Author Topic: [In Progress] Computer keeps hanging (Read 3081 times)

nroberts · « **on:** November 05, 2011, 09:57:29 AM »

My computer is runing so slow. Each time I click on something online it will just will seem to pause, then go to the page, then pause again. Sometimes it will just hang and I have to reboot to get out.
Below is my Hijack log. Thanks.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:40:56 AM, on 11/5/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18639)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\ico.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\Pmxmiced.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Users\CeCe\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic= ***Edited out long random character string - Hoov ***
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6245 bytes

Hoov · « **Reply #1 on:** November 05, 2011, 10:58:32 AM »

Hello, welcome to SpywareHammer.

I go by Hoov, and I will be helping you with your problem. I must ask you to do a few things for me.

First, tell me everything that you have done, if anything, to try and fix this problem.Also tell me any other problems you are having, no matter how small or long you have been dealing with them.

Second, please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

Third, follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go.

Fourth, Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

Fifth, if we start this fix, I need you to stick with me until the end. Just because your computer is running better does not mean it is fixed.

Before we start trying to fix your computer, you need to make sure your data is backed up. Also let me know of any software you have running that encrypts your harddrive.

One last thing, I need you to tell me if this computer belongs to a school or to a company or orginization of some kind. If it does, please let me know. Also tell me if there is an IT department responsible for this computer.

Now onto trying to fix your computer.

I need you to reboot windows cleanly. To do that please go to the run command and type in msconfig . Once that starts, select selective startup, and then uncheck the load startup items. Now click on the services tab, and down near the bottom of the window, check the box that says Hide all Microsoft Services now go up and uncheck all the services still listed, make sure you scroll down the list if need to unselect all the non Microsoft services. Now click apply, then click OK and reboot the computer.

Does the computer boot faster? If it does let me know and we can proceed with the repair. DON'T browse the internet in this state, only go to reputable sites as all your protection is turned off.

If it does not boot any better, run msconfig and select normal startup then click apply then OK.

Also can you tell me if you have access to another computer with broadband and a CD burner or a thumbdrive at least 1 GB in size?

nroberts · « **Reply #2 on:** November 05, 2011, 08:13:27 PM »

Hi Hoov,
Thanks for helping me. I haven't done anything to fix the problem except to run Malwarebytes and that did not show anything. No software that encrypts and this is my personal computer, my only one, no access to another one.

I tried doing the clean reboot. Followed all the instructions and then rebooted and the computer shut down but when it was trying to start up, it ended up just hanging. I had to shut it off, then started it in safe mode where i ran msconfig again and selected normal startup and it restarted.

Nroberts

Hoov · « **Reply #3 on:** November 05, 2011, 08:38:28 PM »

When you restarted in with msconfig, was it faster?

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

We need to see some information about what is happening in your machine. Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your desktop.
- DDS.scr
Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Please copy and paste both logs into your next response. You may need more than one response.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

nroberts · « **Reply #4 on:** November 06, 2011, 11:10:31 AM »

Hoov,
Using Msconfig it ended up hanging during the startup screens. I had to reboot in safe mode and set it back to normal.
here is the TDSSKiller scan
12:07:23.0958 2620   TDSS rootkit removing tool 2.6.15.0 Nov 3 2011 17:15:49
12:07:24.0285 2620   ============================================================
12:07:24.0285 2620   Current date / time: 2011/11/06 12:07:24.0285
12:07:24.0285 2620   SystemInfo:
12:07:24.0285 2620
12:07:24.0285 2620   OS Version: 6.0.6001 ServicePack: 1.0
12:07:24.0285 2620   Product type: Workstation
12:07:24.0285 2620   ComputerName: D72PV4G1
12:07:24.0285 2620   UserName: CeCe
12:07:24.0285 2620   Windows directory: C:\Windows
12:07:24.0285 2620   System windows directory: C:\Windows
12:07:24.0285 2620   Processor architecture: Intel x86
12:07:24.0285 2620   Number of processors: 2
12:07:24.0285 2620   Page size: 0x1000
12:07:24.0285 2620   Boot type: Normal boot
12:07:24.0285 2620   ============================================================
12:07:25.0362 2620   Initialize success
12:07:26.0891 3844   ============================================================
12:07:26.0891 3844   Scan started
12:07:26.0891 3844   Mode: Manual;
12:07:26.0891 3844   ============================================================
12:07:27.0343 3844   ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
12:07:27.0343 3844   ACPI - ok
12:07:27.0390 3844   adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
12:07:27.0390 3844   adp94xx - ok
12:07:27.0405 3844   adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
12:07:27.0421 3844   adpahci - ok
12:07:27.0437 3844   adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
12:07:27.0437 3844   adpu160m - ok
12:07:27.0452 3844   adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
12:07:27.0452 3844   adpu320 - ok
12:07:27.0499 3844   AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
12:07:27.0499 3844   AFD - ok
12:07:27.0530 3844   agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
12:07:27.0530 3844   agp440 - ok
12:07:27.0546 3844   aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
12:07:27.0546 3844   aic78xx - ok
12:07:27.0593 3844   aliide (e32a92e1574a467f7c762922f6162d76) C:\Windows\system32\drivers\aliide.sys
12:07:27.0593 3844   aliide - ok
12:07:27.0624 3844   amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
12:07:27.0624 3844   amdagp - ok
12:07:27.0639 3844   amdide (b52b576cb0099a62f87214f371031561) C:\Windows\system32\drivers\amdide.sys
12:07:27.0639 3844   amdide - ok
12:07:27.0655 3844   AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
12:07:27.0655 3844   AmdK7 - ok
12:07:27.0671 3844   AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
12:07:27.0671 3844   AmdK8 - ok
12:07:27.0702 3844   arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
12:07:27.0702 3844   arc - ok
12:07:27.0717 3844   arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
12:07:27.0717 3844   arcsas - ok
12:07:27.0764 3844   AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
12:07:27.0764 3844   AsyncMac - ok
12:07:27.0795 3844   atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
12:07:27.0795 3844   atapi - ok
12:07:27.0842 3844   Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
12:07:27.0842 3844   Beep - ok
12:07:27.0858 3844   blbdrive - ok
12:07:27.0889 3844   bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
12:07:27.0889 3844   bowser - ok
12:07:27.0905 3844   BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
12:07:27.0905 3844   BrFiltLo - ok
12:07:27.0920 3844   BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
12:07:27.0920 3844   BrFiltUp - ok
12:07:27.0936 3844   Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
12:07:27.0936 3844   Brserid - ok
12:07:27.0951 3844   BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
12:07:27.0951 3844   BrSerWdm - ok
12:07:27.0967 3844   BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
12:07:27.0967 3844   BrUsbMdm - ok
12:07:27.0983 3844   BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
12:07:27.0983 3844   BrUsbSer - ok
12:07:27.0998 3844   BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
12:07:27.0998 3844   BTHMODEM - ok
12:07:28.0029 3844   cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
12:07:28.0029 3844   cdfs - ok
12:07:28.0061 3844   cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
12:07:28.0061 3844   cdrom - ok
12:07:28.0092 3844   circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
12:07:28.0092 3844   circlass - ok
12:07:28.0123 3844   CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
12:07:28.0123 3844   CLFS - ok
12:07:28.0170 3844   cmdide (c177dd90b5dc1dcaa96ccece752e6f0f) C:\Windows\system32\drivers\cmdide.sys
12:07:28.0170 3844   cmdide - ok
12:07:28.0185 3844   Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\drivers\compbatt.sys
12:07:28.0185 3844   Compbatt - ok
12:07:28.0201 3844   crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
12:07:28.0201 3844   crcdisk - ok
12:07:28.0217 3844   Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
12:07:28.0217 3844   Crusoe - ok
12:07:28.0263 3844   DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
12:07:28.0263 3844   DfsC - ok
12:07:28.0326 3844   disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
12:07:28.0326 3844   disk - ok
12:07:28.0357 3844   drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
12:07:28.0357 3844   drmkaud - ok
12:07:28.0388 3844   DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
12:07:28.0404 3844   DXGKrnl - ok
12:07:28.0451 3844   e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
12:07:28.0451 3844   e1express - ok
12:07:28.0482 3844   E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
12:07:28.0482 3844   E1G60 - ok
12:07:28.0513 3844   Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
12:07:28.0513 3844   Ecache - ok
12:07:28.0560 3844   elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
12:07:28.0560 3844   elxstor - ok
12:07:28.0591 3844   exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
12:07:28.0607 3844   exfat - ok
12:07:28.0622 3844   fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
12:07:28.0638 3844   fastfat - ok
12:07:28.0685 3844   fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
12:07:28.0685 3844   fdc - ok
12:07:28.0700 3844   FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
12:07:28.0700 3844   FileInfo - ok
12:07:28.0731 3844   Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
12:07:28.0747 3844   Filetrace - ok
12:07:28.0747 3844   flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
12:07:28.0747 3844   flpydisk - ok
12:07:28.0794 3844   FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
12:07:28.0794 3844   FltMgr - ok
12:07:28.0809 3844   Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
12:07:28.0809 3844   Fs_Rec - ok
12:07:28.0825 3844   gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
12:07:28.0825 3844   gagp30kx - ok
12:07:28.0872 3844   HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:07:28.0872 3844   HDAudBus - ok
12:07:28.0887 3844   HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
12:07:28.0887 3844   HidBth - ok
12:07:28.0903 3844   HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
12:07:28.0903 3844   HidIr - ok
12:07:28.0934 3844   HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
12:07:28.0934 3844   HidUsb - ok
12:07:28.0965 3844   HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
12:07:28.0965 3844   HpCISSs - ok
12:07:29.0028 3844   HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
12:07:29.0028 3844   HSF_DPV - ok
12:07:29.0043 3844   HSXHWBS2 (ed98350ecd4a5a9c9f1e641c09872bb2) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
12:07:29.0059 3844   HSXHWBS2 - ok
12:07:29.0075 3844   HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
12:07:29.0090 3844   HTTP - ok
12:07:29.0106 3844   i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
12:07:29.0106 3844   i2omp - ok
12:07:29.0137 3844   i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
12:07:29.0137 3844   i8042prt - ok
12:07:29.0168 3844   iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
12:07:29.0168 3844   iaStor - ok
12:07:29.0184 3844   iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
12:07:29.0184 3844   iaStorV - ok
12:07:29.0262 3844   igfx (bbace0293b73bf8c7cb591f2d06f26fa) C:\Windows\system32\DRIVERS\igdkmd32.sys
12:07:29.0262 3844   igfx - ok
12:07:29.0324 3844   iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
12:07:29.0324 3844   iirsp - ok
12:07:29.0387 3844   IntcAzAudAddService (4eae74c8bcbca309a5d7cbad7e231427) C:\Windows\system32\drivers\RTKVHDA.sys
12:07:29.0402 3844   IntcAzAudAddService - ok
12:07:29.0433 3844   intelide (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\DRIVERS\intelide.sys
12:07:29.0433 3844   intelide - ok
12:07:29.0449 3844   intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
12:07:29.0449 3844   intelppm - ok
12:07:29.0496 3844   IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:07:29.0496 3844   IpFilterDriver - ok
12:07:29.0496 3844   IpInIp - ok
12:07:29.0511 3844   IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
12:07:29.0527 3844   IPMIDRV - ok
12:07:29.0558 3844   IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
12:07:29.0558 3844   IPNAT - ok
12:07:29.0589 3844   IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
12:07:29.0589 3844   IRENUM - ok
12:07:29.0605 3844   isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
12:07:29.0605 3844   isapnp - ok
12:07:29.0636 3844   iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
12:07:29.0636 3844   iScsiPrt - ok
12:07:29.0652 3844   iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
12:07:29.0652 3844   iteatapi - ok
12:07:29.0667 3844   iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
12:07:29.0667 3844   iteraid - ok
12:07:29.0699 3844   kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:07:29.0699 3844   kbdclass - ok
12:07:29.0699 3844   kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
12:07:29.0714 3844   kbdhid - ok
12:07:29.0745 3844   KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
12:07:29.0745 3844   KSecDD - ok
12:07:29.0777 3844   lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
12:07:29.0777 3844   lltdio - ok
12:07:29.0823 3844   LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
12:07:29.0823 3844   LSI_FC - ok
12:07:29.0839 3844   LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
12:07:29.0839 3844   LSI_SAS - ok
12:07:29.0870 3844   LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
12:07:29.0870 3844   LSI_SCSI - ok
12:07:29.0901 3844   luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
12:07:29.0901 3844   luafv - ok
12:07:29.0933 3844   mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
12:07:29.0933 3844   mdmxsdk - ok
12:07:29.0964 3844   megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
12:07:29.0964 3844   megasas - ok
12:07:29.0995 3844   Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
12:07:29.0995 3844   Modem - ok
12:07:30.0011 3844   monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
12:07:30.0011 3844   monitor - ok
12:07:30.0042 3844   mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
12:07:30.0042 3844   mouclass - ok
12:07:30.0042 3844   mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
12:07:30.0057 3844   mouhid - ok
12:07:30.0089 3844   MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
12:07:30.0089 3844   MountMgr - ok
12:07:30.0120 3844   MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
12:07:30.0135 3844   MpFilter - ok
12:07:30.0151 3844   mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
12:07:30.0151 3844   mpio - ok
12:07:30.0198 3844   MpKsl07a95a4c - ok
12:07:30.0198 3844   MpKsl396880d1 - ok
12:07:30.0245 3844   MpKslb28fd0da (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{83859FF2-0F91-4420-A77B-925AEB182262}\MpKslb28fd0da.sys
12:07:30.0260 3844   MpKslb28fd0da - ok
12:07:30.0291 3844   MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
12:07:30.0291 3844   MpNWMon - ok
12:07:30.0307 3844   mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
12:07:30.0307 3844   mpsdrv - ok
12:07:30.0338 3844   Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
12:07:30.0338 3844   Mraid35x - ok
12:07:30.0369 3844   MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
12:07:30.0369 3844   MRxDAV - ok
12:07:30.0401 3844   mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:07:30.0401 3844   mrxsmb - ok
12:07:30.0416 3844   mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:07:30.0432 3844   mrxsmb10 - ok
12:07:30.0447 3844   mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:07:30.0447 3844   mrxsmb20 - ok
12:07:30.0463 3844   msahci (2681302b63b318cbea6c82902ac5428c) C:\Windows\system32\drivers\msahci.sys
12:07:30.0463 3844   msahci - ok
12:07:30.0479 3844   msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
12:07:30.0479 3844   msdsm - ok
12:07:30.0525 3844   Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
12:07:30.0525 3844   Msfs - ok
12:07:30.0557 3844   msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
12:07:30.0557 3844   msisadrv - ok
12:07:30.0572 3844   MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
12:07:30.0588 3844   MSKSSRV - ok
12:07:30.0619 3844   MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
12:07:30.0619 3844   MSPCLOCK - ok
12:07:30.0635 3844   MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
12:07:30.0635 3844   MSPQM - ok
12:07:30.0650 3844   MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
12:07:30.0666 3844   MsRPC - ok
12:07:30.0681 3844   mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
12:07:30.0681 3844   mssmbios - ok
12:07:30.0697 3844   MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
12:07:30.0697 3844   MSTEE - ok
12:07:30.0713 3844   Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
12:07:30.0713 3844   Mup - ok
12:07:30.0744 3844   NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
12:07:30.0744 3844   NativeWifiP - ok
12:07:30.0791 3844   NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
12:07:30.0806 3844   NDIS - ok
12:07:30.0837 3844   NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
12:07:30.0837 3844   NdisTapi - ok
12:07:30.0853 3844   Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
12:07:30.0853 3844   Ndisuio - ok
12:07:30.0869 3844   NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
12:07:30.0884 3844   NdisWan - ok
12:07:30.0915 3844   NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
12:07:30.0915 3844   NDProxy - ok
12:07:30.0915 3844   NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
12:07:30.0915 3844   NetBIOS - ok
12:07:30.0947 3844   netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
12:07:30.0962 3844   netbt - ok
12:07:31.0009 3844   nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
12:07:31.0009 3844   nfrd960 - ok
12:07:31.0040 3844   NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:07:31.0040 3844   NisDrv - ok
12:07:31.0087 3844   Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
12:07:31.0087 3844   Npfs - ok
12:07:31.0118 3844   nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
12:07:31.0118 3844   nsiproxy - ok
12:07:31.0165 3844   Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
12:07:31.0181 3844   Ntfs - ok
12:07:31.0196 3844   ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
12:07:31.0196 3844   ntrigdigi - ok
12:07:31.0227 3844   Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
12:07:31.0227 3844   Null - ok
12:07:31.0259 3844   nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
12:07:31.0259 3844   nvraid - ok
12:07:31.0274 3844   nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
12:07:31.0274 3844   nvstor - ok
12:07:31.0305 3844   nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
12:07:31.0305 3844   nv_agp - ok
12:07:31.0321 3844   NwlnkFlt - ok
12:07:31.0321 3844   NwlnkFwd - ok
12:07:31.0352 3844   ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
12:07:31.0352 3844   ohci1394 - ok
12:07:31.0399 3844   Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
12:07:31.0399 3844   Parport - ok
12:07:31.0415 3844   partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
12:07:31.0415 3844   partmgr - ok
12:07:31.0430 3844   Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
12:07:31.0446 3844   Parvdm - ok
12:07:31.0477 3844   pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
12:07:31.0477 3844   pci - ok
12:07:31.0508 3844   pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
12:07:31.0508 3844   pciide - ok
12:07:31.0539 3844   pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
12:07:31.0539 3844   pcmcia - ok
12:07:31.0586 3844   PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
12:07:31.0586 3844   PEAUTH - ok
12:07:31.0649 3844   pmxmouse (fab495f1defeb596c44b9752a25e2a60) C:\Windows\system32\DRIVERS\pmxmouse.sys
12:07:31.0649 3844   pmxmouse - ok
12:07:31.0680 3844   pmxusblf (020eae9dfe3cd277994ce60e4c2c71cf) C:\Windows\system32\DRIVERS\pmxusblf.sys
12:07:31.0680 3844   pmxusblf - ok
12:07:31.0711 3844   PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
12:07:31.0727 3844   PptpMiniport - ok
12:07:31.0742 3844   Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
12:07:31.0742 3844   Processor - ok
12:07:31.0789 3844   PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
12:07:31.0789 3844   PSched - ok
12:07:31.0805 3844   PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
12:07:31.0805 3844   PxHelp20 - ok
12:07:31.0867 3844   ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
12:07:31.0883 3844   ql2300 - ok
12:07:31.0898 3844   ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
12:07:31.0898 3844   ql40xx - ok
12:07:31.0929 3844   QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
12:07:31.0929 3844   QWAVEdrv - ok
12:07:32.0023 3844   R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
12:07:32.0039 3844   R300 - ok
12:07:32.0070 3844   RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
12:07:32.0070 3844   RasAcd - ok
12:07:32.0101 3844   Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:07:32.0101 3844   Rasl2tp - ok
12:07:32.0117 3844   RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
12:07:32.0117 3844   RasPppoe - ok
12:07:32.0148 3844   RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
12:07:32.0148 3844   RasSstp - ok
12:07:32.0179 3844   rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
12:07:32.0179 3844   rdbss - ok
12:07:32.0195 3844   RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:07:32.0195 3844   RDPCDD - ok
12:07:32.0241 3844   rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
12:07:32.0241 3844   rdpdr - ok
12:07:32.0257 3844   RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
12:07:32.0257 3844   RDPENCDD - ok
12:07:32.0288 3844   RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
12:07:32.0288 3844   RDPWD - ok
12:07:32.0335 3844   rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
12:07:32.0335 3844   rspndr - ok
12:07:32.0366 3844   sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
12:07:32.0366 3844   sbp2port - ok
12:07:32.0397 3844   secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:07:32.0413 3844   secdrv - ok
12:07:32.0429 3844   Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
12:07:32.0429 3844   Serenum - ok
12:07:32.0460 3844   Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
12:07:32.0460 3844   Serial - ok
12:07:32.0475 3844   sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
12:07:32.0475 3844   sermouse - ok
12:07:32.0507 3844   sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
12:07:32.0507 3844   sffdisk - ok
12:07:32.0538 3844   sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
12:07:32.0538 3844   sffp_mmc - ok
12:07:32.0538 3844   sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
12:07:32.0538 3844   sffp_sd - ok
12:07:32.0569 3844   sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
12:07:32.0569 3844   sfloppy - ok
12:07:32.0600 3844   sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
12:07:32.0600 3844   sisagp - ok
12:07:32.0616 3844   SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
12:07:32.0616 3844   SiSRaid2 - ok
12:07:32.0631 3844   SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
12:07:32.0631 3844   SiSRaid4 - ok
12:07:32.0678 3844   Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
12:07:32.0678 3844   Smb - ok
12:07:32.0725 3844   spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
12:07:32.0725 3844   spldr - ok
12:07:32.0772 3844   srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
12:07:32.0772 3844   srv - ok
12:07:32.0803 3844   srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
12:07:32.0803 3844   srv2 - ok
12:07:32.0819 3844   srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
12:07:32.0819 3844   srvnet - ok
12:07:32.0881 3844   swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
12:07:32.0881 3844   swenum - ok
12:07:32.0912 3844   Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
12:07:32.0912 3844   Symc8xx - ok
12:07:32.0928 3844   Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
12:07:32.0928 3844   Sym_hi - ok
12:07:32.0943 3844   Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
12:07:32.0943 3844   Sym_u3 - ok
12:07:33.0006 3844   Tcpip (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\drivers\tcpip.sys
12:07:33.0021 3844   Tcpip - ok
12:07:33.0053 3844   Tcpip6 (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\DRIVERS\tcpip.sys
12:07:33.0053 3844   Tcpip6 - ok
12:07:33.0099 3844   tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
12:07:33.0099 3844   tcpipreg - ok
12:07:33.0115 3844   TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
12:07:33.0115 3844   TDPIPE - ok
12:07:33.0131 3844   TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
12:07:33.0131 3844   TDTCP - ok
12:07:33.0162 3844   tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
12:07:33.0162 3844   tdx - ok
12:07:33.0177 3844   TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
12:07:33.0193 3844   TermDD - ok
12:07:33.0224 3844   tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:07:33.0224 3844   tssecsrv - ok
12:07:33.0255 3844   tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
12:07:33.0271 3844   tunmp - ok
12:07:33.0271 3844   tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
12:07:33.0271 3844   tunnel - ok
12:07:33.0302 3844   uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
12:07:33.0302 3844   uagp35 - ok
12:07:33.0333 3844   udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
12:07:33.0333 3844   udfs - ok
12:07:33.0380 3844   uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
12:07:33.0380 3844   uliagpkx - ok
12:07:33.0411 3844   uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
12:07:33.0411 3844   uliahci - ok
12:07:33.0427 3844   UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
12:07:33.0427 3844   UlSata - ok
12:07:33.0458 3844   ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
12:07:33.0458 3844   ulsata2 - ok
12:07:33.0489 3844   umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
12:07:33.0489 3844   umbus - ok
12:07:33.0521 3844   usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\DRIVERS\usbccgp.sys
12:07:33.0521 3844   usbccgp - ok
12:07:33.0536 3844   usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
12:07:33.0536 3844   usbcir - ok
12:07:33.0567 3844   usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
12:07:33.0567 3844   usbehci - ok
12:07:33.0599 3844   usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
12:07:33.0599 3844   usbhub - ok
12:07:33.0630 3844   usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
12:07:33.0630 3844   usbohci - ok
12:07:33.0630 3844   usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
12:07:33.0645 3844   usbprint - ok
12:07:33.0661 3844   USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:07:33.0661 3844   USBSTOR - ok
12:07:33.0692 3844   usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
12:07:33.0692 3844   usbuhci - ok
12:07:33.0739 3844   vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
12:07:33.0739 3844   vga - ok
12:07:33.0770 3844   VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
12:07:33.0770 3844   VgaSave - ok
12:07:33.0786 3844   viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
12:07:33.0786 3844   viaagp - ok
12:07:33.0801 3844   ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
12:07:33.0801 3844   ViaC7 - ok
12:07:33.0817 3844   viaide (689547ce911998d1e0da7a5992e025fc) C:\Windows\system32\drivers\viaide.sys
12:07:33.0833 3844   viaide - ok
12:07:33.0848 3844   volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
12:07:33.0848 3844   volmgr - ok
12:07:33.0879 3844   volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
12:07:33.0895 3844   volmgrx - ok
12:07:33.0926 3844   volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
12:07:33.0926 3844   volsnap - ok
12:07:33.0942 3844   vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
12:07:33.0942 3844   vsmraid - ok
12:07:33.0989 3844   WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
12:07:33.0989 3844   WacomPen - ok
12:07:34.0020 3844   Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:07:34.0020 3844   Wanarp - ok
12:07:34.0035 3844   Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:07:34.0035 3844   Wanarpv6 - ok
12:07:34.0051 3844   Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
12:07:34.0051 3844   Wd - ok
12:07:34.0098 3844   Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
12:07:34.0098 3844   Wdf01000 - ok
12:07:34.0160 3844   winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
12:07:34.0176 3844   winachsf - ok
12:07:34.0207 3844   WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\drivers\wmiacpi.sys
12:07:34.0207 3844   WmiAcpi - ok
12:07:34.0254 3844   WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
12:07:34.0254 3844   WpdUsb - ok
12:07:34.0301 3844   ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
12:07:34.0301 3844   ws2ifsl - ok
12:07:34.0347 3844   WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:07:34.0347 3844   WUDFRd - ok
12:07:34.0363 3844   XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
12:07:34.0363 3844   XAudio - ok
12:07:34.0394 3844   MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
12:07:34.0410 3844   \Device\Harddisk0\DR0 - ok
12:07:34.0425 3844   Boot (0x1200) (93587212e17325f9c9aa858a9c8f9e87) \Device\Harddisk0\DR0\Partition0
12:07:34.0425 3844   \Device\Harddisk0\DR0\Partition0 - ok
12:07:34.0425 3844   Boot (0x1200) (13782bf95b1dfb7d622f100d346212f8) \Device\Harddisk0\DR0\Partition1
12:07:34.0425 3844   \Device\Harddisk0\DR0\Partition1 - ok
12:07:34.0425 3844   ============================================================
12:07:34.0425 3844   Scan finished
12:07:34.0425 3844   ============================================================
12:07:34.0441 3928   Detected object count: 0
12:07:34.0441 3928   Actual detected object count: 0

