PCWorld Forums

PCWorld Forums: Stuttering Screen While Watching Video & Connected To The Internet - PCWorld Forums

Jump to content

  • 3 Pages +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • You cannot reply to this topic

Stuttering Screen While Watching Video & Connected To The Internet

#21 User is offline   Daisky 

  • Full Member
  • PipPipPip
  • Group: Members
  • Posts: 59
  • Joined: 12-June 09

Posted 20 October 2012 - 12:05 PM

Concerning the TDSSKiller I did what you told me & it worked but when I wanted to copy paste the report I right clicked but the box which has copy didn't appear I tried on something else & it worked but couldn't make it work inside the report window.There was only one threat detected & there was skip next to it.

Nortons quarantine doesn't contain anything.

Concerning the task bar there was no box on the botom left of task manager to check.As for the processes there was plenty of processes that I don't know.Here are the processes that took much memory &/or CPU usage:
dwn.exe memory
iexplorer.exe memory
iexplorer.exe memory
iexplorer.exe memory
explorer.exe memory
taskmgr.exe CPU
utorrent.exe CPU Memory

The utorrent had no uploading/downloading going on atthe time I was looking at task manager.As I said there are numbers in the lower registry in utorrent window that still count although there is no uploading /downloading.The malwareBytes tells me every once in a while that it blocked entry by utorrent into a suspected malicious site.

This post has been edited by Daisky: 20 October 2012 - 12:09 PM

0

#22 User is offline   Flashorn 

  • Expert
  • PipPipPipPipPipPip
  • Group: Members
  • Posts: 4,709
  • Joined: 19-May 07
  • Location:Canada

Posted 20 October 2012 - 03:34 PM

Hey Daisky !

Thanks for all your patience. You are doing just fine.

Now, for that box in Task Manager, that was my fault. I was under the impression that you were using XP.

It is the "Show All Users" button that Vista and Windows 7 now have.

Posted Image


As for the Report in TDSSKiller, you do not have to Right Click on the app itself. You simply have to click on the Report
button on the top right of the app.when it's on the main GUI or where you start off with the app.

Posted Image


You can, however, retrieve a copy of that report by going to :

Start > Computer > C:// and in this folder, scroll down until you see this :

Posted Image


Simply double click on the TDSSKiller.txt and it will open in Notepad. Expand notepad and copy & paste the results
of your scan in your next reply please.

The processes you have reported are perfectly normal but, when you will click on the "Show All Users" button,
there will be Allot more processes that will come up. If you Expand the "Description" tab on the top right of Task
Manager, you should see what that process is and to which program it belongs to.

Posted Image


As for the processes you have pasted, those are from

iexplorer.exe : is from Internet Explorer which is opened and I presume you are using.
Internet Explorer will as open many processes as there are Tabs or pages opened in
that browser.

dmw.exe is Windows Desktop Manager and is present on all Vista and Windows 7 OS
It manages what you see on your desktop.

explorer.exe is your OS (Vista) normal

taskmgr.exe is well, the Task Manager where you see all of those processes.

utorrent.exe this one does not have to be running. Go into the Preferences of uTorrent
and untick the box that says "Start with Windows" or something to that effect.

Once you have clicked on the "Show for All users" button, take a quick look to see if you
see anything that might be ought of place.

I'll paste my Task manager's screen shot so you'll be able to compare. The processes in
my Task Manager are all needed for running the programs I want running. It will differ a bit
from yours but you'll be able to identify your processes better.

Posted Image
Posted Image

If there are some that you are still unsure of then, post them and I will explain.

OK, for now, I would like you to Reboot the PC and run another MakwareBytes' scan. Only a Quick scan this time.
Having a replicating malware on your PC, it is safer to reboot and scan again as this malware could re-install itself
after a reboot.

Post those scans and take a look at the Task manager once more then, we will see what else we can do to put your
mind at ease.


FLASHORN
Posted Image Posted Image

Posted Image

Eurocom Scorpius: 3840QM-2.8 GHz-Ivy Bridge ; ATI 7970M Crossfire ; Intel SSD 520 series 480GB ; Seagate Momentus XT 750 GB,7200RPM ; 16 GB Corsair Vengeance 9 9 9 24 ; Sound Blaster X-Fi MB2 ; THX True Studio Pro.

Patience is Life.
0

#23 User is offline   Daisky 

  • Full Member
  • PipPipPip
  • Group: Members
  • Posts: 59
  • Joined: 12-June 09

Posted 21 October 2012 - 05:06 PM

I downloaded TDSSKiller again unto the desktop like you told me & ran it like you told me & the report is down.

As for the 3 iexplore, what caught my attention is that I was opening one window with one tab at the time so why there were 3?Utorrent at the time was not downloading or uploading anything that is why I mentioned it.

I did what you told me with task manager & compared them with your screen shots only one caught my attention & that is dllhost.exe ------COM Surrogate.

I rebooted & made a quick scan with MalwareBytes (the scan is down)as you told me & looked again at processes in task manager & noticed nothing(after comparing them with yours again )except the dllhost.exe that I already mentioned.

I have one question.During a scan (both this quick scan & the former scans)it would be counting scaned items then I would see it jump from example number 35 thousand to 150 thousand in less than a second as if it didn't scan those so why does it do that?

