Author Topic: [Resolved] Super Duper Slow Computer - Have I Been Hijacked?  (Read 4283 times)

0 Members and 1 Guest are viewing this topic.

Offline darlene

  • Bronze Member
  • Posts: 9
[Resolved] Super Duper Slow Computer - Have I Been Hijacked?
« on: February 13, 2011, 10:14:06 pm »
Yesterday I thought I was just having a wireless modem problem on my HP Laptop.
Then today things got really, really slow.
I did this scan and think I'm looking at some really fishy registry changes along with the O1 and O13 items.  I'm just not feeling confident enought to take the next step in HJT.  
I would be extremely grateful for any advice you can provide me.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:16:52 PM, on 2/13/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\Users\Flit\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {f15ff29f-85a1-43cd-9674-e5ba40016c97} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
O3 - Toolbar: @c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SansaDispatch] C:\Users\Flit\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles(x86)%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles(x86)%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.cinemanow.com
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://*.qflix.com
O15 - Trusted Zone: http://*.roxio.com
O15 - Trusted Zone: http://redirect.sonic.com
O15 - Trusted Zone: http://redirect2.sonic.com
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.1.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5600/mcfscan.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Immunet Protect (ImmunetProtect) - Immunet Corporation - C:\Program Files\Immunet Protect\2.0.17\agent.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB12 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14240 bytes
« Last Edit: February 13, 2011, 10:34:49 pm by Hoov »



Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25201
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Super Duper Slow Computer - Have I Been Hijacked?
« Reply #1 on: February 13, 2011, 10:35:17 pm »
Hello, welcome to SpywareHammer.

I go by Hoov, and I will be helping you with your problem. I must ask you to do a few things for me.

First, tell me everything that you have done, if anything, to try and fix this problem.

Second, please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

Third, follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go.

Fourth, Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

Before we start trying to fix your computer, you need to make sure your data is backed up. Also let me know of any software you have running that encrypts your harddrive.

Now onto trying to fix your computer.


Please run ccleaner to remove temporary files from your system, and to improve the scanning time of the other scans we may be running. Then please run Malwarebytes' Anti-Malware to check for malware. Both sets of instructions are below

1.Download and scan with CCleaner
When you get to the website, there is a dark grey box on the left side with two tabs along the top. Inside this Dark Grey box is a light grey box. Below that light grey box is where the download links are at. The pay amount is for paid support.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:

    • Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
    • Clean all the entries in the "Windows Explorer" section.
    • Clean all entries in the "System" section.
    • Clean all entries in the "Advanced" section.
    • Clean any others that you choose.


    In the Applications Tab
      • Clean all except cookies in the Firefox/Mozilla section if you use it.
      • Clean all in the Opera section if you use it.
      • Clean Sun Java in the Internet Section.
      • Clean any others that you choose.


      4. Click the "Run Cleaner" button.
      5. A pop up box will appear advising this process will permanently delete files from your system.
      6. Click "OK" and it will scan and clean your system.
      7. Click "exit" when done.


      Please download Malwarebytes Anti-Malware and save it to your desktop.
      alternate download link 1
      alternate download link 2

      MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
      • Make sure you are connected to the Internet.
      • Double-click on mbam-setup.exe to install the application.
      • When the installation begins, follow the prompts and do not make any changes to default settings.
      • When installation has finished, make sure you leave both of these checked:
        • Update Malwarebytes' Anti-Malware
        • Launch Malwarebytes' Anti-Malware
        • Then click Finish.
        MBAM will automatically start and you will be asked to update the program before performing a scan.
        • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
        • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
        On the Scanner tab:
        • Make sure the "Perform Quick Scan" option is selected.
        • Then click on the Scan button.
        • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
        • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
        • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
        • Click OK to close the message box and continue with the removal process.
        Back at the main Scanner screen:
        • Click on the Show Results button to see a list of any malware that was found.
        • Make sure that everything is checked, and click Remove Selected.
        • When removal is completed, a log report will open in Notepad.
        • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
        • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
        • Exit MBAM when done.
        Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

        Please read carefully and follow these steps.
        • Download TDSSKiller and save it to your Desktop.
        • Extract its contents to your desktop.
        • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.





        • If an infected file is detected, the default action will be Cure, click on Continue.





        • If a suspicious file is detected, the default action will be Skip, click on Continue.





        • It may ask you to reboot the computer to complete the process. Click on Reboot Now.





        • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
        • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

        Consumer Security

        If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

        Offline darlene

        • Bronze Member
        • Posts: 9
        Re: [In Progress] Super Duper Slow Computer - Have I Been Hijacked?
        « Reply #2 on: February 14, 2011, 01:10:49 am »
        Hoov,
        Thank you for your help.
        I did run a more recent HJT v2.0.4 scan, about 5 hours after the log I posted to this forum.  It's been real difficult to do anything else because of the way it keeps "Not Responding".  Because of that, it barely made it through the Malwarebyte scan.  We persevered though and here are the results:3
        Malwarebytes' Anti-Malware 1.50.1.1100
        www.malwarebytes.org

        Database version: 5758

        Windows 6.0.6002 Service Pack 2
        Internet Explorer 8.0.6001.19019

        2/13/2011 10:57:00 PM
        mbam-log-2011-02-13 (22-57-00).txt

        Scan type: Quick scan
        Objects scanned: 176623
        Time elapsed: 34 minute(s), 24 second(s)

        Memory Processes Infected: 0
        Memory Modules Infected: 0
        Registry Keys Infected: 1
        Registry Values Infected: 1
        Registry Data Items Infected: 0
        Folders Infected: 0
        Files Infected: 0

        Memory Processes Infected:
        (No malicious items detected)

        Memory Modules Infected:
        (No malicious items detected)

        Registry Keys Infected:
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

        Registry Values Infected:
        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

        Registry Data Items Infected:
        (No malicious items detected)

        Folders Infected:
        (No malicious items detected)

        Files Infected:
        (No malicious items detected)

        Offline darlene

        • Bronze Member
        • Posts: 9
        Re: [In Progress] Super Duper Slow Computer - Have I Been Hijacked?
        « Reply #3 on: February 14, 2011, 01:27:04 am »
        Yeah!  Ran TDSSKiller and there was nothing found.  Here are the results:
        2011/02/13 23:23:31.0177 2008   TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
        2011/02/13 23:23:31.0535 2008   ================================================================================
        2011/02/13 23:23:31.0535 2008   SystemInfo:
        2011/02/13 23:23:31.0535 2008   
        2011/02/13 23:23:31.0535 2008   OS Version: 6.0.6002 ServicePack: 2.0
        2011/02/13 23:23:31.0535 2008   Product type: Workstation
        2011/02/13 23:23:31.0535 2008   ComputerName: FLIT-PC
        2011/02/13 23:23:31.0535 2008   UserName: Flit
        2011/02/13 23:23:31.0535 2008   Windows directory: C:\Windows
        2011/02/13 23:23:31.0535 2008   System windows directory: C:\Windows
        2011/02/13 23:23:31.0535 2008   Running under WOW64
        2011/02/13 23:23:31.0535 2008   Processor architecture: Intel x64
        2011/02/13 23:23:31.0535 2008   Number of processors: 2
        2011/02/13 23:23:31.0535 2008   Page size: 0x1000
        2011/02/13 23:23:31.0535 2008   Boot type: Normal boot
        2011/02/13 23:23:31.0535 2008   ================================================================================
        2011/02/13 23:23:32.0175 2008   Initialize success
        2011/02/13 23:23:40.0459 2816   ================================================================================
        2011/02/13 23:23:40.0459 2816   Scan started
        2011/02/13 23:23:40.0459 2816   Mode: Manual;
        2011/02/13 23:23:40.0459 2816   ================================================================================
        2011/02/13 23:23:41.0426 2816   61883           (78e902fb660bd5003fe726b9bef300b6) C:\Windows\system32\DRIVERS\61883.sys
        2011/02/13 23:23:41.0488 2816   Accelerometer   (3e2427d4966c7606097341e55ab4e105) C:\Windows\system32\DRIVERS\Accelerometer.sys
        2011/02/13 23:23:41.0535 2816   ACPI            (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
        2011/02/13 23:23:41.0660 2816   adp94xx         (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
        2011/02/13 23:23:41.0707 2816   adpahci         (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
        2011/02/13 23:23:41.0753 2816   adpu160m        (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
        2011/02/13 23:23:41.0785 2816   adpu320         (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
        2011/02/13 23:23:41.0925 2816   AESTAud         (f8e805622f8a26b254155819a1f72e4b) C:\Windows\system32\drivers\AESTAu64.sys
        2011/02/13 23:23:42.0003 2816   AFD             (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys
        2011/02/13 23:23:42.0097 2816   AgereSoftModem  (70e15cda25e151dfc60636ef73f5a7be) C:\Windows\system32\DRIVERS\agrsm64.sys
        2011/02/13 23:23:42.0206 2816   agp440          (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
        2011/02/13 23:23:42.0253 2816   aic78xx         (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
        2011/02/13 23:23:42.0315 2816   aliide          (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
        2011/02/13 23:23:42.0346 2816   amdide          (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
        2011/02/13 23:23:42.0409 2816   AmdK8           (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\DRIVERS\amdk8.sys
        2011/02/13 23:23:42.0658 2816   arc             (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
        2011/02/13 23:23:42.0767 2816   arcsas          (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
        2011/02/13 23:23:42.0861 2816   AsyncMac        (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
        2011/02/13 23:23:42.0955 2816   atapi           (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
        2011/02/13 23:23:43.0033 2816   Avc             (295fa2878ff499c0edfa0ebcc8c6ec66) C:\Windows\system32\DRIVERS\avc.sys
        2011/02/13 23:23:43.0157 2816   BCM43XV         (a2160c5d70f3517fc7356b689abd6fcd) C:\Windows\system32\DRIVERS\bcmwl664.sys
        2011/02/13 23:23:43.0313 2816   BHDrvx64        (446b2c459a7d11cd71350235d6977e2a) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110114.001\BHDrvx64.sys
        2011/02/13 23:23:43.0423 2816   blbdrive        (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
        2011/02/13 23:23:43.0501 2816   bowser          (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
        2011/02/13 23:23:43.0579 2816   BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
        2011/02/13 23:23:43.0688 2816   BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
        2011/02/13 23:23:43.0750 2816   Brserid         (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
        2011/02/13 23:23:44.0015 2816   BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
        2011/02/13 23:23:44.0078 2816   BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
        2011/02/13 23:23:44.0140 2816   BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
        2011/02/13 23:23:44.0265 2816   BthEnum         (09f926a0d9c0bafd8417a4307d2ed13c) C:\Windows\system32\DRIVERS\BthEnum.sys
        2011/02/13 23:23:44.0343 2816   BTHMODEM        (72f70a38bb15252eb7c4da7ba3bd4ed1) C:\Windows\system32\DRIVERS\bthmodem.sys
        2011/02/13 23:23:44.0421 2816   BthPan          (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
        2011/02/13 23:23:44.0546 2816   BTHPORT         (2ff122eeb3a712feda238fb331f738b9) C:\Windows\system32\Drivers\BTHport.sys
        2011/02/13 23:23:44.0608 2816   BTHUSB          (2b668e7c1616c0e931714272934c678b) C:\Windows\system32\Drivers\BTHUSB.sys
        2011/02/13 23:23:44.0671 2816   btwaudio        (0c5d9c8b412be72c4535ec67a24c01db) C:\Windows\system32\drivers\btwaudio.sys
        2011/02/13 23:23:44.0733 2816   btwavdt         (df18e4291c43bed05b1d0c2d5c0e96d6) C:\Windows\system32\drivers\btwavdt.sys
        2011/02/13 23:23:44.0811 2816   btwrchid        (637a44c54520a9958e2e5e3ee9e26c4a) C:\Windows\system32\DRIVERS\btwrchid.sys
        2011/02/13 23:23:44.0905 2816   ccHP            (da66e851e76766d2c84502fe682ab175) C:\Windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys
        2011/02/13 23:23:44.0967 2816   cdfs            (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
        2011/02/13 23:23:45.0092 2816   cdrom           (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
        2011/02/13 23:23:45.0170 2816   circlass        (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
        2011/02/13 23:23:45.0279 2816   CLFS            (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
        2011/02/13 23:23:45.0404 2816   CmBatt          (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
        2011/02/13 23:23:45.0435 2816   cmdide          (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
        2011/02/13 23:23:45.0497 2816   Compbatt        (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
        2011/02/13 23:23:45.0669 2816   crcdisk         (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
        2011/02/13 23:23:45.0763 2816   DfsC            (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys
        2011/02/13 23:23:45.0825 2816   disk            (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
        2011/02/13 23:23:45.0950 2816   Dot4            (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
        2011/02/13 23:23:46.0012 2816   Dot4Print       (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
        2011/02/13 23:23:46.0075 2816   dot4usb         (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
        2011/02/13 23:23:46.0153 2816   drmkaud         (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
        2011/02/13 23:23:46.0309 2816   DXGKrnl         (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
        2011/02/13 23:23:46.0371 2816   E1G60           (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
        2011/02/13 23:23:46.0496 2816   Ecache          (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
        2011/02/13 23:23:46.0605 2816   eeCtrl          (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
        2011/02/13 23:23:46.0683 2816   elxstor         (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
        2011/02/13 23:23:46.0792 2816   enecir          (0e3f3301052673cf16813e65d5de98ad) C:\Windows\system32\DRIVERS\enecir.sys
        2011/02/13 23:23:46.0886 2816   EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
        2011/02/13 23:23:46.0979 2816   ErrDev          (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
        2011/02/13 23:23:47.0073 2816   exfat           (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
        2011/02/13 23:23:47.0120 2816   fastfat         (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
        2011/02/13 23:23:47.0167 2816   fdc             (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
        2011/02/13 23:23:47.0260 2816   FileInfo        (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
        2011/02/13 23:23:47.0354 2816   Filetrace       (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
        2011/02/13 23:23:47.0401 2816   flpydisk        (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
        2011/02/13 23:23:47.0463 2816   FltMgr          (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
        2011/02/13 23:23:47.0572 2816   fssfltr         (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
        2011/02/13 23:23:47.0650 2816   Fs_Rec          (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
        2011/02/13 23:23:47.0713 2816   gagp30kx        (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
        2011/02/13 23:23:47.0775 2816   GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
        2011/02/13 23:23:47.0884 2816   HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
        2011/02/13 23:23:47.0962 2816   HDAudBus        (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
        2011/02/13 23:23:48.0025 2816   HidBth          (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
        2011/02/13 23:23:48.0087 2816   HidIr           (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
        2011/02/13 23:23:48.0196 2816   HidUsb          (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
        2011/02/13 23:23:48.0274 2816   HpCISSs         (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
        2011/02/13 23:23:48.0383 2816   hpdskflt        (ccbe758967cc0f53f5ba3b271653c4e6) C:\Windows\system32\DRIVERS\hpdskflt.sys
        2011/02/13 23:23:48.0477 2816   HpqKbFiltr      (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
        2011/02/13 23:23:48.0539 2816   HSFHWAZL        (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
        2011/02/13 23:23:48.0664 2816   HSF_DPV         (e6cd7f641916484b0141d191a390d866) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
        2011/02/13 23:23:48.0742 2816   HTTP            (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
        2011/02/13 23:23:48.0805 2816   i2omp           (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
        2011/02/13 23:23:48.0867 2816   i8042prt        (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
        2011/02/13 23:23:48.0945 2816   iaStorV         (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
        2011/02/13 23:23:49.0117 2816   IDSVia64        (6f9b281bc4afff5fe784d7da699d347f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110211.002\IDSvia64.sys
        2011/02/13 23:23:49.0226 2816   iirsp           (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
        2011/02/13 23:23:49.0304 2816   ImmunetProtectDriver (6724ec9fb067b539e84d2400d28e7e83) C:\Windows\system32\DRIVERS\ImmunetProtect.sys
        2011/02/13 23:23:49.0366 2816   ImmunetSelfProtectDriver (d06c83f9236a7ecc8535eb276aabec00) C:\Windows\system32\DRIVERS\ImmunetSelfProtect.sys
        2011/02/13 23:23:49.0460 2816   intelide        (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
        2011/02/13 23:23:49.0678 2816   intelppm        (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
        2011/02/13 23:23:49.0819 2816   IpFilterDriver  (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
        2011/02/13 23:23:50.0006 2816   IPMIDRV         (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
        2011/02/13 23:23:50.0053 2816   IPNAT           (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
        2011/02/13 23:23:50.0099 2816   IRENUM          (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
        2011/02/13 23:23:50.0193 2816   isapnp          (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
        2011/02/13 23:23:50.0240 2816   iScsiPrt        (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
        2011/02/13 23:23:50.0287 2816   iteatapi        (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
        2011/02/13 23:23:50.0349 2816   iteraid         (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
        2011/02/13 23:23:50.0474 2816   JMCR            (15371306d1adbbf35e475c8da516a956) C:\Windows\system32\DRIVERS\jmcr.sys
        2011/02/13 23:23:50.0521 2816   kbdclass        (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
        2011/02/13 23:23:50.0567 2816   kbdhid          (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
        2011/02/13 23:23:50.0630 2816   KSecDD          (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
        2011/02/13 23:23:50.0723 2816   ksthunk         (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
        2011/02/13 23:23:50.0801 2816   lltdio          (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
        2011/02/13 23:23:50.0864 2816   LSI_FC          (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
        2011/02/13 23:23:50.0911 2816   LSI_SAS         (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
        2011/02/13 23:23:50.0926 2816   LSI_SCSI        (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
        2011/02/13 23:23:50.0973 2816   luafv           (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
        2011/02/13 23:23:51.0145 2816   megasas         (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
        2011/02/13 23:23:51.0191 2816   MegaSR          (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
        2011/02/13 23:23:51.0301 2816   mfeavfk         (4a1c21576fb7f96f4dbdea627ffda775) C:\Windows\system32\drivers\mfeavfk.sys
        2011/02/13 23:23:51.0347 2816   mfehidk         (9e0ac52b3232ff8dc65fee1a9c2fe8d1) C:\Windows\system32\drivers\mfehidk.sys
        2011/02/13 23:23:51.0410 2816   mferkdk         (624d717b11e5004f68442b5740f17f21) C:\Windows\system32\drivers\mferkdk.sys
        2011/02/13 23:23:51.0441 2816   mfesmfk         (0cd9de7b96735f33f078c4ea044e8b34) C:\Windows\system32\drivers\mfesmfk.sys
        2011/02/13 23:23:51.0550 2816   Modem           (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
        2011/02/13 23:23:51.0628 2816   monitor         (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
        2011/02/13 23:23:51.0659 2816   mouclass        (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
        2011/02/13 23:23:51.0691 2816   mouhid          (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
        2011/02/13 23:23:51.0737 2816   MountMgr        (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
        2011/02/13 23:23:51.0831 2816   mpio            (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
        2011/02/13 23:23:51.0925 2816   mpsdrv          (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
        2011/02/13 23:23:51.0971 2816   Mraid35x        (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
        2011/02/13 23:23:52.0018 2816   MRxDAV          (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
        2011/02/13 23:23:52.0081 2816   mrxsmb          (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys
        2011/02/13 23:23:52.0159 2816   mrxsmb10        (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys
        2011/02/13 23:23:52.0252 2816   mrxsmb20        (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
        2011/02/13 23:23:52.0315 2816   msahci          (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
        2011/02/13 23:23:52.0361 2816   msdsm           (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
        2011/02/13 23:23:52.0533 2816   Msfs            (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
        2011/02/13 23:23:52.0611 2816   msisadrv        (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
        2011/02/13 23:23:52.0705 2816   MSKSSRV         (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
        2011/02/13 23:23:52.0783 2816   MSPCLOCK        (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
        2011/02/13 23:23:52.0829 2816   MSPQM           (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
        2011/02/13 23:23:52.0876 2816   MsRPC           (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
        2011/02/13 23:23:52.0985 2816   mssmbios        (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
        2011/02/13 23:23:53.0032 2816   MSTEE           (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
        2011/02/13 23:23:53.0079 2816   Mup             (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
        2011/02/13 23:23:53.0173 2816   NativeWifiP     (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
        2011/02/13 23:23:53.0266 2816   NAVENG          (7be93dbb02b66e72872ff76d8a92e662) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110213.003\ENG64.SYS
        2011/02/13 23:23:53.0360 2816   NAVEX15         (be99edbba322ca59b3f2fe17b9bf987a) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110213.003\EX64.SYS
        2011/02/13 23:23:53.0531 2816   NDIS            (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
        2011/02/13 23:23:53.0609 2816   NdisTapi        (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
        2011/02/13 23:23:53.0656 2816   Ndisuio         (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
        2011/02/13 23:23:53.0765 2816   NdisWan         (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
        2011/02/13 23:23:53.0828 2816   NDProxy         (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
        2011/02/13 23:23:53.0921 2816   NetBIOS         (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
        2011/02/13 23:23:53.0968 2816   netbt           (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
        2011/02/13 23:23:54.0280 2816   NETw5v64        (ce423855d54594beda633cccbe7e3cf0) C:\Windows\system32\DRIVERS\NETw5v64.sys
        2011/02/13 23:23:54.0358 2816   nfrd960         (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
        2011/02/13 23:23:54.0421 2816   Npfs            (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
        2011/02/13 23:23:54.0467 2816   nsiproxy        (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
        2011/02/13 23:23:54.0561 2816   Ntfs            (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
        2011/02/13 23:23:54.0655 2816   NuidFltr        (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
        2011/02/13 23:23:54.0717 2816   Null            (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
        2011/02/13 23:23:54.0779 2816   NVENETFD        (9733f305fa84aaf84e7fb09c0b345adb) C:\Windows\system32\DRIVERS\nvm60x64.sys
        2011/02/13 23:23:54.0935 2816   NVHDA           (6e022d5f44cd8b029cf799807bb31269) C:\Windows\system32\drivers\nvhda64v.sys
        2011/02/13 23:23:55.0263 2816   nvlddmkm        (fd39b98ff1bb8ed3848781497e9d02e0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
        2011/02/13 23:23:55.0372 2816   nvraid          (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
        2011/02/13 23:23:55.0450 2816   nvstor          (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
        2011/02/13 23:23:55.0513 2816   nv_agp          (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
        2011/02/13 23:23:55.0700 2816   ohci1394        (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
        2011/02/13 23:23:55.0762 2816   Parport         (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
        2011/02/13 23:23:55.0825 2816   partmgr         (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
        2011/02/13 23:23:55.0871 2816   pci             (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
        2011/02/13 23:23:55.0949 2816   pciide          (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
        2011/02/13 23:23:56.0074 2816   pcmcia          (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
        2011/02/13 23:23:56.0230 2816   pcouffin        (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
        2011/02/13 23:23:56.0339 2816   PEAUTH          (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
        2011/02/13 23:23:56.0480 2816   PptpMiniport    (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
        2011/02/13 23:23:56.0527 2816   Processor       (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
        2011/02/13 23:23:56.0605 2816   PSched          (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
        2011/02/13 23:23:56.0683 2816   PSI             (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
        2011/02/13 23:23:56.0761 2816   PxHlpa64        (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
        2011/02/13 23:23:56.0839 2816   ql2300          (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
        2011/02/13 23:23:56.0917 2816   ql40xx          (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
        2011/02/13 23:23:56.0963 2816   QWAVEdrv        (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
        2011/02/13 23:23:57.0010 2816   RasAcd          (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
        2011/02/13 23:23:57.0073 2816   Rasl2tp         (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
        2011/02/13 23:23:57.0166 2816   RasPppoe        (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
        2011/02/13 23:23:57.0229 2816   RasSstp         (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
        2011/02/13 23:23:57.0431 2816   rdbss           (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
        2011/02/13 23:23:57.0556 2816   RDPCDD          (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
        2011/02/13 23:23:57.0681 2816   rdpdr           (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
        2011/02/13 23:23:57.0743 2816   RDPENCDD        (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
        2011/02/13 23:23:57.0806 2816   RDPWD           (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
        2011/02/13 23:23:57.0915 2816   RFCOMM          (cd71e053d7260e4102d99a28f9196070) C:\Windows\system32\DRIVERS\rfcomm.sys
        2011/02/13 23:23:58.0118 2816   rspndr          (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
        2011/02/13 23:23:58.0180 2816   RTL8169         (b263b3aebcde2210d1cc25756601b8ea) C:\Windows\system32\DRIVERS\Rtlh64.sys
        2011/02/13 23:23:58.0258 2816   sbp2port        (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
        2011/02/13 23:23:58.0352 2816   sdbus           (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
        2011/02/13 23:23:58.0508 2816   secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
        2011/02/13 23:23:58.0586 2816   Serenum         (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
        2011/02/13 23:23:58.0664 2816   Serial          (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
        2011/02/13 23:23:58.0757 2816   sermouse        (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
        2011/02/13 23:23:58.0898 2816   sffdisk         (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
        2011/02/13 23:23:58.0976 2816   sffp_mmc        (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
        2011/02/13 23:23:59.0038 2816   sffp_sd         (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
        2011/02/13 23:23:59.0085 2816   sfloppy         (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
        2011/02/13 23:23:59.0132 2816   SiSRaid2        (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
        2011/02/13 23:23:59.0179 2816   SiSRaid4        (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
        2011/02/13 23:23:59.0272 2816   Smb             (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
        2011/02/13 23:23:59.0413 2816   spldr           (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
        2011/02/13 23:23:59.0506 2816   SRTSP           (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\N360x64\0403000.005\SRTSP64.SYS
        2011/02/13 23:23:59.0600 2816   SRTSPX          (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\N360x64\0403000.005\SRTSPX64.SYS
        2011/02/13 23:23:59.0662 2816   srv             (8cd33a47ca02c79038b669f31f95bdac) C:\Windows\system32\DRIVERS\srv.sys
        2011/02/13 23:23:59.0709 2816   srv2            (1bedf533096c56e70f87e3e3ee02caf5) C:\Windows\system32\DRIVERS\srv2.sys
        2011/02/13 23:23:59.0740 2816   srvnet          (2b8c340f830c465f514d966f7e6a822f) C:\Windows\system32\DRIVERS\srvnet.sys
        2011/02/13 23:23:59.0896 2816   STHDA           (ed1722f43ce61409ef68340402d6267d) C:\Windows\system32\DRIVERS\stwrt64.sys
        2011/02/13 23:23:59.0974 2816   StillCam        (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
        2011/02/13 23:24:00.0037 2816   swenum          (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
        2011/02/13 23:24:00.0115 2816   Symc8xx         (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
        2011/02/13 23:24:00.0193 2816   SymDS           (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS
        2011/02/13 23:24:00.0271 2816   SymEFA          (42c952d131eff724a9959bb6d78c1b63) C:\Windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS
        2011/02/13 23:24:00.0411 2816   SymEvent        (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
        2011/02/13 23:24:00.0505 2816   SymIRON         (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS
        2011/02/13 23:24:00.0567 2816   SYMTDIv         (8abb6e5b7d75cd3f0a988695d0d9186a) C:\Windows\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS
        2011/02/13 23:24:00.0645 2816   Sym_hi          (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
        2011/02/13 23:24:00.0676 2816   Sym_u3          (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
        2011/02/13 23:24:00.0739 2816   SynTP           (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
        2011/02/13 23:24:00.0832 2816   Tcpip           (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
        2011/02/13 23:24:00.0941 2816   Tcpip6          (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
        2011/02/13 23:24:01.0035 2816   tcpipreg        (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
        2011/02/13 23:24:01.0097 2816   TDPIPE          (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
        2011/02/13 23:24:01.0144 2816   TDTCP           (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
        2011/02/13 23:24:01.0222 2816   tdx             (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
        2011/02/13 23:24:01.0300 2816   TermDD          (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
        2011/02/13 23:24:01.0378 2816   tssecsrv        (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
        2011/02/13 23:24:01.0441 2816   tunmp           (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
        2011/02/13 23:24:01.0519 2816   tunnel          (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
        2011/02/13 23:24:01.0628 2816   uagp35          (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
        2011/02/13 23:24:01.0706 2816   udfs            (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
        2011/02/13 23:24:01.0799 2816   uliagpkx        (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
        2011/02/13 23:24:01.0877 2816   uliahci         (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
        2011/02/13 23:24:01.0955 2816   UlSata          (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
        2011/02/13 23:24:01.0987 2816   ulsata2         (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
        2011/02/13 23:24:02.0111 2816   umbus           (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
        2011/02/13 23:24:02.0236 2816   USB28xxBGA      (1e1786e15f91183be26732e89adc1817) C:\Windows\system32\DRIVERS\emBDA64.sys
        2011/02/13 23:24:02.0283 2816   USB28xxOEM      (e97f0e00adbc1bcef691c71dbee77041) C:\Windows\system32\DRIVERS\emOEM64.sys
        2011/02/13 23:24:02.0345 2816   USBAAPL64       (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
        2011/02/13 23:24:02.0408 2816   usbaudio        (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
        2011/02/13 23:24:02.0501 2816   usbbus          (e493a1ab49cec05e48828cf949a5a2c3) C:\Windows\system32\DRIVERS\lgx64bus.sys
        2011/02/13 23:24:02.0579 2816   usbccgp         (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
        2011/02/13 23:24:02.0642 2816   usbcir          (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
        2011/02/13 23:24:02.0689 2816   UsbDiag         (0614c32187d0d12ad971d83df2eb9b53) C:\Windows\system32\DRIVERS\lgx64diag.sys
        2011/02/13 23:24:02.0782 2816   usbehci         (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
        2011/02/13 23:24:02.0829 2816   usbhub          (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
        2011/02/13 23:24:02.0907 2816   USBModem        (ecc1f29b4d25ef757bd0986c6a0518d6) C:\Windows\system32\DRIVERS\lgx64modem.sys
        2011/02/13 23:24:02.0954 2816   usbohci         (540b622da0949695c40cdc9d5d497a8b) C:\Windows\system32\DRIVERS\usbohci.sys
        2011/02/13 23:24:03.0188 2816   usbprint        (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
        2011/02/13 23:24:03.0391 2816   usbscan         (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
        2011/02/13 23:24:03.0453 2816   USBSTOR         (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
        2011/02/13 23:24:03.0500 2816   usbuhci         (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
        2011/02/13 23:24:03.0593 2816   usbvideo        (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
        2011/02/13 23:24:03.0671 2816   vga             (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
        2011/02/13 23:24:03.0703 2816   VgaSave         (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
        2011/02/13 23:24:03.0749 2816   viaide          (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
        2011/02/13 23:24:03.0843 2816   volmgr          (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
        2011/02/13 23:24:03.0890 2816   volmgrx         (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
        2011/02/13 23:24:03.0968 2816   volsnap         (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
        2011/02/13 23:24:04.0015 2816   vsmraid         (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
        2011/02/13 23:24:04.0108 2816   WacomPen        (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
        2011/02/13 23:24:04.0171 2816   Wanarp          (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
        2011/02/13 23:24:04.0202 2816   Wanarpv6        (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
        2011/02/13 23:24:04.0295 2816   Wd              (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
        2011/02/13 23:24:04.0451 2816   Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
        2011/02/13 23:24:04.0576 2816   winachsf        (b5c348b265178fb9ee55addb3929485d) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
        2011/02/13 23:24:04.0701 2816   WmiAcpi         (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
        2011/02/13 23:24:04.0826 2816   WpdUsb          (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
        2011/02/13 23:24:04.0873 2816   ws2ifsl         (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
        2011/02/13 23:24:04.0982 2816   WUDFRd          (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
        2011/02/13 23:24:05.0060 2816   ================================================================================
        2011/02/13 23:24:05.0060 2816   Scan finished
        2011/02/13 23:24:05.0060 2816   ================================================================================

