   #15
Registered Member
 
Join Date: Jun 2011
Posts: 74
OS: xp



Hi Iain,
Thank you very much. I have the following problems.

1. When I tried to Open control Panel, I get the following error which I have to say Ok or nothing works
" IPC error: no connection. (SM_RC_ENOCONN)(11)" This dialog box appears twice before control panel displays the list. Please can some one help me resolve it.

2. When I shut down, I am forced to end a strange application it says "End Program - Sample". The shut down procedure does not force this "Whatever weird thing" to close. I see from task manager that there are no Applications running.

However when combofix was running, the application prompted to reboot then the shutdown procedure did not stop for this strange "sample" running. It only shows up when I am rebooting on my own. I searched all drives for sample.exe and found one in winzip folder a sample.exe in the sample.zip, I have deleted the application but I still get this error and yes lots of performance issues in terms of speed of start up and shutdown, hanging etc. I am glad with the first combofix, I got back the idle task in the process which ensured that my CPU is not 100% with nothing running. It definetly cleaned a couple of directories. I wait for your advice. Thanks a ton. - Anand
protocoder is offline  
Old 02-14-2012, 02:17 PM   #16
Security Manager
Analyst
Rangemaster, TSF Academy
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 39,536
OS: Windows 10 Pro

My System


Hi Anand

I'll probably need to pass you over to the Windows Techs once I'm happy your system is clean. They will be able to advise you on the other issues.


Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.

PC Safety & Security::PC running a bit slow?::Photographers Corner

Glaswegian is offline  
Old 02-15-2012, 10:49 AM   #17
Registered Member
 
Join Date: Jun 2011
Posts: 74
OS: xp



Hi Iain,

I think something went wrong, when the scan was going on I was before system until I found 6 objects which the scan said was some variants of some killer etc. Today morning, when I see the log file. It has only this content.
--------------------- Log Content Copy --------------
[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK

---------------------------END ----------------------------

and the time stamp is shows 6:38 pm, that is about the time I started the scan and this scan went over night. So I probably do it again now.

Thanks and Regards
- Anand
protocoder is offline  
Old 02-15-2012, 02:56 PM   #18
Security Manager
Analyst
Rangemaster, TSF Academy
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 39,536
OS: Windows 10 Pro

My System


Hi Anand

If there is a problem with Eset then you can try this alternative.


Perform an online scan with Panda ActiveScan
  • Click on Scan Your PC Now
  • A "pop up" window will appear, or a new tab will open.
  • Click on Register
  • Choose the option you like most, but we recommend the Free Registration.
  • Click on Register
  • Enter your e-mail address, and create a password.
  • Select "I do not want to receive any type of information". (unless you want to receive such information)
  • Click on Send
  • Confirm registration, and continue by entering your user name and password, then click on Enter
  • Select Full Scan, then Click on Scan Now
  • Wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading. You can continue using the Internet by opening another window in your browser.
  • If it finds any malware it can disinfect, the Disinfect button will be enabled. Click on Disinfect
  • Please ignore the offer to buy the program. Click on Export To
  • Export the log and save it to your desktop.
  • Please attach the contents of that log to your reply.
* Turn off the real time scanner of any existing antivirus program while performing the online scan.

Avast users note:

Please do continue with the online scan at Panda if you receive an alert. It is a false positive from Avast because Panda Antivirus does not encrypt its virus database.


Note that Panda may take several hours to scan your system.
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.

PC Safety & Security::PC running a bit slow?::Photographers Corner

Glaswegian is offline  
Old 02-16-2012, 12:52 AM   #19
Registered Member
 
Join Date: Jun 2011
Posts: 74
OS: xp



Hi Iain,

Thank you very much. I got both ESET and PANDA scan results.
For ESET, the files are not fixed with Panda as advised I have cleaned them as well. The logs are as follows

Note: The ESET online stopped yesterday night as the wireless router was switched off accidentally.