DDS scan fist log
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6001.18000
Run by CeCe at 12:08:58 on 2011-11-06
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2036.960 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\ico.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\Pmxmiced.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer provided by Dell
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080424
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080424
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [PMX Daemon] ICO.EXE
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?

lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctNzUwMjIyMTA2LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"p

rod=90"&"ver=2012.0.1831"&"mid=0cd91780f8ab47d19f3b4c7f87063cda-b3852606f8d31610eace3647d24149a3312c145d
StartupFolder: c:\users\cece\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program

files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line

detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common

files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AAF9302C-9EF3-4DB3-82D5-B3EE2A0871D0} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14

\MSOXMLMF.DLL
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008

\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKslb28fd0da;MpKslb28fd0da;c:\programdata\microsoft\microsoft antimalware\definition updates\{83859ff2-0f91-4420-a77b-

925aeb182262}\MpKslb28fd0da.sys [2011-11-6 28752]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2008-4-24 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2008-4-24 19008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319

\mscorsvw.exe [2010-3-18 130384]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft

shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319

\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-11-06 14:54:08   28752   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{83859ff2-

0f91-4420-a77b-925aeb182262}\MpKslb28fd0da.sys
2011-11-06 14:54:06   56200   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{83859ff2-

0f91-4420-a77b-925aeb182262}\offreg.dll
2011-11-06 01:47:54   --------   d-----w-   c:\windows\pss
2011-11-05 21:46:39   6668624   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{83859ff2-

0f91-4420-a77b-925aeb182262}\mpengine.dll
2011-10-11 22:35:44   439632   ------w-   c:\programdata\microsoft\microsoft antimalware\definition

updates\nisbackup\gapaengine.dll
2011-10-11 22:35:39   703824   ------w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{58cbce9a-

7855-4ee8-9777-80782a9af995}\gapaengine.dll
.
==================== Find3M ====================
.
2011-08-31 21:00:50   22216   ----a-w-   c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 12:09:12.23 ===============

nroberts · « **Reply #5 on:** November 06, 2011, 11:12:08 AM »

Here is the 2nd DDS scan
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 4/24/2008 12:21:04 PM
System Uptime: 11/6/2011 9:53:46 AM (3 hours ago)
.
Motherboard: Dell Inc. | | 0RY007
Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz | Socket 775 | 1600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 456 GiB total, 352.186 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 3.309 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0002
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0002
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0003
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0003
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0012
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0012
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0022
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0022
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0011
Manufacturer: Microsoft
Name: isatap.{B8E3D334-35D4-4E38-B9DC-9A8C14DE000A}
PNP Device ID: ROOT\*ISATAP\0011
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0041
Manufacturer: Microsoft
Name: isatap.{B8E3D334-35D4-4E38-B9DC-9A8C14DE000A}
PNP Device ID: ROOT\*ISATAP\0041
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0049
Manufacturer: Microsoft
Name: isatap.{B8E3D334-35D4-4E38-B9DC-9A8C14DE000A}
PNP Device ID: ROOT\*ISATAP\0049
Service: tunnel
.
==== System Restore Points ===================
.
RP1460: 10/16/2011 1:28:19 PM - Windows Update
RP1461: 10/17/2011 6:01:31 PM - Windows Update
RP1462: 10/18/2011 6:12:45 PM - Windows Update
RP1463: 10/19/2011 12:57:44 PM - Scheduled Checkpoint
RP1464: 10/19/2011 6:32:39 PM - Windows Update
RP1465: 10/20/2011 1:20:26 PM - Scheduled Checkpoint
RP1466: 10/20/2011 4:14:49 PM - Removed AVG 2012
RP1467: 10/20/2011 4:17:33 PM - Removed AVG 2012
RP1468: 10/20/2011 7:26:23 PM - Windows Update
RP1469: 10/22/2011 2:01:06 PM - Windows Update
RP1470: 10/23/2011 2:07:02 PM - Scheduled Checkpoint
RP1471: 10/23/2011 3:59:50 PM - Windows Update
RP1472: 10/24/2011 5:44:29 PM - Windows Update
RP1473: 10/25/2011 6:53:21 PM - Scheduled Checkpoint
RP1474: 10/25/2011 7:55:41 PM - Windows Update
RP1475: 10/26/2011 6:54:10 PM - Scheduled Checkpoint
RP1476: 10/27/2011 6:33:57 PM - Windows Update
RP1477: 10/28/2011 7:28:56 PM - Windows Update
RP1478: 10/29/2011 5:10:45 PM - Scheduled Checkpoint
RP1479: 10/29/2011 8:37:51 PM - Windows Update
RP1480: 10/30/2011 11:12:39 AM - Scheduled Checkpoint
RP1481: 10/30/2011 9:29:24 PM - Windows Update
RP1482: 10/31/2011 6:53:17 PM - Scheduled Checkpoint
RP1483: 11/1/2011 6:30:12 PM - Windows Update
RP1484: 11/2/2011 11:35:48 AM - Scheduled Checkpoint
RP1485: 11/2/2011 7:23:28 PM - Windows Update
RP1486: 11/3/2011 6:52:11 PM - Scheduled Checkpoint
RP1487: 11/4/2011 5:25:54 PM - Windows Update
RP1488: 11/5/2011 11:28:18 AM - Removed HiJackThis
RP1489: 11/5/2011 5:46:13 PM - Windows Update
RP1490: 11/6/2011 10:44:03 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Reader 8.3.0
Browser Address Error Redirector
Canon iP3500 series
Canon iP3500 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Compatibility Pack for the 2007 Office system
Conexant D850 PCI V.92 Modem
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Online
Dell Getting Started Guide
Dell Support Center (Support Software)
Digital Line Detect
getPlus(R) for Adobe
GoToAssist 8.0.0.508
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) PRO Network Connections 12.1.11.0
Java Auto Updater
Java(TM) 6 Update 23
Macromedia Dreamweaver 2
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word Viewer 2003
Microsoft Publisher 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Modem Diagnostic Tool
Mouse Suite for Desktop Computers
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Music, Photos & Videos Launcher
NetWaiting
OpenOffice.org 3.2
Product Documentation Launcher
QuickBooks Simple Start 2008
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2584066)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
SupportSoft Assisted Service
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2566458)
User's Guides
.
==== Event Viewer Messages From Past Week ========
.
11/5/2011 9:59:19 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.    Feature: Behavior Monitoring    Error Code: 0x80004005    Error description: Unspecified error     Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
11/5/2011 9:57:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC MpFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
11/5/2011 9:57:47 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/5/2011 9:57:47 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/5/2011 9:57:47 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
11/5/2011 9:57:47 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/5/2011 9:57:47 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/5/2011 9:57:47 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/5/2011 9:57:47 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/5/2011 9:57:47 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
11/5/2011 9:57:47 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/5/2011 9:57:47 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
11/5/2011 9:57:47 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/5/2011 9:57:47 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/5/2011 9:57:47 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/5/2011 9:57:47 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/5/2011 9:57:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/5/2011 9:57:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/5/2011 9:56:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/5/2011 9:56:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/5/2011 9:56:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
11/5/2011 9:56:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/5/2011 9:56:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/5/2011 9:43:57 PM, Error: Microsoft-Windows-PrintSpooler [6161] - The document http://spywarehammer.com/simplemachinesforum/index.php?PHPSESSI, owned by CeCe, failed to print on printer Canon iP3500 series. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 1507328. Number of bytes printed: 479332. Total number of pages in the document: 5. Number of pages printed: 0. Client computer: \\D72PV4G1. Win32 error code returned by the print processor: 259. No more data is available.
11/5/2011 11:31:05 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.    Feature: Behavior Monitoring    Error Code: 0x80004005    Error description: Unspecified error     Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
11/5/2011 1:32:25 PM, Error: Microsoft-Windows-PrintSpooler [6161] - The document http://images.bestbuy.com/BestBuy_US/en_US/images/abn/2010/glob, owned by CeCe, failed to print on printer Canon iP3500 series. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 55744. Number of bytes printed: 55576. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\D72PV4G1. Win32 error code returned by the print processor: 0. The operation completed successfully.
11/4/2011 5:15:54 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.    Feature: Behavior Monitoring    Error Code: 0x80004005    Error description: Unspecified error     Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
11/3/2011 5:26:29 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.    Feature: Behavior Monitoring    Error Code: 0x80004005    Error description: Unspecified error     Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
11/2/2011 10:55:54 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.    Feature: Behavior Monitoring    Error Code: 0x80004005    Error description: Unspecified error     Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
11/1/2011 6:20:02 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.    Feature: Behavior Monitoring    Error Code: 0x80004005    Error description: Unspecified error     Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/31/2011 6:09:08 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.    Feature: Behavior Monitoring    Error Code: 0x80004005    Error description: Unspecified error     Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/31/2011 6:08:42 PM, Error: EventLog [6008] - The previous system shutdown at 3:40:59 AM on 10/31/2011 was unexpected.
10/30/2011 10:40:40 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.    Feature: Behavior Monitoring    Error Code: 0x80004005    Error description: Unspecified error     Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
.
==== End Of File ===========================

Hoov · « **Reply #6 on:** November 06, 2011, 11:30:36 AM »

Please download and run AVG Removal Tool

* Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

nroberts · « **Reply #7 on:** November 06, 2011, 05:55:31 PM »

Here is the Combofix log

ComboFix 11-11-06.02 - CeCe 11/06/2011 18:43:30.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2036.996 [GMT -5:00]
Running from: c:\users\CeCe\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\CeCe\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-06 to 2011-11-06 )))))))))))))))))))))))))))))))
.
.
2011-11-06 23:48 . 2011-11-06 23:48   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-11-06 22:40 . 2011-11-06 22:40   28752   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4BAC2194-64BB-49B3-AE0B-B8091653E137}\MpKsld2aefdf0.sys
2011-11-06 22:39 . 2011-11-06 22:39   56200   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4BAC2194-64BB-49B3-AE0B-B8091653E137}\offreg.dll
2011-11-06 22:39 . 2011-10-07 03:48   6668624   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4BAC2194-64BB-49B3-AE0B-B8091653E137}\mpengine.dll
2011-10-11 22:35 . 2010-11-30 15:43   439632   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-10-11 22:35 . 2011-10-11 22:34   703824   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{58CBCE9A-7855-4EE8-9777-80782A9AF995}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 03:48 . 2011-07-28 22:36   6668624   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-31 21:00 . 2010-11-28 18:28   22216   ----a-w-   c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-11 4452352]
"PMX Daemon"="ICO.EXE" [2006-11-08 49152]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-25 129560]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-25 154136]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk&inst=NzctNzUwMjIyMTA2LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ&prod=90&ver=2012.0.1831&mid=0cd91780f8ab47d19f3b4c7f87063cda-b3852606f8d31610eace3647d24149a3312c145d" [?]
.
c:\users\CeCe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-4-24 50688]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-2-27 972064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl07a95a4c;MpKsl07a95a4c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E67E127-732C-4FB2-A780-26D55339E947}\MpKsl07a95a4c.sys

R1 MpKsl396880d1;MpKsl396880d1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CDE9B2BD-46A3-4B37-BCB0-BDC61114F820}\MpKsl396880d1.sys

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 MpKsld2aefdf0;MpKsld2aefdf0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4BAC2194-64BB-49B3-AE0B-B8091653E137}\MpKsld2aefdf0.sys [2011-11-06 28752]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 pmxmouse;pmxmouse;c:\windows\system32\DRIVERS\pmxmouse.sys [2007-06-01 18432]
S3 pmxusblf;pmxusblf;c:\windows\system32\DRIVERS\pmxusblf.sys [2007-05-24 19008]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 14820182
*NewlyCreated* - 53871494
*NewlyCreated* - 72794510
*NewlyCreated* - MPKSLD2AEFDF0
*Deregistered* - 14820182
*Deregistered* - 53871494
*Deregistered* - 72794510
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-06 18:49
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-11-06 18:51:20
ComboFix-quarantined-files.txt 2011-11-06 23:51
.
Pre-Run: 376,087,375,872 bytes free
Post-Run: 376,226,250,752 bytes free
.
- - End Of File - - 41E92AD35E0E3C8A7977161491EAD317

Hoov · « **Reply #8 on:** November 06, 2011, 05:58:20 PM »

Am I correct in assuming that the problem is still there? Are you having any other problems with the computer?

nroberts · « **Reply #9 on:** November 06, 2011, 06:20:01 PM »

Yes, the problem is still there. There have not been any other problems that I have noticed.

Hoov · « **Reply #10 on:** November 06, 2011, 09:48:07 PM »

1.Download and scan with CCleaner
When you get to the website, there is a dark grey box on the left side with two tabs along the top. Inside this Dark Grey box is a light grey box. Below that light grey box is where the download links are at. The pay amount is for paid support.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:

Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
Clean all the entries in the "Windows Explorer" section.
Clean all entries in the "System" section.
Clean all entries in the "Advanced" section.
Clean any others that you choose.

In the Applications Tab:

Clean all except cookies in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

Reboot the computer and let me know how it runs.

I need you to go to the administration tools in Vista. They are in the Control Panel. Open the Admin tools, then open the event viewer. Over on the left hand side expand the window category and then click on System. Then up at the top click on Action and then click on Save Events As, type in system as the file name, make sure file type EVTX is selected, and then navigate so it will save the file to your desktop, then click save. Over on the left hand side and click on Application. Then up at the top click on Action and then click on Save Events As, type in application as the file name, make sure file type EVTX is selected, and then navigate so it will save the file to your desktop, then click save. Zip them both up into a single zip file, post them back here in your next reply as attachments.

nroberts · « **Reply #11 on:** November 08, 2011, 06:44:04 PM »

Hoov,
Have not had time to run the CCleaner, but will definately do it later tonite or in the morning.
Thanks for your patience.

nroberts

nroberts · « **Reply #12 on:** November 09, 2011, 05:44:43 PM »

The CCleaner did not help the problem. When I try to attach the EVTX zip file it won't let me, saying it is taking too long or that it is too big. One is 2.64MB and the other 2.70 MB.

Hoov · « **Reply #13 on:** November 09, 2011, 06:42:10 PM »

I have sent you a PM on what to do with the logs.

You say your computer is running slow, is it only online or does it load programs slowly and run them slowly as well?

nroberts · « **Reply #14 on:** November 09, 2011, 08:10:50 PM »

It is online. I rarely use the other programs on my computer.
nroberts

News:

Author Topic: [In Progress] Computer keeps hanging (Read 3081 times)

nroberts

[In Progress] Computer keeps hanging

Hoov

Re: [In Progress] Computer keeps hanging

nroberts

Re: [In Progress] Computer keeps hanging

Hoov

Re: [In Progress] Computer keeps hanging

nroberts

Re: [In Progress] Computer keeps hanging

nroberts

Re: [In Progress] Computer keeps hanging

Hoov

Re: [In Progress] Computer keeps hanging

nroberts

Re: [In Progress] Computer keeps hanging

Hoov

Re: [In Progress] Computer keeps hanging

nroberts

Re: [In Progress] Computer keeps hanging

Hoov

Re: [In Progress] Computer keeps hanging

nroberts

Re: [In Progress] Computer keeps hanging

nroberts

Re: [In Progress] Computer keeps hanging

Hoov

Re: [In Progress] Computer keeps hanging

nroberts

Re: [In Progress] Computer keeps hanging