        Offline Hoov

        • Malware Removal Mentors
        • Global Moderator
        • Diamond Member
        • Posts: 25201
        • Unwilling part owner of Gov't. Motors and Chrysler
          • Hoov's Personal Site
        Re: [In Progress] Super Duper Slow Computer - Have I Been Hijacked?
        « Reply #4 on: February 14, 2011, 06:30:36 am »
        * Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

        Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

        http://www.bleepingcomputer.com/combofix/how-to-use-combofix

        * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

        Please include the C:\ComboFix.txt in your next reply for further review.

        Note:
        Do not mouseclick combofix's window while it's running. That may cause it to stall

        Is your computer running any different?

        Consumer Security

        If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

        Offline darlene

        • Bronze Member
        • Posts: 9
        Re: [In Progress] Super Duper Slow Computer - Have I Been Hijacked?
        « Reply #5 on: February 14, 2011, 09:59:12 pm »
        ComboFix 11-02-13.04 - Flit 02/14/2011  18:26:32.1.2 - x64
        Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.4062.2593 [GMT -8:00]
        Running from: c:\users\Flit\Desktop\ComboFix.exe
        AV: Immunet Protect *Disabled/Updated* {E26D838D-778A-C93D-0B41-46E786995C11}
        AV: Norton Security Suite *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
        FW: Norton Security Suite *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
        SP: Norton Security Suite *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
        SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
        .

        (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
        .

        C:\Program Files
        c:\program files\AWS\WeatherBug\GadgetInstaller\WeatherBugGadgetSidebarInstaller.exe
        c:\program files\Bonjour\About Bonjour.lnk
        c:\program files\Bonjour\mdnsNSP.dll
        c:\program files\CCleaner\CCleaner.exe
        c:\program files\CCleaner\CCleaner64.exe
        c:\program files\CCleaner\Lang\lang-1025.dll
        c:\program files\CCleaner\Lang\lang-1026.dll
        c:\program files\CCleaner\Lang\lang-1027.dll
        c:\program files\CCleaner\Lang\lang-1028.dll
        c:\program files\CCleaner\Lang\lang-1029.dll
        c:\program files\CCleaner\Lang\lang-1030.dll
        c:\program files\CCleaner\Lang\lang-1031.dll
        c:\program files\CCleaner\Lang\lang-1032.dll
        c:\program files\CCleaner\Lang\lang-1034.dll
        c:\program files\CCleaner\Lang\lang-1035.dll
        c:\program files\CCleaner\Lang\lang-1036.dll
        c:\program files\CCleaner\Lang\lang-1037.dll
        c:\program files\CCleaner\Lang\lang-1038.dll
        c:\program files\CCleaner\Lang\lang-1040.dll
        c:\program files\CCleaner\Lang\lang-1041.dll
        c:\program files\CCleaner\Lang\lang-1042.dll
        c:\program files\CCleaner\Lang\lang-1043.dll
        c:\program files\CCleaner\Lang\lang-1044.dll
        c:\program files\CCleaner\Lang\lang-1045.dll
        c:\program files\CCleaner\Lang\lang-1046.dll
        c:\program files\CCleaner\Lang\lang-1048.dll
        c:\program files\CCleaner\Lang\lang-1049.dll
        c:\program files\CCleaner\Lang\lang-1050.dll
        c:\program files\CCleaner\Lang\lang-1051.dll
        c:\program files\CCleaner\Lang\lang-1052.dll
        c:\program files\CCleaner\Lang\lang-1053.dll
        c:\program files\CCleaner\Lang\lang-1055.dll
        c:\program files\CCleaner\Lang\lang-1058.dll
        c:\program files\CCleaner\Lang\lang-1059.dll
        c:\program files\CCleaner\Lang\lang-1060.dll
        c:\program files\CCleaner\Lang\lang-1061.dll
        c:\program files\CCleaner\Lang\lang-1063.dll
        c:\program files\CCleaner\Lang\lang-1065.dll
        c:\program files\CCleaner\Lang\lang-1066.dll
        c:\program files\CCleaner\Lang\lang-1067.dll
        c:\program files\CCleaner\Lang\lang-1068.dll
        c:\program files\CCleaner\Lang\lang-1071.dll
        c:\program files\CCleaner\Lang\lang-1079.dll
        c:\program files\CCleaner\Lang\lang-1110.dll
        c:\program files\CCleaner\Lang\lang-2052.dll
        c:\program files\CCleaner\Lang\lang-2070.dll
        c:\program files\CCleaner\Lang\lang-2074.dll
        c:\program files\CCleaner\Lang\lang-3098.dll
        c:\program files\CCleaner\Lang\lang-5146.dll
        c:\program files\CCleaner\Lang\lang-9999.dll
        c:\program files\CCleaner\uninst.exe
        c:\program files\Common Files\Apple\Mobile Device Support\Drivers\usbaapl64.cat
        c:\program files\Common Files\Apple\Mobile Device Support\Drivers\usbaapl64.inf
        c:\program files\Common Files\Apple\Mobile Device Support\Drivers\usbaapl64.sys
        c:\program files\Common Files\Apple\Mobile Device Support\Drivers\usbaaplrc.dll
        c:\program files\Common Files\Apple\Mobile Device Support\NetDrivers\netaapl64.cat
        c:\program files\Common Files\Apple\Mobile Device Support\NetDrivers\netaapl64.inf
        c:\program files\Common Files\Apple\Mobile Device Support\NetDrivers\netaapl64.sys
        c:\program files\Common Files\Apple\Mobile Device Support\NetDrivers\WdfCoInstaller01009.dll
        c:\program files\Common Files\Apple\Mobile Device Support\OutlookChangeNotifierAddIn.dll
        c:\program files\Common Files\Microsoft Shared\DW\DW20.EXE
        c:\program files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE
        c:\program files\Common Files\Microsoft Shared\Filters\msgfilt.dll
        c:\program files\Common Files\Microsoft Shared\Filters\offfiltx.dll
        c:\program files\Common Files\Microsoft Shared\ink\Alphabet.xml
        c:\program files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui
        c:\program files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui
        c:\program files\Common Files\Microsoft Shared\ink\chslm.lex.bin
        c:\program files\Common Files\Microsoft Shared\ink\chslm.wdic2.bin
        c:\program files\Common Files\Microsoft Shared\ink\chtlm.lex.bin
        c:\program files\Common Files\Microsoft Shared\ink\chtlm.wdic2.bin
        c:\program files\Common Files\Microsoft Shared\ink\Content.xml
        c:\program files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui
        c:\program files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui
        c:\program files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui
        c:\program files\Common Files\Microsoft Shared\ink\dicjp.bin
        c:\program files\Common Files\Microsoft Shared\ink\dicjp.dll
        c:\program files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui
        c:\program files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui
        c:\program files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui
        c:\program files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui
        c:\program files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui
        c:\program files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui
        c:\program files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui
        c:\program files\Common Files\Microsoft Shared\ink\en-US\IpsOptInSrv.exe.mui
        c:\program files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui
        c:\program files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui
        c:\program files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui
        c:\program files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui
        c:\program files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui
        c:\program files\Common Files\Microsoft Shared\ink\en\Microsoft.Ink.Resources.dll
        c:\program files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui
        c:\program files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui
        c:\program files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui
        c:\program files\Common Files\Microsoft Shared\ink\FlickAnimation.avi
        c:\program files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe
        c:\program files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui
        c:\program files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml
        c:\program files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml
        c:\program files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml
        c:\program files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml
        c:\program files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml
        c:\program files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml
        c:\program files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml
        c:\program files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml
        c:\program files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml
        c:\program files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml
        c:\program files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml
        c:\program files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml
        c:\program files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml
        c:\program files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml
        c:\program files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml
        c:\program files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml
        c:\program files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml
        c:\program files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml
        c:\program files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml
        c:\program files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml
        c:\program files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml
        c:\program files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml
        c:\program files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml
        c:\program files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml
        c:\program files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml
        c:\program files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml
        c:\program files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml
        c:\program files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml
        c:\program files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui
        c:\program files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui
        c:\program files\Common Files\Microsoft Shared\ink\hu-HU\tipresx.dll.mui
        c:\program files\Common Files\Microsoft Shared\ink\imchxlm.dll
        c:\program files\Common Files\Microsoft Shared\ink\imjplm.dll
        c:\program files\Common Files\Microsoft Shared\ink\InkDiv.dll
        c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
        c:\program files\Common Files\Microsoft Shared\ink\InkWatson.exe
        c:\program files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
        c:\program files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll
        c:\program files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll
        c:\program files\Common Files\Microsoft Shared\ink\IpsOptInSrv.exe
        c:\program files\Common Files\Microsoft Shared\ink\IpsPlugin.dll
        c:\program files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui
        c:\program files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui
        c:\program files\Common Files\Microsoft Shared\ink\journal.dll
        c:\program files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui
        c:\program files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui
        c:\program files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui
        c:\program files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll
        c:\program files\Common Files\Microsoft Shared\ink\mshwchs.dll
        c:\program files\Common Files\Microsoft Shared\ink\mshwchsr.dll
        c:\program files\Common Files\Microsoft Shared\ink\mshwcht.dll
        c:\program files\Common Files\Microsoft Shared\ink\mshwchtr.dll
        c:\program files\Common Files\Microsoft Shared\ink\mshwdeu.dll
        c:\program files\Common Files\Microsoft Shared\ink\mshwesp.dll
        c:\program files\Common Files\Microsoft Shared\ink\mshwfra.dll
        c:\program files\Common Files\Microsoft Shared\ink\mshwgst.dll
        c:\program files\Common Files\Microsoft Shared\ink\mshwita.dll
        c:\program files\Common Files\Microsoft Shared\ink\mshwjpn.dll
        c:\program files\Common Files\Microsoft Shared\ink\mshwjpnr.dll
        c:\program files\Common Files\Microsoft Shared\ink\mshwkor.dll
        c:\program files\Common Files\Microsoft Shared\ink\mshwkorr.dll
        c:\program files\Common Files\Microsoft Shared\ink\mshwnld.dll
        c:\program files\Common Files\Microsoft Shared\ink\mshwptb.dll
        c:\program files\Common Files\Microsoft Shared\ink\mshwuk.dll
        c:\program files\Common Files\Microsoft Shared\ink\mshwusa.dll
        c:\program files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui
        c:\program files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui
        c:\program files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui
        c:\program files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui
        c:\program files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui
        c:\program files\Common Files\Microsoft Shared\ink\ro-RO\tipresx.dll.mui
        c:\program files\Common Files\Microsoft Shared\ink\rtscom.dll
        c:\program files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui
        c:\program files\Common Files\Microsoft Shared\ink\ShapeCollector.exe
        c:\program files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui
        c:\program files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui
        c:\program files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui
        c:\program files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui
        c:\program files\Common Files\Microsoft Shared\ink\TabIpsps.dll
        c:\program files\Common Files\Microsoft Shared\ink\TabletLinks\desktop.ini
        c:\program files\Common Files\Microsoft Shared\ink\TabletLinks\Flicks Training.lnk
        c:\program files\Common Files\Microsoft Shared\ink\TabletLinks\InkBall.lnk
        c:\program files\Common Files\Microsoft Shared\ink\TabletLinks\InkWatson.lnk
        c:\program files\Common Files\Microsoft Shared\ink\TabletLinks\Pen Training.lnk
        c:\program files\Common Files\Microsoft Shared\ink\TabletLinks\ShapeCollector.lnk
        c:\program files\Common Files\Microsoft Shared\ink\TabletLinks\Sticky Notes.lnk
        c:\program files\Common Files\Microsoft Shared\ink\TabletLinks\Touch Training.lnk
        c:\program files\Common Files\Microsoft Shared\ink\TabletLinks\Windows Journal.lnk
        c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll
        c:\program files\Common Files\Microsoft Shared\ink\TabTip.exe
        c:\program files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui
        c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
        c:\program files\Common Files\Microsoft Shared\ink\TipRes.dll
        c:\program files\Common Files\Microsoft Shared\ink\tipresx.dll
        c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
        c:\program files\Common Files\Microsoft Shared\ink\tiptsf.dll
        c:\program files\Common Files\Microsoft Shared\ink\tpcps.dll
        c:\program files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui
        c:\program files\Common Files\Microsoft Shared\ink\uk-UA\tipresx.dll.mui
        c:\program files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui
        c:\program files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui
        c:\program files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui
        c:\program files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe
        c:\program files\Common Files\Microsoft Shared\OFFICE11\1033\msxml5r.dll
        c:\program files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll
        c:\program files\Common Files\Microsoft Shared\OFFICE12\msoshext.dll
        c:\program files\Common Files\Microsoft Shared\OFFICE12\MSOXEV.DLL
        c:\program files\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE
        c:\program files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
        c:\program files\Common Files\Microsoft Shared\Stationery\Bears.htm
        c:\program files\Common Files\Microsoft Shared\Stationery\Bears.jpg
        c:\program files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg
        c:\program files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif
        c:\program files\Common Files\Microsoft Shared\Stationery\Connectivity.gif
        c:\program files\Common Files\Microsoft Shared\Stationery\Desktop.ini
        c:\program files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf
        c:\program files\Common Files\Microsoft Shared\Stationery\Garden.htm
        c:\program files\Common Files\Microsoft Shared\Stationery\Garden.jpg
        c:\program files\Common Files\Microsoft Shared\Stationery\Genko_1.emf
        c:\program files\Common Files\Microsoft Shared\Stationery\Genko_2.emf
        c:\program files\Common Files\Microsoft Shared\Stationery\Graph.emf
        c:\program files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm
        c:\program files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg
        c:\program files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf
        c:\program files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf
        c:\program files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm
        c:\program files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg
        c:\program files\Common Files\Microsoft Shared\Stationery\Memo.emf
        c:\program files\Common Files\Microsoft Shared\Stationery\Monet.jpg
        c:\program files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf
        c:\program files\Common Files\Microsoft Shared\Stationery\Music.emf
        c:\program files\Common Files\Microsoft Shared\Stationery\Notebook.jpg
        c:\program files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm
        c:\program files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg
        c:\program files\Common Files\Microsoft Shared\Stationery\Peacock.htm
        c:\program files\Common Files\Microsoft Shared\Stationery\Peacock.jpg
        c:\program files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg
        c:\program files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg
        c:\program files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg
        c:\program files\Common Files\Microsoft Shared\Stationery\Roses.htm
        c:\program files\Common Files\Microsoft Shared\Stationery\Roses.jpg
        c:\program files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg
        c:\program files\Common Files\Microsoft Shared\Stationery\Seyes.emf
        c:\program files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm
        c:\program files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg
        c:\program files\Common Files\Microsoft Shared\Stationery\Shorthand.emf
        c:\program files\Common Files\Microsoft Shared\Stationery\Small_News.jpg
        c:\program files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm
        c:\program files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg
        c:\program files\Common Files\Microsoft Shared\Stationery\Stars.htm
        c:\program files\Common Files\Microsoft Shared\Stationery\Stars.jpg
        c:\program files\Common Files\Microsoft Shared\Stationery\Stucco.gif
        c:\program files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg
        c:\program files\Common Files\Microsoft Shared\Stationery\Tiki.gif
        c:\program files\Common Files\Microsoft Shared\Stationery\To_Do_List.emf
        c:\program files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg
        c:\program files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif
        c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
        c:\program files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll
        c:\program files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL
        c:\program files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        c:\program files\Common Files\Microsoft Shared\Windows Live\wlidcli.dll
        c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDRES.DLL
        c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
        c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
        c:\program files\Common Files\Services\verisign.bmp
        c:\program files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll
        c:\program files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui
        c:\program files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll
        c:\program files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll
        c:\program files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll
        c:\program files\Common Files\Symantec Shared\SEVINST64x86.EXE
        c:\program files\Common Files\System\ado\adojavas.inc
        c:\program files\Common Files\System\ado\adovbs.inc
        c:\program files\Common Files\System\ado\en-US\msader15.dll.mui
        c:\program files\Common Files\System\ado\MDACReadme.htm
        c:\program files\Common Files\System\ado\msader15.dll
        c:\program files\Common Files\System\ado\msado15.dll
        c:\program files\Common Files\System\ado\msado20.tlb
        c:\program files\Common Files\System\ado\msado21.tlb
        c:\program files\Common Files\System\ado\msado25.tlb
        c:\program files\Common Files\System\ado\msado26.tlb
        c:\program files\Common Files\System\ado\msado27.tlb
        c:\program files\Common Files\System\ado\msado28.tlb
        c:\program files\Common Files\System\ado\msadomd.dll
        c:\program files\Common Files\System\ado\msadomd28.tlb
        c:\program files\Common Files\System\ado\msador15.dll
        c:\program files\Common Files\System\ado\msadox.dll
        c:\program files\Common Files\System\ado\msadox28.tlb
        c:\program files\Common Files\System\ado\msadrh15.dll
        c:\program files\Common Files\System\DirectDB.dll
        c:\program files\Common Files\System\en-US\wab32res.dll.mui
        c:\program files\Common Files\System\msadc\adcjavas.inc
        c:\program files\Common Files\System\msadc\adcvbs.inc
        c:\program files\Common Files\System\msadc\en-US\msadcer.dll.mui
        c:\program files\Common Files\System\msadc\en-US\msadcfr.dll.mui
        c:\program files\Common Files\System\msadc\en-US\msadcor.dll.mui
        c:\program files\Common Files\System\msadc\en-US\msaddsr.dll.mui
        c:\program files\Common Files\System\msadc\en-US\msdaprsr.dll.mui
        c:\program files\Common Files\System\msadc\en-US\msdaremr.dll.mui
        c:\program files\Common Files\System\msadc\handler.reg
        c:\program files\Common Files\System\msadc\handsafe.reg
        c:\program files\Common Files\System\msadc\msadce.dll
        c:\program files\Common Files\System\msadc\msadcer.dll
        c:\program files\Common Files\System\msadc\msadcf.dll
        c:\program files\Common Files\System\msadc\msadcfr.dll
        c:\program files\Common Files\System\msadc\msadco.dll
        c:\program files\Common Files\System\msadc\msadcor.dll
        c:\program files\Common Files\System\msadc\msadcs.dll
        c:\program files\Common Files\System\msadc\msadds.dll
        c:\program files\Common Files\System\msadc\msaddsr.dll
        c:\program files\Common Files\System\msadc\msdaprsr.dll
        c:\program files\Common Files\System\msadc\msdaprst.dll
        c:\program files\Common Files\System\msadc\msdarem.dll
        c:\program files\Common Files\System\msadc\msdaremr.dll
        c:\program files\Common Files\System\msadc\msdfmap.dll
        c:\program files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui
        c:\program files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui
        c:\program files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui
        c:\program files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui
        c:\program files\Common Files\System\Ole DB\msdaosp.dll
        c:\program files\Common Files\System\Ole DB\msdaps.dll
        c:\program files\Common Files\System\Ole DB\msdasql.dll
        c:\program files\Common Files\System\Ole DB\msdasqlr.dll
        c:\program files\Common Files\System\Ole DB\msdatl3.dll
        c:\program files\Common Files\System\Ole DB\msxactps.dll
        c:\program files\Common Files\System\Ole DB\oledb32.dll
        c:\program files\Common Files\System\Ole DB\oledb32r.dll
        c:\program files\Common Files\System\Ole DB\oledbjvs.inc
        c:\program files\Common Files\System\Ole DB\oledbvbs.inc
        c:\program files\Common Files\System\Ole DB\sqloledb.dll
        c:\program files\Common Files\System\Ole DB\sqloledb.rll
        c:\program files\Common Files\System\Ole DB\sqlxmlx.dll
        c:\program files\Common Files\System\Ole DB\sqlxmlx.rll
        c:\program files\Common Files\System\wab32.dll
        c:\program files\Common Files\System\wab32res.dll
        c:\program files\desktop.ini
        c:\program files\DIFX\84B2E36983483FEB\DPInst.exe
        c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
        c:\program files\Hewlett-Packard\HP QuickTouch\HPShared.dll
        c:\program files\Hewlett-Packard\HP QuickTouch\QuickTouch.ico
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\AR\ProtectSmart Hard Drive Protection.chm
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\CS\ProtectSmart Hard Drive Protection.chm
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\DA\ProtectSmart Hard Drive Protection.chm
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\DE\ProtectSmart Hard Drive Protection.chm
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\disable.ico
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\disabled_modifier.ico
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\EL\ProtectSmart Hard Drive Protection.chm
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\EN\ProtectSmart Hard Drive Protection.chm
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\ES\ProtectSmart Hard Drive Protection.chm
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\FI\ProtectSmart Hard Drive Protection.chm
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\FR\ProtectSmart Hard Drive Protection.chm
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\hd_systray_disabled.ico
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\hd_systray_on.ico
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\hd_systray_parked.ico
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\hddrive.ico
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\hdrive_check_modifier.ico
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\hdrive_disabled_modifier.ico
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\hdrive_parked_modifier.ico
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\HE\ProtectSmart Hard Drive Protection.chm
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\HU\ProtectSmart Hard Drive Protection.chm
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\icon_SystemTray.ico
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\IT\ProtectSmart Hard Drive Protection.chm
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\JA\ProtectSmart Hard Drive Protection.chm
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\KO\ProtectSmart Hard Drive Protection.chm
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\MobileDataProtection.ico
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\MobileDataProtection_over.ico
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\NL\ProtectSmart Hard Drive Protection.chm
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\NO\ProtectSmart Hard Drive Protection.chm
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\parked_modifier.ico
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\PO\ProtectSmart Hard Drive Protection.chm
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\PSHDP_CPL64.xml
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\PSHDPVer.exe
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\pt-BR\ProtectSmart Hard Drive Protection.chm
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\pt-PT\ProtectSmart Hard Drive Protection.chm
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\RU\ProtectSmart Hard Drive Protection.chm
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\SE\ProtectSmart Hard Drive Protection.chm
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\status_disabled_15.ico
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\SV\ProtectSmart Hard Drive Protection.chm
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\SystemTrayApplet.ico
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\TR\ProtectSmart Hard Drive Protection.chm
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\zh-CHS\ProtectSmart Hard Drive Protection.chm
        c:\program files\Hewlett-Packard\ProtectSmart Hard Drive Protection\zh-TW\ProtectSmart Hard Drive Protection.chm
        c:\program files\Hewlett-Packard\SDP\HPRun.exe
        c:\program files\Hewlett-Packard\SDP\Interop.IWshRuntimeLibrary.dll
        c:\program files\Hewlett-Packard\SDP\WC.exe
        c:\program files\Hewlett-Packard\Shared\MCOEMInfo64.exe
        c:\program files\IDT\data1.cab
        c:\program files\IDT\data1.hdr
        c:\program files\IDT\data2.cab
        c:\program files\IDT\engine32.cab
        c:\program files\IDT\HDAQFE\srvrtm\us\kb888111srvrtm.exe
        c:\program files\IDT\HDAQFE\srvsp1\us\KB901105.exe
        c:\program files\IDT\HDAQFE\win2k_xp\us\kb835221.exe
        c:\program files\IDT\HDAQFE\win2k3\jpn\KB901105.exe
        c:\program files\IDT\HDAQFE\win2k3\us\kb901105.exe
        c:\program files\IDT\HDAQFE\win2ksp4\us\kb888111w2ksp4.exe
        c:\program files\IDT\HDAQFE\xpsp1\us\kb888111xpsp1.exe
        c:\program files\IDT\HDAQFE\xpsp2\us\kb888111xpsp2.exe
        c:\program files\IDT\layout.bin
        c:\program files\IDT\OEMSkin\black_close1.bmp
        c:\program files\IDT\OEMSkin\black_minimize1.bmp
        c:\program files\IDT\OEMSkin\HPSkin.xml
        c:\program files\IDT\OEMSkin\main-bkgd-default.bmp
        c:\program files\IDT\OEMSkin\mini-bkgd.bmp
        c:\program files\IDT\OEMSkin\mini-btn-sel.bmp
        c:\program files\IDT\OEMSkin\Minipanel1.xml
        c:\program files\IDT\OEMSkin\tab-in-sel.bmp
        c:\program files\IDT\OEMSkin\tab-in-unsel.bmp
        c:\program files\IDT\OEMSkin\tab-out-sel.bmp
        c:\program files\IDT\OEMSkin\tab-out-unsel.bmp
        c:\program files\IDT\OEMSkin\tab-pref-sel.bmp
        c:\program files\IDT\OEMSkin\tab-pref-unsel.bmp
        c:\program files\IDT\OEMSkin\Thumbs.db
        c:\program files\IDT\old1uninstall.iss
        c:\program files\IDT\olduninstall.iss
        c:\program files\IDT\PCAudio.ico
        c:\program files\IDT\setup.bmp
        c:\program files\IDT\setup.exe
        c:\program files\IDT\setup.ibt
        c:\program files\IDT\Setup.ini
        c:\program files\IDT\setup.inx
        c:\program files\IDT\setup.iss
        c:\program files\IDT\SP41398.CVA
        c:\program files\IDT\WDM\2hps.ico
        c:\program files\IDT\WDM\AESTAC64.dll
        c:\program files\IDT\WDM\AESTAR64.dll
        c:\program files\IDT\WDM\AESTCo64.dll
        c:\program files\IDT\WDM\AESTEC64.dll
        c:\program files\IDT\WDM\AESTSr64.exe
        c:\program files\IDT\WDM\bltinmic.ico
        c:\program files\IDT\WDM\component.man
        c:\program files\IDT\WDM\hpbeats.ico
        c:\program files\IDT\WDM\HPToneCtrls64.dll
        c:\program files\IDT\WDM\idt64mp1.exe
        c:\program files\IDT\WDM\idtcpl64.cpl
        c:\program files\IDT\WDM\IDTPMA64.exe
        c:\program files\IDT\WDM\nbspkrs.ico
        c:\program files\IDT\WDM\nbspkrsbeats.ico
        c:\program files\IDT\WDM\slcshp64.dll
        c:\program files\IDT\WDM\slh36064.dll
        c:\program files\IDT\WDM\sltshd64.dll
        c:\program files\IDT\WDM\sluapo64.dll
        c:\program files\IDT\WDM\SRS_Speaker_L.INI
        c:\program files\IDT\WDM\SRS_Speaker_S.INI
        c:\program files\IDT\WDM\SRS_Speaker1_L.INI
        c:\program files\IDT\WDM\SRS_Speaker1_S.INI
        c:\program files\IDT\WDM\staco64.dll
        c:\program files\IDT\WDM\stacsv64.exe
        c:\program files\IDT\WDM\stapi64.dll
        c:\program files\IDT\WDM\stapo64.dll
        c:\program files\IDT\WDM\stcplx64.dll
        c:\program files\IDT\WDM\stlang64.dll
        c:\program files\IDT\WDM\sttray64.exe
        c:\program files\IDT\WDM\stwrt64.cat
        c:\program files\IDT\WDM\stwrt64.inf
        c:\program files\IDT\WDM\stwrt64.ini
        c:\program files\IDT\WDM\stwrt64.PNF
        c:\program files\IDT\WDM\stwrt64.sys
        c:\program files\IDT\WDM\suhlp64.exe
        c:\program files\IDT\WDM\WRT_M4-1.INI
        c:\program files\IDT\WDM\WRT_M4-2.INI
        c:\program files\IDT\WDM\WRT_M4-3.INI
        c:\program files\IDT\WDM\WRT_M4-4.INI
        c:\program files\IDT\WDM\WRT_M4-5.INI
        c:\program files\IDT\WDM\WRT_M4-6.INI
        c:\program files\IDT\WDM\WRT_M4-7.INI
        c:\program files\IDT\WDM\WRT_M4-9.INI
        c:\program files\IDT\WDM\WRT_M4-A.INI
        c:\program files\IDT\WDM\WRT_M4-B.INI
        c:\program files\IDT\WDM\WRT_M4-C.INI
        c:\program files\IDT\WDM\WRT_M4-E.INI
        c:\program files\IDT\WDM\WRT_M4-F.INI
        c:\program files\IDT\WDM\WRT_M5-1.INI
        c:\program files\IDT\WDM\WRT_M5-2.INI
        c:\program files\IDT\WDM\WRT_M5-3.INI
        c:\program files\IDT\WDM\WRT_M5-6.INI
        c:\program files\IDT\WDM\WRT_M5-7.INI
        c:\program files\IDT\WDM\WRT_M5-9.INI
        c:\program files\IDT\WDM\WRT_M5-D.INI
        c:\program files\IDT\WDM\WRT_M6-0.INI
        c:\program files\IDT\WDM\WRT_M6-1.INI
        c:\program files\IDT\WDM\WRT_M6-2.INI
        c:\program files\IDT\WDM\WRT_M6-3.INI
        c:\program files\IDT\WDM\WRT_M6-4.INI
        c:\program files\IDT\WDM\WRT_M6-5.INI
        c:\program files\IDT\WDM\WRT_M6-6.INI
        c:\program files\IDT\WDM\WRT_M6-7.INI
        c:\program files\IDT\WDM\WRT_M6-8.INI
        c:\program files\IDT\WDM\WRT_M6-9.INI
        c:\program files\IDT\WDM\WRT_M6-A.INI
        c:\program files\IDT\WDM\WRT_M6-B.INI
        c:\program files\IDT\WDM\WRT_M6-C.INI
        c:\program files\IDT\WDM\WRT_M6-D.INI
        c:\program files\IDT\WDM\WRT_M6-E.INI
        c:\program files\IDT\WDM\WRT_M7-1.INI
        c:\program files\IDT\WDM\WRT_M7-2.INI
        c:\program files\IDT\WDM\WRT_M7-3.INI
        c:\program files\IDT\WDM\WRT_M7-4.INI
        c:\program files\IDT\WDM\WRT_M8-1.INI
        c:\program files\IDT\WDM\WRT_M8-2.INI
        c:\program files\Immunet Protect\2.0.17\agent.exe
        c:\program files\Immunet Protect\2.0.17\agent.exe.log
        c:\program files\Immunet Protect\2.0.17\creport.exe
        c:\program files\Immunet Protect\2.0.17\dcf.dll
        c:\program files\Immunet Protect\2.0.17\dcm.dll
        c:\program files\Immunet Protect\2.0.17\det.dll
        c:\program files\Immunet Protect\2.0.17\dhr.dll
        c:\program files\Immunet Protect\2.0.17\dmz.dll
        c:\program files\Immunet Protect\2.0.17\dqr.dll
        c:\program files\Immunet Protect\2.0.17\dre.dll
        c:\program files\Immunet Protect\2.0.17\drh.dll
        c:\program files\Immunet Protect\2.0.17\driver\ip\immunetprotect.cat
        c:\program files\Immunet Protect\2.0.17\driver\ip\immunetprotect.inf
        c:\program files\Immunet Protect\2.0.17\driver\ip\immunetprotect.sys
        c:\program files\Immunet Protect\2.0.17\driver\is\immunetselfprotect.cat
        c:\program files\Immunet Protect\2.0.17\driver\is\immunetselfprotect.inf
        c:\program files\Immunet Protect\2.0.17\driver\is\immunetselfprotect.sys
        c:\program files\Immunet Protect\2.0.17\drs.dll
        c:\program files\Immunet Protect\2.0.17\dsl.dll
        c:\program files\Immunet Protect\2.0.17\dsp.dll
        c:\program files\Immunet Protect\2.0.17\dti.dll
        c:\program files\Immunet Protect\2.0.17\dut.dll
        c:\program files\Immunet Protect\2.0.17\dxm.dll
        c:\program files\Immunet Protect\2.0.17\global.xml
        c:\program files\Immunet Protect\2.0.17\immpro_install.log
        c:\program files\Immunet Protect\2.0.17\ipsupporttool.exe
        c:\program files\Immunet Protect\2.0.17\iptray.exe
        c:\program files\Immunet Protect\2.0.17\libeay32.dll
        c:\program files\Immunet Protect\2.0.17\ssleay32.dll
        c:\program files\Immunet Protect\2.0.17\uninstall.exe
        c:\program files\Immunet Protect\2.0.17\updater.exe
        c:\program files\Immunet Protect\cache.db
        c:\program files\Immunet Protect\history.db
        c:\program files\Immunet Protect\ips.exe
        c:\program files\Immunet Protect\local.xml
        c:\program files\Immunet Protect\tetra\avxdisk.dll
        c:\program files\Immunet Protect\tetra\bdcore.dll
        c:\program files\Immunet Protect\tetra\BDUpdateServiceCom.dll
        c:\program files\Immunet Protect\tetra\driverctrl.exe
        c:\program files\Immunet Protect\tetra\Plugins\update.txt
        c:\program files\Immunet Protect\tetra\scan.dll
        c:\program files\Immunet Protect\tetra\setloadorder.exe
        c:\program files\Immunet Protect\update\bdcore.dll
        c:\program files\Internet Explorer\en-US\eula.rtf
        c:\program files\Internet Explorer\en-US\hmmapi.dll.mui
        c:\program files\Internet Explorer\en-US\iedvtool.dll.mui
        c:\program files\Internet Explorer\en-US\ieinstal.exe.mui
        c:\program files\Internet Explorer\en-US\ielowutil.exe.mui
        c:\program files\Internet Explorer\en-US\iexplore.exe.mui
        c:\program files\Internet Explorer\en-US\jsdbgui.dll.mui
        c:\program files\Internet Explorer\en-US\jsdebuggeride.dll.mui
        c:\program files\Internet Explorer\en-US\JSProfilerCore.dll.mui
        c:\program files\Internet Explorer\en-US\jsprofilerui.dll.mui
        c:\program files\Internet Explorer\hmmapi.dll
        c:\program files\Internet Explorer\ie8props.propdesc
        c:\program files\Internet Explorer\iecleanup.exe
        c:\program files\Internet Explorer\iecompat.dll
        c:\program files\Internet Explorer\iedvtool.dll
        c:\program files\Internet Explorer\ieinstal.exe
        c:\program files\Internet Explorer\ielowutil.exe
        c:\program files\Internet Explorer\ieproxy.dll
        c:\program files\Internet Explorer\IEShims.dll
        c:\program files\Internet Explorer\iexplore.exe
        c:\program files\Internet Explorer\jsdbgui.dll
        c:\program files\Internet Explorer\jsdebuggeride.dll
        c:\program files\Internet Explorer\JSProfilerCore.dll
        c:\program files\Internet Explorer\jsprofilerui.dll
        c:\program files\Internet Explorer\msdbg2.dll
        c:\program files\Internet Explorer\pdm.dll
        c:\program files\Internet Explorer\SIGNUP\install.ins
        c:\program files\Internet Explorer\sqmapi.dll
        c:\program files\iPod\Acknowledgements.rtf
        c:\program files\iPod\bin\iPodService.exe
        c:\program files\iPod\bin\iPodService.Resources\da.lproj\iPodServiceLocalized.dll
        c:\program files\iPod\bin\iPodService.Resources\de.lproj\iPodServiceLocalized.dll
        c:\program files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll
        c:\program files\iPod\bin\iPodService.Resources\en_GB.lproj\iPodServiceLocalized.dll
        c:\program files\iPod\bin\iPodService.Resources\es.lproj\iPodServiceLocalized.dll
        c:\program files\iPod\bin\iPodService.Resources\fi.lproj\iPodServiceLocalized.dll
        c:\program files\iPod\bin\iPodService.Resources\fr.lproj\iPodServiceLocalized.dll
        c:\program files\iPod\bin\iPodService.Resources\iPodService.dll
        c:\program files\iPod\bin\iPodService.Resources\it.lproj\iPodServiceLocalized.dll
        c:\program files\iPod\bin\iPodService.Resources\ja.lproj\iPodServiceLocalized.dll
        c:\program files\iPod\bin\iPodService.Resources\ko.lproj\iPodServiceLocalized.dll
        c:\program files\iPod\bin\iPodService.Resources\nb.lproj\iPodServiceLocalized.dll
        c:\program files\iPod\bin\iPodService.Resources\nl.lproj\iPodServiceLocalized.dll
        c:\program files\iPod\bin\iPodService.Resources\pl.lproj\iPodServiceLocalized.dll
        c:\program files\iPod\bin\iPodService.Resources\pt.lproj\iPodServiceLocalized.dll
        c:\program files\iPod\bin\iPodService.Resources\pt_PT.lproj\iPodServiceLocalized.dll
        c:\program files\iPod\bin\iPodService.Resources\ru.lproj\iPodServiceLocalized.dll
        c:\program files\iPod\bin\iPodService.Resources\sv.lproj\iPodServiceLocalized.dll
        c:\program files\iPod\bin\iPodService.Resources\zh_CN.lproj\iPodServiceLocalized.dll
        c:\program files\iPod\bin\iPodService.Resources\zh_TW.lproj\iPodServiceLocalized.dll
        c:\program files\iTunes\iPodUpdaterExt.dll
        c:\program files\iTunes\iTunesMiniPlayer.dll
        c:\program files\iTunes\iTunesMiniPlayer.Resources\da.lproj\iTunesMiniPlayerLocalized.dll
        c:\program files\iTunes\iTunesMiniPlayer.Resources\de.lproj\iTunesMiniPlayerLocalized.dll
        c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
        c:\program files\iTunes\iTunesMiniPlayer.Resources\en_GB.lproj\iTunesMiniPlayerLocalized.dll
        c:\program files\iTunes\iTunesMiniPlayer.Resources\es.lproj\iTunesMiniPlayerLocalized.dll
        c:\program files\iTunes\iTunesMiniPlayer.Resources\fi.lproj\iTunesMiniPlayerLocalized.dll
        c:\program files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll
        c:\program files\iTunes\iTunesMiniPlayer.Resources\it.lproj\iTunesMiniPlayerLocalized.dll
        c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
        c:\program files\iTunes\iTunesMiniPlayer.Resources\ja.lproj\iTunesMiniPlayerLocalized.dll
        c:\program files\iTunes\iTunesMiniPlayer.Resources\ko.lproj\iTunesMiniPlayerLocalized.dll
        c:\program files\iTunes\iTunesMiniPlayer.Resources\nb.lproj\iTunesMiniPlayerLocalized.dll
        c:\program files\iTunes\iTunesMiniPlayer.Resources\nl.lproj\iTunesMiniPlayerLocalized.dll
        c:\program files\iTunes\iTunesMiniPlayer.Resources\pl.lproj\iTunesMiniPlayerLocalized.dll
        c:\program files\iTunes\iTunesMiniPlayer.Resources\pt.lproj\iTunesMiniPlayerLocalized.dll
        c:\program files\iTunes\iTunesMiniPlayer.Resources\pt_PT.lproj\iTunesMiniPlayerLocalized.dll
        c:\program files\iTunes\iTunesMiniPlayer.Resources\ru.lproj\iTunesMiniPlayerLocalized.dll
        c:\program files\iTunes\iTunesMiniPlayer.Resources\sv.lproj\iTunesMiniPlayerLocalized.dll
        c:\program files\iTunes\iTunesMiniPlayer.Resources\zh_CN.lproj\iTunesMiniPlayerLocalized.dll
        c:\program files\iTunes\iTunesMiniPlayer.Resources\zh_TW.lproj\iTunesMiniPlayerLocalized.dll
        c:\program files\iTunes\iTunesOutlookAddIn.dll
        c:\program files\LSI SoftModem\agr64svc.exe
        c:\program files\Microsoft Games\Chess\Chess.dll
        c:\program files\Microsoft Games\Chess\Chess.exe
        c:\program files\Microsoft Games\Chess\ChessMCE.lnk
        c:\program files\Microsoft Games\Chess\ChessMCE.png
        c:\program files\Microsoft Games\Chess\desktop.ini
        c:\program files\Microsoft Games\Chess\en-US\Chess.exe.mui
        c:\program files\Microsoft Games\FreeCell\desktop.ini
        c:\program files\Microsoft Games\FreeCell\en-US\FreeCell.exe.mui
        c:\program files\Microsoft Games\FreeCell\FreeCell.exe
        c:\program files\Microsoft Games\FreeCell\FreeCellMCE.lnk
        c:\program files\Microsoft Games\FreeCell\FreeCellMCE.png
        c:\program files\Microsoft Games\Hearts\desktop.ini
        c:\program files\Microsoft Games\Hearts\en-US\Hearts.exe.mui
        c:\program files\Microsoft Games\Hearts\Hearts.exe
        c:\program files\Microsoft Games\Hearts\HeartsMCE.lnk
        c:\program files\Microsoft Games\Hearts\HeartsMCE.png
        c:\program files\Microsoft Games\inkball\en-US\inkball.exe.mui
        c:\program files\Microsoft Games\inkball\inkball.exe
        c:\program files\Microsoft Games\Mahjong\desktop.ini
        c:\program files\Microsoft Games\Mahjong\en-US\Mahjong.exe.mui
        c:\program files\Microsoft Games\Mahjong\Mahjong.dll
        c:\program files\Microsoft Games\Mahjong\Mahjong.exe
        c:\program files\Microsoft Games\Mahjong\MahjongMCE.lnk
        c:\program files\Microsoft Games\Mahjong\MahjongMCE.png
        c:\program files\Microsoft Games\Minesweeper\en-US\Minesweeper.exe.mui
        c:\program files\Microsoft Games\Minesweeper\MineSweeper.dll
        c:\program files\Microsoft Games\Minesweeper\MineSweeper.exe
        c:\program files\Microsoft Games\Purble Place\desktop.ini
        c:\program files\Microsoft Games\Purble Place\en-US\PurblePlace.exe.mui
        c:\program files\Microsoft Games\Purble Place\PurblePlace.dll
        c:\program files\Microsoft Games\Purble Place\PurblePlace.exe
        c:\program files\Microsoft Games\Purble Place\PurblePlace2.dll
        c:\program files\Microsoft Games\Purble Place\PurblePlaceMCE.lnk
        c:\program files\Microsoft Games\Purble Place\PurblePlaceMCE.png
        c:\program files\Microsoft Games\Solitaire\desktop.ini
        c:\program files\Microsoft Games\Solitaire\en-US\Solitaire.exe.mui
        c:\program files\Microsoft Games\Solitaire\Solitaire.exe
        c:\program files\Microsoft Games\Solitaire\SolitaireMCE.lnk
        c:\program files\Microsoft Games\Solitaire\SolitaireMCE.png
        c:\program files\Microsoft Games\SpiderSolitaire\desktop.ini
        c:\program files\Microsoft Games\SpiderSolitaire\en-US\SpiderSolitaire.exe.mui
        c:\program files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
        c:\program files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.lnk
        c:\program files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.png
        c:\program files\Microsoft Office\Office12\1033\Mso Example Intl Setup File A.txt
        c:\program files\Microsoft Office\Office12\1033\Mso Example Intl Setup File B.txt
        c:\program files\Microsoft Office\Office12\Mso Example Setup File A.txt
        c:\program files\Microsoft Office\Office12\MSOHEVI.DLL
        c:\program files\Microsoft Office\Office12\ONFILTER.DLL
        c:\program files\Microsoft Office\Office12\VISSHE.DLL

        Offline Hoov

        • Malware Removal Mentors
        • Global Moderator
        • Diamond Member
        • Posts: 25201
        • Unwilling part owner of Gov't. Motors and Chrysler
          • Hoov's Personal Site
        Re: [In Progress] Super Duper Slow Computer - Have I Been Hijacked?
        « Reply #6 on: February 14, 2011, 10:19:10 pm »
        How much more of the combofix log is there?  Did it make any difference?

        Consumer Security

        If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

        Offline darlene

        • Bronze Member
        • Posts: 9
        Re: [In Progress] Super Duper Slow Computer - Have I Been Hijacked?
        « Reply #7 on: February 14, 2011, 10:25:52 pm »
        Sorry Hoov,
        I've been trying to cut and paste results of the Combofix log........whoa, way too big?!?
        However there is a partial log posted in my previous reply.  That's not even half the log. (Posting that  previous reply was a mistake - Can I delete it?)

        So I've attached the file in this reply.

        Offline Hoov

        • Malware Removal Mentors
        • Global Moderator
        • Diamond Member
        • Posts: 25201
        • Unwilling part owner of Gov't. Motors and Chrysler
          • Hoov's Personal Site
        Re: [In Progress] Super Duper Slow Computer - Have I Been Hijacked?
        « Reply #8 on: February 14, 2011, 10:31:35 pm »
        No worries. Did that make any change to the way the computer is running? You must have been infected for a while.

        Consumer Security

        If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

        Offline darlene

        • Bronze Member
        • Posts: 9
        Re: [In Progress] Super Duper Slow Computer - Have I Been Hijacked?
        « Reply #9 on: February 14, 2011, 10:53:10 pm »
        It rebooted real quickly.  That was nice.

        I cannot log onto windows live mail.  It needs to be repaired.

        Internet Explorer still operated real slow (not responding).

        I'm now going to try out a few more things

        Offline Hoov

        • Malware Removal Mentors
        • Global Moderator
        • Diamond Member
        • Posts: 25201
        • Unwilling part owner of Gov't. Motors and Chrysler
          • Hoov's Personal Site
        Re: [In Progress] Super Duper Slow Computer - Have I Been Hijacked?
        « Reply #10 on: February 14, 2011, 10:59:46 pm »
        Test it out, let me know everything that is broke, and I will get some procedures for you.  Once thing I would like you to do though, is to run rkill and then Malwarebytes' Anti-Malware, but this time I want you to run a full scan with Malwarebytes' Anti-Malware instead of a quick scan. Of course you need to update it first. Use the instructions below.

        Download rkill.com to your desktop.

        Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Control Center and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by Control Center when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate Control Center . So, please try running Rkill until malware is no longer running. You will then be able to proceed with the rest of the guide.

        Do not reboot your computer after running rkill as the malware programs will start again.

        Now go ahead and run a full scan with Malwarebytes' Anti-Malware, if it finds anything, go ahead and fix it. Post the log from after the fix, or the end of the run if it finds nothing.

        Consumer Security

        If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

        Offline darlene

        • Bronze Member
        • Posts: 9
        Re: [In Progress] Super Duper Slow Computer - Have I Been Hijacked?
        « Reply #11 on: February 15, 2011, 08:33:20 pm »
        I ran RKill and it did locate one item.  (However, I have inadvertently copied over that log report.)

        I then proceeded to run MalwareBytes, and after attempting many times, I have yet to complete a scan, full or quick.

        The full scan would work for about 5 minutes, then "Not Responding" for the next 5 minutes, start again for 5 minutes, then "Not Respond" for 5 minutes.  This went on for a little over two hours, approx. 117000 items, and last I saw, found nothing.  I turned my back away from it for a minute, next thing I know the laptop shuts down and reboots. 

        I ran Rkill again and it found nothing.  Then I've attempted a few Malwarebyte quick scans and can't get even get through a minute before it locks up ("Not Responding").

        I guess I'll try Malwarebyte in safe mode.   It's not too easy for me to get online today, so I thought I'd bring you up to speed in case you can post a suggestion for the next time I can successfully login.

        Offline Hoov

        • Malware Removal Mentors
        • Global Moderator
        • Diamond Member
        • Posts: 25201
        • Unwilling part owner of Gov't. Motors and Chrysler
          • Hoov's Personal Site
        Re: [In Progress] Super Duper Slow Computer - Have I Been Hijacked?
        « Reply #12 on: February 15, 2011, 11:47:32 pm »
        Running the scan in safe mode would be my next suggestion.

        Consumer Security

        If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

        Offline darlene

        • Bronze Member
        • Posts: 9
        Re: [In Progress] Super Duper Slow Computer - Have I Been Hijacked?
        « Reply #13 on: February 18, 2011, 02:06:36 am »
        Progress!

        Here's the results of the scan ran in safe mode:
        Malwarebytes' Anti-Malware 1.50.1.1100
        www.malwarebytes.org

        Database version: 5769

        Windows 6.0.6002 Service Pack 2 (Safe Mode)
        Internet Explorer 8.0.6001.19019

        2/17/2011 3:24:57 AM
        mbam-log-2011-02-17 (03-24-57).txt

        Scan type: Full scan (C:\|D:\|)
        Objects scanned: 390383
        Time elapsed: 2 hour(s), 59 minute(s), 38 second(s)

        Memory Processes Infected: 0
        Memory Modules Infected: 0
        Registry Keys Infected: 0
        Registry Values Infected: 0
        Registry Data Items Infected: 0
        Folders Infected: 0
        Files Infected: 1

        Memory Processes Infected:
        (No malicious items detected)

        Memory Modules Infected:
        (No malicious items detected)

        Registry Keys Infected:
        (No malicious items detected)

        Registry Values Infected:
        (No malicious items detected)

        Registry Data Items Infected:
        (No malicious items detected)

        Folders Infected:
        (No malicious items detected)

        Files Infected:
        c:\Users\lindsey 2\documents\frostwire\Saved\setup\setup.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.


        There is definite improvement,  but "Not Responding" still pops up on just about everything I try to do.  From running scans (it pops on & off through out scan), opening norton to check settings, opening internet explorer and then once I'm in IE, it "not responds" when I click on favorites.  What's that all about?  Do I just need to repair/re-install programs?  or does that indicate there is still stinky stuff running on my laptop?   What do you think?
        I think there is still some yuk still going on.  What more can I do?

        Thanks again for all your help.  Just knowing you're out there, willing to help me, has helped me stay positive about getting through this.

        Offline Hoov

        • Malware Removal Mentors
        • Global Moderator
        • Diamond Member
        • Posts: 25201
        • Unwilling part owner of Gov't. Motors and Chrysler
          • Hoov's Personal Site
        Re: [In Progress] Super Duper Slow Computer - Have I Been Hijacked?
        « Reply #14 on: February 18, 2011, 08:12:25 pm »
        Do you have any other P2P programs installed like Frostwire? They all need to be uninstalled.  Take a look at this post, http://spywarehammer.com/simplemachinesforum/index.php?topic=110.0

        Do you have access to a clean computer with broadband and a CD burner?

        We need to see some information about what is happening in your machine.  Please perform the following scan:
        • Download DDS by sUBs from one of the following links.  Save it to your desktop.
        • Double click on the DDS icon, allow it to run.
        • A small box will open, with an explaination about the tool.  No input is needed, the scan is running.
        • Notepad will open with the results.
        • Please copy and paste both logs into your next response. You may need more than one response.
        • Close the program window, and delete the program from your desktop.
        Please note:  You may have to disable any script protection running if the scan fails to run.  After downloading the tool, disconnect from the internet and disable all antivirus protection.  Run the scan, enable your A/V and reconnect to the internet. 

        Information on A/V control HERE




        Consumer Security

        If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!