# HELP!! I have 100% CPU Usage



## Vaishali (Jul 23, 2011)

I have 100% CPU Usage even when none or one application is running. Please find attached a print screen of the task manager processes report.
I did a complete PC check via MSE scan last night. It reported one virus (Worm: Win32/Dorbot.A) and which was removed. I believe my laptop is clean of malaware and virus. My laptop is also running v slow. Please help!


----------



## Vaishali (Jul 23, 2011)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:32:25 PM, on 3/8/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NEW\SuperAntiSpyware\SASCORE.EXE
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\NEW\Photon\VME101\TTSL Olive VME101 Dialer Ver 1.1.4 Release 000.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\NEW\SuperAntiSpyware\a626c89d-a234-4c75-a0df-6aa2b1874249.com
C:\Program Files\Microsoft Security Client\msseces.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TATA Photon+ Dialer] "C:\Program Files\NEW\Photon\VME101\TTSL Olive VME101 Dialer Ver 1.1.4 Release 000.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\NEW\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\NEW\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\NEW\YahooMessenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\NEW\YahooMessenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B98D282D-EE05-4104-9832-DE297568A9B4}: NameServer = 4.2.2.3 121.242.190.180
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\NEW\SuperAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\NEW\SuperAntiSpyware\SASCORE.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
--
End of file - 5705 bytes


----------



## blues_harp28 (Jan 9, 2005)

You have again posted in 2 forums.
Duplicate post here.
http://forums.techguy.org/windows-xp/1044329-help-i-have-100-cpu.html


----------



## blues_harp28 (Jan 9, 2005)

Continue with your post in the Xp Forum.

If we need to - we will ask a Malware expert to check your hjt logs etc.


----------



## Vaishali (Jul 23, 2011)

Hi Blues_harp28,
XP Forum has advised me of suspected malaware and there is a bit saying I should continue here. I am confused. Pls advise!


----------



## kevinf80 (Mar 21, 2006)

Do you know of or reconize this entry from your HJT log:

*C:\Program Files\NEW\SuperAntiSpyware\a626c89d-a234-4c75-a0df-6aa2b1874249.com*

That is the entry that is using 65% CPU in your Taskmanager screen shot, the other entry using 23% is Windows Defender


----------



## Vaishali (Jul 23, 2011)

Hi Kevin,
Yes, I know this entry. It must be the free version of antispyware tool installed on my PC. What should I do now. I am not technically savvy. Pls detail the steps for me.
Thanks,


kevinf80 said:


> Do you know of or reconize this entry from your HJT log:
> 
> *C:\Program Files\NEW\SuperAntiSpyware\a626c89d-a234-4c75-a0df-6aa2b1874249.com*
> 
> That is the entry that is using 65% CPU in your Taskmanager screen shot, the other entry using 23% is Windows Defender


----------



## Vaishali (Jul 23, 2011)

My system has gone DEAD SLOW since yesterday. IE does not shut down. No application that I open shuts down. If I shut it down then I get following error:

Dumpprep.exe
This application failed to close as windows station is shutting down

Even if no application is working the CPU continues to show at 100%. Find attached a new task manager report and the Hijack This log today is as follows:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:23:24 PM, on 3/9/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NEW\SuperAntiSpyware\SASCORE.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TATA Photon+ Dialer] "C:\Program Files\NEW\Photon\VME101\TTSL Olive VME101 Dialer Ver 1.1.4 Release 000.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\NEW\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\NEW\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\NEW\YahooMessenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\NEW\YahooMessenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\NEW\SuperAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\NEW\SuperAntiSpyware\SASCORE.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
--
End of file - 5455 bytes


----------



## kevinf80 (Mar 21, 2006)

Boot into safe mode and uninstall SuperAntiSpyware, it appears to be clashing with Windows Defender.

Re-boot your PC, continuously tap the F8 key until you see the Windows Advanced Menu, from the Options select Safe Mode, follow the prompts.
Your Desktop will look different, icons will be bigger etc, do not worry that is normal. 

Navaigate > Start > Control Panel > Add/Remove Programs, Uninstall SuperAntiSpyware.... Boot back to normal mode

See how your system responds now, one other point SP3 is definitely needed when this is sorted out

Kevin


----------



## kevinf80 (Mar 21, 2006)

We cross posted there so have just seen your last reply, you did not attach new Taskmanager shot..


----------



## Vaishali (Jul 23, 2011)

Sorry about this Kevin but pls find the Task Manager Report snapshot attached.


kevinf80 said:


> We cross posted there so have just seen your last reply, you did not attach new Taskmanager shot..


----------



## Vaishali (Jul 23, 2011)

Hi Kevin,
I am just a technical dudd. can I just go to Control Panel and remove Super Anti Spyware?
Also, once Super Anti Spyware is removed, how will I scan my PC for malaware?
Thanks!


kevinf80 said:


> Boot into safe mode and uninstall SuperAntiSpyware, it appears to be clashing with Windows Defender.
> 
> Re-boot your PC, continuously tap the F8 key until you see the Windows Advanced Menu, from the Options select Safe Mode, follow the prompts.
> Your Desktop will look different, icons will be bigger etc, do not worry that is normal.
> ...


----------



## kevinf80 (Mar 21, 2006)

Leave SAS for now and run the following:

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

*Link 1*
*Link 2*


 Ensure that Combofix is saved directly to the Desktop * <--- Very important*

 Disable all security programs as they will have a negative effect on Combofix, instructions available *Here* if required. Be aware the list may not have all programs listed, if you need more help please ask.

 Close any open browsers and any other programs you might have running

 Double click the







icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)

 Instructions for running Combofix available *Here* if required.

 If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.

 When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

*******Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze* ******

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read *Here* why disabling autoruns is recommended.

*EXTRA NOTES*

 If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
 If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
 If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin


----------



## Vaishali (Jul 23, 2011)

Hi Kevin, 

My computer has virus. It went completely dead today. So dead that I was unable to connect to combo-fix website for download of the tool. I closed my PC and re-logged back in.

I removed SAS. I switched on my PC. I got a pop-up "new hardware found wizard" which tried to connect to the internet to download drivers but the wizard was unable to connect to the internet and all my problems start after the wizard pops up. This wizard is the virus/malaware.
I ran the combo fix and have attached the log.

Thanks in advance!


----------



## kevinf80 (Mar 21, 2006)

Thanks for the log, only attach logs when specifically requested, copy and paste to your reply...

Run the following:

*Run ESET Online Scan*

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
*ESET OnlineScan*
Click the







button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on







to download the ESET Smart Installer. *Save* it to your desktop.
Double click on the







icon on your desktop.

Check 








Click the







button.
Accept any security warnings from your browser.
Check








*Leave the tick out of remove found threats*
Push the *Start* button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push








Push







, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the







button.
Push








You can refer to *this animation* by *neomage* if needed.
Frequently asked questions available *Here* *Please read them before running the scan.*

*Also be aware this scan can take several hours to complete depending on the size of your system.*

ESET log can be found here *"C:\Program Files\ESET\EsetOnlineScanner\log.txt".*


----------



## Vaishali (Jul 23, 2011)

Eset Online Scan did not generate any log. It said my computer is clean!
Pls advise hot to remove Combofix from my PC as unistall /combofix is not working. Pls also advise if I should re-install SAS as I dont have any anti-antimalware on my PC now.


----------



## kevinf80 (Mar 21, 2006)

Who told you to uninstall Combofix. Regarding SuperAntiSpyware, yes re-install if you want.

Perform the following scan, if logs are clean i`ll tell you how to UNinstall Combofix:


Download *DDS* by sUBs from one of the following links. Save it to your desktop.
*DDS.com*
*DDS.scr*
*DDS.pif*

Double click on the *DDS* icon, allow it to run.
A small box will open, with an explanation about the tool. 
When done, DDS will open two (2) logs
1. DDS.txt
2. Attach.txt
 Save both reports to your desktop.
 The instructions here ask you to attach the Attach.txt.









*Instead of attaching, please copy/past both logs into your next reply.*
Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet. 
Information on A/V control *HERE*


----------



## Vaishali (Jul 23, 2011)

Hi,
The ComboFix download URl, u sent to me gave instructions of uninstalling ComboFix at the bottom of the page. I though I was only doing what you had sent/advised.

My PC has some issues still. When I switch it on, it works for about 20 minutes and then hangs up. I have to restart for my PC to work again.

I suspect, it still has virus but I am not sure as ESET gave it a clean chit!
Pls help or shall I remove Combofix now?

BR,
Vaishali


----------



## kevinf80 (Mar 21, 2006)

You have waited 2 weeks to make a reply? Run the scan I asked for on the 18th March, copy and paste both logs to your reply.........


----------



## Vaishali (Jul 23, 2011)

Hi Kevin,
Sorry for the delay but I was travelling overseas for a court case and buried in work. I did not have time to access my machine. I shal run the scan as advised and post the logs in a bit.
Thanks


----------



## kevinf80 (Mar 21, 2006)

Okey Dokey


----------



## Vaishali (Jul 23, 2011)

Hi Kevin,
Pls also meanwhile see my 100% CPU usage report attached. Within 10 mnts of starting my laptop, I am on 100% CPu usage.
Br,


----------



## Vaishali (Jul 23, 2011)

DDS Text
.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.3.1
Run by Vaishali Sood at 13:05:33 on 2012-04-04
.
============== Running Processes ===============
.
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Vaishali Sood\Desktop\dds.com
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - JQSIEStartDetectorImpl Class
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\vaishali sood\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TATA Photon+ Dialer] "c:\program files\new\photon\vme101\TTSL Olive VME101 Dialer Ver 1.1.4 Release 000.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel - c:\progra~1\new\micros~1\office11\EXCEL.EXE/3000
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\new\yahoomessenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\new\micros~1\office11\REFIEBAR.DLL
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
.
============= SERVICES / DRIVERS ===============
.
R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service
R? Revoflt;Revoflt
S? ALiIRDA;ALi Infrared Device Driver
S? McAfee SiteAdvisor Service;McAfee SiteAdvisor Service
S? MpFilter;Microsoft Malware Protection Driver
S? TuneUp.UtilitiesSvc;TuneUp Utilities Service
S? TuneUpUtilitiesDrv;TuneUpUtilitiesDrv
S? wirelessusbser;Wireless USB Device for Legacy Serial Communication
.
=============== Created Last 30 ================
.
2012-04-03 07:45:01 6582328 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a1e6357e-0f68-439c-a16c-e13c5fe38a4b}\mpengine.dll
2012-04-03 06:21:21 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-18 10:03:21 -------- d-----w- c:\documents and settings\vaishali sood\application data\GetRightToGo
2012-03-08 15:00:53 388096 ----a-r- c:\documents and settings\vaishali sood\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-03-08 15:00:43 -------- d-----w- c:\program files\Trend Micro
2012-03-08 14:52:44 -------- d-----w- c:\program files\Oracle
2012-03-08 14:51:18 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-03-08 14:51:18 141312 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-08 14:49:01 0 ----a-w- c:\windows\system32\REN21.tmp
2012-03-08 14:49:01 0 ----a-w- c:\windows\system32\REN20.tmp
2012-03-08 14:49:01 0 ----a-w- c:\windows\system32\REN1F.tmp
.
==================== Find3M ====================
.
2012-04-03 06:21:21 70304 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-09 08:43:28 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-10 08:27:10 567696 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-19 05:18:23 6284664 -c--a-w- c:\program files\Silverlight.exe
.
============= FINISH: 13:06:36.13 ===============

Attach Text as below:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/22/2011 11:11:45 AM
System Uptime: 4/4/2012 10:41:57 AM (3 hours ago)
.
Motherboard: Compaq | | 0818h
Processor: Intel(R) Pentium(R) 4 CPU 2.00GHz | U23 | 1731/mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 63 GiB total, 51.876 GiB free.
D: is FIXED (NTFS) - 65 GiB total, 61.034 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_1002&DEV_4337&SUBSYS_00560E11&REV_00\4&1930D262&0&2808
Manufacturer: 
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_1002&DEV_4337&SUBSYS_00560E11&REV_00\4&1930D262&0&2808
Service: 
.
Class GUID: 
Description: 
Device ID: ROOT\LEGACY_SASKUTIL\0000
Manufacturer: 
Name: 
PNP Device ID: ROOT\LEGACY_SASKUTIL\0000
Service: 
.
==== System Restore Points ===================
.
RP82: 1/4/2012 9:36:07 PM - System Checkpoint
RP83: 1/4/2012 9:39:39 PM - Software Distribution Service 3.0
RP84: 1/5/2012 7:41:32 PM - Software Distribution Service 3.0
RP85: 1/6/2012 9:55:44 AM - Software Distribution Service 3.0
RP86: 1/9/2012 10:40:03 AM - Software Distribution Service 3.0
RP87: 1/10/2012 10:58:28 PM - Software Distribution Service 3.0
RP88: 1/12/2012 10:26:58 PM - Software Distribution Service 3.0
RP89: 1/14/2012 10:16:20 PM - Software Distribution Service 3.0
RP90: 1/16/2012 10:24:28 PM - Software Distribution Service 3.0
RP91: 1/18/2012 10:00:34 AM - Software Distribution Service 3.0
RP92: 1/18/2012 9:24:58 PM - Software Distribution Service 3.0
RP93: 1/20/2012 9:28:43 PM - Software Distribution Service 3.0
RP94: 1/24/2012 1:41:14 AM - Software Distribution Service 3.0
RP95: 1/25/2012 2:34:47 PM - Software Distribution Service 3.0
RP96: 1/26/2012 3:20:10 PM - System Checkpoint
RP97: 1/26/2012 9:03:45 PM - Software Distribution Service 3.0
RP98: 1/27/2012 10:45:23 PM - Software Distribution Service 3.0
RP99: 1/29/2012 12:36:35 PM - Software Distribution Service 3.0
RP100: 1/30/2012 9:54:00 PM - Software Distribution Service 3.0
RP101: 2/1/2012 9:59:26 AM - Software Distribution Service 3.0
RP102: 2/2/2012 11:11:35 AM - Software Distribution Service 3.0
RP103: 2/3/2012 11:10:25 PM - Software Distribution Service 3.0
RP104: 2/4/2012 10:19:32 PM - Installed TuneUp Utilities 2012
RP105: 2/5/2012 10:52:52 AM - Software Distribution Service 3.0
RP106: 2/6/2012 12:40:38 PM - System Checkpoint
RP107: 2/7/2012 11:10:31 AM - Software Distribution Service 3.0
RP108: 2/8/2012 12:18:51 PM - Software Distribution Service 3.0
RP109: 2/10/2012 11:02:53 AM - Software Distribution Service 3.0
RP110: 2/14/2012 12:53:51 PM - Software Distribution Service 3.0
RP111: 2/15/2012 7:51:12 PM - Software Distribution Service 3.0
RP112: 2/17/2012 10:54:33 AM - Software Distribution Service 3.0
RP113: 2/17/2012 5:57:51 PM - Software Distribution Service 3.0
RP114: 2/19/2012 11:01:29 AM - Software Distribution Service 3.0
RP115: 2/24/2012 11:15:39 PM - Software Distribution Service 3.0
RP116: 2/26/2012 11:17:08 AM - Software Distribution Service 3.0
RP117: 2/27/2012 10:20:03 PM - Software Distribution Service 3.0
RP118: 2/27/2012 10:45:02 PM - Software Distribution Service 3.0
RP119: 3/3/2012 5:11:29 PM - Removed TuneUp Utilities 2012
RP120: 3/3/2012 5:24:28 PM - Software Distribution Service 3.0
RP121: 3/4/2012 2:10:16 PM - Installed TuneUp Utilities 2012
RP122: 3/6/2012 1:46:15 PM - Software Distribution Service 3.0
RP123: 3/7/2012 8:29:07 PM - Software Distribution Service 3.0
RP124: 3/8/2012 6:26:52 AM - Microsoft Antimalware Checkpoint
RP125: 3/8/2012 8:18:18 PM - Removed Java(TM) 7 Update 1
RP126: 3/8/2012 8:22:32 PM - Installed JavaFX 2.0.3
RP127: 3/8/2012 8:30:29 PM - Installed HiJackThis
RP128: 3/9/2012 12:42:26 PM - Software Distribution Service 3.0
RP129: 3/10/2012 1:07:06 PM - Software Distribution Service 3.0
RP130: 3/12/2012 4:48:58 PM - ComboFix created restore point
RP131: 3/12/2012 5:52:25 PM - Software Distribution Service 3.0
RP132: 3/12/2012 6:12:29 PM - Software Distribution Service 3.0
RP133: 3/13/2012 9:15:47 PM - Software Distribution Service 3.0
RP134: 3/15/2012 3:11:08 PM - Software Distribution Service 3.0
RP135: 3/16/2012 3:51:50 PM - System Checkpoint
RP136: 3/16/2012 9:28:56 PM - Software Distribution Service 3.0
RP137: 3/18/2012 10:21:50 AM - Software Distribution Service 3.0
RP138: 3/19/2012 4:33:14 PM - Software Distribution Service 3.0
RP139: 3/22/2012 5:27:50 PM - Software Distribution Service 3.0
RP140: 3/24/2012 1:20:22 PM - Software Distribution Service 3.0
RP141: 3/25/2012 2:25:31 PM - Software Distribution Service 3.0
RP142: 3/26/2012 10:07:19 AM - Software Distribution Service 3.0
RP143: 3/26/2012 6:17:33 PM - Software Distribution Service 3.0
RP144: 3/29/2012 9:58:46 PM - Software Distribution Service 3.0
RP145: 3/31/2012 11:01:01 AM - Software Distribution Service 3.0
RP146: 4/3/2012 12:05:19 PM - Software Distribution Service 3.0
RP147: 4/3/2012 1:14:25 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.1)
Compatibility Pack for the 2007 Office system
DJ_AIO_05_F4400_Software_Min
FileHippo.com Update Checker
GIRDAC Free PDF Creator
GIRDAC Port
Google Chrome
Google Talk (remove only)
HiJackThis
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
HP Deskjet F4400 Printer Driver 14.0 Rel. 5
Java Auto Updater
Java(TM) 7 Update 3
JavaFX 2.0.3
McAfee SiteAdvisor
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Revo Uninstaller Pro 2.5.5
Scan
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
StreamTorrent 1.0
Toolbox
TopOCR 3.1
TTSL Olive VME101 Dialer
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB914882)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 1.0.2
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Service Pack 2
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
4/3/2012 10:32:39 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the wuauserv service.
4/3/2012 10:32:39 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the W32Time service.
4/3/2012 10:32:39 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the RasMan service.
4/3/2012 10:32:38 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the SENS service.
3/31/2012 9:06:03 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.664.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
3/29/2012 9:32:00 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.372.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
3/29/2012 8:32:04 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.
.
==== End Of File ===========================


----------



## kevinf80 (Mar 21, 2006)

The two entries pulling the CPU are exactly as before SAS and WD...... DDS log does not show the drivers correctly, are you running sandboxed or similar?

Run the following scan, it will give me a better view of your system.

Download *OTL* to your desktop.
*Alternative Link 1*
*Alternative Link 2*
*Alternative Link3*

Double click the icon to start the tool. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
	Please check the box next to "LOP check" and Purtiy check
	Click *Run Scan* and let the program run uninterrupted.
	When the scan is complete, two text files will be created on your Desktop.
	*OTL.Txt* <- this one will be opened
	*Extras.txt* <- this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of *OTL.Txt* and the *Extras.txt* in your next reply.

Also tell me why have not updaed your system to Service Pack 3 (SP3)

Kevin


----------



## Vaishali (Jul 23, 2011)

OTL logfile created on: 4/8/2012 11:07:11 AM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Documents and Settings\Vaishali Sood\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

478.98 Mb Total Physical Memory | 82.74 Mb Available Physical Memory | 17.27% Memory free
1.10 Gb Paging File | 0.54 Gb Available in Paging File | 49.30% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 63.47 Gb Total Space | 51.67 Gb Free Space | 81.41% Space Free | Partition Type: NTFS
Drive D: | 64.52 Gb Total Space | 61.03 Gb Free Space | 94.60% Space Free | Partition Type: NTFS

Computer Name: VAISHALI | User Name: Vaishali Sood | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/08 11:04:41 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vaishali Sood\Desktop\OTL.com
PRC - [2012/03/08 20:20:07 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/02/18 07:59:28 | 000,282,648 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\saUI.exe
PRC - [2012/02/09 14:13:28 | 001,220,928 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2012/02/09 14:13:22 | 001,529,152 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2012/01/13 11:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/07/01 08:59:48 | 001,263,104 | ---- | M] (Olive Co.Ltd) -- C:\Program Files\NEW\Photon\VME101\TTSL Olive VME101 Dialer Ver 1.1.4 Release 000.exe
PRC - [2007/06/13 15:53:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/04/03 11:51:28 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/08 20:20:07 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/02/09 14:13:22 | 001,529,152 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/01/13 11:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\VAISHA~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/02/09 13:16:38 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/04/07 15:37:42 | 000,102,656 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\3GDatausbser.sys -- (wirelessusbser)
DRV - [2004/08/03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 22:32:22 | 000,231,552 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97ali.sys -- (aliadwdm)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/17 19:19:02 | 000,026,624 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alifir.sys -- (ALiIRDA)
DRV - [2001/08/17 18:58:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001/08/17 18:58:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 18:58:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 18:58:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 18:58:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 18:58:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 18:58:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 18:58:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 18:58:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {85A4FD5B-5823-4C67-ACD0-9F9F879E34BA}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{85A4FD5B-5823-4C67-ACD0-9F9F879E34BA}: "URL" = http://www.google.com/search?q={sea...startIndex={startIndex?}&startPage={startPage}
IE - HKCU\..\SearchScopes\{BE569768-3166-40DE-8FE0-EED3C017290B}: "URL" = http://in.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.2: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\NEW\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Vaishali Sood\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Vaishali Sood\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\java\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/02/27 22:25:48 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Vaishali Sood\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Vaishali Sood\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Vaishali Sood\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Vaishali Sood\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Vaishali Sood\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Documents and Settings\Vaishali Sood\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: SiteAdvisor = C:\Documents and Settings\Vaishali Sood\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.2_0\
CHR - Extension: SiteAdvisor = C:\Documents and Settings\Vaishali Sood\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: BitDefender QuickScan = C:\Documents and Settings\Vaishali Sood\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.99_0\
CHR - Extension: Gmail = C:\Documents and Settings\Vaishali Sood\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/12 17:19:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [TATA Photon+ Dialer] C:\Program Files\NEW\Photon\VME101\TTSL Olive VME101 Dialer Ver 1.1.4 Release 000.exe (Olive Co.Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\NEW\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\NEW\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\NEW\YahooMessenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\NEW\YahooMessenger\YahooMessenger.exe (Yahoo! Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B98D282D-EE05-4104-9832-DE297568A9B4}: NameServer = 121.242.190.210 4.2.2.3
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Vaishali Sood\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Vaishali Sood\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/22 11:07:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/08 11:04:27 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vaishali Sood\Desktop\OTL.com
[2012/04/03 11:51:21 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/03/18 15:37:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vaishali Sood\Start Menu\Programs\TopOCR
[2012/03/18 15:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vaishali Sood\Application Data\GetRightToGo
[2012/03/18 14:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vaishali Sood\Desktop\Ready Annexures
[2012/03/13 20:49:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/03/12 16:43:43 | 004,434,343 | R--- | C] (Swearware) -- C:\Documents and Settings\Vaishali Sood\Desktop\ComboFix.exe
[2011/06/19 10:47:11 | 006,284,664 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Silverlight.exe
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[20 C:\Documents and Settings\Vaishali Sood\Desktop\*.tmp files -> C:\Documents and Settings\Vaishali Sood\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/08 12:00:31 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/08 11:16:43 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/04/08 11:07:11 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-688789844-854245398-1003UA.job
[2012/04/08 11:04:41 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vaishali Sood\Desktop\OTL.com
[2012/04/08 10:00:07 | 000,013,108 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/08 09:58:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/07 18:06:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-688789844-854245398-1003Core.job
[2012/04/07 16:15:04 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/06 18:12:12 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Vaishali Sood\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/06 18:12:11 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Vaishali Sood\Desktop\Google Chrome.lnk
[2012/04/03 11:51:26 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/03 11:51:21 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/03/25 19:55:25 | 000,316,831 | ---- | M] () -- C:\Documents and Settings\Vaishali Sood\Desktop\ITR1_2011_12_R10.zip
[2012/03/18 15:48:01 | 000,000,201 | ---- | M] () -- C:\WINDOWS\topocr.INI
[2012/03/18 15:37:28 | 000,000,722 | ---- | M] () -- C:\Documents and Settings\Vaishali Sood\Desktop\TopOCR.lnk
[2012/03/17 21:14:03 | 000,183,808 | ---- | M] () -- C:\Documents and Settings\Vaishali Sood\Desktop\Amazing_Prediction__Know_Youself_.pps
[2012/03/14 21:22:20 | 000,000,134 | ---- | M] () -- C:\Documents and Settings\Vaishali Sood\Desktop\Microsoft Fix it.url
[2012/03/12 17:19:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/03/12 16:46:08 | 004,434,343 | R--- | M] (Swearware) -- C:\Documents and Settings\Vaishali Sood\Desktop\ComboFix.exe
[2012/03/09 13:22:35 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Vaishali Sood\Desktop\HiJackThis.lnk
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[20 C:\Documents and Settings\Vaishali Sood\Desktop\*.tmp files -> C:\Documents and Settings\Vaishali Sood\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/03 11:51:34 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/03/25 19:55:11 | 000,316,831 | ---- | C] () -- C:\Documents and Settings\Vaishali Sood\Desktop\ITR1_2011_12_R10.zip
[2012/03/18 15:38:25 | 000,000,201 | ---- | C] () -- C:\WINDOWS\topocr.INI
[2012/03/18 15:37:28 | 000,000,722 | ---- | C] () -- C:\Documents and Settings\Vaishali Sood\Desktop\TopOCR.lnk
[2012/03/17 21:13:56 | 000,183,808 | ---- | C] () -- C:\Documents and Settings\Vaishali Sood\Desktop\Amazing_Prediction__Know_Youself_.pps
[2012/03/14 21:22:20 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Vaishali Sood\Desktop\Microsoft Fix it.url
[2011/12/25 15:43:37 | 000,018,974 | ---- | C] () -- C:\WINDOWS\System32\EvGr_Data{9DB8B1D5-6CC4-11E0-84AF-806D6172696F}.dat
[2011/12/25 14:07:56 | 000,135,163 | ---- | C] () -- C:\WINDOWS\hpoins37.dat
[2011/12/25 14:07:56 | 000,000,558 | ---- | C] () -- C:\WINDOWS\hpomdl37.dat
[2011/12/12 18:58:26 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\RW_{9DB8B1D5-6CC4-11E0-84AF-806D6172696F}.dat
[2011/12/12 18:58:26 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\RW_{9DB8B1D4-6CC4-11E0-84AF-806D6172696F}.dat
[2011/12/12 18:58:26 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\RW_AppData.dat
[2011/11/05 11:27:56 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/05 11:27:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/05 11:27:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/05 11:27:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/05 11:27:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/30 10:57:11 | 000,204,848 | ---- | C] () -- C:\WINDOWS\System32\gswin32c.exe
[2011/04/30 10:56:21 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2irdao.dll
[2011/04/30 10:56:20 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2ctdao.dll
[2011/04/30 10:56:15 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
[2011/04/30 10:56:15 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
[2011/04/25 12:19:38 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/22 20:47:13 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2011/04/22 20:47:13 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2011/04/22 20:47:13 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2011/04/22 20:47:12 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2011/04/22 17:30:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/04/22 17:13:22 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Vaishali Sood\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/22 15:29:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/04/22 15:25:28 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/22 11:11:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/04/22 11:01:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== LOP Check ==========

[2011/04/30 11:07:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SolidDocuments
[2012/02/04 22:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2012/02/04 22:06:43 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/03/18 15:37:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vaishali Sood\Application Data\GetRightToGo
[2011/04/30 12:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vaishali Sood\Application Data\GIRDAC
[2011/06/05 17:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vaishali Sood\Application Data\Octoshape
[2012/03/08 20:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vaishali Sood\Application Data\Oracle
[2011/11/07 19:25:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vaishali Sood\Application Data\QuickScan
[2011/04/22 20:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vaishali Sood\Application Data\Simply Super Software
[2011/06/05 19:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vaishali Sood\Application Data\StreamTorrent
[2012/02/04 22:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vaishali Sood\Application Data\TuneUp Software
[2012/04/08 11:16:43 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

< End of report >
--------------------------------------------------------------------------------------------
OTL Extras logfile created on: 4/8/2012 11:07:12 AM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Documents and Settings\Vaishali Sood\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

478.98 Mb Total Physical Memory | 82.74 Mb Available Physical Memory | 17.27% Memory free
1.10 Gb Paging File | 0.54 Gb Available in Paging File | 49.30% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 63.47 Gb Total Space | 51.67 Gb Free Space | 81.41% Space Free | Partition Type: NTFS
Drive D: | 64.52 Gb Total Space | 61.03 Gb Free Space | 94.60% Space Free | Partition Type: NTFS

Computer Name: VAISHALI | User Name: Vaishali Sood | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\NEW\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\NEW\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\NEW\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\NEW\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"MaxUserPort" = 63000
"Start" = 4
"MaxFreeTcbs" = 2000
"MaxHashTableSize" = 2048
"TcpTimedWaitDelay" = 30
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\igfxtm32.exe" = C:\WINDOWS\system32\igfxtm32.exe:*:Enabled:wLAN
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\NEW\YahooMessenger\YahooMessenger.exe" = C:\Program Files\NEW\YahooMessenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\NEW\YahooMessenger\YServer.exe" = C:\Program Files\NEW\YahooMessenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\NEW\StreamTorrent 1.0\StreamTorrent.exe" = C:\Program Files\NEW\StreamTorrent 1.0\StreamTorrent.exe:*:Enabled:StreamTorrent Media Player -- (StreamTorrent)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90C99F3E-56DB-4965-B524-1D0E1851E03A}" = TTSL Olive VME101 Dialer
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A800FCC9-8E1E-4D84-9CED-47870701FDE1}" = HP Deskjet F4400 Printer Driver 14.0 Rel. 5
"{A835C187-691C-4827-BCEA-1611179C96B9}" = DJ_AIO_05_F4400_Software_Min
"{A95A76C9-6F65-477E-83A0-9F884B6DC21B}" = TuneUp Utilities Language Pack (en-US)
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"FileHippo.com" = FileHippo.com Update Checker
"GIRDAC Free PDF Creator" = GIRDAC Free PDF Creator
"GIRDAC Port" = GIRDAC Port
"ie8" = Windows Internet Explorer 8
"Microsoft Security Client" = Microsoft Security Essentials
"StreamTorrent 1.0" = StreamTorrent 1.0
"TopOCR" = TopOCR 3.1
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VLC media player" = VLC media player 1.0.2
"Windows XP Service Pack" = Windows XP Service Pack 2
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/23/2011 5:29:20 AM | Computer Name = VAISHALI | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/23/2011 5:30:31 AM | Computer Name = VAISHALI | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 12/23/2011 5:30:31 AM | Computer Name = VAISHALI | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 12/23/2011 5:30:32 AM | Computer Name = VAISHALI | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 12/23/2011 5:52:49 AM | Computer Name = VAISHALI | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 12/24/2011 4:10:44 AM | Computer Name = VAISHALI | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ieframe.dll, version 8.0.6001.18928, fault address 0x0019fb51.

Error - 12/24/2011 1:39:12 PM | Computer Name = VAISHALI | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 12/24/2011 1:39:18 PM | Computer Name = VAISHALI | Source = Application Error | ID = 1001
Description = Fault bucket 1188882954.

Error - 12/24/2011 1:39:42 PM | Computer Name = VAISHALI | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 12/25/2011 3:19:18 AM | Computer Name = VAISHALI | Source = Application Error | ID = 1000
Description = Faulting application ttsl olive vme101 dialer ver 1.1.4 release 000.exe,
version 1.1.4.0, faulting module ttsl olive vme101 dialer ver 1.1.4 release 000.exe,
version 1.1.4.0, fault address 0x0004f072.

[ Application Events ]
Error - 12/23/2011 5:29:20 AM | Computer Name = VAISHALI | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/23/2011 5:30:31 AM | Computer Name = VAISHALI | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 12/23/2011 5:30:31 AM | Computer Name = VAISHALI | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 12/23/2011 5:30:32 AM | Computer Name = VAISHALI | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 12/23/2011 5:52:49 AM | Computer Name = VAISHALI | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 12/24/2011 4:10:44 AM | Computer Name = VAISHALI | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ieframe.dll, version 8.0.6001.18928, fault address 0x0019fb51.

Error - 12/24/2011 1:39:12 PM | Computer Name = VAISHALI | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 12/24/2011 1:39:18 PM | Computer Name = VAISHALI | Source = Application Error | ID = 1001
Description = Fault bucket 1188882954.

Error - 12/24/2011 1:39:42 PM | Computer Name = VAISHALI | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 12/25/2011 3:19:18 AM | Computer Name = VAISHALI | Source = Application Error | ID = 1000
Description = Faulting application ttsl olive vme101 dialer ver 1.1.4 release 000.exe,
version 1.1.4.0, faulting module ttsl olive vme101 dialer ver 1.1.4 release 000.exe,
version 1.1.4.0, fault address 0x0004f072.

[ System Events ]
Error - 4/3/2012 1:02:38 AM | Computer Name = VAISHALI | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the SENS service.

Error - 4/3/2012 1:02:39 AM | Computer Name = VAISHALI | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the W32Time service.

Error - 4/3/2012 1:02:39 AM | Computer Name = VAISHALI | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the wuauserv service.

Error - 4/3/2012 1:02:39 AM | Computer Name = VAISHALI | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the RasMan service.

Error - 4/3/2012 1:04:05 AM | Computer Name = VAISHALI | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Schedule service.

Error - 4/5/2012 3:46:49 AM | Computer Name = VAISHALI | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.123.978.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error
code: 0x80240022 Error description: The program can't check for definition updates.

Error - 4/5/2012 3:46:49 AM | Computer Name = VAISHALI | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.123.978.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error
code: 0x80240022 Error description: The program can't check for definition updates.

Error - 4/6/2012 8:31:21 AM | Computer Name = VAISHALI | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Adobe Flash Player Update
Service service to connect.

Error - 4/6/2012 8:31:21 AM | Computer Name = VAISHALI | Source = Service Control Manager | ID = 7000
Description = The Adobe Flash Player Update Service service failed to start due 
to the following error: %%1053

Error - 4/7/2012 6:13:10 AM | Computer Name = VAISHALI | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.123.1127.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

< End of report >


----------



## Vaishali (Jul 23, 2011)

Hi Kevin,

I have removed SAS and WD and dont understand why they still occupy my PC.
I dont know which drivers my machine uses. If u tell me how to look up the driver type then I can do a check and report back.
I did not upgrade to SP3 as I was waiting for the trouble shooting to be over.
Pls advise next steps!
BR & Thanks,
Vaishali


----------



## kevinf80 (Mar 21, 2006)

How is your system at present, is CPU reading still high.... what is this program:

O4 - HKLM..\Run: [TATA Photon+ Dialer] C:\Program Files\NEW\Photon\VME101\TTSL Olive VME101 Dialer Ver 1.1.4 Release 000.exe (Olive Co.Ltd)

Download, install the free version of AVast from here http://www.avast.com/en-us/free-antivirus-download Carry out a scan of your system, let me know if it finds anything...


----------



## Vaishali (Jul 23, 2011)

Hi Kevin,
Tata Photon is my stick wireless modem.
My system is slow for the first 20-30 mnts but picks up. In the beginning I struggle with 100% CPU usage. But right now, my system feels a bit better and faster. However, it is too early to trust it yet. I shall watch 1-2 times and report back.

I shall also do the scan and report back.

Thanks for replying so quickly,
BR,


----------



## kevinf80 (Mar 21, 2006)

OK, let me know how you get on, Also run this temp file cleaner, see if it helps with the speed issue:

Download







TFC to your desktop, from either of the following links
*Link 1*
*Link 2*

 Save any open work. TFC will close all open application windows.
 Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select "Run as Administartor"
 If prompted, click "Yes" to reboot.
TFC will automatically close any open programs, *including your Desktop*. Let it run uninterrupted. TFC may re-boot your system, if not *Re-boot it yourself to complete cleaning process* *<---- Very Important *

Kevin


----------



## Vaishali (Jul 23, 2011)

Hi Kevin,
TFC cleaned 555 MB of files.
I downloaded Avast but my PC crashed twice upon running Avast.
First time, it just got hung and would not shut down. 
Second time I got a blue screen and it crashed.
Pls advise if I should run avast again.
My PC is Compaq EVo N1020v. Do u think we should check the drivers?
Pls advise next steps.
BR,


----------



## Vaishali (Jul 23, 2011)

Pls also see Error Report generated after crash


----------



## kevinf80 (Mar 21, 2006)

*Please read carefully and follow these steps.*

Download *TDSSKiller* and save it to your Desktop.
Doubleclick on *TDSSKiller.exe* to run the application, then on *Start Scan.*
Click on* "Change parameters"* and place a checkmark next to Verify *Driver Digital Signature* and *Detect TDLFS file system*, then click OK










If an infected file is detected, the default action will be *Cure*, click on *Continue.*










If a suspicious file is detected, the default action will be *Skip*, click on *Continue.*










It may ask you to reboot the computer to complete the process. Click on *Reboot Now*.










If no reboot is require, click on *Report*. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "*TDSSKiller.[Version]_[Date]_[Time]_log.txt*". Please copy and paste the contents of that file here.

Kevin


----------



## Vaishali (Jul 23, 2011)

22:07:40.0263 2476 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
22:07:42.0236 2476 ============================================================
22:07:42.0236 2476 Current date / time: 2012/04/12 22:07:42.0236
22:07:42.0246 2476 SystemInfo:
22:07:42.0246 2476 
22:07:42.0246 2476 OS Version: 5.1.2600 ServicePack: 2.0
22:07:42.0246 2476 Product type: Workstation
22:07:42.0246 2476 ComputerName: VAISHALI
22:07:42.0246 2476 UserName: Vaishali Sood
22:07:42.0246 2476 Windows directory: C:\WINDOWS
22:07:42.0246 2476 System windows directory: C:\WINDOWS
22:07:42.0246 2476 Processor architecture: Intel x86
22:07:42.0246 2476 Number of processors: 1
22:07:42.0246 2476 Page size: 0x1000
22:07:42.0256 2476 Boot type: Normal boot
22:07:42.0256 2476 ============================================================
22:08:29.0814 2476 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:08:29.0964 2476 \Device\Harddisk0\DR0:
22:08:29.0974 2476 MBR used
22:08:29.0974 2476 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7EF2A9F
22:08:29.0984 2476 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x7EF2B1D, BlocksNum 0x8108127
22:08:30.0225 2476 Initialize success
22:08:30.0225 2476 ============================================================
22:08:57.0794 3048 ============================================================
22:08:57.0794 3048 Scan started
22:08:57.0794 3048 Mode: Manual; SigCheck; TDLFS; 
22:08:57.0794 3048 ============================================================
22:08:58.0535 3048 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
22:08:59.0827 3048 Aavmker4 - ok
22:09:00.0278 3048 Abiosdsk - ok
22:09:00.0829 3048 abp480n5 - ok
22:09:01.0329 3048 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:09:15.0289 3048 ACPI - ok
22:09:16.0030 3048 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:09:17.0252 3048 ACPIEC - ok
22:09:18.0314 3048 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:09:20.0427 3048 AdobeFlashPlayerUpdateSvc - ok
22:09:21.0098 3048 adpu160m - ok
22:09:21.0568 3048 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
22:09:24.0182 3048 aec - ok
22:09:24.0993 3048 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
22:09:25.0404 3048 AFD - ok
22:09:25.0955 3048 Aha154x - ok
22:09:26.0315 3048 aic78u2 - ok
22:09:26.0696 3048 aic78xx - ok
22:09:27.0267 3048 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
22:09:29.0069 3048 Alerter - ok
22:09:29.0520 3048 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
22:09:31.0222 3048 ALG - ok
22:09:32.0053 3048 aliadwdm (065a6d38a79216592de03f3525d6296e) C:\WINDOWS\system32\drivers\ac97ali.sys
22:09:33.0225 3048 aliadwdm - ok
22:09:33.0716 3048 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
22:09:34.0477 3048 AliIde - ok
22:09:35.0078 3048 ALiIRDA (d81f7d885e9393b09ec5e46ed8d91565) C:\WINDOWS\system32\DRIVERS\alifir.sys
22:09:35.0749 3048 ALiIRDA - ok
22:09:36.0300 3048 amsint - ok
22:09:36.0750 3048 AppMgmt (9c3c12975c97119412802b181fbeeffe) C:\WINDOWS\System32\appmgmts.dll
22:09:38.0182 3048 AppMgmt - ok
22:09:38.0683 3048 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:09:39.0534 3048 Arp1394 - ok
22:09:40.0135 3048 asc - ok
22:09:40.0476 3048 asc3350p - ok
22:09:40.0836 3048 asc3550 - ok
22:09:41.0337 3048 aspnet_state (4eabf511b1af176a971c3271e48fa3a8) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:09:41.0757 3048 aspnet_state - ok
22:09:42.0358 3048 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
22:09:42.0619 3048 aswFsBlk - ok
22:09:43.0099 3048 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
22:09:43.0690 3048 aswMon2 - ok
22:09:44.0191 3048 AswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\AswRdr.sys
22:09:44.0351 3048 AswRdr - ok
22:09:45.0092 3048 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
22:09:46.0685 3048 aswSnx - ok
22:09:47.0305 3048 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
22:09:48.0627 3048 aswSP - ok
22:09:49.0058 3048 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
22:09:49.0288 3048 aswTdi - ok
22:09:49.0669 3048 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:09:50.0210 3048 AsyncMac - ok
22:09:50.0620 3048 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:09:51.0712 3048 atapi - ok
22:09:52.0062 3048 Atdisk - ok
22:09:52.0473 3048 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:09:53.0464 3048 Atmarpc - ok
22:09:53.0835 3048 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
22:09:54.0516 3048 AudioSrv - ok
22:09:54.0936 3048 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:09:55.0407 3048 audstub - ok
22:09:55.0617 3048 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
22:09:56.0859 3048 avast! Antivirus - ok
22:09:57.0390 3048 basic2 (1b9c81ab9a456eabd9f8335f04b5f495) C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys
22:09:58.0271 3048 basic2 - ok
22:09:58.0682 3048 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:09:59.0223 3048 Beep - ok
22:09:59.0793 3048 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
22:10:01.0205 3048 BITS - ok
22:10:01.0626 3048 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
22:10:02.0627 3048 Browser - ok
22:10:02.0848 3048 catchme - ok
22:10:03.0338 3048 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:10:03.0949 3048 cbidf2k - ok
22:10:04.0330 3048 cd20xrnt - ok
22:10:04.0751 3048 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:10:05.0321 3048 Cdaudio - ok
22:10:05.0742 3048 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
22:10:06.0653 3048 Cdfs - ok
22:10:07.0084 3048 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:10:07.0995 3048 Cdrom - ok
22:10:08.0326 3048 Changer - ok
22:10:08.0686 3048 cisvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe
22:10:09.0327 3048 cisvc - ok
22:10:09.0668 3048 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
22:10:10.0489 3048 ClipSrv - ok
22:10:10.0779 3048 clr_optimization_v2.0.50727_32 (234b1bc2796483e1f5c3f26649fb3388) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:10:11.0510 3048 clr_optimization_v2.0.50727_32 - ok
22:10:12.0001 3048 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:10:12.0752 3048 CmBatt - ok
22:10:13.0103 3048 CmdIde - ok
22:10:13.0493 3048 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:10:14.0024 3048 Compbatt - ok
22:10:14.0394 3048 COMSysApp - ok
22:10:14.0775 3048 Cpqarray - ok
22:10:15.0165 3048 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
22:10:15.0836 3048 CryptSvc - ok
22:10:16.0187 3048 dac2w2k - ok
22:10:16.0527 3048 dac960nt - ok
22:10:17.0098 3048 DcomLaunch (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
22:10:18.0200 3048 DcomLaunch - ok
22:10:18.0640 3048 Dhcp (ef545e1a4b043da4c84e230dd471c55f) C:\WINDOWS\System32\dhcpcsvc.dll
22:10:20.0453 3048 Dhcp - ok
22:10:20.0914 3048 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
22:10:21.0905 3048 Disk - ok
22:10:22.0226 3048 dmadmin - ok
22:10:23.0077 3048 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
22:10:25.0330 3048 dmboot - ok
22:10:25.0801 3048 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
22:10:26.0812 3048 dmio - ok
22:10:27.0203 3048 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:10:28.0004 3048 dmload - ok
22:10:28.0354 3048 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
22:10:28.0925 3048 dmserver - ok
22:10:29.0386 3048 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
22:10:30.0037 3048 DMusic - ok
22:10:30.0427 3048 Dnscache (aac8ffbfd61e784fa3bac851d4a0bd5f) C:\WINDOWS\System32\dnsrslvr.dll
22:10:31.0950 3048 Dnscache - ok
22:10:32.0310 3048 dpti2o - ok
22:10:32.0721 3048 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
22:10:33.0492 3048 drmkaud - ok
22:10:33.0872 3048 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
22:10:34.0714 3048 ERSvc - ok
22:10:35.0104 3048 Eventlog (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
22:10:35.0535 3048 Eventlog - ok
22:10:36.0025 3048 EventSystem (60d1a6342238378bfb7545c81ee3606c) C:\WINDOWS\System32\es.dll
22:10:36.0646 3048 EventSystem - ok
22:10:37.0207 3048 Fallback (c823debe2548656549f84a875d65237b) C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys
22:10:38.0269 3048 Fallback - ok
22:10:38.0759 3048 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
22:10:39.0400 3048 Fastfat - ok
22:10:39.0821 3048 FastUserSwitchingCompatibility (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
22:10:41.0553 3048 FastUserSwitchingCompatibility - ok
22:10:41.0974 3048 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:10:42.0895 3048 Fdc - ok
22:10:43.0346 3048 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
22:10:44.0027 3048 Fips - ok
22:10:44.0428 3048 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:10:45.0038 3048 Flpydisk - ok
22:10:45.0519 3048 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
22:10:47.0161 3048 FltMgr - ok
22:10:47.0722 3048 Fsks (6483414841d4cab6c3b4db2ac6edd70b) C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys
22:10:48.0884 3048 Fsks - ok
22:10:49.0285 3048 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:10:49.0895 3048 Fs_Rec - ok
22:10:50.0356 3048 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:10:51.0027 3048 Ftdisk - ok
22:10:51.0428 3048 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
22:10:52.0489 3048 gameenum - ok
22:10:53.0150 3048 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:10:53.0951 3048 Gpc - ok
22:10:54.0121 3048 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:10:54.0802 3048 helpsvc - ok
22:10:55.0093 3048 HidServ - ok
22:10:55.0473 3048 hpn - ok
22:10:55.0834 3048 hpt3xx - ok
22:10:56.0265 3048 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
22:10:57.0326 3048 HPZid412 - ok
22:10:57.0837 3048 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
22:10:58.0247 3048 HPZipr12 - ok
22:10:58.0668 3048 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
22:10:59.0029 3048 HPZius12 - ok
22:10:59.0509 3048 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
22:11:00.0190 3048 HSFHWBS2 - ok
22:11:01.0242 3048 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
22:11:03.0265 3048 HSF_DP - ok
22:11:03.0946 3048 hsf_msft (74e379857d4c0dfb56de2d19b8f4c434) C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
22:11:05.0418 3048 hsf_msft - ok
22:11:05.0938 3048 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
22:11:07.0120 3048 HTTP - ok
22:11:07.0511 3048 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
22:11:08.0462 3048 HTTPFilter - ok
22:11:08.0893 3048 i2omgmt - ok
22:11:09.0273 3048 i2omp - ok
22:11:09.0674 3048 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:11:10.0325 3048 i8042prt - ok
22:11:10.0685 3048 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\drivers\Imapi.sys
22:11:11.0266 3048 Imapi - ok
22:11:11.0687 3048 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe
22:11:12.0939 3048 ImapiService - ok
22:11:13.0399 3048 ini910u - ok
22:11:13.0800 3048 IntelIde - ok
22:11:14.0240 3048 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:11:15.0032 3048 intelppm - ok
22:11:15.0402 3048 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
22:11:16.0023 3048 ip6fw - ok
22:11:16.0414 3048 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:11:17.0034 3048 IpFilterDriver - ok
22:11:17.0425 3048 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:11:18.0346 3048 IpInIp - ok
22:11:18.0837 3048 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:11:20.0459 3048 IpNat - ok
22:11:20.0930 3048 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:11:22.0052 3048 IPSec - ok
22:11:22.0462 3048 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
22:11:24.0035 3048 irda - ok
22:11:25.0056 3048 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:11:25.0767 3048 IRENUM - ok
22:11:26.0128 3048 Irmon (a02512c315c84f475bd89f847048b27b) C:\WINDOWS\System32\irmon.dll
22:11:26.0899 3048 Irmon - ok
22:11:27.0409 3048 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:11:28.0381 3048 isapnp - ok
22:11:28.0801 3048 JavaQuickStarterService (d9b1e929f2464d4c23fa9cb47df4a1d4) C:\Program Files\Java\jre7\bin\jqs.exe
22:11:29.0582 3048 JavaQuickStarterService - ok
22:11:30.0263 3048 K56 (9c5e3fdbfcc30cf71a49ca178b9ad442) C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys
22:11:31.0255 3048 K56 - ok
22:11:31.0675 3048 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:11:32.0286 3048 Kbdclass - ok
22:11:32.0767 3048 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
22:11:34.0770 3048 kmixer - ok
22:11:35.0241 3048 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
22:11:35.0661 3048 KSecDD - ok
22:11:36.0122 3048 lanmanserver (0cb3af149a0bac0836022ca307c7a0f8) C:\WINDOWS\System32\srvsvc.dll
22:11:37.0654 3048 lanmanserver - ok
22:11:38.0135 3048 lanmanworkstation (e1f27cfcd114ec9f1e1f44674b2ff9f0) C:\WINDOWS\System32\wkssvc.dll
22:11:38.0696 3048 lanmanworkstation - ok
22:11:39.0116 3048 lbrtfdc - ok
22:11:39.0587 3048 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
22:11:40.0298 3048 LmHosts - ok
22:11:40.0518 3048 McAfee SiteAdvisor Service (6c3d154fff0a97a6c3d9f78d60c41655) c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
22:11:40.0769 3048 McAfee SiteAdvisor Service - ok
22:11:41.0239 3048 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:11:41.0720 3048 mdmxsdk - ok
22:11:42.0090 3048 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
22:11:42.0932 3048 Messenger - ok
22:11:43.0372 3048 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:11:44.0163 3048 mnmdd - ok
22:11:44.0554 3048 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\System32\mnmsrvc.exe
22:11:45.0395 3048 mnmsrvc - ok
22:11:45.0946 3048 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
22:11:46.0557 3048 Modem - ok
22:11:47.0028 3048 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:11:47.0689 3048 Mouclass - ok
22:11:48.0099 3048 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
22:11:49.0020 3048 MountMgr - ok
22:11:49.0581 3048 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
22:11:49.0942 3048 MpFilter - ok
22:11:50.0222 3048 MpKsl23624cd4 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E77F33A3-09BC-43CB-AA02-2C738FCEB543}\MpKsl23624cd4.sys
22:11:50.0372 3048 MpKsl23624cd4 - ok
22:11:50.0813 3048 mraid35x - ok
22:11:51.0324 3048 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:11:52.0876 3048 MRxDAV - ok
22:11:53.0547 3048 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:11:54.0408 3048 MRxSmb - ok
22:11:54.0749 3048 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\System32\msdtc.exe
22:11:55.0710 3048 MSDTC - ok
22:11:56.0131 3048 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
22:11:56.0661 3048 Msfs - ok
22:11:56.0962 3048 MSIServer - ok
22:11:57.0342 3048 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:11:58.0164 3048 MSKSSRV - ok
22:11:58.0304 3048 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
22:11:58.0494 3048 MsMpSvc - ok
22:11:58.0965 3048 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:11:59.0536 3048 MSPCLOCK - ok
22:11:59.0916 3048 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
22:12:00.0367 3048 MSPQM - ok
22:12:00.0737 3048 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:12:01.0238 3048 mssmbios - ok
22:12:01.0659 3048 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
22:12:02.0269 3048 Mup - ok
22:12:02.0760 3048 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
22:12:03.0742 3048 NDIS - ok
22:12:04.0202 3048 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:12:04.0893 3048 NdisTapi - ok
22:12:05.0384 3048 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:12:05.0865 3048 Ndisuio - ok
22:12:06.0295 3048 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:12:06.0936 3048 NdisWan - ok
22:12:07.0357 3048 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
22:12:07.0918 3048 NDProxy - ok
22:12:08.0318 3048 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\WINDOWS\system32\HPZinw12.dll
22:12:08.0719 3048 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:12:08.0719 3048 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:12:09.0149 3048 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:12:10.0041 3048 NetBIOS - ok
22:12:10.0521 3048 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:12:11.0112 3048 NetBT - ok
22:12:11.0613 3048 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
22:12:12.0694 3048 NetDDE - ok
22:12:12.0825 3048 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
22:12:13.0816 3048 NetDDEdsdm - ok
22:12:14.0177 3048 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
22:12:14.0858 3048 Netlogon - ok
22:12:15.0318 3048 Netman (36739b39267914ba69ad0610a0299732) C:\WINDOWS\System32\netman.dll
22:12:17.0011 3048 Netman - ok
22:12:17.0481 3048 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:12:18.0393 3048 NIC1394 - ok
22:12:18.0863 3048 Nla (097722f235a1fb698bf9234e01b52637) C:\WINDOWS\System32\mswsock.dll
22:12:19.0685 3048 Nla - ok
22:12:20.0115 3048 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
22:12:20.0706 3048 Npfs - ok
22:12:21.0417 3048 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
22:12:23.0951 3048 Ntfs - ok
22:12:24.0341 3048 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\System32\lsass.exe
22:12:25.0052 3048 NtLmSsp - ok
22:12:25.0623 3048 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
22:12:27.0105 3048 NtmsSvc - ok
22:12:27.0566 3048 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:12:28.0237 3048 Null - ok
22:12:28.0637 3048 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:12:29.0409 3048 NwlnkFlt - ok
22:12:29.0769 3048 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:12:30.0340 3048 NwlnkFwd - ok
22:12:30.0760 3048 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:12:31.0301 3048 ohci1394 - ok
22:12:31.0411 3048 ose - ok
22:12:32.0002 3048 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
22:12:32.0603 3048 Parport - ok
22:12:33.0004 3048 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
22:12:33.0785 3048 PartMgr - ok
22:12:34.0165 3048 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:12:34.0896 3048 ParVdm - ok
22:12:35.0327 3048 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
22:12:36.0068 3048 PCI - ok
22:12:36.0399 3048 PCIDump - ok
22:12:36.0759 3048 PCIIde - ok
22:12:37.0200 3048 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:12:37.0901 3048 Pcmcia - ok
22:12:38.0281 3048 PDCOMP - ok
22:12:38.0652 3048 PDFRAME - ok
22:12:39.0012 3048 PDRELI - ok
22:12:39.0363 3048 PDRFRAME - ok
22:12:39.0713 3048 perc2 - ok
22:12:40.0094 3048 perc2hib - ok
22:12:40.0725 3048 PlugPlay (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
22:12:41.0396 3048 PlugPlay - ok
22:12:41.0806 3048 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\WINDOWS\system32\HPZipm12.dll
22:12:42.0167 3048 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:12:42.0167 3048 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:12:42.0527 3048 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
22:12:42.0968 3048 PolicyAgent - ok
22:12:43.0429 3048 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:12:44.0360 3048 PptpMiniport - ok
22:12:44.0771 3048 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
22:12:45.0432 3048 Processor - ok
22:12:45.0822 3048 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
22:12:46.0213 3048 ProtectedStorage - ok
22:12:46.0633 3048 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
22:12:47.0174 3048 PSched - ok
22:12:47.0515 3048 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:12:48.0065 3048 Ptilink - ok
22:12:48.0426 3048 ql1080 - ok
22:12:48.0806 3048 Ql10wnt - ok
22:12:49.0187 3048 ql12160 - ok
22:12:49.0547 3048 ql1240 - ok
22:12:49.0958 3048 ql1280 - ok
22:12:50.0339 3048 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:12:51.0220 3048 RasAcd - ok
22:12:51.0630 3048 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
22:12:52.0452 3048 RasAuto - ok
22:12:52.0842 3048 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
22:12:53.0163 3048 Rasirda - ok
22:12:53.0583 3048 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:12:54.0264 3048 Rasl2tp - ok
22:12:54.0785 3048 RasMan (49b5eed5fb89d39456a2f616ccd8ba5d) C:\WINDOWS\System32\rasmans.dll
22:12:56.0868 3048 RasMan - ok
22:12:57.0259 3048 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:12:57.0920 3048 RasPppoe - ok
22:12:58.0300 3048 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:12:58.0791 3048 Raspti - ok
22:12:59.0291 3048 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:13:01.0224 3048 Rdbss - ok
22:13:01.0605 3048 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:13:02.0276 3048 RDPCDD - ok
22:13:02.0797 3048 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:13:03.0407 3048 rdpdr - ok
22:13:03.0948 3048 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
22:13:06.0001 3048 RDPWD - ok
22:13:06.0412 3048 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
22:13:07.0573 3048 RDSessMgr - ok
22:13:08.0044 3048 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:13:08.0645 3048 redbook - ok
22:13:09.0035 3048 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
22:13:09.0917 3048 RemoteAccess - ok
22:13:10.0297 3048 RemoteRegistry (3151427db7d87107d1c5be58fac53960) C:\WINDOWS\system32\regsvc.dll
22:13:11.0088 3048 RemoteRegistry - ok
22:13:11.0529 3048 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
22:13:11.0729 3048 Revoflt - ok
22:13:12.0160 3048 Rksample (bb7549bd94d1aac3599c7606c50c48a0) C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys
22:13:12.0701 3048 Rksample - ok
22:13:13.0131 3048 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\System32\locator.exe
22:13:13.0702 3048 RpcLocator - ok
22:13:14.0263 3048 RpcSs (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\System32\rpcss.dll
22:13:15.0134 3048 RpcSs - ok
22:13:15.0625 3048 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
22:13:16.0626 3048 RSVP - ok
22:13:17.0107 3048 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
22:13:17.0548 3048 rtl8139 - ok
22:13:17.0898 3048 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
22:13:18.0539 3048 SamSs - ok
22:13:18.0950 3048 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
22:13:19.0921 3048 SCardSvr - ok
22:13:20.0352 3048 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
22:13:21.0213 3048 Schedule - ok
22:13:21.0684 3048 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:13:23.0667 3048 Secdrv - ok
22:13:23.0987 3048 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
22:13:24.0768 3048 seclogon - ok
22:13:25.0119 3048 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
22:13:25.0880 3048 SENS - ok
22:13:26.0320 3048 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:13:26.0841 3048 serenum - ok
22:13:27.0262 3048 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
22:13:27.0702 3048 Serial - ok
22:13:28.0093 3048 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:13:28.0614 3048 Sfloppy - ok
22:13:29.0154 3048 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
22:13:30.0486 3048 SharedAccess - ok
22:13:30.0927 3048 ShellHWDetection (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
22:13:32.0649 3048 ShellHWDetection - ok
22:13:33.0040 3048 Simbad - ok
22:13:33.0521 3048 SoftFax (d9e8e0ce154a2f6430d9efabdf730867) C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys
22:13:34.0382 3048 SoftFax - ok
22:13:34.0732 3048 Sparrow - ok
22:13:35.0133 3048 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
22:13:36.0866 3048 splitter - ok
22:13:37.0276 3048 Spooler (da81ec57acd4cdc3d4c51cf3d409af9f) C:\WINDOWS\system32\spoolsv.exe
22:13:39.0029 3048 Spooler - ok
22:13:39.0469 3048 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
22:13:40.0280 3048 sr - ok
22:13:40.0741 3048 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll
22:13:41.0542 3048 srservice - ok
22:13:42.0083 3048 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
22:13:42.0664 3048 Srv - ok
22:13:43.0044 3048 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
22:13:43.0455 3048 SSDPSRV - ok
22:13:43.0986 3048 stisvc (b6763f8534ac547cf1af98afdff2edc8) C:\WINDOWS\system32\wiaservc.dll
22:13:46.0369 3048 stisvc - ok
22:13:46.0830 3048 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:13:47.0371 3048 swenum - ok
22:13:47.0801 3048 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
22:13:48.0342 3048 swmidi - ok
22:13:48.0642 3048 SwPrv - ok
22:13:49.0073 3048 symc810 - ok
22:13:49.0484 3048 symc8xx - ok
22:13:49.0844 3048 sym_hi - ok
22:13:50.0205 3048 sym_u3 - ok
22:13:50.0605 3048 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
22:13:51.0577 3048 sysaudio - ok
22:13:51.0967 3048 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
22:13:52.0909 3048 SysmonLog - ok
22:13:53.0399 3048 TapiSrv (fb78839b36025aa286a51289ed28b73e) C:\WINDOWS\System32\tapisrv.dll
22:13:55.0162 3048 TapiSrv - ok
22:13:55.0783 3048 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:13:56.0794 3048 Tcpip - ok
22:13:57.0175 3048 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:13:57.0826 3048 TDPIPE - ok
22:13:58.0256 3048 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
22:13:58.0667 3048 TDTCP - ok
22:13:59.0097 3048 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:13:59.0738 3048 TermDD - ok
22:14:00.0309 3048 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll
22:14:01.0281 3048 TermService - ok
22:14:01.0731 3048 Themes (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
22:14:03.0494 3048 Themes - ok
22:14:03.0894 3048 TlntSvr (37db0a7d097310e8b4de803fc3119c78) C:\WINDOWS\System32\tlntsvr.exe
22:14:04.0305 3048 TlntSvr - ok
22:14:04.0746 3048 Tones (8021a499db46b2961c285168671cb9af) C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys
22:14:05.0507 3048 Tones - ok
22:14:05.0877 3048 TosIde - ok
22:14:06.0268 3048 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
22:14:07.0179 3048 TrkWks - ok
22:14:08.0331 3048 TuneUp.UtilitiesSvc (747ae9d7c5489455e2e3ca9459419e17) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
22:14:10.0704 3048 TuneUp.UtilitiesSvc - ok
22:14:10.0945 3048 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
22:14:11.0125 3048 TuneUpUtilitiesDrv - ok
22:14:11.0686 3048 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
22:14:12.0507 3048 Udfs - ok
22:14:12.0837 3048 ultra - ok
22:14:13.0418 3048 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
22:14:15.0191 3048 Update - ok
22:14:15.0651 3048 upnphost (aca5d98663d879c6baafcea7e2f1b710) C:\WINDOWS\System32\upnphost.dll
22:14:17.0864 3048 upnphost - ok
22:14:18.0225 3048 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
22:14:19.0116 3048 UPS - ok
22:14:19.0587 3048 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:14:20.0518 3048 usbccgp - ok
22:14:20.0959 3048 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:14:21.0760 3048 usbehci - ok
22:14:22.0141 3048 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:14:23.0012 3048 usbhub - ok
22:14:23.0362 3048 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:14:24.0023 3048 usbohci - ok
22:14:24.0434 3048 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:14:24.0955 3048 usbprint - ok
22:14:25.0305 3048 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:14:26.0066 3048 usbscan - ok
22:14:26.0457 3048 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:14:29.0902 3048 USBSTOR - ok
22:14:32.0325 3048 V124 (269c0ade94b90029b12497747be408cb) C:\WINDOWS\system32\DRIVERS\HSF_V124.sys
22:14:41.0539 3048 V124 - ok
22:14:42.0890 3048 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
22:14:46.0416 3048 VgaSave - ok
22:14:47.0757 3048 ViaIde - ok
22:14:49.0250 3048 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
22:14:53.0696 3048 VolSnap - ok
22:14:55.0489 3048 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
22:15:05.0082 3048 VSS - ok
22:15:06.0635 3048 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll
22:15:12.0002 3048 W32Time - ok
22:15:12.0493 3048 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:15:13.0314 3048 Wanarp - ok
22:15:13.0705 3048 WDICA - ok
22:15:14.0135 3048 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
22:15:17.0530 3048 wdmaud - ok
22:15:18.0021 3048 WebClient (265f534ef76832435afbf771ec97176d) C:\WINDOWS\System32\webclnt.dll
22:15:20.0224 3048 WebClient - ok
22:15:21.0105 3048 winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
22:15:22.0858 3048 winachsf - ok
22:15:23.0319 3048 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:15:24.0320 3048 winmgmt - ok
22:15:24.0871 3048 wirelessusbser (ccaec5175f1ebc6eb0dbd607eea791c1) C:\WINDOWS\system32\DRIVERS\3GDatausbser.sys
22:15:25.0502 3048 wirelessusbser - ok
22:15:25.0912 3048 WmdmPmSN (c086483e3dba8c1c0a687ec8d5b3d4c1) C:\WINDOWS\System32\mspmsnsv.dll
22:15:26.0794 3048 WmdmPmSN - ok
22:15:27.0485 3048 Wmi (1081c185aed0660b2b5f173c3e023b23) C:\WINDOWS\System32\advapi32.dll
22:15:29.0507 3048 Wmi - ok
22:15:30.0048 3048 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\System32\wbem\wmiapsrv.exe
22:15:31.0070 3048 WmiApSrv - ok
22:15:31.0530 3048 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:15:32.0281 3048 WS2IFSL - ok
22:15:32.0692 3048 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll
22:15:33.0313 3048 wscsvc - ok
22:15:33.0653 3048 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
22:15:34.0064 3048 wuauserv - ok
22:15:34.0595 3048 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll
22:15:35.0847 3048 WZCSVC - ok
22:15:36.0287 3048 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
22:15:37.0239 3048 xmlprov - ok
22:15:37.0359 3048 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:15:37.0960 3048 \Device\Harddisk0\DR0 - ok
22:15:38.0020 3048 Boot (0x1200) (2df022aae7980b19940d66c59baf0b48) \Device\Harddisk0\DR0\Partition0
22:15:38.0020 3048 \Device\Harddisk0\DR0\Partition0 - ok
22:15:38.0070 3048 Boot (0x1200) (5c1ecda60a44d50407f2bfd7d1824106) \Device\Harddisk0\DR0\Partition1
22:15:38.0080 3048 \Device\Harddisk0\DR0\Partition1 - ok
22:15:38.0100 3048 ============================================================
22:15:38.0100 3048 Scan finished
22:15:38.0100 3048 ============================================================
22:15:38.0360 3288 Detected object count: 2
22:15:38.0360 3288 Actual detected object count: 2
22:16:12.0890 3288 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:16:12.0890 3288 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:16:12.0910 3288 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:16:12.0910 3288 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip


----------



## kevinf80 (Mar 21, 2006)

TDSSKiller log is clean, MD5`s for the two flagged files check out clean. Can you run Avast again and see if it completes, if it crashes your system run the following;

Download VEW by Vino Rosso from HERE and save it to your Desktop.

Double-click VEW.exe. to start, Vista and Windows 7 users Right Click and select "Run as Administrator"
Under 'Select log to query...check the boxes for both Application and System.
Under 'Select type to list... select both Error and Critical.
Click the radio button for 'Number of events...Type 10 in the 1 to 20 box.
Then click the Run button.
Notepad will open with the output log. It will take a couple of minutes to generate the log, please be patient.

Please post the Output log in your next reply.


----------



## Vaishali (Jul 23, 2011)

Hi Kevin,
I will do the Avast and VEW now and report back by evening. I wanted to tell u that in the last 24 hours, my system has got hung twice after shut down command has been given on the "start", "run", "turn off". It shows the blue screen with the message "windows is shutting down" and then gets hung there. it does not shut down even if I hard press the shut down button. i had to exhaust the battery back up and force crash the laptop as it was not shutting down on its own and not responding to the shut down button either and there was no other way to shut it.
BR,


----------



## kevinf80 (Mar 21, 2006)

Please do complete the Avast and BlueScreenViewer scans and post those logs, regardless of what happens I`d like you to also run the following. This is run from outside of Windows from a USB stick, it can also be run from a CD.

I give the instructions for a USB memory stick (flash drive) if you wish to use a CD it is exactly the same only change the selection to CD instead of USB....

Download the *Windows Defender Offline Tool* and save to your Desktop.
You will have to select the correct version for your system, either 32 or 64 bit










Double click







to run the tool, Windows 7 or Vista user right click and select "Run as Administrator"

Read the instructions in the new window and select "Next"










In the new window accept the agreement:










In the new window select your USB Flash Drive, then select "Next"










In the new window ensure you Flash drive is selected, if not click on "Refresh" then select "Next"










In the new window accept the formatting alert by selecting "Next"










Files will be Downloaded:










Files will be processed and created










Flash drive will be formatted and prepared










Files will be added to the Flash Drive and the tool will be created.










The procedure is finished and the Tool created, click on "Finish" to complete.










Plug the USB into the sick PC and boot up, if it does not boot from the flash drive change the boot options as required, Use F12 as it boots, change options...
As it boots you`ll see files being loaded and the windows splash screen, eventually the tool will run a "Quick Scan" follow the prompts and deal with what it finds. 
When complete do a full scan, deal with what it finds.
When finished, remove the USB stick then press the *Esc key* to boot into regular windows.
Navigate to the following file:
*"C:\windows\windows defender offline\support\mssWrapper.log"* Open with notepad and copy and paste it into a reply.


----------



## Vaishali (Jul 23, 2011)

Hi Kevin,
I ran the Avast. It did not generate any report.
It detected Worm: Win32/Dorbot.A and I moved same to chest.
Worm: Win32/Dorbot.A is always residing in my PC no matter how much I remove it!!

One thing is for sure, my PC has a big fat ugly thick malicious virus. As of now, my PC is DEAD slow. Even to log into techguy forum takes me over an hour and running a scan takes 15-18 hours. My PC keeps hanging up.
After running Avast, I shut down. After 4 hours or so I re-logged back in and after 5 minutes of running, my PC crashed. I re-started and it gave me a error message which is attached.
As of now, I suspect Tune up Utilities to cause the virus. I downloaded Tune Up from http://speedtest.net.

BR,


----------



## Vaishali (Jul 23, 2011)

Hi Kevin,
Find attached a print screen of TWO pop ups that keep showing every 30 minutes. They look suspicious and may be real updates or virus.
Please see the spellings of the first pop up. It should be "TuneUpUpdate" but it has funny spellings which is making me suspicious so I decided to report them to u.
I used this software. It was amazing and improved the performance of my PC while its free licence of 1 month lasted. Ever since the license expired my PC is dead.
I downloaded TuneUp from a very trusted site.

BR,


----------



## kevinf80 (Mar 21, 2006)

Have you ran Windows Defender offline tool?


----------



## Vaishali (Jul 23, 2011)

Vino's Event Viewer v01c run on Windows XP in English
Report run at 14/04/2012 9:11:11 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 14/04/2012 6:54:56 PM
Type: error Category: 0
Event: 5000 Source: MPSampleSubmission
EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 3.0.8402.0, P3 timeout, P4 1.1.8202.0, P5 fixed, P6 1 _ 512, P7 5 _ not boot, P8 NIL, P9 NIL, P10 NIL. 
Log: 'Application' Date/Time: 14/04/2012 6:44:42 PM
Type: error Category: 0
Event: 5000 Source: MPSampleSubmission
EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 3.0.8402.0, P3 timeout, P4 1.1.8202.0, P5 fixed, P6 1 _ 512, P7 5 _ not boot, P8 NIL, P9 NIL, P10 NIL. 
Log: 'Application' Date/Time: 14/04/2012 6:32:33 PM
Type: error Category: 0
Event: 1001 Source: Application Error
Fault bucket 1636387146. 
Log: 'Application' Date/Time: 14/04/2012 6:32:18 PM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module msxml3.dll, version 8.100.1050.0, fault address 0x000a142d. 
Log: 'Application' Date/Time: 14/04/2012 5:16:20 PM
Type: error Category: 0
Event: 5000 Source: MPSampleSubmission
EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 3.0.8402.0, P3 timeout, P4 1.1.8202.0, P5 fixed, P6 1 _ 512, P7 5 _ not boot, P8 NIL, P9 NIL, P10 NIL. 
Log: 'Application' Date/Time: 14/04/2012 5:05:54 PM
Type: error Category: 0
Event: 1001 Source: Application Hang
Fault bucket 1180947459. 
Log: 'Application' Date/Time: 14/04/2012 5:04:48 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. 
Log: 'Application' Date/Time: 14/04/2012 12:43:53 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application AvastUI.exe, version 7.0.1426.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. 
Log: 'Application' Date/Time: 14/04/2012 11:50:08 AM
Type: error Category: 0
Event: 5000 Source: MPSampleSubmission
EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 3.0.8402.0, P3 timeout, P4 1.1.8202.0, P5 fixed, P6 1 _ 512, P7 5 _ not boot, P8 NIL, P9 NIL, P10 NIL. 
Log: 'Application' Date/Time: 13/04/2012 9:31:47 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 14/04/2012 12:03:23 PM
Type: error Category: 0
Event: 1 Source: ACPIEC
\Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible. 
Log: 'System' Date/Time: 14/04/2012 12:03:23 PM
Type: error Category: 0
Event: 1 Source: ACPIEC
\Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible. 
Log: 'System' Date/Time: 14/04/2012 11:28:21 AM
Type: error Category: 102
Event: 1003 Source: System Error
Error code 100000d1, parameter1 0000000c, parameter2 0000000d, parameter3 00000001, parameter4 f76e84f7. 
Log: 'System' Date/Time: 13/04/2012 10:42:53 AM
Type: error Category: 0
Event: 2001 Source: Microsoft Antimalware
Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1537.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
Log: 'System' Date/Time: 13/04/2012 10:27:17 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The avast! Antivirus service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 
Log: 'System' Date/Time: 13/04/2012 10:27:17 AM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the avast! Antivirus service to connect. 
Log: 'System' Date/Time: 12/04/2012 3:43:58 PM
Type: error Category: 102
Event: 1003 Source: System Error
Error code 100000d1, parameter1 0000000c, parameter2 0000000d, parameter3 00000001, parameter4 f76e84f7. 
Log: 'System' Date/Time: 12/04/2012 3:43:03 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The avast! Antivirus service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 
Log: 'System' Date/Time: 12/04/2012 3:43:03 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the avast! Antivirus service to connect. 
Log: 'System' Date/Time: 12/04/2012 3:15:28 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).


----------



## kevinf80 (Mar 21, 2006)

Have you ran Windows Defender offline tool? look at reply #36


----------



## Vaishali (Jul 23, 2011)

Hi Kevin,

Nothing is working. Even to open this site it takes me few hours. Pls see attached shot. One setup.exe is running on my system and occupies 70% of my CPU power.
What is this setup.exe?
I am still struggling with WD offline tool but I continue to try.
BR,


----------



## kevinf80 (Mar 21, 2006)

*Setup.exe* could be the installation file for any software program. Open * task mgr* end the process then do a search for the file. Make sure you enable Advanced search features. Right click on the file and choose properties. Click on the Version tab. Click on Company in the left pane. This should tell you the origination of the file.


----------



## Vaishali (Jul 23, 2011)

Hi Kevin,
Please send detailed steps for below mentioned steps:
Plug the USB into the sick PC and boot up, if it does not boot from the flash drive change the boot options as required, Use F12 as it boots, change options...
As it boots you`ll see files being loaded and the windows splash screen, eventually the tool will run a "Quick Scan" follow the prompts and deal with what it finds. 
When complete do a full scan, deal with what it finds.
When finished, remove the USB stick then press the Esc key to boot into regular windows.
I am a tech retard and not confident to do these steps without image support.
Pls help here.
UPDATE: I downloaded WD OT for 32 bit ( I have always been advised that my system is 32 bit. On right click of "my computer", the properties dont say 64 bit. And there is no "system" tab on the properties which say 64-bit) but it reported non-compatibility. Hence, now I am going to download WD OT for 64-bit and will report back if it gets installed on my Flash Drive(FD).
Thanks a zillion for ur support!


----------



## Vaishali (Jul 23, 2011)

Hi Kevin,
The 64-bit version did not run either and lead to errors as below:
http://windows.microsoft.com/en-US/windows/windows-defender-offline-system-requirements
Guess, I need SP3 to run this tool and 32-bit is my version.
Pls advise next steps.


----------



## kevinf80 (Mar 21, 2006)

How is your system responding now, has your CPU settled. If so it will be benficial to update to SP3.....

Please go to the following link and download the full installer for SP3: *Here*

Save the installer to your Desktop.

*Do not install it yet*

Next,

Copy all the text in the code box that follows to Notepad.* Make sure you click on Notepad's Format menu and *UNcheck* Word Wrap first.


```
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MSIServer]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\MSIServer]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\MSIServer]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\MSIServer]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\BITS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\WUAUSERV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\BITS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\WUAUSERV]
@="Service"
```
Next, Click on the File Menu, then Save As ... and click on the drop down menu to change the file type to All Files.

Next navigate to your desktop, and enter the file name *fixme.reg*, and click Save.

You should now find a new file on your desktop named *fixme.reg*. Double click on *fixme.reg*. You will get a warning, agree to the merge, and then a message the file has been merged will immediately pop up.

Now boot the system to Safe Mode.* Once you are in Safe Mode, install SP3.

Finally reboot into regular Windows and let's see if things are working OK now.

If they are, do a Windows Update.* After that completes, reboot, and do Windows Update again, and so on, until there are no more to do, since even the updates have updates and updates of updates.

Let me know if that completes OK...

Kevin


----------



## Vaishali (Jul 23, 2011)

Thanks a zillion Kevin.

I received an error message that Tune Up needs to be re-downloaded as it is causing errors. I simply removed Tune-Up and since then my system performance has improved upto 50%.
I will upgrade to SP3 on the weekend as being a non-techie I need my brains around me.
The major problem I face is that system does not shut down. I have to crash shut it.

Your support was stupendous and I am indebted to you for your time.
Kindest Regards


----------



## kevinf80 (Mar 21, 2006)

Thanks for the update, let me know how you get on with the SP3 update....


----------



## Vaishali (Jul 23, 2011)

Hi Kevin,
The CPU usage continues to report at 100% but PC performance improves after 45 minutes of start up. Is this a cause of worry? can it be cured?
Shall I upgrade to SP3 despite the fact that my PC does not shut down the normal way and I have to crash shut it?
Kindest Regards,


----------



## kevinf80 (Mar 21, 2006)

What is using all of the CPU, can you show a screen shot of taskmanager again


----------



## Vaishali (Jul 23, 2011)

Hi Kevin,
I shall send a snapshot at start up. As of now, I am 4 hours working and CPU usage is ok and system also working ok. 

My PC crashed with blue screen on start up today. 

Since we started to troubleshoot it has been crashing often. However, I have never had any instances of crash prior to these recent episodes. I do not know if this is normal but pls evaluate my PC stability before I upgrade to SP3.

Shall send snapshot soon as soon as I get 100% CPU usuage again.

Rgds


----------



## kevinf80 (Mar 21, 2006)

Lets see if we can find out what is causing the BSOD....

Please download this program *Blue Screen Viewer* and unzip "Bluescreen View.exe" to your desktop.
Next, Right click on "My Computer" and select "Properties" select "Advanced Tab." From the "Start up and Recovery" section select "settings" make sure the default folder is "%SystemRoot%\Minidump".

Under System Failure make sure write an event to system log *IS* ticked and Automatically restart is *NOT* ticked
Go back to your desktop and double click on Bluescreen Viewer to run it, if there is any info available the program will grab the most recent. Choose save from the Toolbar and copy paste to your next reply. If there is no information available try and re-create the BSOD and try again with the tool to collect the information.

Kevin


----------



## Vaishali (Jul 23, 2011)

Hi Kevin,
Pls find attached the last five crash reports.
It appears even to a non-tech like me that crash cause is same in all.
UPDATE:
My system did not shut down last night and I had to exhaust the battery to crash it.
My system crashed again at start-up today.
I did not have 100% CPU usage and dead system at start up today. I suspect that my stick modem has weak connectivity and lack of connectivity maybe appearing as dead system. I am not sure but thought wise to air suspicions.
Regards


----------



## kevinf80 (Mar 21, 2006)

Please visit 
*Virustotal*

 Click the *Browse...* button
 Navigate to the file *c:\windows\system32\drivers\atapi.sys* or just copy/paste it in.
 Click the *Scan it* tab
 If you get a message saying File has already been analyzed: click Reanalyze file now
 Copy and paste the results back here please.

*Next*

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:


```
:filefind
atapi.sys
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*

Let me see those two logs...

Kevin


----------



## Vaishali (Jul 23, 2011)

Hi Kevin,
c:\windows\system32\drivers\atapi.sys is an invalid url on my PC and I also did not find a folder called System 32 in my Windows folder.
Pls advise how to locate the atapi.sys file. I have initiated a "Search" and will post the results shortly.
BR,


----------



## kevinf80 (Mar 21, 2006)

Run SystemLook and post the log...


----------



## Vaishali (Jul 23, 2011)

SystemLook 30.07.11 by jpshortstuff
Log created at 14:45 on 24/04/2012 by Vaishali Sood
Administrator - Elevation successful
========== filefind ==========
Searching for "atapi.sys"
C:\Program Files\NEW\AFTER FORMAT\Backup of Service Pack 2\$ntservicepackuninstall$\atapi.sys --a--c- 86912 bytes [11:59 22/04/2011] [08:27 29/08/2002] 95B858761A00E1D4F81F79A0DA019ACA
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys -----c- 86656 bytes [13:16 22/04/2011] [14:00 18/08/2001] A64013E98426E1877CB653685C5C0009
C:\WINDOWS\ERDNT\cache\atapi.sys --a--c- 95360 bytes [06:34 05/11/2011] [17:29 03/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\sd1\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys --a--c- 96512 bytes [07:08 23/04/2011] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\ServicePackFiles\i386\atapi.sys -----c- 95360 bytes [13:26 22/04/2011] [17:29 03/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys --a--c- 96512 bytes [14:26 07/11/2011] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\drivers\atapi.sys --a---- 95360 bytes [14:00 18/08/2001] [17:29 03/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
-= EOF =-


----------



## kevinf80 (Mar 21, 2006)

mmmm *atapi.sys* is exactly where I said it would be *C:\WINDOWS\system32\drivers\atapi.sys*.

Go here [ur]https://www.virustotal.com/[/url] click inside the "Choose file" box, Navigate to the following file:

*C:\WINDOWS\system32\drivers\atapi.sys* then select the "Scan it" tab. Post the results...


----------



## Vaishali (Jul 23, 2011)

Hi Kevin,

My system did not respond today. It was slow as if jammed. Earlier(prior to removal of TuneUp) the mouse would not move. But now the mouse moves freely but it is impossible to move from one window to another.
Second, when I double click on My Computer, I go to C Drive, I find WINDOWS. Find attached a print screen titled Windows which shows that there is NO System32 folder inside WINDOWS folder!
The contents of Windows folder can be found in the print screen.

I got frsutrated searching and finally went to run and typed System32 and it opened a folder. Find print screen attached containing its contents.

This indicates that System 32 folder exists on my PC but not within Windows folder. However, the System32 folder shows in the browser bar that it is in Windows folder! The address is C:\Windows\System32

Hence I am unable to "look" or scan the Drivers folder or atapi.sys as the path is not existing through windows.

Pls help!

N.P: Find attached a print screen of Task Manager of my jammed PC after start up.


----------



## kevinf80 (Mar 21, 2006)

We have chased out tails long enough with this issue, it is a better option for you to format your hard drive and re-install windows. Let me know your thoughts.....


----------



## Vaishali (Jul 23, 2011)

Dear Kevin,
I would not wish to format but if there is no other option, I shall do as u say as I cant fix this machine without u.
I am bad at format and will need your support to get the machine working in a day or two.
My Windows version is licensed and I have a CD to boot from but I need to upgrade to SP3 or SP2 and then 3.
I do not have a licensed copy of Office 2003. I use a pirated CD which worked after 2 attempts, when I formatted last year same time.
Pls advise.


----------



## kevinf80 (Mar 21, 2006)

The best option for you is to re-install the operating system (XP)... Go here for the full instructions:

http://windows.microsoft.com/en-us/windows/help/install-reinstall-uninstall

Unfortunately we do not assist with Pirated software, so I cannot offer any further assistance..


----------



## Vaishali (Jul 23, 2011)

Hi Kevin,
Should I format and then re-install or perform an existing re-install? the link u gave above has mutiple options. Pls advise.
http://support.microsoft.com/kb/978788
BR,


----------



## kevinf80 (Mar 21, 2006)

That is your choice, as I already stated; I do not help people who use *Pirated Software*

Kevin


----------



## Vaishali (Jul 23, 2011)

Hi Kevin,
All my questions are directed towards Windows XP and its repair or re-installation and my version of XP is licensed. I am not asking any question or seeking your help for the pirated version of Office. My system does not need Office as it can work on a free licensed version of Open Office as well. So your concerns are appreciated but not the issue under discussion.
Ps advise.


----------



## kevinf80 (Mar 21, 2006)

Go here http://www.geekstogo.com/forum/topic/138-how-to-repair-windows-xp/ follow the first post by Admin....


----------



## Vaishali (Jul 23, 2011)

Thanks Kevin. I shall try and update u with my progress. I only use Office MSWord. If the pirated Office 2003 version is a concern to my PC or to ethical standards of working then I shall install a licensed version after format. Sorry!


----------



## kevinf80 (Mar 21, 2006)

Let me know how you make out with the repair/install of the OS...


----------



## Vaishali (Jul 23, 2011)

Dear kevin,
I am in the process of Data back up. I inserted my CLEAN hard drive (external) but avast blocked it. Upon scanning it reported 29 virus which I deleted. After deletion of virus I opened my hard drive but 90% of my photo and video content (saved over last 5 years) is not there. I am at my wit's end as some of it is my brother's wedding pictures and he will kill me. Pls advise what I should do now. Pls help!
Subsequently, I ran a complete avast scan of my PC and it reported clean.
BR,


----------



## kevinf80 (Mar 21, 2006)

I do not see how I can help, you will need data recovery software to try and recover whatever you`ve deleted. I would suggest taking your HD to a professional computer repair shop, they will have specialist data recovery equipment/software...

Maybe you could try this free software http://www.piriform.com/recuva see if that recovers the files for you...


----------



## Vaishali (Jul 23, 2011)

Dear Kevin,
Once I went to a professional and asked him to recover data and the first question he asked me was "Have u made any attempt to recover the data? If no, then I can guarantee a recovery, otherwise I can only try."
Ps advise if I should try with the software u have reccomended before seeking specialist support? Does failed attempts make recovery chances even slimmer?
I observe that some photographs and two videos are still there on my HD. That means ALL were not removed. Hence, this is not just a case of anti-virus blocking or renaming all jpg or video files.
BR,


----------



## kevinf80 (Mar 21, 2006)

If the data is really imprtant, i`d go to a professional. If you`ve nothing more than run the AV program the success potential will be good.
Recuva is usually successful, but not always 100%. I only gave that option because it is free, if money is tight it was a possibility for you...


----------