ESET online scan:
------------------ESET ONLINE LOG START--------------------------
[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a988bed75b0c4743901b609ea349cf5d
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-02-15 09:29:00
# local_time=2012-02-16 10:29:00 (+1200, New Zealand Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 80328779 80328779 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8202 39157161 100 100 10873035 235841097 0 0
# scanned=123351
# found=10
# cleaned=0
# scan_time=11569
# nod_component=V3 Build:0x30000000
C:\data\applications\exe_deleted_from_windows\FixCamera.exe a variant of Win32/KillProc.A application (unable to clean) 00000000000000000000000000000000 I
C:\data\Download\MyPhoneExplorer_Setup_1.8.2.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\data\Download\YouTubeDownloaderSetup274.exe multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\data\Download\YouTubeDownloaderSetup33.exe a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\YouTube Downloader\ytd_installer.exe probably a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\GR Anand\Local Settings\TempDIR\BetterInstaller.exe Win32/Adware.Somoto.A application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Perfect Uninstaller\PU.exe a variant of Win32/PerfectUninstaller application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP380\A0106718.exe a variant of Win32/PerfectUninstaller application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP380\A0106720.exe a variant of Win32/PerfectUninstaller application (unable to clean) 00000000000000000000000000000000 I

------------------ESET ONLINE LOG END--------------------------

PANDA LOG FILE:
Iain, I think the instructions are changed in the new version, In this version, the PANDA scanner is downloaded in the system and have to be executed. Also weird there is a wrong message that the browsers are supported though my both IE and Firefox are latest and should be working as per the FAQ published. That apart, PANDA is really friendly to use and lot quicker and It did find a lot more issues (which I am not expert to say, good or ok).

------------------PANDA LOG START--------------------------
Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\[email protected][2].TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\LOCAL SETTINGS\TEMP\COOKIES\LVSHTFRS.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\Z3VAJIFN.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\WQBZT7Z3.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\LJQVPNZO.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\ERDW1UMF.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\O94CNOJG.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\0A7C8XV0.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\LOCAL SETTINGS\TEMP\COOKIES\E4Y8KPUC.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\W748DYNX.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\3COFJE88.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\[email protected][1].TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\[email protected][1].TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\6D37DMRA.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\[email protected][2].TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\QS5FIE8I.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\88UCROY7.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\VQ9EA1DM.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\1ROO4WXD.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\KTKQ05EK.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\J4J5BBTS.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\OG4PISS8.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\AWE6B57W.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\JDF7VJF1.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\DI9PQXUC.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\6CEC60BZ.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\C04F2P1W.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\76PJXNL5.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\[email protected][2].TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\SAIPK9MB.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\AB8W1CH2.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\OXU07OWG.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\RSKWXLM5.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\FJ2MFHUY.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\US86F5MJ.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\S7T4N32I.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\U611LXEB.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\VI4AUDZ0.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\[email protected][1].TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\KZ9ICMAU.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\ZI8W83CW.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\BPB1SRS9.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\[email protected][2].TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\OZYBAIBC.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\I8KGIPLY.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\VPM5FC5P.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\[email protected][1].TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\108GTHHK.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\R6AJL09I.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\VEBPWRXI.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\2HZ3Q3FB.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\63C1A1U9.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\QSJQOU9B.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\BDY77G11.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\8M1R8IQ2.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\[email protected][1].TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\ZT44NVTT.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\WHTWFAYO.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\[email protected][2].TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\GR ANAND\COOKIES\XVIVHUCX.TXT to be deleted.

Suspicious Policy. POLICY: HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER[ANTIVIRUSOVERRIDE] to be changed to: 0

Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[SHOWSUPERHIDDEN] to be changed to: 1

------------------PANDA LOG END--------------------------

I wait for your advise and thanks a ton.

Cheers
- Anand
protocoder is offline  
Old 02-16-2012, 01:49 PM   #20
Security Manager
Analyst
Rangemaster, TSF Academy
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 39,536
OS: Windows 10 Pro

My System


Hi Anand

Nice work - a second opinion is always good.

Both are clean - just cookies and some apps that are often flagged as suspicious but are legit.

How is your system running now? It looks clean although I appreciate there are still some Windows issues to fix.
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.

PC Safety & Security::PC running a bit slow?::Photographers Corner

Glaswegian is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 05:30 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts