Articles

CPU usage goes 100%

October 25, 2012 at 08:56:28
Specs: Windows XP service pack 3, Intel Core 2 Duo CPU/2.93GB

Hi all,

My CPU usage goes 100% and my system starts hanging. If I leave it for few minutes it goes back to normal but as soon as I start working again CPU usage goes back to 100%.

My m/c configuration:
=======================
HCL laptop 3 years old.
Intel Core 2 Duo CPU
T5800 @ 2.00 GHZ
1.60GHz, 2.93 GB RAM
=======================

I don't play any heavy games. But I play online chess which has flash based interface.
Also I have a couple of chess engines installed.

But I face this problem even if I am watching a movie in VLC media player and none of my other application is running.

I had Microsoft Security Essential, I have uninstalled it and now I am using avast (full version).
On scanning with avast It did reported a few trozens/malwares and removed them.
But the problem still persists.

I read the below article:
http://www.computing.net/answers/cp...

So right now I am scanning my m/c using malwarebytes. I will be back with results but till then may be you could suggest something.

Thanks,
Mohit


See More: CPU usage goes 100%

Report •


#1
October 25, 2012 at 10:44:52

What are you using to identify this 100% useage?

When this happens again go to Task Manager (Ctrl+Alt+Del) and see if you can identify what process is spiking.

Always pop back and let us know the outcome - thanks


Report •

#2
October 25, 2012 at 17:41:45

"On scanning with avast It did reported a few trozens/malwares and removed them.
But the problem still persists"
Log please.

Report •

#3
October 26, 2012 at 10:36:16

Thanks all for replyng.

@Derek
I am using Task Manager to identify 100% CPU usage.
The processes spiking are my browser (firefox.exe), my Chess engine(chessmaster 10) and vlc player rest are all zero, sometimes I see a process named "System" showing up every now and then. In my browser I only open 1 tab which is for chesscube.com an online chess site, it is a flash based website which has its plugin container which also takes CPU resources.

With all this said, these all processes used to run fine simultaneously like 10 days ago. I am facing this issue for last 10 days only. It never occurred before.

@Johnw

Here is the log I got from malwarebites:

===========================================================

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.25.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
JVM :: PREMONIT-429D63 [administrator]

Protection: Enabled

10/25/2012 9:10:07 PM
mbam-log-2012-10-25 (21-10-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 186333
Time elapsed: 23 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Windows Hosting Service Login (Trojan.Agent) -> Data: C:\Documents and Settings\JVM\Application Data\winlogon.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Windows Hosting Service Login (Trojan.Agent) -> Data: C:\Documents and Settings\JVM\Application Data\winlogon.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

===========================================================

Unfortunately it seems that I have lost the logs created by avast.

But in second run it didn't show any infections.


Report •

Related Solutions

#4
October 26, 2012 at 14:39:18

" but as soon as I start working again CPU usage goes back to 100%"
Is it still doing that?

After each fix or change we make, let me know how the comp is running. Example: CPU usage goes back to 100%.


Report •

#5
October 27, 2012 at 00:52:56

It is running quite good for last 24 hours. But I am running only either my Browser or My Chess Engine or VLC player. Running all three is still causing problem.
I understand that these might be quite heavy to run all together but what concerns me is it all used to work fine few days back, I want to know for sure if this a virus problem or it is some problem with my hardware. Is it also possible that some windows update might have caused it?

Report •

#6
October 27, 2012 at 01:22:22

"I want to know for sure if this a virus problem"

Please copy & paste instructions into a text file, print steps & info. You will need them, as they are hard to remember, for when you are offline.

The badies are always ahead of the goodies, be aware, this can be a very long process, involving many different tools to clean up an infected comp.
Some infections are unremoveable.
Very Important: Malware infections can possibly lead to identity theft, stolen bank funds, misuse of credit card information etc.
The use of the computer is the primary factor in the decision whether to re-format and re-install, or just disinfect.
http://www.dslreports.com/faq/10063
How to report ID theft, fraud, drive-by installs, hijacking and malware?
http://www.dslreports.com/faq/10451
Change your router password if it is not strong or still uses the default one.
Hack lets intruders sneak into home routers
http://tinyurl.com/4pz64fc
http://compnetworking.about.com/od/...

As we remove the infection bit by bit, that may allow the repeat use of programs, which may in turn pick up more.

If any program won't run, let me know. Post the log/logs after each run.
Screenshots ( SS ) may also requested, or if you want to illustrate a point yourself, use the uploader.
If any of the logs are too large, upload them to a site of your choosing or, all can be done with this.
Image Uploader
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://zenden.ws/imageuploader_ru

After each fix or change we make, let me know how the comp is running. Example: Still cannot boot into Normal mode.

1: Download & run Unhide
http://www.bleepingcomputer.com/for...
http://download.bleepingcomputer.co...
Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run, it does take some time, be patient. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.

2: Reboot

3: Run RogueKiller
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://www.sur-la-toile.com/RogueKi...
http://www.sur-la-toile.com/RogueKi...
RogueKiller tutorial
http://en.kioskea.net/faq/11626-rog...


Report •

#7
October 27, 2012 at 03:56:50

Hi,
I am pasting the logs generated by unhide & roguekiller :

UNHIDE:

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/for...

Program started at: 10/27/2012 03:17:50 PM
Windows Version: Windows XP

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 82636 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 157850 files processed.

Processing the E:\ drive
Finished processing the E:\ drive. 57263 files processed.

Processing the F:\ drive
Finished processing the F:\ drive. 39229 files processed.

Processing the G:\ drive
Finished processing the G:\ drive. 62823 files processed.

The C:\DOCUME~1\JVM\LOCALS~1\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/for...

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.

Restarting Explorer.exe in order to apply changes.

Program finished at: 10/27/2012 03:23:46 PM
Execution time: 0 hours(s), 5 minute(s), and 56 seconds(s)


ROGUEKILLER:
RogueKiller V8.2.0 [10/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/file...
Website: http://tigzy.geekstogo.com/roguekil...
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : JVM [Admin rights]
Mode : Scan -- Date : 10/27/2012 16:19:36

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] ChgService.exe -- C:\Documents and Settings\All Users\Application Data\ChgService.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 www.internetdownloadmanager.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500BEVS-22UST0 +++++
--- User ---
[MBR] 415d77117d05e009c7a57dd090622dc1
[BSP] 8bbced2d0d846ed8ec04faa7d7b21272 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 20496 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 41977845 | Size: 217967 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

It is showing some problem with my downlad manager. Should I remove the entry, rougekiller is showing.
I thing I noticed is when I am using chesscube.com or youtube.com mu CPU usage goes 100% quite often.


Report •

#8
October 27, 2012 at 04:25:09

"It is showing some problem with my downlad manager"
That is just noting it's existence, it is not a problem.

4: Run ESET & post the log please. This scan may take a while, so please be patient.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
Configure ESET this way & disable your AV.
http://i.imgur.com/3U7YC.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
Why Would I Ever Need an Online Virus Scanner?
I already have an antivirus program installed, isn't that enough?
http://www.squidoo.com/the-best-fre...
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://kb.eset.com/esetkb/index?pag...
http://www.eset.com/home/products/o...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the desktop.


Report •

#9
October 27, 2012 at 11:50:10

I had run ESET online scanner, I could not complete the scanning, though.
I have started the scanning again. I will send you the new log after the scanning is done. Meanwhile you can have a look at the log from the first run.

Thanks

==========================================================

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4c167c5592c3bd4f96a056c6cbf0e004
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-10-27 01:45:03
# local_time=2012-10-27 07:15:03 (+0530, India Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 35343670 35343670 0 0
# compatibility_mode=8192 67108863 100 0 2582 2582 0 0
# scanned=16088
# found=2
# cleaned=2
# scan_time=3414
C:\Documents and Settings\JVM\Local Settings\Temp\biclient.exe a variant of Win32/Somoto.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\JVM\My Documents\Downloads\Programs\7ZipSetup.exe a variant of Win32/Somoto.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

===========================================================


Report •

#10
October 27, 2012 at 16:24:43

"I had run ESET online scanner, I could not complete the scanning, though.
I have started the scanning again"

Try Safe mode if still unable to complete.
Can take up to 9 hours.


Report •

#11
October 28, 2012 at 02:12:23

well, it is running fine in normal mode.
6 new threats detected.
It's been 14.5 hours and yet 18% remaining :(.
perhaps due to my 240 GB data.
My comp is ON for last 24 hours & one thing I noticed is, CPU usage not going 100% unless I play multiple apps simultaneously.
Can I hope CPU overheating might not be a problem?
What can be the possible causes of this problem if not virus ?


Finally, it is done.
Below are the logs:

====================================
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4c167c5592c3bd4f96a056c6cbf0e004
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-10-28 11:06:06
# local_time=2012-10-28 04:36:06 (+0530, India Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 35364884 35364884 0 0
# compatibility_mode=8192 67108863 100 0 23796 23796 0 0
# scanned=345235
# found=6
# cleaned=6
# scan_time=59063
D:\imppppppp\System Volume Information\_restore{7A1FE5B0-1EB9-4902-80C9-E98D4C5D87F3}\RP414\A0036055.msi a variant of Win32/SpyBoss.A application (deleted - quarantined) 00000000000000000000000000000000 C
D:\imppppppp\System Volume Information\_restore{7A1FE5B0-1EB9-4902-80C9-E98D4C5D87F3}\RP414\A0036058.msi multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
D:\imppppppp\System Volume Information\_restore{7A1FE5B0-1EB9-4902-80C9-E98D4C5D87F3}\RP414\A0036060.msi a variant of Win32/SpyBoss.A application (deleted - quarantined) 00000000000000000000000000000000 C
F:\Softwares\Adobe Dreamweaver CS4.rar BAT/HostsChanger.A application (deleted - quarantined) 00000000000000000000000000000000 C
F:\Softwares\winamp5621_full_emusic-7plus_all.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\Softwares\screen Video capture\Keygen.exe a variant of Win32/Keygen.CZ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


====================================

I believe every time one scans with a new antivirus, some bugs get reported. May be AV companies do this intentionally in order to make user believe that their AV is good.

Anyways you know better.


Report •

#12
October 28, 2012 at 04:06:45

"Can I hope CPU overheating might not be a problem?"
That's a computer basic, dust is one of computers biggest enemies.

Curing Laptop/Notebook Overheating
http://is.gd/ck0tXA
http://is.gd/SKlNjg
http://is.gd/vkq6Iz
http://is.gd/cNfZzK
http://is.gd/N8ZLiY
Cleaning a Laptop/Notebook Computer
http://www.instructables.com/id/Ext...
http://www.techradar.com/news/mobil...
http://mobileoffice.about.com/od/us...
http://www.cnet.com.au/how-to-clean...
http://lifehacker.com/software/life...
http://www.ehow.com/how_4812506_cle...


Report •

#13
October 28, 2012 at 04:09:20

"What can be the possible causes of this problem if not virus ?"
So many things it could be, if we start jumping all over the place, we will get in a mess.

This is a process of elimination, lets make sure we get rid of any possible infections first.


Report •

#14
October 28, 2012 at 04:18:12

"dust is one of computers biggest enemies"

This one is very true. I just cleaned my CD ROM which had turned into mini SAHARA.
And now it is not detecting any discs.

misfortune never comes alone!!!