the tdsskiller report:
03:00:05.0998 2696 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
03:00:06.0044 2696 ============================================================
03:00:06.0044 2696 Current date / time: 2012/10/22 03:00:06.0044
03:00:06.0044 2696 SystemInfo:
03:00:06.0044 2696
03:00:06.0044 2696 OS Version: 6.0.6002 ServicePack: 2.0
03:00:06.0044 2696 Product type: Workstation
03:00:06.0044 2696 ComputerName: USER-PC
03:00:06.0044 2696 UserName: User
03:00:06.0044 2696 Windows directory: C:\Windows
03:00:06.0044 2696 System windows directory: C:\Windows
03:00:06.0044 2696 Processor architecture: Intel x86
03:00:06.0044 2696 Number of processors: 2
03:00:06.0044 2696 Page size: 0x1000
03:00:06.0044 2696 Boot type: Normal boot
03:00:06.0044 2696 ============================================================
03:00:08.0213 2696 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
03:00:08.0244 2696 ============================================================
03:00:08.0244 2696 \Device\Harddisk0\DR0:
03:00:08.0244 2696 MBR partitions:
03:00:08.0244 2696 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
03:00:08.0244 2696 ============================================================
03:00:08.0291 2696 C: <-> \Device\Harddisk0\DR0\Partition1
03:00:08.0291 2696 ============================================================
03:00:08.0291 2696 Initialize success
03:00:08.0291 2696 ============================================================
03:01:11.0455 5212 ============================================================
03:01:11.0455 5212 Scan started
03:01:11.0455 5212 Mode: Manual; SigCheck; TDLFS;
03:01:11.0455 5212 ============================================================
03:01:12.0563 5212 ================ Scan system memory ========================
03:01:12.0563 5212 System memory - ok
03:01:12.0563 5212 ================ Scan services =============================
03:01:12.0859 5212 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
03:01:12.0937 5212 !SASCORE - ok
03:01:13.0358 5212 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
03:01:13.0374 5212 ACPI - ok
03:01:13.0561 5212 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
03:01:13.0592 5212 AdobeARMservice - ok
03:01:13.0858 5212 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
03:01:13.0889 5212 AdobeFlashPlayerUpdateSvc - ok
03:01:14.0123 5212 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
03:01:14.0341 5212 adp94xx - ok
03:01:14.0482 5212 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
03:01:14.0560 5212 adpahci - ok
03:01:14.0591 5212 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
03:01:14.0638 5212 adpu160m - ok
03:01:14.0684 5212 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
03:01:14.0747 5212 adpu320 - ok
03:01:14.0840 5212 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
03:01:15.0215 5212 AeLookupSvc - ok
03:01:15.0371 5212 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
03:01:15.0480 5212 AFD - ok
03:01:15.0589 5212 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
03:01:15.0589 5212 agp440 - ok
03:01:15.0636 5212 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
03:01:15.0652 5212 aic78xx - ok
03:01:15.0730 5212 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
03:01:16.0104 5212 ALG - ok
03:01:16.0135 5212 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
03:01:16.0135 5212 aliide - ok
03:01:16.0244 5212 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
03:01:16.0244 5212 amdagp - ok
03:01:16.0307 5212 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
03:01:16.0322 5212 amdide - ok
03:01:16.0432 5212 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
03:01:17.0399 5212 AmdK7 - ok
03:01:17.0446 5212 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
03:01:17.0555 5212 AmdK8 - ok
03:01:17.0742 5212 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
03:01:17.0929 5212 Appinfo - ok
03:01:18.0101 5212 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
03:01:18.0132 5212 arc - ok
03:01:18.0194 5212 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
03:01:18.0226 5212 arcsas - ok
03:01:18.0335 5212 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
03:01:18.0491 5212 AsyncMac - ok
03:01:18.0522 5212 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
03:01:18.0553 5212 atapi - ok
03:01:18.0725 5212 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
03:01:18.0928 5212 AudioEndpointBuilder - ok
03:01:18.0974 5212 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
03:01:19.0006 5212 Audiosrv - ok
03:01:19.0208 5212 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
03:01:19.0349 5212 Beep - ok
03:01:19.0505 5212 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
03:01:19.0708 5212 BFE - ok
03:01:20.0893 5212 [ C364F02969E9A842321DD91BCFF749D4 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120928.001\BHDrvx86.sys
03:01:21.0704 5212 BHDrvx86 - ok
03:01:21.0954 5212 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
03:01:22.0126 5212 BITS - ok
03:01:22.0126 5212 blbdrive - ok
03:01:22.0235 5212 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
03:01:22.0328 5212 bowser - ok
03:01:22.0422 5212 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
03:01:22.0562 5212 BrFiltLo - ok
03:01:22.0625 5212 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
03:01:22.0718 5212 BrFiltUp - ok
03:01:22.0765 5212 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
03:01:22.0890 5212 Browser - ok
03:01:23.0015 5212 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
03:01:23.0077 5212 Brserid - ok
03:01:23.0108 5212 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
03:01:23.0171 5212 BrSerWdm - ok
03:01:23.0186 5212 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
03:01:23.0233 5212 BrUsbMdm - ok
03:01:23.0249 5212 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
03:01:23.0296 5212 BrUsbSer - ok
03:01:23.0342 5212 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
03:01:23.0389 5212 BTHMODEM - ok
03:01:23.0498 5212 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_NIS C:\Windows\system32\drivers\NIS\1309000.009\ccSetx86.sys
03:01:23.0857 5212 ccSet_NIS - ok
03:01:23.0904 5212 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
03:01:23.0951 5212 cdfs - ok
03:01:24.0013 5212 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
03:01:24.0044 5212 cdrom - ok
03:01:24.0122 5212 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
03:01:24.0169 5212 CertPropSvc - ok
03:01:24.0200 5212 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
03:01:24.0247 5212 circlass - ok
03:01:24.0294 5212 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
03:01:24.0310 5212 CLFS - ok
03:01:24.0356 5212 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:01:24.0372 5212 clr_optimization_v2.0.50727_32 - ok
03:01:24.0403 5212 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
03:01:24.0419 5212 cmdide - ok
03:01:24.0419 5212 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
03:01:24.0434 5212 Compbatt - ok
03:01:24.0450 5212 COMSysApp - ok
03:01:24.0466 5212 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
03:01:24.0481 5212 crcdisk - ok
03:01:24.0497 5212 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
03:01:24.0544 5212 Crusoe - ok
03:01:24.0606 5212 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
03:01:24.0653 5212 CryptSvc - ok
03:01:24.0731 5212 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
03:01:24.0762 5212 DcomLaunch - ok
03:01:24.0793 5212 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
03:01:24.0840 5212 DfsC - ok
03:01:24.0980 5212 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
03:01:25.0152 5212 DFSR - ok
03:01:25.0214 5212 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
03:01:25.0261 5212 Dhcp - ok
03:01:25.0308 5212 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
03:01:25.0339 5212 disk - ok
03:01:25.0402 5212 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
03:01:25.0448 5212 Dnscache - ok
03:01:25.0480 5212 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
03:01:25.0526 5212 dot3svc - ok
03:01:25.0589 5212 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
03:01:25.0636 5212 DPS - ok
03:01:25.0682 5212 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
03:01:25.0729 5212 drmkaud - ok
03:01:25.0792 5212 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
03:01:25.0838 5212 DXGKrnl - ok
03:01:25.0901 5212 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
03:01:25.0948 5212 E1G60 - ok
03:01:25.0994 5212 [ D32E68DA595ACD9FADCC110BEE196ACE ] E4LOADER C:\Windows\system32\Drivers\e4ldr.sys
03:01:26.0010 5212 E4LOADER - ok
03:01:26.0041 5212 [ F7958C94559D5030F5023F14D46B9F2F ] e4usbaw C:\Windows\system32\DRIVERS\e4usbaw.sys
03:01:26.0057 5212 e4usbaw - ok
03:01:26.0119 5212 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
03:01:26.0150 5212 EapHost - ok
03:01:26.0197 5212 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
03:01:26.0213 5212 Ecache - ok
03:01:26.0291 5212 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
03:01:26.0634 5212 eeCtrl - ok
03:01:26.0681 5212 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
03:01:26.0712 5212 ehRecvr - ok
03:01:26.0743 5212 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
03:01:26.0790 5212 ehSched - ok
03:01:26.0806 5212 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
03:01:26.0821 5212 ehstart - ok
03:01:26.0868 5212 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
03:01:26.0884 5212 elxstor - ok
03:01:26.0930 5212 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
03:01:27.0024 5212 EMDMgmt - ok
03:01:27.0102 5212 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
03:01:27.0430 5212 EraserUtilRebootDrv - ok
03:01:27.0476 5212 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
03:01:27.0508 5212 EventSystem - ok
03:01:27.0554 5212 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
03:01:27.0601 5212 exfat - ok
03:01:27.0632 5212 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
03:01:27.0679 5212 fastfat - ok
03:01:27.0726 5212 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
03:01:27.0757 5212 fdc - ok
03:01:27.0804 5212 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
03:01:27.0820 5212 fdPHost - ok
03:01:27.0835 5212 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
03:01:27.0866 5212 FDResPub - ok
03:01:27.0898 5212 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
03:01:27.0913 5212 FileInfo - ok
03:01:27.0944 5212 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
03:01:27.0976 5212 Filetrace - ok
03:01:28.0007 5212 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
03:01:28.0069 5212 flpydisk - ok
03:01:28.0100 5212 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
03:01:28.0132 5212 FltMgr - ok
03:01:28.0225 5212 [ 452FEAAB2A8DBB42ED751754CB2594F5 ] FontCache C:\Windows\system32\FntCache.dll
03:01:28.0303 5212 FontCache - ok
03:01:28.0366 5212 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
03:01:28.0381 5212 FontCache3.0.0.0 - ok
03:01:28.0428 5212 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
03:01:28.0459 5212 Fs_Rec - ok
03:01:28.0490 5212 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
03:01:28.0506 5212 gagp30kx - ok
03:01:28.0553 5212 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
03:01:28.0615 5212 gpsvc - ok
03:01:28.0724 5212 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
03:01:28.0724 5212 gupdate - ok
03:01:28.0740 5212 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
03:01:28.0756 5212 gupdatem - ok
03:01:28.0818 5212 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
03:01:28.0834 5212 gusvc - ok
03:01:28.0865 5212 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
03:01:28.0912 5212 HdAudAddService - ok
03:01:28.0958 5212 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
03:01:29.0005 5212 HDAudBus - ok
03:01:29.0052 5212 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
03:01:29.0083 5212 HidBth - ok
03:01:29.0114 5212 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
03:01:29.0177 5212 HidIr - ok
03:01:29.0208 5212 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
03:01:29.0224 5212 hidserv - ok
03:01:29.0239 5212 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
03:01:29.0270 5212 HidUsb - ok
03:01:29.0302 5212 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
03:01:29.0333 5212 hkmsvc - ok
03:01:29.0364 5212 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
03:01:29.0380 5212 HpCISSs - ok
03:01:29.0411 5212 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
03:01:29.0504 5212 HTTP - ok
03:01:29.0536 5212 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
03:01:29.0551 5212 i2omp - ok
03:01:29.0629 5212 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
03:01:29.0660 5212 i8042prt - ok
03:01:29.0692 5212 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
03:01:29.0707 5212 iaStorV - ok
03:01:29.0770 5212 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
03:01:29.0832 5212 idsvc - ok
03:01:29.0988 5212 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121019.001\IDSvix86.sys
03:01:30.0331 5212 IDSVix86 - ok
03:01:30.0362 5212 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
03:01:30.0362 5212 iirsp - ok
03:01:30.0425 5212 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
03:01:30.0487 5212 IKEEXT - ok
03:01:30.0581 5212 [ 251E85A3BAC210FFF6BAD3D1F33113E8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
03:01:30.0674 5212 IntcAzAudAddService - ok
03:01:30.0737 5212 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
03:01:30.0752 5212 intelide - ok
03:01:30.0799 5212 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
03:01:30.0830 5212 intelppm - ok
03:01:30.0862 5212 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
03:01:30.0877 5212 IPBusEnum - ok
03:01:30.0924 5212 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
03:01:30.0955 5212 IpFilterDriver - ok
03:01:30.0986 5212 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
03:01:31.0033 5212 iphlpsvc - ok
03:01:31.0033 5212 IpInIp - ok
03:01:31.0064 5212 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
03:01:31.0127 5212 IPMIDRV - ok
03:01:31.0142 5212 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
03:01:31.0174 5212 IPNAT - ok
03:01:31.0189 5212 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
03:01:31.0220 5212 IRENUM - ok