Report •

#15
October 28, 2012 at 04:36:17

5: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://general-changelog-team.fr/en...
http://www.raymond.cc/blog/adwclean...
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Report •

#16
October 28, 2012 at 04:52:07

"And now it is not detecting any discs"

cleaning a laptop cd rom
http://is.gd/ddvEnL
http://www.ehow.com/how_4926903_cle...


Report •

#17
October 28, 2012 at 07:33:07

AdwCleaner log file:

# AdwCleaner v2.005 - Logfile created 10/28/2012 at 19:56:41
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : JVM - PREMONIT-429D63
# Boot Mode : Normal
# Running from : C:\Documents and Settings\JVM\My Documents\Downloads\Programs\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=112560&tt=220512_53ctrl&babsrc=NT_ss&mntrId=d4d3f772000000000000000df061f2b6 --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Documents and Settings\JVM\Application Data\Mozilla\Firefox\Profiles\mzyebq63.default\prefs.js

C:\Documents and Settings\JVM\Application Data\Mozilla\Firefox\Profiles\mzyebq63.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=112560&tt=220512_53ctrl");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 15);
Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "d4d3f772000000000000000df061f2b6");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15534");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 15);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.179:44:42");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "13.0");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "");
Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 80915535);
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.179:44:42");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112560&tt=220512_53ctrl");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "d4d3f772000000000000000df061f2b6");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "d4d3f772000000000000000df061f2b6");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15534");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112560&tt=22051[...]
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.179:44:42");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\JVM\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.15] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=112560&tt=220512_53ctrl&babsrc=HP_ss&mntrId=d4d3f772000000000000000df061f2b6" ]
Deleted [l.1939] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=112560&tt=220512_53ctrl&babsrc=HP_ss&mntrId=d4d3f772000000000000000df061f2b6" ]

*************************

AdwCleaner[S1].txt - [5861 octets] - [28/10/2012 19:56:41]

########## EOF - C:\AdwCleaner[S1].txt - [5921 octets] ##########


Report •

#18
October 28, 2012 at 07:51:02

It worked!!! My XP disc got detected by my ROM. Good news after a long time.
I need to create backup of it. What is the best way to do that? I have Nero installed. I don't have a blank disc right now. But at least I should keep some back-up before my windows disc gets corrupted.

I just used Nero to create a copy of my Windows CD.
Thankfully CD was not corrupt.
Steps I followed:
After firing up Nero,
Step1. I hovered on the icon saying copy and backup on clicking CopyCD it took me to
Step2. a new window where it was showing my CD ROM as Source drive and in second textbox there was an option to set Destination drive.
Then on clicking copy it created a copy of the disc on my HD.

Did I do it right, or creating OS disc requires something else?

I have uploaded the images for your reference:

http://s4.hostingkartinok.com/uploa...

http://s1.hostingkartinok.com/uploa...


Report •

#19
October 28, 2012 at 14:25:32

6: Run ComboFix
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.techsupportforum.com/sec...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
Note:
Do not mouseclick combofix's window while it is running. That may cause it to stall.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
When finished, clear away any of the files and folders that were created by ComboFix.
Start > Run, Copy and Paste > ComboFix /uninstall and click OK.
Qoobox is a folder created by Combofix to quarantine any infected files.

Report •

#20
October 28, 2012 at 14:40:04

"I don't have a blank disc right now"
Because you already have a CD copy & it appears to be good, to give you an second option in case the rom fails, I would have another copy on a flash/thumb drive.

WinToFlash
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://wintoflash.com/home/en/
Easiest way to install Windows with a USB flash drive.
http://liliputing.com/2009/08/easie...


Report •

#21
October 29, 2012 at 06:06:49

Please find below the log of ComboFix:

ComboFix 12-10-29.01 - JVM 10/29/2012 18:19:30.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3003.2395 [GMT 5.5:30]
Running from: c:\documents and settings\JVM\My Documents\Downloads\Programs\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\ChgService.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_Change_Modem_Device_Service
-------\Service_Change Modem Device Service
.
.
((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-29 )))))))))))))))))))))))))))))))
.
.
2012-10-28 15:14 . 2012-10-28 15:15 -------- d-----w- c:\documents and settings\JVM\Application Data\Image Uploader
2012-10-28 15:14 . 2012-10-28 15:14 -------- d-----w- c:\program files\Image Uploader
2012-10-28 15:14 . 2012-10-28 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Image Uploader
2012-10-28 13:43 . 2012-10-28 13:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2012-10-28 13:40 . 2012-10-28 13:40 -------- d-----w- c:\program files\CCleaner
2012-10-28 13:38 . 2012-10-28 13:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2012-10-28 13:28 . 2012-10-28 13:28 -------- d-----w- c:\program files\Lokasoft
2012-10-28 13:03 . 2012-10-28 13:03 -------- d-----w- c:\documents and settings\JVM\Application Data\Lokasoft
2012-10-28 13:03 . 2012-10-28 13:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Lokasoft
2012-10-28 12:43 . 2012-10-28 12:43 -------- d-----w- c:\program files\Time Stopper
2012-10-27 12:35 . 2012-10-27 12:35 -------- d-----w- c:\program files\ESET
2012-10-25 16:11 . 2012-10-25 16:11 -------- d-----w- c:\documents and settings\JVM\Local Settings\Application Data\SlimWare Utilities Inc
2012-10-25 15:32 . 2012-10-25 15:32 -------- d-----w- c:\documents and settings\JVM\Application Data\Malwarebytes
2012-10-25 15:32 . 2012-10-25 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-10-25 15:32 . 2012-09-29 14:24 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-25 15:32 . 2012-10-25 15:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-24 17:58 . 2012-10-29 12:55 -------- d-----w- c:\documents and settings\JVM\Application Data\DMCache
2012-10-24 02:02 . 2012-10-23 10:18 106560 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-10-24 02:02 . 2012-10-23 10:18 199320 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-10-24 02:02 . 2012-10-23 10:18 20624 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-10-24 02:02 . 2012-09-21 09:26 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-10-23 17:16 . 2012-10-23 10:18 360392 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-23 17:16 . 2012-10-23 10:18 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-23 17:16 . 2012-10-23 10:18 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-23 17:16 . 2012-10-23 10:18 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-23 17:16 . 2012-10-23 10:18 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-23 17:16 . 2012-10-23 10:18 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-23 17:16 . 2012-10-23 10:18 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-23 17:16 . 2012-10-23 10:18 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-23 17:15 . 2012-10-23 10:17 41224 ----a-w- c:\windows\avastSS.scr
2012-10-23 17:15 . 2012-10-23 10:17 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-23 17:14 . 2012-10-23 17:14 -------- d-----w- c:\program files\AVAST Software
2012-10-23 17:14 . 2012-10-23 17:14 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-10-11 15:47 . 2012-10-11 15:47 -------- d-----w- c:\documents and settings\JVM\.m2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 15:58 . 2012-04-16 12:22 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-10 15:58 . 2011-09-16 14:49 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 15:14 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2006-02-28 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2006-02-28 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-03 22:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2004-10-01 09:30 . 2011-09-14 12:55 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2012-10-27 12:28 . 2012-10-27 12:28 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-23 10:17 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-09-15 3425688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-23 4297136]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-26 434080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Manager Utility.lnk - c:\program files\Keyboard Manager\Manager Utility\KeyboardManager.exe [2007-8-2 4128768]
.
[HKLM\~\startupfolder\C:^Documents and Settings^JVM^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\JVM\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApacheTomcatMonitor6.0_Tomcat6]
2011-08-16 12:25 102400 ----a-w- c:\programs\tomcat6\bin\Tomcat6w.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 13:06 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2011-09-15 14:33 3425688 ----a-w- c:\program files\Internet Download Manager\IDMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\netxpert]
2010-05-10 03:32 206120 ----a-w- c:\program files\Airtel NetXpert\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 08:32 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-07-11 21:47 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"btwdins"=3 (0x3)
"VisualSVNServer"=2 (0x2)
"MySQL"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"wscsvc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"Microsoft Windows Hosting Service Login"= c:\documents and settings\JVM\Application Data\winlogon.exe
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Documents and Settings\\JVM\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"e:\\eclipse-jee-indigo\\eclipse\\eclipse.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL Server
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [10/24/2012 7:32 AM 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [10/24/2012 7:32 AM 199320]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [10/24/2012 7:32 AM 106560]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [10/24/2012 7:32 AM 20624]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/23/2012 10:46 PM 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/23/2012 10:46 PM 360392]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [9/15/2011 8:42 PM 101616]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/23/2012 10:46 PM 21256]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [10/24/2012 7:32 AM 133912]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [10/25/2012 9:02 PM 399432]
R2 sprtsvc_netxpert;SupportSoft Sprocket Service (netxpert);c:\program files\Airtel NetXpert\bin\sprtsvc.exe [9/20/2011 6:27 PM 206120]
R2 tgsrvc_netxpert;SupportSoft Repair Service (netxpert);c:\program files\Airtel NetXpert\bin\tgsrvc.exe [9/20/2011 6:27 PM 185640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/25/2012 9:02 PM 22856]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [9/14/2011 4:55 PM 156160]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/28/2012 7:08 PM 136176]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/25/2012 9:02 PM 676936]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/16/2012 5:52 PM 250808]
S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sys [4/2/2012 8:36 PM 103424]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/28/2012 7:08 PM 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/24/2012 10:44 PM 115168]
S4 Tomcat6;Apache Tomcat 6.0 Tomcat6;c:\programs\tomcat6\bin\Tomcat6.exe [8/16/2011 5:55 PM 74752]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 15:58]
.
2012-10-29 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-23 10:17]
.
2012-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-28 13:37]
.
2012-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-28 13:37]
.
2012-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-343818398-1801674531-1003Core.job
- c:\documents and settings\JVM\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-25 15:19]
.
2012-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-343818398-1801674531-1003UA.job
- c:\documents and settings\JVM\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-25 15:19]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.co.in/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\JVM\Application Data\Mozilla\Firefox\Profiles\mzyebq63.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.co.in/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-10-23 22:46; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
.
------- File Associations -------
.
.txt=Notepad++_file
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-QYSRQ - c:\docume~1\JVM\LOCALS~1\Temp\BZ8YL.exe
MSConfigStartUp-TYWHvBYzBXR - c:\docume~1\JVM\LOCALS~1\Temp\BZ8YL.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-29 18:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6329cbe6-630a-4eb9-a5d0-59e02e484670}]
@Denied: (Full) (Everyone)
"Model"=dword:0000014a
"Therad"=dword:00000010
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):5a,64,d0,ef,0f,61,2d,5e,32,2d,7c,9d,4c,b4,5d,d0,81,a7,bc,97,20,
df,3f,5f,4f,56,50,91,83,4c,b5,f3,47,21,fc,0e,f3,f9,4e,8e,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1432)
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'explorer.exe'(2344)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Microsoft Shared\OFFICE12\MSOXEV.DLL
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2012-10-29 18:30:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-29 13:00
.
Pre-Run: 3,027,349,504 bytes free
Post-Run: 3,017,400,320 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 98B6AF64462969E0F692D628D6C72F0F


Report •

#22
October 29, 2012 at 06:29:39

Thanks.

7: Run aswMBR
http://public.avast.com/~gmerek/asw...
aswMBR is the rootkit scanner that scans for TDL4/3 and MBRoot (Sinowal) rootkits.
How to scan
#
Download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
Click the "Fix" in case of infection
Important > you need to wait for the tool to report ... Infection fixed successfully
Do not reboot the machine until it has said so.
Save the aswASW.log to the desktop


Report •

#23
October 29, 2012 at 09:13:24

Please find below the log of aswMBR app:
Also it never asked me to restart my comp.
Is this all right?

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-29 21:34:22
-----------------------------
21:34:22.343 OS Version: Windows 5.1.2600 Service Pack 3
21:34:22.343 Number of processors: 2 586 0xF0D
21:34:22.343 ComputerName: PREMONIT-429D63 UserName: JVM
21:34:22.734 Initialize success
21:34:22.875 AVAST engine defs: 12102800
21:34:33.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:34:33.515 Disk 0 Vendor: WDC_WD2500BEVS-22UST0 01.01A01 Size: 238475MB BusType: 3
21:34:33.531 Disk 0 MBR read successfully
21:34:33.531 Disk 0 MBR scan
21:34:33.531 Disk 0 Windows XP default MBR code
21:34:33.531 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 20496 MB offset 63
21:34:33.531 Disk 0 Partition - 00 0F Extended LBA 217967 MB offset 41977845
21:34:33.546 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 100296 MB offset 41977908
21:34:33.562 Disk 0 Partition - 00 05 Extended 49999 MB offset 247384935
21:34:33.578 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 49999 MB offset 247384998
21:34:33.578 Disk 0 Partition - 00 05 Extended 37503 MB offset 555190335
21:34:33.593 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 37503 MB offset 349783308
21:34:33.593 Disk 0 Partition - 00 05 Extended 30168 MB offset 734395410
21:34:33.609 Disk 0 Partition 5 00 0B FAT32 MSDOS5.0 30168 MB offset 426590073
21:34:33.625 Disk 0 scanning sectors +488376000
21:34:33.671 Disk 0 scanning C:\WINDOWS\system32\drivers
21:34:42.156 Service scanning
21:34:53.015 Modules scanning
21:34:56.796 Disk 0 trace - called modules:
21:34:56.812 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:34:56.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aeb2ab8]
21:34:56.812 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000074[0x8aeb5510]
21:34:56.812 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ae63940]
21:34:57.109 AVAST engine scan C:\WINDOWS
21:35:14.890 AVAST engine scan C:\WINDOWS\system32
21:36:34.375 AVAST engine scan C:\WINDOWS\system32\drivers
21:36:43.000 AVAST engine scan C:\Documents and Settings\JVM
21:38:15.609 File: C:\Documents and Settings\JVM\Local Settings\TempDIR\BetterInstaller.exe **INFECTED** Win32:Ezula-AGE [Adw]
21:38:47.750 AVAST engine scan C:\Documents and Settings\All Users
21:39:30.578 Scan finished successfully
21:40:53.968 Verifying
21:41:04.015 Disk 0 Windows 501 MBR fixed successfully
21:41:38.906 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\JVM\Desktop\MBR.dat"
21:41:38.906 The log file has been saved successfully to "C:\Documents and Settings\JVM\Desktop\aswMBR.txt"


Report •

#24
October 29, 2012 at 15:17:17

"Also it never asked me to restart my comp"
No idea.

8: Run TDSSKiller & post the log.
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://support.kaspersky.com/faq/?q...
http://support.kaspersky.com/viruse...
Anti-rootkit utility TDSSKiller
http://support.kaspersky.com/faq/?q...
If TDSS dos'nt run, use FixTDSS
http://www.symantec.com/content/en/...
Download FixTDSS and save it to your desktop.
Double click on the FixTDSS.exe icon to run it.
Click the "I Accept" button, then the "Proceed" button to begin
The tool will restart your computer automatically - click OK to allow it to do so
The tool will begin it's scan on reboot > click "run" to begin
It will report if an infected MBR is found > click the "repair" button


Report •

#25
October 29, 2012 at 18:16:04

TDSSKiller ran successfully, no infections detected, find the log below:


06:42:37.0296 3856 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
06:42:38.0562 3856 ============================================================
06:42:38.0562 3856 Current date / time: 2012/10/30 06:42:38.0562
06:42:38.0562 3856 SystemInfo:
06:42:38.0562 3856
06:42:38.0562 3856 OS Version: 5.1.2600 ServicePack: 3.0
06:42:38.0562 3856 Product type: Workstation
06:42:38.0562 3856 ComputerName: PREMONIT-429D63
06:42:38.0562 3856 UserName: JVM
06:42:38.0562 3856 Windows directory: C:\WINDOWS
06:42:38.0562 3856 System windows directory: C:\WINDOWS
06:42:38.0562 3856 Processor architecture: Intel x86
06:42:38.0562 3856 Number of processors: 2
06:42:38.0562 3856 Page size: 0x1000
06:42:38.0562 3856 Boot type: Normal boot
06:42:38.0562 3856 ============================================================
06:42:39.0875 3856 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
06:42:39.0875 3856 ============================================================
06:42:39.0875 3856 \Device\Harddisk0\DR0:
06:42:39.0875 3856 MBR partitions:
06:42:39.0875 3856 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x28087B6
06:42:39.0890 3856 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2808834, BlocksNum 0xC3E4333
06:42:39.0906 3856 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xEBECBA6, BlocksNum 0x61A7927
06:42:39.0937 3856 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x14D9450C, BlocksNum 0x493FA2E
06:42:39.0953 3856 \Device\Harddisk0\DR0\Partition5: MBR, Type 0xB, StartLBA 0x196D3F79, BlocksNum 0x3AEC747
06:42:39.0953 3856 ============================================================
06:42:40.0000 3856 D: <-> \Device\Harddisk0\DR0\Partition2
06:42:40.0093 3856 E: <-> \Device\Harddisk0\DR0\Partition3
06:42:40.0171 3856 F: <-> \Device\Harddisk0\DR0\Partition4
06:42:40.0187 3856 G: <-> \Device\Harddisk0\DR0\Partition5
06:42:40.0234 3856 C: <-> \Device\Harddisk0\DR0\Partition1
06:42:40.0234 3856 ============================================================
06:42:40.0234 3856 Initialize success
06:42:40.0234 3856 ============================================================
06:42:48.0328 0788 ============================================================
06:42:48.0328 0788 Scan started
06:42:48.0328 0788 Mode: Manual;
06:42:48.0328 0788 ============================================================
06:42:48.0953 0788 ================ Scan system memory ========================
06:42:48.0953 0788 System memory - ok
06:42:48.0953 0788 ================ Scan services =============================
06:42:49.0093 0788 [ 68885EFEBC326F7FC9D0A35625D47BEA ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
06:42:49.0093 0788 Aavmker4 - ok
06:42:49.0093 0788 Abiosdsk - ok
06:42:49.0109 0788 abp480n5 - ok
06:42:49.0140 0788 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
06:42:49.0140 0788 ACPI - ok
06:42:49.0171 0788 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
06:42:49.0171 0788 ACPIEC - ok
06:42:49.0218 0788 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
06:42:49.0234 0788 AdobeFlashPlayerUpdateSvc - ok
06:42:49.0250 0788 adpu160m - ok
06:42:49.0265 0788 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
06:42:49.0265 0788 aec - ok
06:42:49.0296 0788 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
06:42:49.0296 0788 AFD - ok
06:42:49.0328 0788 [ EFBC44FBD75E4F80BD927AEBF6E7EADE ] AgereModemAudio C:\WINDOWS\system32\agrsmsvc.exe
06:42:49.0328 0788 AgereModemAudio - ok
06:42:49.0406 0788 [ 1CFEBA39FC613E45B49D3EDDFBCDA289 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
06:42:49.0453 0788 AgereSoftModem - ok
06:42:49.0468 0788 Aha154x - ok
06:42:49.0468 0788 aic78u2 - ok
06:42:49.0484 0788 aic78xx - ok
06:42:49.0515 0788 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
06:42:49.0515 0788 Alerter - ok
06:42:49.0546 0788 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
06:42:49.0546 0788 ALG - ok
06:42:49.0562 0788 AliIde - ok
06:42:49.0562 0788 amsint - ok
06:42:49.0625 0788 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
06:42:49.0625 0788 AppMgmt - ok
06:42:49.0640 0788 asc - ok
06:42:49.0640 0788 asc3350p - ok
06:42:49.0656 0788 asc3550 - ok
06:42:49.0703 0788 [ 598DAF89E7B2AD88FF6511CB9C4BA61A ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
06:42:49.0703 0788 aswFsBlk - ok
06:42:49.0734 0788 [ 1F0A5DE979684ECCA5D3EADC1FD08EC9 ] aswFW C:\WINDOWS\system32\drivers\aswFW.sys
06:42:49.0734 0788 aswFW - ok
06:42:49.0781 0788 [ 026A545EACA7DAC6421D76A81061F5DE ] aswKbd C:\WINDOWS\system32\drivers\aswKbd.sys
06:42:49.0781 0788 aswKbd - ok
06:42:49.0796 0788 [ 8E69710F6A1016D47CCDDA6393F97D32 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
06:42:49.0796 0788 aswMon2 - ok
06:42:49.0843 0788 [ 7B948E3657BEA62E437BC46CA6EF6012 ] aswNdis C:\WINDOWS\system32\DRIVERS\aswNdis.sys
06:42:49.0843 0788 aswNdis - ok
06:42:49.0843 0788 [ 3B3BD66FB53E13D1076258408E31BE69 ] aswNdis2 C:\WINDOWS\system32\drivers\aswNdis2.sys
06:42:49.0843 0788 aswNdis2 - ok
06:42:49.0875 0788 [ 816C6DCD6BF930C8FD8F68137E1BDDC4 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
06:42:49.0875 0788 AswRdr - ok
06:42:49.0906 0788 [ 6C8B09E245795E98B6BCC983D0AA4D26 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
06:42:49.0906 0788 aswSnx - ok
06:42:49.0921 0788 [ 437E3F4B4529AA616D4979A2B74CF8C5 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
06:42:49.0921 0788 aswSP - ok
06:42:49.0953 0788 [ BD07C8162C7FAD38FE4AAAE18E835216 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
06:42:49.0953 0788 aswTdi - ok
06:42:49.0984 0788 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
06:42:49.0984 0788 AsyncMac - ok
06:42:49.0984 0788 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
06:42:50.0000 0788 atapi - ok
06:42:50.0000 0788 Atdisk - ok
06:42:50.0000 0788 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
06:42:50.0000 0788 Atmarpc - ok
06:42:50.0031 0788 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
06:42:50.0031 0788 AudioSrv - ok
06:42:50.0062 0788 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
06:42:50.0062 0788 audstub - ok
06:42:50.0140 0788 [ FB05FF189FC5F57DE636315B1F5E56DB ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
06:42:50.0140 0788 avast! Antivirus - ok
06:42:50.0156 0788 [ 353D1D0F7AE900EE8C1FF1A30DE13AF5 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
06:42:50.0156 0788 avast! Firewall - ok
06:42:50.0187 0788 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
06:42:50.0187 0788 Beep - ok
06:42:50.0234 0788 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
06:42:50.0250 0788 BITS - ok
06:42:50.0296 0788 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
06:42:50.0296 0788 Browser - ok
06:42:50.0328 0788 [ B6E16DA77EAFE84A8C5BC44784FEEAEA ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
06:42:50.0390 0788 btaudio - ok
06:42:50.0437 0788 [ 58A49BD10E08D3D4333A60DEDCB1CED8 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys
06:42:50.0437 0788 BTDriver - ok
06:42:50.0484 0788 [ EF5E0DE0A7CA2977A9255F36F4D915AB ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
06:42:50.0500 0788 BTKRNL - ok
06:42:50.0593 0788 [ F48FBD75582B1F241C386E05B27950B6 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
06:42:50.0593 0788 btwdins - ok
06:42:50.0609 0788 [ 80F61DE965C116051614AC2F04222FF7 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys
06:42:50.0625 0788 BTWDNDIS - ok
06:42:50.0640 0788 [ E48668B4A6A5CF68B33AECAD18EE8E1E ] btwhid C:\WINDOWS\system32\DRIVERS\btwhid.sys
06:42:50.0640 0788 btwhid - ok
06:42:50.0640 0788 [ 053DC5BE74621B63BB48C2B86BAFC7B0 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
06:42:50.0656 0788 BTWUSB - ok
06:42:50.0656 0788 catchme - ok
06:42:50.0703 0788 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
06:42:50.0703 0788 cbidf2k - ok
06:42:50.0734 0788 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
06:42:50.0734 0788 CCDECODE - ok
06:42:50.0750 0788 cd20xrnt - ok
06:42:50.0750 0788 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
06:42:50.0765 0788 Cdaudio - ok
06:42:50.0765 0788 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
06:42:50.0781 0788 Cdfs - ok
06:42:50.0781 0788 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
06:42:50.0796 0788 Cdrom - ok
06:42:50.0796 0788 Changer - ok
06:42:50.0828 0788 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
06:42:50.0828 0788 CiSvc - ok
06:42:50.0859 0788 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
06:42:50.0859 0788 ClipSrv - ok
06:42:50.0875 0788 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
06:42:50.0875 0788 CmBatt - ok
06:42:50.0890 0788 CmdIde - ok
06:42:50.0921 0788 [ 675D67423980FC1784B93AA47D350A31 ] cmnsusbser C:\WINDOWS\system32\DRIVERS\cmnsusbser.sys
06:42:50.0937 0788 cmnsusbser - ok
06:42:50.0953 0788 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
06:42:50.0953 0788 Compbatt - ok
06:42:50.0968 0788 COMSysApp - ok
06:42:50.0984 0788 Cpqarray - ok
06:42:51.0015 0788 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
06:42:51.0015 0788 CryptSvc - ok
06:42:51.0031 0788 dac2w2k - ok
06:42:51.0031 0788 dac960nt - ok
06:42:51.0078 0788 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
06:42:51.0125 0788 DcomLaunch - ok
06:42:51.0140 0788 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
06:42:51.0156 0788 Dhcp - ok
06:42:51.0156 0788 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
06:42:51.0171 0788 Disk - ok
06:42:51.0171 0788 dmadmin - ok
06:42:51.0218 0788 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
06:42:51.0250 0788 dmboot - ok
06:42:51.0265 0788 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
06:42:51.0265 0788 dmio - ok
06:42:51.0281 0788 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
06:42:51.0296 0788 dmload - ok
06:42:51.0312 0788 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
06:42:51.0312 0788 dmserver - ok
06:42:51.0343 0788 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
06:42:51.0343 0788 DMusic - ok
06:42:51.0375 0788 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
06:42:51.0390 0788 Dnscache - ok
06:42:51.0437 0788 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
06:42:51.0437 0788 Dot3svc - ok
06:42:51.0453 0788 dpti2o - ok
06:42:51.0468 0788 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
06:42:51.0468 0788 drmkaud - ok
06:42:51.0500 0788 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
06:42:51.0515 0788 EapHost - ok
06:42:51.0531 0788 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
06:42:51.0546 0788 ERSvc - ok
06:42:51.0578 0788 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
06:42:51.0609 0788 Eventlog - ok
06:42:51.0640 0788 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
06:42:51.0671 0788 EventSystem - ok
06:42:51.0734 0788 [ BA6063E3375F9BC11A9C8450A7F61E70 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
06:42:51.0781 0788 EvtEng - ok
06:42:51.0796 0788 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
06:42:51.0812 0788 Fastfat - ok
06:42:51.0843 0788 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
06:42:51.0906 0788 FastUserSwitchingCompatibility - ok
06:42:51.0937 0788 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
06:42:51.0937 0788 Fdc - ok
06:42:51.0968 0788 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
06:42:51.0968 0788 Fips - ok
06:42:51.0968 0788 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
06:42:51.0984 0788 Flpydisk - ok
06:42:52.0015 0788 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
06:42:52.0015 0788 FltMgr - ok
06:42:52.0031 0788 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
06:42:52.0031 0788 Fs_Rec - ok
06:42:52.0046 0788 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
06:42:52.0046 0788 Ftdisk - ok
06:42:52.0093 0788 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
06:42:52.0093 0788 Gpc - ok
06:42:52.0125 0788 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
06:42:52.0140 0788 gupdate - ok
06:42:52.0156 0788 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
06:42:52.0156 0788 gupdatem - ok
06:42:52.0187 0788 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
06:42:52.0203 0788 HDAudBus - ok
06:42:52.0281 0788 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
06:42:52.0281 0788 helpsvc - ok
06:42:52.0328 0788 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
06:42:52.0328 0788 HidServ - ok


pls find the remaining log in next message as it was too large for a single followup.


Report •

#26
October 29, 2012 at 18:16:58

06:42:52.0375 0788 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
06:42:52.0375 0788 HidUsb - ok
06:42:52.0406 0788 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
06:42:52.0421 0788 hkmsvc - ok
06:42:52.0421 0788 hpn - ok
06:42:52.0468 0788 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
06:42:52.0468 0788 HTTP - ok
06:42:52.0500 0788 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
06:42:52.0515 0788 HTTPFilter - ok
06:42:52.0531 0788 i2omgmt - ok
06:42:52.0531 0788 i2omp - ok
06:42:52.0562 0788 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
06:42:52.0578 0788 i8042prt - ok
06:42:52.0796 0788 [ D1359E54D9755D28E56B17A352AB8AAE ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
06:42:52.0875 0788 ialm - ok
06:42:52.0968 0788 [ 330A6A0BAF4FD945BDE14C7B1D88D9B9 ] IDMTDI C:\WINDOWS\system32\DRIVERS\idmtdi.sys
06:42:52.0968 0788 IDMTDI - ok
06:42:52.0984 0788 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
06:42:52.0984 0788 Imapi - ok
06:42:53.0000 0788 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
06:42:53.0015 0788 ImapiService - ok
06:42:53.0015 0788 ini910u - ok
06:42:53.0156 0788 [ 74B482F8B2A9EBE8473381A7A58F801D ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
06:42:53.0187 0788 IntcAzAudAddService - ok
06:42:53.0203 0788 IntelIde - ok
06:42:53.0218 0788 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
06:42:53.0218 0788 intelppm - ok
06:42:53.0234 0788 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
06:42:53.0234 0788 Ip6Fw - ok
06:42:53.0265 0788 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
06:42:53.0265 0788 IpFilterDriver - ok
06:42:53.0281 0788 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
06:42:53.0281 0788 IpInIp - ok
06:42:53.0296 0788 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
06:42:53.0296 0788 IpNat - ok
06:42:53.0328 0788 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
06:42:53.0328 0788 IPSec - ok
06:42:53.0343 0788 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
06:42:53.0343 0788 IRENUM - ok
06:42:53.0359 0788 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
06:42:53.0359 0788 isapnp - ok
06:42:53.0453 0788 [ DE5D05FD449798EF88CC34AD4B1E7F85 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
06:42:53.0453 0788 JavaQuickStarterService - ok
06:42:53.0468 0788 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
06:42:53.0484 0788 Kbdclass - ok
06:42:53.0515 0788 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
06:42:53.0531 0788 kmixer - ok
06:42:53.0546 0788 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
06:42:53.0546 0788 KSecDD - ok
06:42:53.0578 0788 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
06:42:53.0609 0788 lanmanserver - ok
06:42:53.0625 0788 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
06:42:53.0656 0788 lanmanworkstation - ok
06:42:53.0656 0788 lbrtfdc - ok
06:42:53.0703 0788 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
06:42:53.0718 0788 LmHosts - ok
06:42:53.0765 0788 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
06:42:53.0765 0788 MBAMProtector - ok
06:42:53.0812 0788 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
06:42:53.0812 0788 MBAMScheduler - ok
06:42:53.0843 0788 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
06:42:53.0875 0788 MBAMService - ok
06:42:53.0906 0788 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
06:42:53.0906 0788 Messenger - ok
06:42:53.0984 0788 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
06:42:54.0000 0788 Microsoft Office Groove Audit Service - ok
06:42:54.0015 0788 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
06:42:54.0015 0788 mnmdd - ok
06:42:54.0046 0788 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
06:42:54.0046 0788 mnmsrvc - ok
06:42:54.0062 0788 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
06:42:54.0062 0788 Modem - ok
06:42:54.0078 0788 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
06:42:54.0078 0788 Mouclass - ok
06:42:54.0093 0788 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
06:42:54.0109 0788 mouhid - ok
06:42:54.0125 0788 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
06:42:54.0125 0788 MountMgr - ok
06:42:54.0156 0788 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
06:42:54.0156 0788 MozillaMaintenance - ok
06:42:54.0171 0788 mraid35x - ok
06:42:54.0171 0788 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
06:42:54.0171 0788 MRxDAV - ok
06:42:54.0218 0788 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
06:42:54.0218 0788 MRxSmb - ok
06:42:54.0265 0788 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
06:42:54.0281 0788 MSDTC - ok
06:42:54.0281 0788 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
06:42:54.0281 0788 Msfs - ok
06:42:54.0296 0788 MSIServer - ok
06:42:54.0312 0788 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
06:42:54.0328 0788 MSKSSRV - ok
06:42:54.0359 0788 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
06:42:54.0359 0788 MSPCLOCK - ok
06:42:54.0375 0788 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
06:42:54.0375 0788 MSPQM - ok
06:42:54.0406 0788 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
06:42:54.0406 0788 mssmbios - ok
06:42:54.0437 0788 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
06:42:54.0437 0788 MSTEE - ok
06:42:54.0468 0788 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
06:42:54.0484 0788 Mup - ok
06:42:54.0515 0788 MySQL - ok
06:42:54.0546 0788 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
06:42:54.0546 0788 NABTSFEC - ok
06:42:54.0593 0788 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
06:42:54.0625 0788 napagent - ok
06:42:54.0656 0788 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
06:42:54.0656 0788 NDIS - ok
06:42:54.0687 0788 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
06:42:54.0687 0788 NdisIP - ok
06:42:54.0718 0788 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
06:42:54.0718 0788 NdisTapi - ok
06:42:54.0750 0788 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
06:42:54.0750 0788 Ndisuio - ok
06:42:54.0765 0788 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
06:42:54.0765 0788 NdisWan - ok
06:42:54.0812 0788 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
06:42:54.0812 0788 NDProxy - ok
06:42:54.0828 0788 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
06:42:54.0828 0788 NetBIOS - ok
06:42:54.0875 0788 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
06:42:54.0890 0788 NetBT - ok
06:42:54.0937 0788 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
06:42:54.0953 0788 NetDDE - ok
06:42:54.0968 0788 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
06:42:54.0984 0788 NetDDEdsdm - ok
06:42:55.0000 0788 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
06:42:55.0015 0788 Netlogon - ok
06:42:55.0046 0788 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
06:42:55.0078 0788 Netman - ok
06:42:55.0218 0788 [ AA88346AB7849A1CB34BD3424FEBFECE ] NETw5x32 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
06:42:55.0343 0788 NETw5x32 - ok
06:42:55.0375 0788 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
06:42:55.0390 0788 Nla - ok
06:42:55.0406 0788 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
06:42:55.0406 0788 Npfs - ok
06:42:55.0453 0788 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
06:42:55.0468 0788 Ntfs - ok
06:42:55.0484 0788 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
06:42:55.0484 0788 NtLmSsp - ok
06:42:55.0531 0788 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
06:42:55.0578 0788 NtmsSvc - ok
06:42:55.0578 0788 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
06:42:55.0593 0788 Null - ok
06:42:55.0625 0788 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
06:42:55.0640 0788 NwlnkFlt - ok
06:42:55.0640 0788 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
06:42:55.0656 0788 NwlnkFwd - ok
06:42:55.0765 0788 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
06:42:55.0781 0788 odserv - ok
06:42:55.0843 0788 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:42:55.0843 0788 ose - ok
06:42:55.0875 0788 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
06:42:55.0890 0788 Parport - ok
06:42:55.0921 0788 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
06:42:55.0921 0788 PartMgr - ok
06:42:55.0953 0788 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
06:42:55.0953 0788 ParVdm - ok
06:42:55.0953 0788 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
06:42:55.0968 0788 PCI - ok
06:42:55.0968 0788 PCIDump - ok
06:42:56.0000 0788 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
06:42:56.0000 0788 PCIIde - ok
06:42:56.0015 0788 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
06:42:56.0031 0788 Pcmcia - ok
06:42:56.0031 0788 PDCOMP - ok
06:42:56.0046 0788 PDFRAME - ok
06:42:56.0046 0788 PDRELI - ok
06:42:56.0062 0788 PDRFRAME - ok
06:42:56.0062 0788 perc2 - ok
06:42:56.0078 0788 perc2hib - ok
06:42:56.0109 0788 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
06:42:56.0125 0788 PlugPlay - ok
06:42:56.0140 0788 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
06:42:56.0156 0788 PolicyAgent - ok
06:42:56.0187 0788 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
06:42:56.0187 0788 PptpMiniport - ok
06:42:56.0187 0788 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
06:42:56.0203 0788 ProtectedStorage - ok
06:42:56.0218 0788 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
06:42:56.0218 0788 PSched - ok
06:42:56.0234 0788 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
06:42:56.0250 0788 Ptilink - ok
06:42:56.0265 0788 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
06:42:56.0265 0788 PxHelp20 - ok
06:42:56.0296 0788 [ A94F63608371AB232ED75FBAB00FB132 ] qkbfiltr C:\WINDOWS\system32\DRIVERS\qkbfiltr.sys
06:42:56.0296 0788 qkbfiltr - ok
06:42:56.0312 0788 ql1080 - ok
06:42:56.0312 0788 Ql10wnt - ok
06:42:56.0328 0788 ql12160 - ok
06:42:56.0343 0788 ql1240 - ok
06:42:56.0343 0788 ql1280 - ok
06:42:56.0359 0788 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
06:42:56.0359 0788 RasAcd - ok
06:42:56.0406 0788 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
06:42:56.0421 0788 RasAuto - ok
06:42:56.0437 0788 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
06:42:56.0453 0788 Rasl2tp - ok
06:42:56.0500 0788 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
06:42:56.0515 0788 RasMan - ok
06:42:56.0531 0788 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
06:42:56.0531 0788 RasPppoe - ok
06:42:56.0546 0788 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