03:01:31.0252 5212 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
03:01:31.0267 5212 isapnp - ok
03:01:31.0330 5212 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
03:01:31.0345 5212 iScsiPrt - ok
03:01:31.0361 5212 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
03:01:31.0376 5212 iteatapi - ok
03:01:31.0392 5212 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
03:01:31.0408 5212 iteraid - ok
03:01:31.0454 5212 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
03:01:31.0454 5212 kbdclass - ok
03:01:31.0486 5212 [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
03:01:31.0532 5212 kbdhid - ok
03:01:31.0548 5212 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
03:01:31.0595 5212 KeyIso - ok
03:01:31.0626 5212 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
03:01:31.0657 5212 KSecDD - ok
03:01:31.0720 5212 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
03:01:31.0766 5212 KtmRm - ok
03:01:31.0813 5212 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
03:01:31.0844 5212 LanmanServer - ok
03:01:31.0907 5212 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
03:01:31.0938 5212 LanmanWorkstation - ok
03:01:31.0969 5212 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
03:01:32.0032 5212 lltdio - ok
03:01:32.0063 5212 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
03:01:32.0110 5212 lltdsvc - ok
03:01:32.0141 5212 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
03:01:32.0172 5212 lmhosts - ok
03:01:32.0203 5212 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
03:01:32.0219 5212 LSI_FC - ok
03:01:32.0234 5212 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
03:01:32.0250 5212 LSI_SAS - ok
03:01:32.0297 5212 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
03:01:32.0312 5212 LSI_SCSI - ok
03:01:32.0344 5212 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
03:01:32.0390 5212 luafv - ok
03:01:32.0453 5212 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
03:01:32.0780 5212 MBAMProtector - ok
03:01:32.0827 5212 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
03:01:32.0858 5212 MBAMScheduler - ok
03:01:32.0921 5212 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
03:01:32.0952 5212 MBAMService - ok
03:01:32.0999 5212 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
03:01:33.0030 5212 Mcx2Svc - ok
03:01:33.0061 5212 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
03:01:33.0077 5212 megasas - ok
03:01:33.0124 5212 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
03:01:33.0139 5212 Microsoft Office Groove Audit Service - ok
03:01:33.0155 5212 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
03:01:33.0202 5212 MMCSS - ok
03:01:33.0233 5212 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
03:01:33.0264 5212 Modem - ok
03:01:33.0326 5212 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
03:01:33.0342 5212 monitor - ok
03:01:33.0358 5212 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
03:01:33.0373 5212 mouclass - ok
03:01:33.0404 5212 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
03:01:33.0436 5212 mouhid - ok
03:01:33.0482 5212 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
03:01:33.0482 5212 MountMgr - ok
03:01:33.0545 5212 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
03:01:33.0560 5212 mpio - ok
03:01:33.0592 5212 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
03:01:33.0623 5212 mpsdrv - ok
03:01:33.0670 5212 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
03:01:33.0701 5212 MpsSvc - ok
03:01:33.0732 5212 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
03:01:33.0748 5212 Mraid35x - ok
03:01:33.0763 5212 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
03:01:33.0779 5212 MRxDAV - ok
03:01:33.0794 5212 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
03:01:33.0841 5212 mrxsmb - ok
03:01:33.0888 5212 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
03:01:33.0919 5212 mrxsmb10 - ok
03:01:33.0950 5212 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
03:01:33.0966 5212 mrxsmb20 - ok
03:01:33.0997 5212 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
03:01:34.0013 5212 msahci - ok
03:01:34.0028 5212 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
03:01:34.0044 5212 msdsm - ok
03:01:34.0075 5212 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
03:01:34.0122 5212 MSDTC - ok
03:01:34.0153 5212 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
03:01:34.0184 5212 Msfs - ok
03:01:34.0247 5212 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
03:01:34.0262 5212 msisadrv - ok
03:01:34.0294 5212 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
03:01:34.0340 5212 MSiSCSI - ok
03:01:34.0340 5212 msiserver - ok
03:01:34.0372 5212 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
03:01:34.0403 5212 MSKSSRV - ok
03:01:34.0450 5212 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
03:01:34.0481 5212 MSPCLOCK - ok
03:01:34.0496 5212 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
03:01:34.0528 5212 MSPQM - ok
03:01:34.0559 5212 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
03:01:34.0574 5212 MsRPC - ok
03:01:34.0606 5212 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
03:01:34.0621 5212 mssmbios - ok
03:01:34.0652 5212 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
03:01:34.0684 5212 MSTEE - ok
03:01:34.0715 5212 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
03:01:34.0730 5212 Mup - ok
03:01:34.0762 5212 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
03:01:34.0777 5212 napagent - ok
03:01:34.0824 5212 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
03:01:34.0871 5212 NativeWifiP - ok
03:01:34.0949 5212 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121020.007\NAVENG.SYS
03:01:35.0292 5212 NAVENG - ok
03:01:35.0386 5212 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121020.007\NAVEX15.SYS
03:01:35.0744 5212 NAVEX15 - ok
03:01:35.0822 5212 [ 2637F26312ECCEEB6F110E95F1ECE243 ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
03:01:35.0869 5212 NBService ( UnsignedFile.Multi.Generic ) - warning
03:01:35.0869 5212 NBService - detected UnsignedFile.Multi.Generic (1)
03:01:35.0932 5212 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
03:01:35.0994 5212 NDIS - ok
03:01:36.0025 5212 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
03:01:36.0056 5212 NdisTapi - ok
03:01:36.0103 5212 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
03:01:36.0119 5212 Ndisuio - ok
03:01:36.0150 5212 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
03:01:36.0181 5212 NdisWan - ok
03:01:36.0212 5212 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
03:01:36.0228 5212 NDProxy - ok
03:01:36.0259 5212 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
03:01:36.0306 5212 NetBIOS - ok
03:01:36.0322 5212 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
03:01:36.0368 5212 netbt - ok
03:01:36.0400 5212 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
03:01:36.0415 5212 Netlogon - ok
03:01:36.0446 5212 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
03:01:36.0478 5212 Netman - ok
03:01:36.0524 5212 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
03:01:36.0556 5212 netprofm - ok
03:01:36.0587 5212 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
03:01:36.0602 5212 NetTcpPortSharing - ok
03:01:36.0634 5212 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
03:01:36.0649 5212 nfrd960 - ok
03:01:36.0774 5212 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
03:01:37.0102 5212 NIS - ok
03:01:37.0133 5212 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
03:01:37.0180 5212 NlaSvc - ok
03:01:37.0211 5212 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
03:01:37.0242 5212 Npfs - ok
03:01:37.0258 5212 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
03:01:37.0304 5212 nsi - ok
03:01:37.0320 5212 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
03:01:37.0367 5212 nsiproxy - ok
03:01:37.0414 5212 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
03:01:37.0476 5212 Ntfs - ok
03:01:37.0492 5212 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
03:01:37.0554 5212 ntrigdigi - ok
03:01:37.0585 5212 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
03:01:37.0601 5212 Null - ok
03:01:37.0772 5212 [ 70CB8915895CCB92DDF23CE890C4F5BE ] nv C:\Windows\system32\DRIVERS\nv4_mini.sys
03:01:38.0100 5212 nv - ok
03:01:38.0162 5212 [ 92CFE8964B3A6DA0692331FA66630DB3 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
03:01:38.0506 5212 NVHDA - ok
03:01:39.0379 5212 [ F675B9ADC20AC2B13E8BA7840517F869 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
03:01:40.0206 5212 nvlddmkm - ok
03:01:40.0237 5212 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
03:01:40.0253 5212 nvraid - ok
03:01:40.0268 5212 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
03:01:40.0284 5212 nvstor - ok
03:01:40.0471 5212 [ 4205FCD9D7EA0A470235AEE909EED092 ] NVSvc C:\Windows\system32\nvvsvc.exe
03:01:40.0924 5212 NVSvc - ok
03:01:40.0939 5212 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
03:01:40.0955 5212 nv_agp - ok
03:01:40.0970 5212 NwlnkFlt - ok
03:01:40.0970 5212 NwlnkFwd - ok
03:01:41.0033 5212 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
03:01:41.0048 5212 odserv - ok
03:01:41.0111 5212 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
03:01:41.0158 5212 ohci1394 - ok
03:01:41.0204 5212 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
03:01:41.0220 5212 ose - ok
03:01:41.0267 5212 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
03:01:41.0329 5212 p2pimsvc - ok
03:01:41.0360 5212 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
03:01:41.0392 5212 p2psvc - ok
03:01:41.0423 5212 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
03:01:41.0454 5212 Parport - ok
03:01:41.0485 5212 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
03:01:41.0516 5212 partmgr - ok
03:01:41.0532 5212 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
03:01:41.0579 5212 Parvdm - ok
03:01:41.0610 5212 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
03:01:41.0657 5212 PcaSvc - ok
03:01:41.0688 5212 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
03:01:41.0704 5212 pci - ok
03:01:41.0719 5212 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\drivers\pciide.sys
03:01:41.0735 5212 pciide - ok
03:01:41.0750 5212 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
03:01:41.0766 5212 pcmcia - ok
03:01:41.0828 5212 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
03:01:41.0938 5212 PEAUTH - ok
03:01:42.0203 5212 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
03:01:42.0374 5212 pla - ok
03:01:42.0421 5212 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
03:01:42.0452 5212 PlugPlay - ok
03:01:42.0484 5212 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
03:01:42.0515 5212 PNRPAutoReg - ok
03:01:42.0577 5212 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
03:01:42.0593 5212 PNRPsvc - ok
03:01:42.0640 5212 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
03:01:42.0671 5212 PolicyAgent - ok
03:01:42.0718 5212 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
03:01:42.0749 5212 PptpMiniport - ok
03:01:42.0796 5212 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
03:01:42.0842 5212 Processor - ok
03:01:42.0874 5212 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
03:01:42.0905 5212 ProfSvc - ok
03:01:42.0905 5212 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
03:01:42.0920 5212 ProtectedStorage - ok
03:01:42.0952 5212 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
03:01:42.0983 5212 PSched - ok
03:01:43.0045 5212 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
03:01:43.0076 5212 ql2300 - ok
03:01:43.0123 5212 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
03:01:43.0139 5212 ql40xx - ok
03:01:43.0170 5212 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
03:01:43.0201 5212 QWAVE - ok
03:01:43.0232 5212 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
03:01:43.0248 5212 QWAVEdrv - ok
03:01:43.0264 5212 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
03:01:43.0295 5212 RasAcd - ok
03:01:43.0326 5212 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
03:01:43.0357 5212 RasAuto - ok
03:01:43.0388 5212 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
03:01:43.0420 5212 Rasl2tp - ok
03:01:43.0482 5212 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
03:01:43.0498 5212 RasMan - ok
03:01:43.0544 5212 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
03:01:43.0560 5212 RasPppoe - ok
03:01:43.0591 5212 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
03:01:43.0607 5212 RasSstp - ok
03:01:43.0638 5212 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
03:01:43.0654 5212 rdbss - ok
03:01:43.0685 5212 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
03:01:43.0716 5212 RDPCDD - ok
03:01:43.0747 5212 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
03:01:43.0794 5212 rdpdr - ok
03:01:43.0794 5212 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
03:01:43.0841 5212 RDPENCDD - ok
03:01:43.0872 5212 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
03:01:43.0919 5212 RDPWD - ok
03:01:43.0981 5212 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
03:01:43.0997 5212 RemoteAccess - ok
03:01:44.0028 5212 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
03:01:44.0059 5212 RemoteRegistry - ok
03:01:44.0075 5212 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
03:01:44.0090 5212 RpcLocator - ok
03:01:44.0122 5212 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
03:01:44.0153 5212 RpcSs - ok
03:01:44.0184 5212 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
03:01:44.0231 5212 rspndr - ok
03:01:44.0278 5212 [ 3D2B6520699D1DCD5A13F9E7CAD62199 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
03:01:44.0324 5212 RTL8169 - ok
03:01:44.0340 5212 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
03:01:44.0356 5212 SamSs - ok
03:01:44.0402 5212 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
03:01:44.0824 5212 SASDIFSV - ok
03:01:44.0855 5212 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
03:01:45.0198 5212 SASKUTIL - ok
03:01:45.0214 5212 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
03:01:45.0229 5212 sbp2port - ok
03:01:45.0292 5212 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
03:01:45.0323 5212 SCardSvr - ok
03:01:45.0370 5212 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
03:01:45.0448 5212 Schedule - ok
03:01:45.0479 5212 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
03:01:45.0526 5212 SCPolicySvc - ok
03:01:45.0557 5212 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
03:01:45.0588 5212 SDRSVC - ok
03:01:45.0619 5212 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
03:01:45.0666 5212 secdrv - ok
03:01:45.0682 5212 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
03:01:45.0713 5212 seclogon - ok
03:01:45.0728 5212 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
03:01:45.0744 5212 SENS - ok
03:01:45.0775 5212 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
03:01:45.0806 5212 Serenum - ok
03:01:45.0853 5212 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
03:01:45.0869 5212 Serial - ok
03:01:45.0900 5212 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
03:01:45.0931 5212 sermouse - ok
03:01:45.0962 5212 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
03:01:45.0994 5212 SessionEnv - ok
03:01:46.0025 5212 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
03:01:46.0072 5212 sffdisk - ok
03:01:46.0087 5212 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
03:01:46.0118 5212 sffp_mmc - ok
03:01:46.0150 5212 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
03:01:46.0181 5212 sffp_sd - ok
03:01:46.0212 5212 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
03:01:46.0259 5212 sfloppy - ok
03:01:46.0274 5212 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
03:01:46.0306 5212 SharedAccess - ok
03:01:46.0352 5212 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
03:01:46.0384 5212 ShellHWDetection - ok
03:01:46.0415 5212 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
03:01:46.0415 5212 sisagp - ok
03:01:46.0430 5212 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
03:01:46.0446 5212 SiSRaid2 - ok
03:01:46.0477 5212 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
03:01:46.0493 5212 SiSRaid4 - ok
03:01:46.0602 5212 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
03:01:46.0727 5212 slsvc - ok
03:01:46.0774 5212 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
03:01:46.0836 5212 SLUINotify - ok
03:01:46.0867 5212 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
03:01:46.0883 5212 Smb - ok
03:01:46.0914 5212 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
03:01:46.0930 5212 SNMPTRAP - ok
03:01:46.0961 5212 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
03:01:46.0976 5212 spldr - ok
03:01:47.0008 5212 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
03:01:47.0039 5212 Spooler - ok
03:01:47.0132 5212 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\Windows\System32\Drivers\NIS\1309000.009\SRTSP.SYS
03:01:47.0460 5212 SRTSP - ok
03:01:47.0491 5212 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\Windows\system32\drivers\NIS\1309000.009\SRTSPX.SYS
03:01:47.0819 5212 SRTSPX - ok
03:01:47.0850 5212 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
03:01:47.0897 5212 srv - ok
03:01:47.0928 5212 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
03:01:47.0975 5212 srv2 - ok
03:01:48.0006 5212 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
03:01:48.0037 5212 srvnet - ok
03:01:48.0068 5212 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
03:01:48.0100 5212 SSDPSRV - ok
03:01:48.0162 5212 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
03:01:48.0178 5212 SstpSvc - ok
03:01:48.0271 5212 [ B82E7009E4016F74B65706A5668D6AE9 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
03:01:48.0614 5212 Stereo Service - ok
03:01:48.0677 5212 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
03:01:48.0708 5212 stisvc - ok
03:01:48.0739 5212 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
03:01:48.0755 5212 swenum - ok
03:01:48.0786 5212 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
03:01:48.0833 5212 swprv - ok
03:01:48.0848 5212 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
03:01:48.0864 5212 Symc8xx - ok
03:01:48.0926 5212 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\Windows\system32\drivers\NIS\1309000.009\SYMDS.SYS
03:01:49.0254 5212 SymDS - ok
03:01:49.0301 5212 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\Windows\system32\drivers\NIS\1309000.009\SYMEFA.SYS
03:01:49.0706 5212 SymEFA - ok
03:01:49.0738 5212 [ 74E2521E96176A4449570E50BE91954D ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
03:01:50.0065 5212 SymEvent - ok
03:01:50.0096 5212 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\Windows\system32\drivers\NIS\1309000.009\Ironx86.SYS
03:01:50.0424 5212 SymIRON - ok
03:01:50.0471 5212 [ 40C6E6417C8B7D7FCF82CFBE71525795 ] SYMTDIv C:\Windows\System32\Drivers\NIS\1309000.009\SYMTDIV.SYS
03:01:50.0830 5212 SYMTDIv - ok
03:01:50.0845 5212 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
03:01:50.0861 5212 Sym_hi - ok
03:01:50.0892 5212 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
03:01:50.0908 5212 Sym_u3 - ok
03:01:50.0939 5212 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
03:01:51.0001 5212 SysMain - ok
03:01:51.0017 5212 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
03:01:51.0064 5212 TabletInputService - ok
03:01:51.0095 5212 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
03:01:51.0142 5212 TapiSrv - ok
03:01:51.0157 5212 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
03:01:51.0188 5212 TBS - ok
03:01:51.0235 5212 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
03:01:51.0313 5212 Tcpip - ok
03:01:51.0391 5212 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
03:01:51.0407 5212 Tcpip6 - ok
03:01:51.0454 5212 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
03:01:51.0485 5212 tcpipreg - ok
03:01:51.0516 5212 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
03:01:51.0547 5212 TDPIPE - ok
03:01:51.0578 5212 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
03:01:51.0594 5212 TDTCP - ok
03:01:51.0625 5212 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
03:01:51.0656 5212 tdx - ok
03:01:51.0688 5212 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
03:01:51.0688 5212 TermDD - ok
03:01:51.0703 5212 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
03:01:51.0734 5212 TermService - ok
03:01:51.0766 5212 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
03:01:51.0781 5212 Themes - ok
03:01:51.0781 5212 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
03:01:51.0812 5212 THREADORDER - ok
03:01:51.0844 5212 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
03:01:51.0875 5212 TrkWks - ok
03:01:51.0922 5212 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
03:01:51.0953 5212 TrustedInstaller - ok
03:01:51.0968 5212 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
03:01:52.0000 5212 tssecsrv - ok
03:01:52.0062 5212 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
03:01:52.0109 5212 tunmp - ok
03:01:52.0140 5212 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
03:01:52.0156 5212 tunnel - ok
03:01:52.0187 5212 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
03:01:52.0202 5212 uagp35 - ok
03:01:52.0234 5212 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
03:01:52.0249 5212 udfs - ok
03:01:52.0280 5212 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
03:01:52.0327 5212 UI0Detect - ok
03:01:52.0358 5212 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
03:01:52.0358 5212 uliagpkx - ok
03:01:52.0390 5212 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
03:01:52.0405 5212 uliahci - ok
03:01:52.0421 5212 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
03:01:52.0436 5212 UlSata - ok
03:01:52.0436 5212 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
03:01:52.0452 5212 ulsata2 - ok
03:01:52.0483 5212 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
03:01:52.0514 5212 umbus - ok
03:01:52.0561 5212 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
03:01:52.0592 5212 upnphost - ok
03:01:52.0624 5212 [ 8BD3AE150D97BA4E633C6C5C51B41AE1 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
03:01:52.0655 5212 usbccgp - ok
03:01:52.0670 5212 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
03:01:52.0717 5212 usbcir - ok
03:01:52.0764 5212 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
03:01:52.0795 5212 usbehci - ok
03:01:52.0826 5212 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
03:01:52.0842 5212 usbhub - ok
03:01:52.0873 5212 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
03:01:52.0920 5212 usbohci - ok
03:01:52.0936 5212 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
03:01:52.0998 5212 usbprint - ok
03:01:53.0014 5212 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
03:01:53.0045 5212 USBSTOR - ok
03:01:53.0076 5212 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
03:01:53.0107 5212 usbuhci - ok
03:01:53.0138 5212 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
03:01:53.0154 5212 UxSms - ok
03:01:53.0201 5212 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
03:01:53.0232 5212 vds - ok
03:01:53.0279 5212 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
03:01:53.0310 5212 vga - ok
03:01:53.0357 5212 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
03:01:53.0388 5212 VgaSave - ok
03:01:53.0419 5212 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
03:01:53.0435 5212 viaagp - ok
03:01:53.0450 5212 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
03:01:53.0482 5212 ViaC7 - ok
03:01:53.0497 5212 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
03:01:53.0513 5212 viaide - ok
03:01:53.0544 5212 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
03:01:53.0560 5212 volmgr - ok
03:01:53.0591 5212 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
03:01:53.0606 5212 volmgrx - ok
03:01:53.0653 5212 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
03:01:53.0669 5212 volsnap - ok
03:01:53.0684 5212 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
03:01:53.0700 5212 vsmraid - ok
03:01:53.0762 5212 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
03:01:53.0856 5212 VSS - ok
03:01:53.0887 5212 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
03:01:53.0918 5212 W32Time - ok
03:01:53.0950 5212 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
03:01:53.0996 5212 WacomPen - ok
03:01:54.0028 5212 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
03:01:54.0043 5212 Wanarp - ok
03:01:54.0059 5212 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
03:01:54.0074 5212 Wanarpv6 - ok
03:01:54.0121 5212 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
03:01:54.0168 5212 wcncsvc - ok
03:01:54.0215 5212 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
03:01:54.0230 5212 WcsPlugInService - ok
03:01:54.0277 5212 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
03:01:54.0293 5212 Wd - ok
03:01:54.0324 5212 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
03:01:54.0355 5212 Wdf01000 - ok
03:01:54.0402 5212 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
03:01:54.0433 5212 WdiServiceHost - ok
03:01:54.0433 5212 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
03:01:54.0464 5212 WdiSystemHost - ok
03:01:54.0496 5212 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
03:01:54.0527 5212 WebClient - ok
03:01:54.0574 5212 [ 905214925A88311FCE52F66153DE7610 ] Wecsvc C:\Windows\system32\wecsvc.dll
03:01:54.0605 5212 Wecsvc - ok
03:01:54.0636 5212 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
03:01:54.0667 5212 wercplsupport - ok
03:01:54.0698 5212 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
03:01:54.0714 5212 WerSvc - ok
03:01:54.0761 5212 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
03:01:54.0776 5212 WinDefend - ok
03:01:54.0792 5212 WinHttpAutoProxySvc - ok
03:01:54.0823 5212 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
03:01:54.0839 5212 Winmgmt - ok
03:01:54.0886 5212 [ 01874D4689C212460FBABF0ECD7CB7F7 ] WinRM C:\Windows\system32\WsmSvc.dll
03:01:54.0979 5212 WinRM - ok
03:01:55.0042 5212 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
03:01:55.0151 5212 Wlansvc - ok
03:01:55.0213 5212 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
03:01:55.0244 5212 WmiAcpi - ok
03:01:55.0291 5212 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
03:01:55.0322 5212 wmiApSrv - ok
03:01:55.0400 5212 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
03:01:55.0510 5212 WMPNetworkSvc - ok
03:01:55.0541 5212 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
03:01:55.0603 5212 WPCSvc - ok
03:01:55.0634 5212 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
03:01:55.0697 5212 WPDBusEnum - ok
03:01:55.0728 5212 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
03:01:55.0790 5212 ws2ifsl - ok
03:01:55.0822 5212 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
03:01:55.0853 5212 wscsvc - ok
03:01:55.0853 5212 WSearch - ok
03:01:55.0931 5212 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
03:01:56.0040 5212 wuauserv - ok
03:01:56.0118 5212 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
03:01:56.0134 5212 WUDFRd - ok
03:01:56.0165 5212 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
03:01:56.0212 5212 wudfsvc - ok
03:01:56.0212 5212 ================ Scan global ===============================
03:01:56.0305 5212 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
03:01:56.0414 5212 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
03:01:56.0492 5212 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
03:01:56.0555 5212 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
03:01:56.0555 5212 [Global] - ok
03:01:56.0555 5212 ================ Scan MBR ==================================
03:01:56.0570 5212 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
03:01:56.0773 5212 \Device\Harddisk0\DR0 - ok
03:01:56.0773 5212 ================ Scan VBR ==================================
03:01:56.0773 5212 [ 2E9F5CE419B7EAEF974BC0E0D0CCA1CE ] \Device\Harddisk0\DR0\Partition1
03:01:56.0773 5212 \Device\Harddisk0\DR0\Partition1 - ok
03:01:56.0773 5212 ============================================================
03:01:56.0773 5212 Scan finished
03:01:56.0773 5212 ============================================================
03:01:56.0789 3860 Detected object count: 1
03:01:56.0789 3860 Actual detected object count: 1
03:02:34.0120 3860 NBService ( UnsignedFile.Multi.Generic ) - skipped by user
03:02:34.0120 3860 NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip

----------------------------------------------------------------------------------

The quick scan:
Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.18.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-PC [administrator]

Protection: Enabled

10/22/2012 3:34:36 AM
mbam-log-2012-10-22 (03-34-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 182256
Time elapsed: 5 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

This post has been edited by Daisky: 21 October 2012 - 05:12 PM

0

#24 User is offline   Flashorn 

  • Expert
  • PipPipPipPipPipPip
  • Group: Members
  • Posts: 4,709
  • Joined: 19-May 07
  • Location:Canada

Posted 21 October 2012 - 06:22 PM

Hey Daisky !

OK, that dllhost process is used by some programs to to talk with the internet. It could be that in your case having uTorrent opened and working
it is appearing all the time. Usually a dllhost will appear briefly (and sometimes with more than one process at a time),. If it verified that no programs
are communicating with the internet then, it will shut down (or hide) but, will reappear when a program contacts the internet.

Did you use the Preferences in uTorrent to shut it down? When running , even though it is not downloading or uploading, it is still being contacted
by the servers from uTorrent to see if there could be some program in the app that it could use. So, when not in use by you, shut it down.
Please do not ask me about uTorrent again, I will be warned by the Moderators.

Internet Explorer will use a many processes as it needs. That's just the way it works. If you were to use Firefox, it would show only ONE process but,
with more memory usage. Since you are using IE9, I will not ask you dump it in favor Firefox but, Firefox is still safer than IE9. This is up to you.

Quote

I have one question.During a scan (both this quick scan & the former scans)it would be counting scaned items then I would see it jump from example number 35 thousand to 150 thousand in less than a second as if it didn't scan those so why does it do that?


Don't know that I have the right answer for you but, my understanding is that, it will scan a folder for specifics and in specific places or subfolders.
If nothing is found in those places then, the rest of that folder is deemed safe. Malware will hide and /or infect specific strings in targeted folders.
If nothing is found in those specific places then, the rest of that folder can be skipped safely. That's why we have to update our malware definitions every day.
There are new malware created every day (make that every minute of the day) and when found, they are analyzed and rendered ineffective or deleted with the
help of those daily updates of the definitions.
All Antimalware programs scan the same way.

OK, the report of TDSSKiller doesn't show any rootkits.
The one instance that it skipped belongs to Nero Back It Up utility. Do you have Nero installed on your PC. If so (yes), then, it is a harmless object.
I would however, turn it off if you are not using it all the time. It will continue to use up valuable resources for no other purpose other than being started.
The same goes for uTorrent.

If you don't mind, I would like you to download and scan with HijackThis. It is not a program that we use on 64bit OS but, in your case seeing as it is a 32bit OS
this will give me the chance to evaluate further the running processes along with other specifics that I could have you close or delete to conserve
resources. I will however, have to ask about some of those programs. If you feel that this would be too intrusive then, just let know.

Download program from here :

Download HijackThis.exe (388.6 kB)

This is just an .exe and no installation is needed.

Download to Desktop.

Right Click to "Run As Administrator"

Click on the Yes or Continue button when prompted by UAC.

On the "Main Menu", click on "Do a system scan and Save a log file" button.

This will prompt HijackThis to immediately scan (about 3 or4 seconds) your PC.

A Notepad will appear after the scan is done. You can either save that notepad by
going to File (upper left) and then, Save As. Direct notepad to where the file is to be saved
or just copy and paste that scan in your next reply (if you choose too).

I also saw that Windows Defender is ON (running). You should not have it running with Norton.
This will save some resources.

OK, Daisky, if you choose to scan with HijackThis then, post that log file in you next reply. I will
look it over and recommend what should be disabled.

We should also take a look at what starts with Windows. I'm sure there are some programs that
are not warranted in the startup menu.



FLASHORN.
Posted Image Posted Image

Posted Image

Eurocom Scorpius: 3840QM-2.8 GHz-Ivy Bridge ; ATI 7970M Crossfire ; Intel SSD 520 series 480GB ; Seagate Momentus XT 750 GB,7200RPM ; 16 GB Corsair Vengeance 9 9 9 24 ; Sound Blaster X-Fi MB2 ; THX True Studio Pro.

Patience is Life.
0

#25 User is offline   Daisky 

  • Full Member
  • PipPipPip
  • Group: Members
  • Posts: 59
  • Joined: 12-June 09

Posted 22 October 2012 - 02:55 PM

Yes I have Nero(Nero Home & Nero StartSmart).I right clicked on both but there was no "exit" or "disable" choice.

I don't mind you asking me about programs but I may not know all the programs on my computer.

I went to turn off Windows Defender & found it already turned off.Strange, maybe Norton turned it off.

I downloaded HijackThis to the Desktop & here is the log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:45:06 AM, on 10/23/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\User\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://arabia.msn.com/?ocid=hmlogout
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Livestation] C:\Program Files\Livestation\Livestation.exe -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F76446F-CF49-4D6E-A5CD-FC107681840E}: NameServer = 89.108.128.44 89.108.129.77
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 7336 bytes

This post has been edited by Daisky: 22 October 2012 - 03:01 PM

0

#26 User is offline   Flashorn 

  • Expert
  • PipPipPipPipPipPip
  • Group: Members
  • Posts: 4,709
  • Joined: 19-May 07
  • Location:Canada

Posted 22 October 2012 - 05:27 PM

Hey Daisky !

Nice to see that we have people from around the world on this forum.

This might be long and will have multiple tasks. You can do one at a time and post the results in multiple replies if you wish.

OK, there are no infected files in this report.

I would however, like you to perform one last scan with a deeper cleaning tool

Please read carefully.

ComboFix

Please make sure it is downloaded to your Desktop.

Before you run Combofix I will need you to turn off any security software you have running, like the last time you disabled Norton
but, stay connected to the internet, This will not take long. Turn Norton back on Immediately after the scan.

Combofix may need to reboot your computer more than once to do its job...this is normal but, rare.

You can download Combofix from here :

Link

Close all running programs.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix
.

Right click on combofix.exe and "Run as Administrator" then, follow the prompts.

When finished, it will produce a report for you on the C:/ drive > C:\Combofix.txt. Please copy & paste in your next reply.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

Do not run ComboFix a second time if you receive this message. It will already have done it's job.

Paste that scan result in your next reply please.



Now, for the rest of the PC's programs

There are also some that don't need to start with the OS.

First, do you use Google Tool Bar? If not then, go to Control Panel > Programs and Features and Delete (uninstall) it from the PC.

Second, Java is outdated. Go to Control Panel and Delete ALL entries concerning Java.
Download this package from Java to update your current install. Yes, they all have to be removed and only the most recent
one needs to be on your PC for the simple fact that the older ones are vulnerable to attack from outside sources

Windows Offline (32-bit)
file size: 29.7 MB

Third, while in Program & Features verify that Adobe is up-to-date. The latest version is 10.1.4
This is the link to that page. you will have to enter your OS along with the language you would prefer.

http://get.adobe.com.../otherversions/

Make ABSOLUTELY sure that when you click on the download link, you First untick the box that says Install McAfee.
You do Not want that on your system.

Also, while on Adobe web site, verify that you have the correct and current versions of Flash Player and Adobe Air.
Be alert as to what you agree to on the Flash Player and Adobe Air downloads as they will also have that McAfee install
Make sure to Untick those boxes.

I see that you have Livestation on startup. Does this need to start with the OS or can you simply click on the program
to view the news?

You have Gadgets running. This might be fun to have on your desktop but, Microsoft has alerted us to Disable those Gadgets
because they are vulnerable to infections. Please disable them.

I would also like to look at your startup programs. I see that there are lots that could be started manually. They don't need
to be running on your PC continuously if they are not needed or in use by you.

Could you open CCleaner and click on the TOOLS section on the left hand side. This will open the Tools that we can use
to work with. Click on the "Startup" tab. On the bottom right, you will see a button named "Save to File". Click on it and direct
the saved file to your Desktop. Could you then, paste it here so I can see what is starting with Windows.

OK Daisky, I think that's enough for now.

BTW, how are those videos playing? Are you still getting lag when watching?



FLASHORN.

This post has been edited by Flashorn: 22 October 2012 - 05:29 PM

Posted Image Posted Image

Posted Image

Eurocom Scorpius: 3840QM-2.8 GHz-Ivy Bridge ; ATI 7970M Crossfire ; Intel SSD 520 series 480GB ; Seagate Momentus XT 750 GB,7200RPM ; 16 GB Corsair Vengeance 9 9 9 24 ; Sound Blaster X-Fi MB2 ; THX True Studio Pro.

Patience is Life.
0

#27 User is offline   Daisky 

  • Full Member
  • PipPipPip
  • Group: Members
  • Posts: 59
  • Joined: 12-June 09

Posted 23 October 2012 - 04:19 PM

I downloaded ComboFix onto desktop & disabled Norton's firewal & antispyware & disabled MalewareBytes & ran Combfix but it told me that Norton is still running so I uninstalled Norton & Norton restarted my computer & then I connected to the internet & ran Combofix & it restarted my computer then when it displayed the log I wanted to make something so it told me the prompt you said "Illegal operation attempted..." so I restarted the computer as you said & reinsatlled Norton but it said that it is not working correctly so I clicked fix it & it downloaded Updates(which it didn't do the last time I installed it)& then ran a quick scan & told me that it is working correctly.The Log is downwards.

I uninstalled Google Toolbar.

As for livestaton I uninstalled it ages ago so how come it is still there & running?Where can I find it to uninstall it?It is not in the control panel-> programs & features & uninstall a program.Maybe you meant KeyHoleTv or TVU Player?

The Lag is still there when I connect/disconnect to the internet it lasts some 10 or 20 seconds but it is no longer there when I am connected to the internet & utorrent is open & even downloaing because I uninstalled the updated version of utorrent & installed an older version I have & there is no trouble.

I'll do the other things later so give me some time.

There is a site which is dramacrazy & animecrazy ,MalwareBytes isn't letting me enter them it says potential malicious sites but Norton doesn't say anything so if I want to enter them I disable MalwareBytes.How can I know if there is a virous in those sites or not?

ComboFix 12-10-23.01 - User 10/24/2012 1:51.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2044.1217 [GMT 3:00]
Running from: c:\users\User\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\User\AppData\Local\Bron.tok.A9.em.bin
c:\users\User\AppData\Local\Kosong.Bron.Tok.txt
c:\users\User\AppData\Local\Update.9.Bron.Tok.bin
c:\users\User\AppData\Roaming\mIRC\logs\status.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NVSvc
.
.
((((((((((((((((((((((((( Files Created from 2012-09-23 to 2012-10-23 )))))))))))))))))))))))))))))))
.
.
2012-10-21 18:45 . 2012-10-21 18:45 -------- d-----w- c:\program files\uTorrent
2012-10-20 22:13 . 2012-10-23 22:47 -------- d-----w- c:\users\User\AppData\Roaming\uTorrent
2012-10-19 17:06 . 2012-10-19 17:06 -------- d-----w- c:\users\User\AppData\Roaming\SUPERAntiSpyware.com
2012-10-19 17:06 . 2012-10-19 17:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-10-19 17:06 . 2012-10-19 17:06 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-10-19 15:15 . 2012-10-19 15:15 -------- d-----w- c:\users\User\AppData\Roaming\LockHunter
2012-10-19 15:13 . 2012-10-19 15:13 -------- d-----w- c:\program files\LockHunter
2012-10-19 14:20 . 2012-10-19 14:20 -------- d-----w- c:\program files\Common Files\Java
2012-10-17 18:04 . 2012-10-17 18:04 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2012-10-17 18:04 . 2012-10-17 18:04 -------- d-----w- c:\programdata\Malwarebytes
2012-10-17 18:04 . 2012-10-17 20:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-17 18:04 . 2012-09-29 16:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-17 17:21 . 2012-10-17 17:21 -------- d-----w- c:\program files\CCleaner
2012-10-10 17:09 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 17:09 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 17:09 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 17:09 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 17:09 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 17:09 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-10 17:09 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 12:46 . 2012-03-30 23:12 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 12:46 . 2011-05-13 23:31 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-24 12:32 . 2012-07-05 16:56 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 12:32 . 2010-05-17 04:34 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-24 06:59 . 2012-09-23 12:01 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51 . 2012-09-23 12:02 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51 . 2012-09-23 12:01 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47 . 2012-09-23 12:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47 . 2012-09-23 12:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43 . 2012-09-23 12:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-21 04:04 . 2011-11-24 21:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-10-21 740216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-16 4702208]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 12:46]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-28 10:44]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-28 10:44]
.
2012-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1662792531-2429911996-3789909531-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-23 22:57]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1662792531-2429911996-3789909531-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-23 22:57]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{6F76446F-CF49-4D6E-A5CD-FC107681840E}: NameServer = 89.108.128.44 89.108.129.77
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\lbz1kjfy.default\
FF - prefs.js: browser.startup.homepage - hxxp://arabia.msn.com/?ocid=hmlogout
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Livestation - c:\program files\Livestation\Livestation.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-10-24 02:04:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-23 23:04
.
Pre-Run: 43,264,876,544 bytes free
Post-Run: 42,202,152,960 bytes free
.
- - End Of File - - E942DF290A97383B1C0951928775943B

This post has been edited by Daisky: 23 October 2012 - 04:27 PM

0

#28 User is offline   Flashorn 

  • Expert
  • PipPipPipPipPipPip
  • Group: Members
  • Posts: 4,709
  • Joined: 19-May 07
  • Location:Canada

Posted 24 October 2012 - 09:53 AM

Hey Daisky !

Thanks for the log file.It helped.

Quote

As for "livestation" I uninstalled it ages ago so how come it is still there & running?


Well, if you take a look at the log file you pasted from ComboFix, you'll see at the bottom that it
deleted an Orphaned file : HKCU-Run-Livestation - c:\program files\Livestation\Livestation.exe

Since I have you doing Lots of tasks on your PC (sorry but, they have to be done) could I ask you
to rescan with HijackThis and paste another log. I want to make sure that Livestation is gone.

As for BronTok well, again, if you look at the log from ComboFix, you'll see that it took care of it :

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\User\AppData\Local\Bron.tok.A9.em.bin
c:\users\User\AppData\Local\Kosong.Bron.Tok.txt
c:\users\User\AppData\Local\Update.9.Bron.Tok.bin

Make sure to update all those programs I asked for and I will have a new one for you after.
This is a Cleanup program that should take care of the rest of BronTok and some other Reg
keys that are not in use or are abandoned since those programs are uninstalled
(only takes a few seconds also).

Once I get those logs, we will then start on the cleanup of the tools we used and then the Startup folder.

Will be waiting. Don't rush. Take your time and make sure all is done properly.

One final question if I may, did you buy MalwareBytes' Pro version? Is it running alongside Norton?



FLASHORN.

This post has been edited by Flashorn: 24 October 2012 - 09:57 AM

Posted Image Posted Image

Posted Image

Eurocom Scorpius: 3840QM-2.8 GHz-Ivy Bridge ; ATI 7970M Crossfire ; Intel SSD 520 series 480GB ; Seagate Momentus XT 750 GB,7200RPM ; 16 GB Corsair Vengeance 9 9 9 24 ; Sound Blaster X-Fi MB2 ; THX True Studio Pro.

Patience is Life.
0

#29 User is offline   Daisky 

  • Full Member
  • PipPipPip
  • Group: Members
  • Posts: 59
  • Joined: 12-June 09

Posted 24 October 2012 - 05:30 PM

Concerning Java I only found one Java program on the "uninstall programs" list so I uninstalled it & deleted the .exe in the "downloads" & installed the one you gave me.Should there be more than one on my computer which I have to uninstalll-delete?

Although my adobe was 10.1.4 I uninstalled it & installed adobe from the site you gave me.The McAfee was not there instead there was the Google Chrome & google Toolbar.I installed the new version of adobe air but Flash player isn't getting installed it shows me that download has timedout when downloading it.Can you help me with this?Now I am without Flash player.

I found a file called livestation in "User" & it has "Log" & "Webcache" files in it should I delete it?

I uninstalled the gadgets & unticked "start sidebar when window starts".

No I didn't buy MalwareBytes Pro version I am just running the MalwareBytes free version that you gave me the link to.

The rescan with HijackThis I will do it next time.

About brontok ,did you mean that brontok was still on my computer & ComboFix deleted it?

Here are the startup programs from CCleaner:

Yes HKCU:Run ehTray.exe Microsoft Corporation C:\Windows\ehome\ehTray.exe
Yes HKCU:Run uTorrent "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
Yes HKCU:Run WMPNSCFG Microsoft Corporation C:\Program Files\Windows Media Player\WMPNSCFG.exe
Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run GrooveMonitor Microsoft Corporation "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
Yes HKLM:Run NeroFilterCheck Nero AG C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
Yes HKLM:Run RtHDVCpl Realtek Semiconductor RtHDVCpl.exe
Yes HKLM:Run SunJavaUpdateSched Sun Microsystems, Inc. "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

This post has been edited by Daisky: 24 October 2012 - 05:43 PM

0

#30 User is offline   Flashorn 

  • Expert
  • PipPipPipPipPipPip
  • Group: Members
  • Posts: 4,709
  • Joined: 19-May 07
  • Location:Canada

Posted 24 October 2012 - 07:14 PM

Hey Daisky!

I know it's a long process but, you're doing just fine. This route is a better one I think than re-installing Vista
and starting from scratch.

Quote

Concerning Java I only found one Java program on the "uninstall programs" list so I uninstalled it & deleted the .exe in the "downloads" & installed the one you gave me.Should there be more than one on my computer which I have to uninstall-delete?


No, if you found only one Java package in Programs & Features then, that's the only place you'll find them. We
will have to rearrange the Permissions for Java in order to avoid malware from taking advantage of keeping Java
files on your PC. They update for a reason and that is that there current version is compromised. Keeping them
up-to-date minimizes that risk. Please remind me If I don't have you do this work.

Adobe products are also targets of malware. This is also very important to keep them up-to-date as well.


You can download the latest version of Flash Player from the links below :
For IE : Flash Player 11.4.402.287 (IE) You will be redirected to FileHippo for your download. Do not be alarmed.

IF for any reason this install of Flash doesn't restore your ability to watch Flash videos then, uninstall this version and re-install with
this version :
http://www.filehippo...shplayer_ie_64/ (it says 64 bit but, it has both 32 and 64 bit in the package.You don't have to
do anything. Just install and the right one will be chosen)

I saw that you also had Firefox installed. Make sure it's up-to-date. The current version is 16.0.1 and can be downloaded from here:

http://www.filehippo..._firefox/13464/

To make sure all of your plugins in Firefox are up-to-date, you can click on Tools > Add-Ons > Plugins and on the top left corner, you'll see
"Check to see if your plugins are up to date" button. This will bring you to the Firefox site. Wait a few seconds and they will be analyzed.
You should see (after updating Java and Adobe products) all Green buttons next to these plugins. If you see a Yellow or Red colored button
next to them then, click on that button and update as many as there are colored buttons.

I'll have to continue in a new post as the editor is going bonkers on me as you can see.



FLASHORN.

Posted Image Posted Image

Posted Image

Eurocom Scorpius: 3840QM-2.8 GHz-Ivy Bridge ; ATI 7970M Crossfire ; Intel SSD 520 series 480GB ; Seagate Momentus XT 750 GB,7200RPM ; 16 GB Corsair Vengeance 9 9 9 24 ; Sound Blaster X-Fi MB2 ; THX True Studio Pro.

Patience is Life.
0

#31 User is offline   Flashorn 

  • Expert
  • PipPipPipPipPipPip
  • Group: Members
  • Posts: 4,709
  • Joined: 19-May 07
  • Location:Canada

Posted 24 October 2012 - 07:41 PM

OK, I'm back.

Quote

I found a file called livestation in "User" & it has "Log" & "Webcache" files in it should I delete it?


Yes, you can safely delete these files.

Quote

The rescan with HijackThis I will do it next time.


Thank you.

Quote

About brontok ,did you mean that brontok was still on my computer & ComboFix deleted it?


No, the main files were taken care of by MalwareBytes' but, this is why we have deeper scanning utilities.
To make sure that all the files are off your PC.

Quote

Yes HKCU:Run ehTray.exe Microsoft Corporation C:\Windows\ehome\ehTray.exe
Yes HKCU:Run uTorrent "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
Yes HKCU:Run WMPNSCFG Microsoft Corporation C:\Program Files\Windows Media Player\WMPNSCFG.exe
Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run NeroFilterCheck Nero AG C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
Yes HKLM:Run SunJavaUpdateSched Sun Microsystems, Inc. "C:\Program Files\Common Files\Java\Java Update\jusched.exe"


All of these , unless you want one or two more to start with Vista, can be disabled via CCleaner.
Open CCleaner and return to the Startup tab.
Click on a entry to highlight it and then, on the right hand side, click on the Disable button.
This will not disable the actual program, only stop it from starting when you boot your PC.
You can start the program by simply clicking on it's icon.

OK Daisky, Waiting on the HijackThis scan and then , we can start cleaning up.



FLASHORN.
Posted Image Posted Image

Posted Image

Eurocom Scorpius: 3840QM-2.8 GHz-Ivy Bridge ; ATI 7970M Crossfire ; Intel SSD 520 series 480GB ; Seagate Momentus XT 750 GB,7200RPM ; 16 GB Corsair Vengeance 9 9 9 24 ; Sound Blaster X-Fi MB2 ; THX True Studio Pro.

Patience is Life.
0

#32 User is offline   Daisky 

  • Full Member
  • PipPipPip
  • Group: Members
  • Posts: 59
  • Joined: 12-June 09

Posted 25 October 2012 - 05:03 PM

I installed Flash player from the first link that you gave me & it worked.

I installed the new version of firefox & tested plugins there were green ones & grey ones & one yellow one (Divx) so I updated the yellow one & it put 3 icons on my desktop for divx should I leave them?Or divx isn't important & I should uninstall the Divx player?The adobe & flash player ones were green.I don't know what to do with the grey oones.I wanted to play a youtube video but it told me that I should install flash player so I installed it again (another version)& it worked for firefox but soem videos say "currently unavailable " although I can play it on IExplorer.

I did the disabling in CCleaner & here is the log.I left utorrent because when I download I want it to start when I turn on the computer.I want to ask you about the Groovemoniter program & realtik(I think it is for sound.Shouldn't I leave them on?They are for sound & monitor right?

No HKCU:Run ehTray.exe Microsoft Corporation C:\Windows\ehome\ehTray.exe
Yes HKCU:Run uTorrent "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
No HKCU:Run WMPNSCFG Microsoft Corporation C:\Program Files\Windows Media Player\WMPNSCFG.exe
No HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
No HKLM:Run DivXUpdate DivX, LLC "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
No HKLM:Run GrooveMonitor Microsoft Corporation "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
No HKLM:Run NeroFilterCheck Nero AG C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
No HKLM:Run RtHDVCpl Realtek Semiconductor RtHDVCpl.exe
No HKLM:Run SunJavaUpdateSched Sun Microsystems, Inc. "C:\Program Files\Common Files\Java\Java Update\jusched.exe"


Here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:04:12 AM, on 10/26/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\windows sidebar\sidebar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\User\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://arabia.msn.com/?ocid=hmlogout
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.appl...ex/qtplugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F76446F-CF49-4D6E-A5CD-FC107681840E}: NameServer = 89.108.128.44 89.108.129.77
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 5785 bytes

This post has been edited by Daisky: 25 October 2012 - 05:47 PM

0

#33 User is offline   Flashorn 

  • Expert
  • PipPipPipPipPipPip
  • Group: Members
  • Posts: 4,709
  • Joined: 19-May 07
  • Location:Canada

Posted 26 October 2012 - 10:43 AM

Hey Daisky !

Sorry for the late reply. I had business to attend too.

Quote

I installed the new version of firefox & tested plugins there were green ones & grey ones & one yellow one (Divx) so I updated the yellow one & it put 3 icons on my desktop for divx should I leave them?Or divx isn't important & I should uninstall the Divx player?The adobe & flash player ones were green.I don't know what to do with the grey oones.I wanted to play a youtube video but it told me that I should install flash player so I installed it again (another version)& it worked for firefox but soem videos say "currently unavailable " although I can play it on IExplorer.


OK, lately, whenever we have to do an update to Flash Player, it seems that it would require an -Re-boot in order for it to work. Don't know why but, that's what I found out. It has happened to me also on the last two or three updates. So, just reboot after you update Flash Player and see how it goes. it should solve the problem.

The DivX Player has no place on your PC if you're not going to use it. Just delete it from Programs & Features then, go to the C:/ drive in Program files (X86) and delete the Folder for DivX. You can also delete those shortcuts on your desktop if they don't go away after deleting the program. BUT, If you use DivX to watch Movies and /or videos then, leave it and find out how to work with it. This player is designed to replace Windows Media Player. It will not delete WMP , just take it's place as the Default Player. Personally, I find WMP a very good player and when I play KMV files, instead of adding audio codecs , I simply use KMPlayer:
http://www.kmpmedia.net/ It's a little gem that isn't very well known but, plays all formats. If you are to use this as an "Alternative" player just make sure to install with Custom Install and untick the box for Pandora.
Keep WMP as the Default player and in Default Programs, and attribute KMV files to the KMPlayer. This will will bring up that player up whenever you click on a KMV file.

When testing your plugins with Firefox, it will show Grey icons on the ones that it cannot control. meaning that, it cannot update those for you. you have to go directly to that plugin's site to find updates IF there are any. No worries there.

OK, again, these don't have to start with your PC:

No HKCU:Run ehTray.exe Microsoft Corporation C:\Windows\ehome\ehTray.exe
No HKCU:Run WMPNSCFG Microsoft Corporation C:\Program Files\Windows Media Player\WMPNSCFG.exe
No HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
No HKLM:Run DivXUpdate DivX, LLC "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
No HKLM:Run NeroFilterCheck Nero AG C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
No HKLM:Run SunJavaUpdateSched Sun Microsystems, Inc. "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

Any programs other than these can start with the PC.

The HijackThis log is clean.

Now, for Cleanup.

Please download this tool "To Your Desktop" !!

http://general-chang...de/2-adwcleaner

This is an .exe so, no Install.

Please do not delete anything before you post that log file.
-----------------------------------------------------------------------------------
Right click on the adwCleaner.exe and select "run as adminstrator"
-----------------------------------------------------------------------------------
1 Click the Search button.

2 A logfile will automatically open after the scan has finished.

3 Please post the content of that logfile in your next reply.

4 Or you can find the logfile at C:\AdwCleaner[R1].txt.

Daisky, after this scan and the log that you will post in your next reply, we will be getting rid of all those tools and log files
but, first I need this last log file please.

From what I can see your PC is now clean of those pesky intruders.

Post that log file and we will begin the cleanup.


FLASHORN.

This post has been edited by Flashorn: 26 October 2012 - 10:46 AM

Posted Image Posted Image

Posted Image

Eurocom Scorpius: 3840QM-2.8 GHz-Ivy Bridge ; ATI 7970M Crossfire ; Intel SSD 520 series 480GB ; Seagate Momentus XT 750 GB,7200RPM ; 16 GB Corsair Vengeance 9 9 9 24 ; Sound Blaster X-Fi MB2 ; THX True Studio Pro.

Patience is Life.
0

#34 User is offline   Daisky 

  • Full Member
  • PipPipPip
  • Group: Members
  • Posts: 59
  • Joined: 12-June 09

Posted 26 October 2012 - 01:44 PM

I tried Firefox & it still didn't play those certain youtube videos.I wasn't clear about Firefox.What I want to say is that the Flash player you gave me for IExplorer didn't work with Firefox & I had to download another version of flash player to work with firefox.It isn't important because usually I don't use it.I have Nescape should I uninstall it since I don't use it?

I uninstalled Divx & deleted its files.

I re enabled Groovemoniter & Realtk to startup with Windows.

I ran AdwCleaner & didn't delete anything with it & here is the Logfile:

# AdwCleaner v2.005 - Logfile created 10/26/2012 at 23:30:20
# Updated 14/10/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : User - USER-PC
# Boot Mode : Normal
# Running from : C:\Users\User\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKU\S-1-5-21-1662792531-2429911996-3789909531-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.1 (en-US)

-\\ Google Chrome v22.0.1229.94

*************************

AdwCleaner[R1].txt - [997 octets] - [26/10/2012 23:30:20]

########## EOF - C:\AdwCleaner[R1].txt - [1056 octets] ##########
0

#35 User is offline   Flashorn 

  • Expert
  • PipPipPipPipPipPip
  • Group: Members
  • Posts: 4,709
  • Joined: 19-May 07
  • Location:Canada

Posted 26 October 2012 - 02:46 PM

Great Daisky !

You can uninstall Firefox if you like but, it will not interfere with anything else. Up to you on this one. I usually have two browsers on hand so, in your case three might be one to many. Just don't forget to delete the Folder in C:\ Program Files (x86) Firefox.

Now, re-start AdwCleaner (don't forget to Right Click and Run as Administrator) and this time click on the Delete button. Those Reg files are remnants of other adware you had on your PC.
Once that is done, simply close the app. and Delete the .exe that's on your Desktop. We don't need it anymore and I wouldn't recommend using it unless you can recognize the files it recommends
for deletion.