06:42:56.0546 0788 Raspti - ok
06:42:56.0578 0788 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
06:42:56.0578 0788 Rdbss - ok
06:42:56.0593 0788 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
06:42:56.0593 0788 RDPCDD - ok
06:42:56.0609 0788 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
06:42:56.0625 0788 rdpdr - ok
06:42:56.0656 0788 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
06:42:56.0656 0788 RDPWD - ok
06:42:56.0703 0788 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
06:42:56.0734 0788 RDSessMgr - ok
06:42:56.0828 0788 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
06:42:56.0859 0788 redbook - ok
06:42:57.0000 0788 [ 7EEEEC28A34516E66137F355DCC15BDB ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
06:42:57.0078 0788 RegSrvc - ok
06:42:57.0125 0788 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
06:42:57.0203 0788 RemoteAccess - ok
06:42:57.0250 0788 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
06:42:57.0281 0788 RemoteRegistry - ok
06:42:57.0328 0788 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
06:42:57.0343 0788 RpcLocator - ok
06:42:57.0375 0788 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
06:42:57.0390 0788 RpcSs - ok
06:42:57.0437 0788 [ 680A7ABA84A7863C89B5440C9C1E0895 ] RSUSBSTOR C:\WINDOWS\system32\Drivers\RTS5121.sys
06:42:57.0437 0788 RSUSBSTOR - ok
06:42:57.0468 0788 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
06:42:57.0500 0788 RSVP - ok
06:42:57.0546 0788 [ 89619EF503F949FAE09252A8B883EE11 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
06:42:57.0546 0788 RTLE8023xp - ok
06:42:57.0593 0788 [ 8B09FF15D36B1D5108F6F3249EA16F5F ] S24EventMonitor C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
06:42:57.0625 0788 S24EventMonitor - ok
06:42:57.0656 0788 [ 87940243EA2AD3EBE274F5409C5E9072 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
06:42:57.0656 0788 s24trans - ok
06:42:57.0671 0788 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
06:42:57.0687 0788 SamSs - ok
06:42:57.0718 0788 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
06:42:57.0750 0788 SCardSvr - ok
06:42:57.0781 0788 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
06:42:57.0796 0788 Schedule - ok
06:42:57.0828 0788 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
06:42:57.0828 0788 Secdrv - ok
06:42:57.0859 0788 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
06:42:57.0859 0788 seclogon - ok
06:42:57.0890 0788 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
06:42:57.0906 0788 SENS - ok
06:42:57.0921 0788 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
06:42:57.0921 0788 Serial - ok
06:42:57.0953 0788 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
06:42:57.0953 0788 Sfloppy - ok
06:42:57.0984 0788 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
06:42:58.0000 0788 SharedAccess - ok
06:42:58.0015 0788 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
06:42:58.0015 0788 ShellHWDetection - ok
06:42:58.0031 0788 Simbad - ok
06:42:58.0046 0788 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
06:42:58.0046 0788 SLIP - ok
06:42:58.0046 0788 Sparrow - ok
06:42:58.0062 0788 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
06:42:58.0062 0788 splitter - ok
06:42:58.0093 0788 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
06:42:58.0109 0788 Spooler - ok
06:42:58.0156 0788 sprtsvc_netxpert - ok
06:42:58.0187 0788 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
06:42:58.0187 0788 sr - ok
06:42:58.0218 0788 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
06:42:58.0234 0788 srservice - ok
06:42:58.0281 0788 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
06:42:58.0296 0788 Srv - ok
06:42:58.0343 0788 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
06:42:58.0359 0788 SSDPSRV - ok
06:42:58.0406 0788 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
06:42:58.0453 0788 stisvc - ok
06:42:58.0468 0788 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
06:42:58.0484 0788 streamip - ok
06:42:58.0515 0788 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
06:42:58.0515 0788 swenum - ok
06:42:58.0531 0788 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
06:42:58.0546 0788 swmidi - ok
06:42:58.0546 0788 SwPrv - ok
06:42:58.0562 0788 symc810 - ok
06:42:58.0578 0788 symc8xx - ok
06:42:58.0578 0788 sym_hi - ok
06:42:58.0593 0788 sym_u3 - ok
06:42:58.0625 0788 [ D7B9AD3ABD0F7F9F694D71F38B5C7B72 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
06:42:58.0640 0788 SynTP - ok
06:42:58.0656 0788 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
06:42:58.0671 0788 sysaudio - ok
06:42:58.0687 0788 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
06:42:58.0703 0788 SysmonLog - ok
06:42:58.0734 0788 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
06:42:58.0812 0788 TapiSrv - ok
06:42:58.0859 0788 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
06:42:58.0875 0788 Tcpip - ok
06:42:58.0906 0788 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
06:42:58.0906 0788 TDPIPE - ok
06:42:58.0937 0788 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
06:42:58.0953 0788 TDTCP - ok
06:42:58.0968 0788 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
06:42:58.0968 0788 TermDD - ok
06:42:59.0000 0788 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
06:42:59.0031 0788 TermService - ok
06:42:59.0046 0788 tgsrvc_netxpert - ok
06:42:59.0078 0788 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
06:42:59.0093 0788 Themes - ok
06:42:59.0125 0788 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
06:42:59.0140 0788 TlntSvr - ok
06:42:59.0203 0788 Tomcat6 - ok
06:42:59.0218 0788 TosIde - ok
06:42:59.0234 0788 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
06:42:59.0250 0788 TrkWks - ok
06:42:59.0281 0788 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
06:42:59.0281 0788 Udfs - ok
06:42:59.0296 0788 ultra - ok
06:42:59.0312 0788 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
06:42:59.0343 0788 UMWdf - ok
06:42:59.0359 0788 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
06:42:59.0375 0788 Update - ok
06:42:59.0406 0788 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
06:42:59.0437 0788 upnphost - ok
06:42:59.0453 0788 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
06:42:59.0484 0788 UPS - ok
06:42:59.0515 0788 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
06:42:59.0515 0788 usbccgp - ok
06:42:59.0531 0788 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
06:42:59.0531 0788 usbehci - ok
06:42:59.0562 0788 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
06:42:59.0578 0788 usbhub - ok
06:42:59.0625 0788 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
06:42:59.0625 0788 usbscan - ok
06:42:59.0640 0788 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
06:42:59.0640 0788 usbstor - ok
06:42:59.0671 0788 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
06:42:59.0671 0788 usbuhci - ok
06:42:59.0718 0788 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
06:42:59.0718 0788 usbvideo - ok
06:42:59.0734 0788 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
06:42:59.0734 0788 VgaSave - ok
06:42:59.0750 0788 ViaIde - ok
06:42:59.0781 0788 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
06:42:59.0781 0788 VolSnap - ok
06:42:59.0828 0788 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
06:42:59.0859 0788 VSS - ok
06:42:59.0890 0788 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
06:42:59.0921 0788 W32Time - ok
06:42:59.0968 0788 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:42:59.0968 0788 Wanarp - ok
06:42:59.0984 0788 WDICA - ok
06:43:00.0031 0788 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
06:43:00.0031 0788 wdmaud - ok
06:43:00.0078 0788 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
06:43:00.0093 0788 WebClient - ok
06:43:00.0156 0788 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
06:43:00.0171 0788 winmgmt - ok
06:43:00.0203 0788 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
06:43:00.0218 0788 WmdmPmSN - ok
06:43:00.0281 0788 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
06:43:00.0296 0788 Wmi - ok
06:43:00.0328 0788 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
06:43:00.0343 0788 WmiApSrv - ok
06:43:00.0375 0788 [ 1385E5AA9C9821790D33A9563B8D2DD0 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
06:43:00.0375 0788 WpdUsb - ok
06:43:00.0406 0788 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
06:43:00.0406 0788 WS2IFSL - ok
06:43:00.0437 0788 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
06:43:00.0453 0788 wscsvc - ok
06:43:00.0468 0788 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
06:43:00.0484 0788 WSTCODEC - ok
06:43:00.0515 0788 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
06:43:00.0531 0788 wuauserv - ok
06:43:00.0593 0788 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
06:43:00.0640 0788 WZCSVC - ok
06:43:00.0656 0788 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
06:43:00.0687 0788 xmlprov - ok
06:43:00.0703 0788 ================ Scan global ===============================
06:43:00.0750 0788 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
06:43:00.0796 0788 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
06:43:00.0843 0788 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
06:43:00.0890 0788 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
06:43:00.0921 0788 [Global] - ok
06:43:00.0921 0788 ================ Scan MBR ==================================
06:43:00.0937 0788 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
06:43:01.0171 0788 \Device\Harddisk0\DR0 - ok
06:43:01.0171 0788 ================ Scan VBR ==================================
06:43:01.0171 0788 [ 858C9B5283E474204C718C1902FFD048 ] \Device\Harddisk0\DR0\Partition1
06:43:01.0171 0788 \Device\Harddisk0\DR0\Partition1 - ok
06:43:01.0203 0788 [ 93B3B514B87842C9788A01BDDB919D66 ] \Device\Harddisk0\DR0\Partition2
06:43:01.0203 0788 \Device\Harddisk0\DR0\Partition2 - ok
06:43:01.0234 0788 [ 927C9C56140FDE06DD47C6996BA208BD ] \Device\Harddisk0\DR0\Partition3
06:43:01.0234 0788 \Device\Harddisk0\DR0\Partition3 - ok
06:43:01.0250 0788 [ FE7CF0A419F1080D7AFDC1E537C04F81 ] \Device\Harddisk0\DR0\Partition4
06:43:01.0250 0788 \Device\Harddisk0\DR0\Partition4 - ok
06:43:01.0265 0788 [ 1D6D5046061AD01D34CB6460CDDCEF1A ] \Device\Harddisk0\DR0\Partition5
06:43:01.0265 0788 \Device\Harddisk0\DR0\Partition5 - ok
06:43:01.0281 0788 ============================================================
06:43:01.0281 0788 Scan finished
06:43:01.0281 0788 ============================================================
06:43:01.0296 2072 Detected object count: 0
06:43:01.0296 2072 Actual detected object count: 0

Report •

#27
October 29, 2012 at 18:33:54

"no infections detected"
We're getting there.

9: Update & run Malwarebytes ( MBAM ) Quick scan again & post the log please.


Report •

#28
October 30, 2012 at 05:31:45

Updated & ran MBAM Quick scan again and it detected 1 infection:

PUP.BundleInstaller.Somoto

It asked to restart urgently to remove the threat and a log popped up. But after restart I can not find the log.
Older logs are present C:\....\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

But not this one.

I ran MBAM again, and this time it showed no infections detected.


Report •

#29
October 30, 2012 at 09:37:38

10. Run HijackThis ( HJT )
http://sourceforge.net/projects/hjt/
Try this version if needed.
http://go.trendmicro.com/free-tools...
Tutorial
http://www.help2go.com/Tutorials/Pr...

Report •

#30
October 30, 2012 at 10:11:39

Should I click the FixThis button.

Log if HijackThis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:38:25 PM, on 10/30/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Airtel NetXpert\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Airtel NetXpert\bin\tgsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\JVM\My Documents\Downloads\Programs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?utm_source=b&utm...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?utm_source=b&utm...
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Manager Utility.lnk = C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hclinfosystems.in
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (netxpert) (sprtsvc_netxpert) - SupportSoft, Inc. - C:\Program Files\Airtel NetXpert\bin\sprtsvc.exe
O23 - Service: SupportSoft Repair Service (netxpert) (tgsrvc_netxpert) - SupportSoft, Inc. - C:\Program Files\Airtel NetXpert\bin\tgsrvc.exe

--
End of file - 9064 bytes


Report •

#31
October 30, 2012 at 10:14:36

"Should I click the FixThis button"
No.

Report •

#32
October 30, 2012 at 10:22:20

11: Run TFC
http://oldtimer.geekstogo.com/TFC.exe
http://www.itxassociates.com/OT-Too...
Please double-click TFC.exe to run it. (Note: If you are running on Vista/Windows 7, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Report •

#33
October 30, 2012 at 10:32:05

TFC ran successfully, 102 mb space freed and asked for Reboot.
All done.

Report •

#34
October 30, 2012 at 10:41:57

12: Download Security Check by screen317 from one of the following links and save it to your desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Save it to your Desktop.
* Double click SecurityCheck.exe. If you run Windows Vista or 7, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; please post the contents of that document.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Report •

#35
October 30, 2012 at 10:49:42

Results of screen317's Security Check version 0.99.54


Windows XP Service Pack 3 x86
Internet Explorer 8
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
Windows Firewall Enabled!
avast! Internet Security
Antivirus up to date!
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
Malwarebytes Anti-Malware version 1.65.1.1000
CCleaner
Java(TM) 6 Update 33
Java(TM) SE Runtime Environment 6
Java(TM) SE Development Kit 6 Update 10
Java DB 10.4.1.3
[color=red][b]Java version out of Date![/b][/color]
Adobe Flash Player 11.4.402.287
Adobe Reader 8 [color=red][b]Adobe Reader out of Date![/b][/color]
Mozilla Firefox (16.0.2)
Google Chrome 22.0.1229.96
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast afwServ.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C:: 27% [color=red][b]Defragment your hard drive soon! (Do NOT defrag if SSD!)[/b][/color]
[b][u]````````````````````End of Log``````````````````````[/b][/u]


Report •

#36
October 30, 2012 at 10:54:35

"Results of screen317's Security Check version 0.99.54"
Not bad, to improve your security, update the out of date programs.

Report •

#37
October 30, 2012 at 10:55:12

13: System Restore may still have infected files in it, turning System Restore OFF & then ON will remove them.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310...

14: Clear away any of the files and folders that were created by ComboFix.
Start > Run, Copy and Paste > ComboFix /uninstall and click OK.
Qoobox is a folder created by Combofix to quarantine any infected files.
How to uninstall combofix
http://www.bleepingcomputer.com/com...
Windows XP/Vista/7. Can be used on both 32-bit and 64-bit operating systems.


Report •

#38
October 30, 2012 at 11:04:34

"turning System Restore OFF & then ON" -- Done
"Clear away any of the files and folders that were created by ComboFix."

-- Windows can not find Combofix blah blah blah.... make sure you typed blah blah blah....

Perhaps this error is because of the fact that I already cleared the ComboFix file.
You already told me to do so earlier.


Report •

#39
October 30, 2012 at 11:05:51

"Perhaps this error is because of the fact that I already cleared the ComboFix file.
You already told me to do so earlier."
Correct, just making sure.

Report •

#40
October 30, 2012 at 11:06:31

15: Run Wise Disk Cleaner ( use default settings & run the 3 Tabs from left to right )
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/download...

Report •

#41
October 30, 2012 at 11:14:43

"run the 3 boxes from left to right"
I believe by boxes you mean to say tabs, and there are four.
Common cleaner, Advanced cleaner, slimming system, Disk defrag.
I should run them one by one left to right. right?

Report •

#42
October 30, 2012 at 11:24:53

De-fragmenting the disks....
I might not be able to respond (bed time)
You can post the next step and I'll be back with results tomorrow.
Thanks
Good night.

Report •

#43
October 30, 2012 at 11:25:20

"I believe by boxes you mean to say tabs"
Yep, sorry.

"Common cleaner, Advanced cleaner, slimming system"
Only these 3.


Report •

#44
October 30, 2012 at 11:27:16

"I might not be able to respond (bed time)"
Me too soon, it's 2.30am here in Western Australia.

Report •

#45
October 30, 2012 at 18:13:52

ohhh I ran Disk Defragmantation too!!!
I had not run it for like years.... It shouldn't be harmful. Right?

Report •

#46
October 30, 2012 at 18:19:50

While you are waiting for Johnw. No it won't do any harm running defrag,
it might speed up the HD (a bit).


Report •

#47
October 30, 2012 at 18:26:18

Thanks Derek.

Report •

#48
October 30, 2012 at 18:28:43

""Common cleaner, Advanced cleaner, slimming system""
Let me know when you have done those please mohit_chilkot.

Report •

#49
October 30, 2012 at 20:06:09

Ran all of the above.
Right now I don't have access to my comp. but you can send the next set of instructions & I will post the results in the evening.
Thanks,
Mohit

Report •

#50
October 30, 2012 at 20:24:07

Ok Mohit.

Run Wise Registry Cleaner ( Use only Registry Cleaner with default settings )
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/wiseregi...


Report •

#51
October 31, 2012 at 05:17:30

Hi John,

Ran Wise Registry Cleaner. Fixed around 780 issues but also showed message that failed to remove 3 items.
I checked in its folder in Application data and found the following log:

============================================================
Time: 5:40:42 PM Problems:
=======================================================================
Key: HKEY_CLASSES_ROOT\Visual.FoxPro.Application.6\DefaultIcon\
Reason: Remove value failed.
-----------------------------------------------------------------------
Time: 5:40:42 PM Problems:
=======================================================================
Key: HKEY_CLASSES_ROOT\callto\DefaultIcon\
Reason: Remove value failed.
-----------------------------------------------------------------------
Time: 5:40:42 PM Problems:
=======================================================================
Key: HKEY_CLASSES_ROOT\AcroExch.Sequence\DefaultIcon\
Reason: Remove value failed.
-----------------------------------------------------------------------
============================================================


Report •

#52
October 31, 2012 at 05:26:09

That's fine mohit, it probably found they were still in use.in the background.

17: Run OTL by OldTimer
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://www.smokey-services.eu/forum...
http://www.smokey-services.eu/forum...
http://oldtimer.geekstogo.com/OTL.exe
http://www.geekstogo.com/1888/otl-b...
Make sure all other windows and applications are closed and to let it run uninterrupted.
Save it to your desktop.
Double click on the icon on your desktop.
# Click the "Scan All Users" checkbox.
# When the window appears, underneath Output at the top change it to Minimal Output.
# Check the boxes beside LOP Check and Purity Check.
# Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
* When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. Post them please.


Report •

#53
October 31, 2012 at 05:49:59

Log:


OTL Extras logfile created on: 10/31/2012 6:08:29 PM - Run 1
OTL by OldTimer - Version 3.2.70.2 Folder = C:\Documents and Settings\JVM\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 82.56% Memory free
4.77 Gb Paging File | 4.43 Gb Available in Paging File | 92.83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20.02 Gb Total Space | 4.11 Gb Free Space | 20.54% Space Free | Partition Type: NTFS
Drive D: | 97.95 Gb Total Space | 17.63 Gb Free Space | 18.00% Space Free | Partition Type: NTFS
Drive E: | 48.83 Gb Total Space | 1.87 Gb Free Space | 3.84% Space Free | Partition Type: NTFS
Drive F: | 36.62 Gb Total Space | 1.70 Gb Free Space | 4.66% Space Free | Partition Type: NTFS
Drive G: | 29.45 Gb Total Space | 1.56 Gb Free Space | 5.30% Space Free | Partition Type: FAT32

Computer Name: PREMONIT-429D63 | User Name: JVM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-854245398-343818398-1801674531-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Unable to open value key File not found
.txt [@ = Notepad++_file] -- Reg Error: Unable to open value key File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3306:TCP" = 3306:TCP:*:Enabled:MySQL Server

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"Microsoft Windows Hosting Service Login" = C:\Documents and Settings\JVM\Application Data\winlogon.exe
"C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Disabled:Winamp -- (Nullsoft, Inc.)
"C:\Documents and Settings\JVM\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\JVM\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player -- ()
"C:\Program Files\Internet Download Manager\IDMan.exe" = C:\Program Files\Internet Download Manager\IDMan.exe:*:Enabled:Internet Download Manager (IDM) -- (Tonec Inc.)
"E:\eclipse-jee-indigo\eclipse\eclipse.exe" = E:\eclipse-jee-indigo\eclipse\eclipse.exe:*:Enabled:eclipse -- ()


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{24F211C6-2732-4564-B602-CDA2DE2A13FC}_is1" = Image Uploader version 1.2.7
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{2E295B5B-1AD4-4d36-97C2-A316084722CF}" = Python 2.7.2
"{2EB28256-1D66-49F1-AF66-691BF9A27C79}" = Camtasia Studio 8
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{32A3A4F4-B792-11D6-A78A-00B0D0160100}" = Java(TM) SE Development Kit 6 Update 10
"{33933681-9A64-4A5C-97F5-4F6AEDB9FA0F}" = MySQL Server 5.5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52A7C6A6-6B88-47D1-922E-9F8A7E089E6A}" = Intel(R) PROSet/Wireless WiFi Software
"{538D7676-0E4A-4508-8117-B0D4809378B1}" = ChessBase Reader
"{576D6401-956E-498B-9199-6AB60B3969B3}" = ChessPartner 6.0.4
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{AE010604-007D-11DD-A3C1-001636EEECBD}" = Google App Engine
"{C99EF05C-A49C-4C8C-902B-BD4B96A6F3A8}" = Keyboard Manager Utility
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{D10CB652-9332-4242-B7A9-2D61570144F7}" = USB 2.0 Card Reader
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Plus VX
"{DFD30824-6BD0-34E1-ABE8-308AD3CBB9A0}" = Google Talk Plugin
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCB10DE3-E190-4A7E-B06A-FAC61567ABFC}" = MySQL Tools for 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Airtel NetXpert_is1" = Airtel NetXpert 3.0
"Apache Tomcat 6.0 Tomcat6" = Apache Tomcat 6.0 Tomcat6 (remove only)
"avast" = avast! Internet Security
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"EditPlus 3" = EditPlus 3
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{C99EF05C-A49C-4C8C-902B-BD4B96A6F3A8}" = Keyboard Manager Utility
"Internet Download Manager" = Internet Download Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP3 To Ringtone Gold_is1" = MP3 To Ringtone Gold 3.15
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Notepad++" = Notepad++
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Time Stopper4.0" = Time Stopper
"V9Software" = V9 Homepage Uninstaller
"VLC media player" = VLC media player 2.0.2
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 7.67
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 7.52

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 10/17/2012 12:29:05 PM | Computer Name = PREMONIT-429D63 | Source = Google Update | ID = 20
Description =

Error - 10/17/2012 3:29:05 PM | Computer Name = PREMONIT-429D63 | Source = Google Update | ID = 20
Description =

Error - 10/17/2012 6:29:05 PM | Computer Name = PREMONIT-429D63 | Source = Google Update | ID = 20
Description =

Error - 10/17/2012 9:29:05 PM | Computer Name = PREMONIT-429D63 | Source = Google Update | ID = 20
Description =

Error - 10/21/2012 6:32:15 AM | Computer Name = PREMONIT-429D63 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 10/28/2012 10:43:41 AM | Computer Name = PREMONIT-429D63 | Source = Application Error | ID = 1005
Description = Windows cannot access the file I:\main.exe for one of the following
reasons: there is a problem with the network connection, the disk that the file
is stored on, or the storage drivers installed on this computer; or the disk is
missing. Windows closed the program Flash Player 5.0 r30 because of this error.

Program:
Flash Player 5.0 r30 File: I:\main.exe The error value is listed in the Additional
Data section. User Action 1. Open the file again. This situation might be a temporary
problem that corrects itself when the program runs again. 2. If the file still cannot
be accessed and - It is on the network, your network administrator should verify
that there is not a problem with the network and that the server can be contacted.
-
It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the
disk is fully inserted into the computer. 3. Check and repair the file system by
running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click
OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem
persists, restore the file from a backup copy. 5. Determine whether other files
on the same disk can be opened. If not, the disk might be damaged. If it is a hard
disk, contact your administrator or computer hardware vendor for further assistance.
Additional
Data Error value: C000009C Disk type: 5

Error - 10/28/2012 10:43:41 AM | Computer Name = PREMONIT-429D63 | Source = Application Error | ID = 1005
Description = Windows cannot access the file I:\main.exe for one of the following
reasons: there is a problem with the network connection, the disk that the file
is stored on, or the storage drivers installed on this computer; or the disk is
missing. Windows closed the program Flash Player 5.0 r30 because of this error.

Program:
Flash Player 5.0 r30 File: I:\main.exe The error value is listed in the Additional
Data section. User Action 1. Open the file again. This situation might be a temporary
problem that corrects itself when the program runs again. 2. If the file still cannot
be accessed and - It is on the network, your network administrator should verify
that there is not a problem with the network and that the server can be contacted.
-
It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the
disk is fully inserted into the computer. 3. Check and repair the file system by
running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click
OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem
persists, restore the file from a backup copy. 5. Determine whether other files
on the same disk can be opened. If not, the disk might be damaged. If it is a hard
disk, contact your administrator or computer hardware vendor for further assistance.
Additional
Data Error value: C000009C Disk type: 5

Error - 10/28/2012 10:43:45 AM | Computer Name = PREMONIT-429D63 | Source = Application Error | ID = 1000
Description = Faulting application main.exe, version 5.0.30.0, faulting module user32.dll,
version 5.1.2600.5512, fault address 0x0000d9ca.

Error - 10/28/2012 10:43:45 AM | Computer Name = PREMONIT-429D63 | Source = Application Error | ID = 1000
Description = Faulting application main.exe, version 5.0.30.0, faulting module user32.dll,
version 5.1.2600.5512, fault address 0x0000d9ca.

Error - 10/28/2012 10:44:09 AM | Computer Name = PREMONIT-429D63 | Source = Application Hang | ID = 1002
Description = Hanging application main.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/29/2012 9:06:54 PM | Computer Name = PREMONIT-429D63 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 10/29/2012 9:06:55 PM | Computer Name = PREMONIT-429D63 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 10/29/2012 9:06:55 PM | Computer Name = PREMONIT-429D63 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 10/30/2012 8:08:35 AM | Computer Name = PREMONIT-429D63 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 10/30/2012 8:08:35 AM | Computer Name = PREMONIT-429D63 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 10/30/2012 8:08:35 AM | Computer Name = PREMONIT-429D63 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 10/30/2012 8:20:54 AM | Computer Name = PREMONIT-429D63 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 10/30/2012 1:26:56 PM | Computer Name = PREMONIT-429D63 | Source = Service Control Manager | ID = 7034
Description = The Intel® PROSet/Wireless WiFi Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/30/2012 1:26:56 PM | Computer Name = PREMONIT-429D63 | Source = Service Control Manager | ID = 7034
Description = The Agere Modem Call Progress Audio service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/30/2012 1:26:56 PM | Computer Name = PREMONIT-429D63 | Source = Service Control Manager | ID = 7034
Description = The Intel® PROSet/Wireless Event Log service terminated unexpectedly.
It has done this 1 time(s).

[ VisualSVNServer Events ]
Error - 5/18/2012 11:08:53 PM | Computer Name = PREMONIT-429D63 | Source = VisualSVN Server 2.5 | ID = 2000
Description =

Error - 5/18/2012 11:28:42 PM | Computer Name = PREMONIT-429D63 | Source = VisualSVN Server 2.5 | ID = 1001
Description =

Error - 5/18/2012 11:29:07 PM | Computer Name = PREMONIT-429D63 | Source = VisualSVN Server 2.5 | ID = 1001
Description =


< End of report >


Report •

#54
October 31, 2012 at 06:19:01

18: Update & run Malwarebytes ( MBAM ) Quick scan again & post the log please.

Report •

#55
October 31, 2012 at 06:45:52

Malwarebytes Log:

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.31.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
JVM :: PREMONIT-429D63 [administrator]

Protection: Disabled

10/28/2012 12:00:00 AM
mbam-log-2012-10-28 (00-00-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 183170
Time elapsed: 8 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Report •

#56
October 31, 2012 at 13:33:53

You are infection free Mohit.

Malware Prevention
http://www.malwarevault.com/index.html
"There is no magic involved. The majority of malware is installed by the user themselves"

Is the comp running Ok now?
No slowness, high CPU etc.
If everything is Ok, it should feel quite snappy.


Report •

#57
October 31, 2012 at 13:47:03

19: If you want to block tracking cookies, use one or more of these, depending on how many browsers you use.
After installing, run SuperantiSpyware to remove the cookies that were already installed.

Ghostery
http://www.ghostery.com/
http://www.ghostery.com/download
Firefox
https://addons.mozilla.org/en-US/fi...
Internet Explorer
http://www.ghostery.com/download-ie
Chrome
https://chrome.google.com/extension...
Opera
https://addons.opera.com/addons/ext...
Privacy plug-in showdown: Do Not Track Plus vs. Ghostery
http://www.digitaltrends.com/web/do...
Or,
Mozilla Labs: Prospector - about:trackers
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
https://blog.mozilla.org/labs/2012/...
Or,
Do Not Track Plus for Firefox
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://www.abine.com/dntdetail.php?
Do Not Track Plus for Chrome
https://chrome.google.com/webstore/...
Do Not Track Plus for Internet Explorer (32-bit)
http://download.cnet.com/Do-Not-Tra...
Do Not Track Plus for Internet Explorer (64-bit)
http://download.cnet.com/Do-Not-Tra...
Do Not Track Plus for Safari
http://download.cnet.com/Do-Not-Tra...
Or, the built in one for Firefox, Internet Explorer, Safari.
Do Not Track
http://www.donottrack.us/
What ‘Do Not Track’ Doesn’t Do
http://www.lifehacker.com.au/2012/1...
Firefox
https://support.mozilla.org/en-US/k...
Safari
http://osxdaily.com/2012/08/21/how-...
Internet Explorer
https://www.eff.org/deeplinks/2012/...

Run SUPERAntiSpyware after installing ( all browsers closed )
The programs will block the tracking cookies, but not remove them ( in other words, the cookies that were there before installing )
To test the effectiveness of whichever program you chose to try first, after say 2 weeks, run SUPERAntiSpyware again & it finds more tracking cookies, that is telling you, that you hav'nt blocked everything in Options.
SUPERAntiSpyware
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://www.superantispyware.com/ind...


Report •

#58
October 31, 2012 at 18:18:22

Hi John,

Unfortunately I am still facing the same CPU problem as before :(
Also, I created the bootable using win2flash and when I tested it by booting my system with the flash drive, it started in the setup mode but in the very first step where windows setup examines the disk, it quit saying (drive w: is corrupt). there is no drive w: in my comp. I am not sure if it was referring to flash drive as w: or my system drive.

Do you think that I should reinstall the windows to get rid of this high CPU problem.

Thanks,
Mohit


Report •

#59
October 31, 2012 at 18:50:17

"Do you think that I should reinstall the windows to get rid of this high CPU problem"
I hav'nt dealt with that side of things yet Mohit, if you want me to try, here is a start.

Run chkdsk /f
How to Use Chkdsk in Windows XP
http://vlaurie.com/computers2/Artic...
http://en.wikipedia.org/wiki/Chkdsk


Report •

#60
October 31, 2012 at 22:25:39

Do you think we have a better solution to this problem apart from reinstalling windows.
I already have clean my comp for viruses.
Now, AFA I think either it is a hardware problem or Windows problem.
What do you say?

Report •

#61
October 31, 2012 at 22:34:06

"What do you say?"
At the moment it could be anything, once we get a clue, we can hone in on it.

1: Start with chkdsk.
Obtaining CHKDSK Results ( log file )
http://www.cpucare.net/OS/XP/Viewin...



Report •

#62
October 31, 2012 at 22:34:48

Could you please check your Task Manager for any programs/processes using up your CPU.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#63
October 31, 2012 at 22:54:03

@MrGoodGuy For last 1 week, every time I start my laptop I make sure to start TaskManager as my first application. :)
I consistently check which process is taking what amount of CPU for the whole time I use it.

@John I will post the logs as soon as I get access to my laptop.

thanks


Report •

#64
October 31, 2012 at 22:58:58

And what did you find, using Task Manager?

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#65
October 31, 2012 at 23:41:11

Nothing suspicious.
Only the processes I start, like firefox and VLC player.
Sometimes a process named system shows up but only for a couple of seconds.
Even if I start a single application say firefox or VLC it eats up all the CPU.
See #3.

Report •

#66
November 1, 2012 at 05:06:07

"Nothing suspicious.
Only the processes I start, like firefox and VLC player"

Mohit, could we have a Screenshot or two of what you are looking at, please.


Report •

#67
November 1, 2012 at 06:25:24

Checking file system on C:
The type of the file system is NTFS.


A disk check has been scheduled.
Windows will now check the disk.
Cleaning up minor inconsistencies on the drive.
Cleaning up 1474 unused index entries from index $SII of file 0x9.
Cleaning up 1474 unused index entries from index $SDH of file 0x9.
Cleaning up 1474 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.

20988890 KB total disk space.
16789880 KB in 65827 files.
21160 KB in 12211 indexes.
0 KB in bad sectors.
181610 KB in use by the system.
65536 KB occupied by the log file.
3996240 KB available on disk.

4096 bytes in each allocation unit.
5247222 total allocation units on disk.
999060 allocation units available on disk.

Internal Info:
70 b6 01 00 e2 30 01 00 73 98 01 00 00 00 00 00 p....0..s.......
ed 00 00 00 00 00 00 00 97 09 00 00 00 00 00 00 ................
c6 67 e3 07 00 00 00 00 2e be 43 2f 00 00 00 00 .g........C/....
96 96 44 16 00 00 00 00 00 00 00 00 00 00 00 00 ..D.............
00 00 00 00 00 00 00 00 16 51 da 54 00 00 00 00 .........Q.T....
99 9e 36 00 00 00 00 00 40 3d 07 00 23 01 01 00 ..6.....@=..#...
00 00 00 00 00 e0 c5 00 04 00 00 00 b3 2f 00 00 ............./..

Windows has finished checking your disk.
Please wait while your computer restarts.

===========================================================
For D:

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.

102703513 KB total disk space.
83833732 KB in 78039 files.
44348 KB in 17153 indexes.
0 KB in bad sectors.
206769 KB in use by the system.
65536 KB occupied by the log file.
18618664 KB available on disk.

4096 bytes in each allocation unit.
25675878 total allocation units on disk.
4654666 allocation units available on disk.


E:


CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.

102703513 KB total disk space.
83833732 KB in 78039 files.
44348 KB in 17153 indexes.
0 KB in bad sectors.
206769 KB in use by the system.
65536 KB occupied by the log file.
18618664 KB available on disk.

4096 bytes in each allocation unit.
25675878 total allocation units on disk.
4654666 allocation units available on disk.

F:

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.

38403350 KB total disk space.
36422424 KB in 33178 files.
15508 KB in 5558 indexes.
0 KB in bad sectors.
130502 KB in use by the system.
65536 KB occupied by the log file.
1834916 KB available on disk.

4096 bytes in each allocation unit.
9600837 total allocation units on disk.
458729 allocation units available on disk.

G:

Chkdsk cannot run because the volume is in use by another
process. Chkdsk may run if this volume is dismounted first.
ALL OPENED HANDLES TO THIS VOLUME WOULD THEN BE INVALID.
Would you like to force a dismount on this volume? (Y/N) y
Volume dismounted. All opened handles to this volume are now invalid.
Volume NEW VOLUME created 7/4/2010 6:06 PM
Volume Serial Number is 7C86-797E
Windows is verifying files and folders...
File and folder verification is complete.
Windows has checked the file system and found no problems.
30,877,856 KB total disk space.
224 KB in 14 hidden files.
98,496 KB in 6,129 folders.
29,142,192 KB in 55,841 files.
1,636,928 KB are available.

16,384 bytes in each allocation unit.
1,929,866 total allocation units on disk.
102,308 allocation units available on disk.


Report •

#68
November 1, 2012 at 09:41:14

I assume Firefox and VLC do not startup with the system, only when used?

Always pop back and let us know the outcome - thanks


Report •

#69
November 1, 2012 at 09:55:50

Please find the TaskManager snapshot.

http://s1.ipicture.ru/uploads/20121...

Here GAME.exe belongs to chess engine- chessmaster
I am not sure why plugin-container showing up.
I usually see it when I am on any flash based website. May be it is also related to Chessmaster, as it has some tutorials(audio + piece moves on chess board) too.

I am only using VLC and have not touched any other app. in last half an hour.

Yes, none of the app shown in TaskManager(using CPU) starts with Windows. Not sure about explorer.exe, though.


Report •

#70
November 1, 2012 at 13:41:43

You probably know all this but just in case:

explorer.exe does start with Windows. It is Windows Explorer and relates to the filing system on the computer and its running.

Not to be confused with iexplore.exe which is Internet Explorer.

[If you ever run into iexplorer.exe it is a virus].


Sorry unable to view your snapshot - probably because I'm from the UK.

Always pop back and let us know the outcome - thanks


Report •

#71
November 1, 2012 at 14:01:10

"Please find the TaskManager snapshot"
Mohit, test your link.

Make sure you capture everything on your SS, maximize the window or use the scroll bar & take more than one SS.

My post #6
Image Uploader, use the same as I have > Imgur.com
http://i.imgur.com/IwZrT.gif
http://i.imgur.com/q4uHK.gif
http://i.imgur.com/qk0sN.gif
http://i.imgur.com/TTVsl.gif

Also SS of Disk Management please.

Using the Disk Management tool in Windows XP Professional
http://www.theeldergeek.com/disk_ma...


Report •

#72
November 1, 2012 at 18:22:19

link updated, I should've checked, sorry.
#69

Latest TaskManager snapshot:
http://i46.fastpic.ru/big/2012/1102...


Report •

#73
November 1, 2012 at 19:20:20

Is VLC running/playing?

Report •

#74
November 1, 2012 at 19:23:15

Not sure if it will help but see last post on here (about VLC high CPU usage):
http://forum.videolan.org/viewtopic...

(one of a few hits when Gooling "vlc high cpu usage".

Always pop back and let us know the outcome - thanks


Report •

#75
November 1, 2012 at 19:30:20

Hi Derek, know you are from UK, p/u the wife's cousin & his wife from the airport in 2 hours.

They live in Bickleigh, Devon.


Report •

#76
November 1, 2012 at 19:37:32

I'm from Kent.

Off to bed (I'll never cure my USA time clock LOL - gone 2.30 am right now).

Always pop back and let us know the outcome - thanks


Report •

#77
November 2, 2012 at 08:26:54

SS of TaskManager:

http://i46.fastpic.ru/big/2012/1102...


SS of disk Management:

http://images.vfl.ru/ii/1351869853/...


Report •

#78
November 2, 2012 at 10:50:21

Just wondering if the small amount of free space on the system drive might have any bearing on this, although I haven't got a convincing theory for it. See what others think.

Always pop back and let us know the outcome - thanks


Report •

#79
November 2, 2012 at 13:12:49

Post#65 "Sometimes a process named system shows up but only for a couple of seconds."
But the high disk use doesn't explain the system.exe vanishing? That should remain in the Task manager even if its not using any CPU?

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#80
November 2, 2012 at 17:20:21

MrGoodguy
"But the high disk use doesn't explain the system.exe vanishing?"
As you know, System moves around on the page, as I had to prompt Mohit to use the scroll bar for the second SS, maybe it moved to a lower out of sight position on the page & he did'nt use the scroll bar.

Report •

#81
November 3, 2012 at 08:15:37

Hi John,
Long time no see.
What next after CHKDSK.

Report •

#82
November 3, 2012 at 15:55:42

Hi Mohit, just to let you know, I shall be away for 5 days.

Report •

#83
November 17, 2012 at 21:48:27

Hi John,
Are you back ??

Report •

#84
November 17, 2012 at 21:53:33

I am Mohit.

Where do we start?
From your post #81?


Report •

#85
November 17, 2012 at 22:04:48

yes. post #81.

Report •

#86
November 17, 2012 at 22:56:32

Had to get my head into gear with everything we had done, Mohit.

SS of Device Manager please.


Report •

#87
November 17, 2012 at 23:02:18

More SS of Task Manager, use the scroll bar or maximize the page, so I can see everything. In other words you may need to take two SS.

Report •

#88
November 17, 2012 at 23:10:27

Please find below the link to Device Manager SS:

http://img164.imagevenue.com/img.ph...


Right now task Manager is showing only 2% of CPU usage.
May be I should take the screenshot once it reaches 100%.

Anyways, all I run on my laptop is firefox, chess engine or VLC, one at a time or all simultaneously.
No other process takes any % of CPU.


Thanks


Report •

#89
November 17, 2012 at 23:31:41

"May be I should take the screenshot once it reaches 100%"
Yes please, that's what I was hoping for. Your first SS showed 100%, but was incomplete.
http://i46.fastpic.ru/big/2012/1102...

Report •

#90
November 18, 2012 at 02:30:46

"Please find below the link to Device Manager SS"

Getting back to DMA mode in Windows XP
http://i.imgur.com/ScoE5.gif
http://club.cdfreaks.com/1712829-po...
http://sniptools.com/tipstricks/get...


Report •

#91
November 18, 2012 at 02:37:47

"but was incomplete"

I think the SS is complete, as there is no scroll bar visible.
I am trying to take a new screen shot but when I try to take second screen shot
the CPU usage varies, also I believe processes keep shifting up and down.


Report •

#92
November 18, 2012 at 02:48:18

pls find below the latest SSs:

http://i47.fastpic.ru/big/2012/1118...

http://user-0.imgfiles.ru/1nq3cyinb...


Report •

#93
November 18, 2012 at 03:22:59

Wondered if you were still there, we have had three sets of family call on us today.

"I think the SS is complete"
I hav'nt an answer for that at the moment, maybe you have. The screen says 100% down the bottom, but when you add it up, it dos'nt come to 100%.


Report •

#94
November 18, 2012 at 03:44:41

The new SS don't add up either.

Lets isolate the problem & see if it's Ok using this.

Process Explorer
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://technet.microsoft.com/en-gb/...
http://technet.microsoft.com/en-us/...


Report •

#95
November 18, 2012 at 04:20:30

My error, those columns do add up to 100%.

Report •


Ask Question