Next step is to Delete the .exe for HijackThis. Again, this is a powerful tool and shouldn't be used by the average PC person. (no harm intended)

The third step (and this one is important for you to follow correct procedures), is to uninstall ComboFix.
Click on the Start Menu > Accessories > click on RUN. Once the little box opens type or better yet, Copy and Paste in the box this text

combofix /uninstall

and click on the OK button . It is very important that you copy & paste the Exact text in that box.

Once this is done, go to C:\ and verify that no Log files remain from either AdwCleaner or from ComboFix. IF they are still there, simply delete them please.

More Cleanup :

Open CCleaner . Go to the TOOLS tab on the left hand side and click on it. In that tab , you will see System Restore . click on it.
Now, you will see a whole bunch of numbers and dates. You can click on one at a time to Highlight it and then on the bottom left
you will see a Remove button in dark Grey. Click on it to remove that Restore Point.

Posted Image


You should do the same to All "Except" the FIRST one on that list (Top). You will not be able to delete this one as it will not activate the Remove button.
We keep the last one around just in case something goes wrong and we have to Restore the PC to that point in time.

We Delete all except the last Restore point because malware will hide in a Restore Point waiting to reinfect your PC in case you decide to Restore your PC to an
earlier date to undo some install or bad driver.

Now, "Re-Start" your PC.

Once that is done, please re-open CCleaner and click on the Broom tab. Now, check mark as in the screen shot below. It might not be quite the same but,
for most part, it should guide you quite well:

Posted Image

Posted Image


Once check marked as in the screen shots (or as close as you can) click on the Analyze button. Wait till the progress bar (top) reaches 100%
then, click on the Run CCleaner button on the bottom right. Now, accept the pop-up and wait for it to finish cleaning those excess files.

That should be it for the cleaning. I know we still have Java to take care of but, I'll wait till you finish these tasks and tell me how your PC is running after that.

Go to work Daisky.


FLASHORN.

This post has been edited by Flashorn: 26 October 2012 - 03:24 PM

Posted Image Posted Image

Posted Image

Eurocom Scorpius: 3840QM-2.8 GHz-Ivy Bridge ; ATI 7970M Crossfire ; Intel SSD 520 series 480GB ; Seagate Momentus XT 750 GB,7200RPM ; 16 GB Corsair Vengeance 9 9 9 24 ; Sound Blaster X-Fi MB2 ; THX True Studio Pro.

Patience is Life.
0

#36 User is offline   Daisky 

  • Full Member
  • PipPipPip
  • Group: Members
  • Posts: 59
  • Joined: 12-June 09

Posted 27 October 2012 - 04:57 PM

I did the AdwCleaner & ran the search then the delete.I deleted the AdwCleaner.exe.I deleted HijackThis.exe.When I click on the arrow which points down to open the address box that contains most surfed sites there is nothing in it & it isn't taking any site to appear in it (I realize it was deleted before but it isn't recording any site any more)can you help me to solve this?

When I wanted to uninstall ComboFix it prompted me to disable Norton spyware & antivirus so I disabled them but it still told me that the antispyware is still on so I uninstalled Norton & did the uninstalling of ComboFix & then re installed Norton.The files that you told me to show(show hidden files)becamse hidden again.Did the uninstalation of ComboFix do that?

In C:\ I deleted the log files of AdwCleaner & ComboFix.There were 4.

In the systm restore in CCleaner there were only 2 objects other than the one I can't remove & I removed them & restarted my PC.I reopened CCleaner & checked the ones you had checked in the screen shots.I did the analyze & ran the CCleaner button.My PC seems to be running better.

The MalwareBytes is telling me that I have 3 days remaining for the trial version so can you give me a link to a free program that can scan my DVDs & see if they have malware & delete them?
0

#37 User is offline   Flashorn 

  • Expert
  • PipPipPipPipPipPip
  • Group: Members
  • Posts: 4,709
  • Joined: 19-May 07
  • Location:Canada

Posted 28 October 2012 - 09:10 AM

Hey Daisky !

Quote

When I click on the arrow which points down to open the address box that contains most surfed sites there is nothing in it & it isn't taking any site to appear in it (I realize it was deleted before but it isn't recording any site any more)can you help me to solve this?


I would like to try and help you with this but, I don't understand what is the problem and in which program?

Quote

When I wanted to uninstall ComboFix it prompted me to disable Norton spyware & antivirus so I disabled them but it still told me that the antispyware is still on so I uninstalled Norton & did the uninstalling of ComboFix & then re installed Norton.The files that you told me to show(show hidden files)became hidden again.Did the uninstalation of ComboFix do that?


Next time someone asks you to delete a file or program and Norton gets in the way, try booting in Safe Mode, disable Norton and remove that file or program. Norton seems to get in the way allot.

As for Malwarebytes' , you clicked on the Trial version instead of the Free version. This is why you are getting prompts from MlawareBytes' that certain IP addresses are being blocked when using uTorrent.
You actually have the Full version of MalwareBytes' in a Trial mode which is about to end. I would simply uninstall this version and install the Free version from here :
Download@MajorGeeks . You will be redirected to MajorGeeks for the actual download. Wait a few seconds and your download will begin. Click the Back button to come back to PCWorld and this thread.
Please make sure to look carefully at the installer as you install this version. You shouldn't be asked if you want the Full version but, make sure you don't click on the link to the full version if asked.

As for the Show Hidden Files, it might be that Norton , when re-installed, hid them for you. I would go back to Control Panel > Folder Options and make sure both of the file options that you (we) changed are changed back to their original form. meaning Hide both of those options.

Now, for Java.

Click on Start > Control Panel > If you don't have all available options to view folders then, upper right hand side, click on "View By". Choose "Large Icons".

Posted Image


This is the old way of using Control Panel.

Posted Image


In this list of folders, look for Java. Click on the icon. A screen should appear. Click on the "Settings" button (bottom)
another screen will appear. Uncheck "Keep Temporary files on my computer". The rest of the screen should go dull. No other options to choose from.
Bottom button. Delete Files, click on it. One last screen will appear. IF the option to tick all three boxes, do so then, click Delete Files. Now, click OK on the first two screens
and Apply and OK on the last one. This is where malware likes to hide temp files, Especially with the java exploit that has been around for the last four months.

Posted Image


This should take care of the cleaning.

Make sure Vista is up-to-date along with all plugins in the browsers that you use and your antivirus application

If you have any other problems then, ask and I will do my best to help.



FLASHORN.
Posted Image Posted Image

Posted Image

Eurocom Scorpius: 3840QM-2.8 GHz-Ivy Bridge ; ATI 7970M Crossfire ; Intel SSD 520 series 480GB ; Seagate Momentus XT 750 GB,7200RPM ; 16 GB Corsair Vengeance 9 9 9 24 ; Sound Blaster X-Fi MB2 ; THX True Studio Pro.

Patience is Life.
0

#38 User is offline   Daisky 

  • Full Member
  • PipPipPip
  • Group: Members
  • Posts: 59
  • Joined: 12-June 09

Posted 28 October 2012 - 05:47 PM

In control panel there is no "View By" but there is in the upper left corner "Classic View" so I clicked it & it showed the folders just like in your screen shot.You said "if the option to tick all 3 boxes.."& the option was there so I ticked all 3 boxes is that correct(maybe I misunderstood you)?Should I tick "keep temporary files on my computer "or leave it unticked?

Should I change my passwords to emails facebook etc.. because the one/group who put the spyware on my computer would know them or should I just keep them because they wouldn't know them?

Should I uninstall the tdssKiller?
should I do the defrag now?

This post has been edited by Daisky: 28 October 2012 - 05:57 PM

0

#39 User is offline   Flashorn 

  • Expert
  • PipPipPipPipPipPip
  • Group: Members
  • Posts: 4,709
  • Joined: 19-May 07
  • Location:Canada

Posted 28 October 2012 - 06:56 PM

Hey Daisky !

Quote

In control panel there is no "View By" but there is in the upper left corner "Classic View" so I clicked it & it showed the folders just like in your screen shot.You said "if the option to tick all 3 boxes.."& the option was there so I ticked all 3 boxes is that correct(maybe I misunderstood you)?Should I tick "keep temporary files on my computer "or leave it unticked?


Yes, keep the box unticked for "keep temporary files on my computer" .
Tick all three boxes and then click on the OK button then, the OK button on the second screen then, on the Apply and OK buttons on the last screen.

That would be a good idea to change your passwords. It is also a good idea to change passwords once in a while like every two months.

Yes, by all means, Delete the .exe for TDSSKiller. Hopefully, you won't be needing any of these tools again.

Before you defrag, run CCleaner (right before) and then, defrag. No need to defrag temporary files that will be deleted anyways.

On my other PCs, I use Auslogic defrag Free program. click here .

This one has SSD hard drives which you don't defrag.

Were you able to get MalwareBytes' free and installed ?

Did you change the format to the Hidden Files in Folder Options?

Are there any other tasks you are not comfortable with or would like to know more?



FLASHORN.

This post has been edited by Flashorn: 28 October 2012 - 06:59 PM

Posted Image Posted Image

Posted Image

Eurocom Scorpius: 3840QM-2.8 GHz-Ivy Bridge ; ATI 7970M Crossfire ; Intel SSD 520 series 480GB ; Seagate Momentus XT 750 GB,7200RPM ; 16 GB Corsair Vengeance 9 9 9 24 ; Sound Blaster X-Fi MB2 ; THX True Studio Pro.

Patience is Life.
0

#40 User is offline   Daisky 

  • Full Member
  • PipPipPip
  • Group: Members
  • Posts: 59
  • Joined: 12-June 09

Posted 29 October 2012 - 06:28 PM

Concerning MalwareBytes I uninstalled it then downloaded the one from MajorGeeks unfortunatly it again told me that I have 1 day left.

As for the hideen files they already were marked as hidden & the "Hide protected operating system files" was ticked.It seems that as you said Norton did it although they were hidden after I uninstalled Combofix.

I also uninstalled LockHunter.

So thank you very much Flashorn much appreciated & God bless you & I thank everybody who answered my thread ,rgreen4 & LiveBrianD.

This post has been edited by Daisky: 29 October 2012 - 06:30 PM

0

Share this topic:


  • 3 Pages +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users