# Services.exe consumes very high % of CPU



## Cobster (Oct 15, 2011)

Hello
A few months ago Kevin helped me in trying to solve this problem and it worked for a brief time.
However, for the past month or so the Servicess.exe is back consuming very high percentages of my CPY (60-80%) which freezes my computer and hinders performance to a very large degree.
Here is the link to the previous case from 3 months ago:
http://forums.techguy.org/virus-other-malware-removal/1022426-services-exe-consuming-very-high.html

Here is the log file from HijackThis your help would be greatly appreciated:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:44:58 PM, on 1/11/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WinPatrol\winpatrol.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\taskmgr.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\program files\real\realplayer\RealPlay.exe
c:\program files\real\realplayer\RealPlay.exe
c:\program files\real\realplayer\RealPlay.exe
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\HijackThis.exe
c:\program files\real\realplayer\RealPlay.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&affID=101067&mntrId=d827292300000000000000112fc4e0f7
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10x_Plugin.exe -update plugin
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html
O9 - Extra button: ???? - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: RemindU - {B48798CE-A2E0-4918-BC00-0F72FBA708E2} - file://C:\Documents and Settings\Compaq_Owner\Application Data\Upromise__RemindU\uprot\uproC5.htm (HKCU)
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} (MetaStreamCtl Class) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://uat.desktop.citigroup.com/dana-cached/setup/NeoterisSetup.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152325382906
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {83EF1847-D835-490B-8D9D-90B2987D66E8} (AOL Pictures Uploader Class) - http://pictures.aolcdn.com/ap/Resources/1.0.2.19.b//cab/YgpUploader.9.3.2.3.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe

--
End of file - 8145 bytes


----------



## Cobster (Oct 15, 2011)

Bump


----------



## eddie5659 (Mar 19, 2001)

Hiya 

Can you do the following

*Clear Cache/Temp Files*
Download *TFC by OldTimer* to your desktop

 Please double-click *TFC.exe* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*).
It *will close all programs* when run, so make sure you have *saved all your work* before you begin.
Click the *Start* button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. *Let it run uninterrupted to completion*. 
Once it's finished it should *reboot your machine*. If it does not, please *manually reboot the machine* yourself to ensure a complete clean.

Please download Malwarebytes' Anti-Malware from *Here* or *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Full Scan*", then click *Scan*.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.*

*Download and scan with* *SUPERAntiSpyware* Free Edition for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._)
Under "*Configuration and Preferences*", click the *Preferences* button.
Click the *Scanning Control* tab.
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._
_Scan for tracking cookies._
_Terminate memory threats before quarantining._

Click the "*Home*" button to leave the control center screen.
On the right, under "*Complete Scan*", choose *Perform Complete Scan*.
Click *Scan your computer*.
On the left, select all *fixed drives*.
Click "*Start Complete Scan*" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*Continue*".
Make sure everything has a checkmark next to it and click "*Next*".
A notification will appear that "_Quarantine and Removal is Complete_". Click "*Remove Threats*" and then click the "*Finish*" button to return to the main menu.
If asked if you want to reboot, click "*Yes*".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *View Scan Logs*.
[*]Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*.
[*]If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor.
[*]Please copy and paste the Scan Log results in your next reply._
_[*]Click *Close* to exit the program._
_

Please include the *MBAM log and, SUPERAntiSpyware Scan Log and a fresh HijackThis log *in your next reply

eddie_


----------



## Cobster (Oct 15, 2011)

Hi Eddie and thanks for your help
Here are the logs:

MBAM

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org
Database version: v2012.01.18.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Compaq_Owner :: DESKTOP1 [administrator]
1/18/2012 7:43:47 PM
mbam-log-2012-01-18 (19-43-47).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 331520
Time elapsed: 51 minute(s), 50 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)

SuperAntiSpyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 01/18/2012 at 11:34 PM
Application Version : 5.0.1142
Core Rules Database Version : 8144
Trace Rules Database Version: 5956
Scan type : Complete Scan
Total Scan Time : 01:18:18
Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 426
Memory threats detected : 0
Registry items scanned : 37980
Registry threats detected : 0
File items scanned : 149406
File threats detected : 24
Adware.Tracking Cookie
C:\Documents and Settings\Compaq_Owner\Cookies\T1IJJLXG.txt [ /tacoda.at.atwola.com ]
C:\Documents and Settings\Compaq_Owner\Cookies\IGB3LY0M.txt [ /legolas-media.com ]
C:\Documents and Settings\Compaq_Owner\Cookies\Q2JFBN8L.txt [ /imrworldwide.com ]
C:\Documents and Settings\Compaq_Owner\Cookies\6NMBQGEV.txt [ /serving-sys.com ]
C:\Documents and Settings\Compaq_Owner\Cookies\RKWRHU0T.txt [ /ar.atwola.com ]
C:\Documents and Settings\Compaq_Owner\Cookies\KIUZJKLB.txt [ /fastclick.net ]
C:\Documents and Settings\Compaq_Owner\Cookies\9WZXHJIS.txt [ /yieldmanager.net ]
C:\Documents and Settings\Compaq_Owner\Cookies\XB00CNMR.txt [ /apmebf.com ]
C:\Documents and Settings\Compaq_Owner\Cookies\U72QXDNY.txt [ /atwola.com ]
C:\Documents and Settings\Compaq_Owner\Cookies\X54QW54F.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\Compaq_Owner\Cookies\26TOPIJ8.txt [ /revsci.net ]
C:\Documents and Settings\Compaq_Owner\Cookies\T7J6H0FD.txt [ /kontera.com ]
C:\Documents and Settings\Compaq_Owner\Cookies\L9D5KMQD.txt [ /atdmt.com ]
C:\Documents and Settings\Compaq_Owner\Cookies\1TQH4KHB.txt [ /at.atwola.com ]
C:\Documents and Settings\Compaq_Owner\Cookies\L19KD2E3.txt [ /doubleclick.net ]
C:\Documents and Settings\Compaq_Owner\Cookies\154OO3KO.txt [ /mm.chitika.net ]
C:\Documents and Settings\Compaq_Owner\Cookies\FMBK4VBC.txt [ /mediaplex.com ]
C:\Documents and Settings\Compaq_Owner\Cookies\6DTK1U0O.txt [ /r1-ads.ace.advertising.com ]
C:\Documents and Settings\Compaq_Owner\Cookies\3APCOEFG.txt [ /interclick.com ]
C:\Documents and Settings\Compaq_Owner\Cookies\9O6A6SLE.txt [ /247realmedia.com ]
C:\Documents and Settings\Compaq_Owner\Cookies\0HBCR5OR.txt [ /advertising.com ]
C:\DOCUMENTS AND SETTINGS\COMPAQ_OWNER\Cookies\O739M801.txt [ Cookie:[email protected]/adserving ]
Trojan.Agent/Gen-Nullo[Short]
C:\PROGRAM FILES\PRO-SETUP.EXE
Trojan.Agent/Gen-FakeDoc
C:\WINDOWS\INSTALLER\{9BD98248-C709-47B9-9B0A-8BD1BE53850E}\ICON6560581610.RTF

HijackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:52:12 PM, on 1/18/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WinPatrol\winpatrol.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&affID=101067&mntrId=d827292300000000000000112fc4e0f7
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html
O9 - Extra button: ???? - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: RemindU - {B48798CE-A2E0-4918-BC00-0F72FBA708E2} - file://C:\Documents and Settings\Compaq_Owner\Application Data\Upromise__RemindU\uprot\uproC5.htm (HKCU)
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} (MetaStreamCtl Class) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://uat.desktop.citigroup.com/dana-cached/setup/NeoterisSetup.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152325382906
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {83EF1847-D835-490B-8D9D-90B2987D66E8} (AOL Pictures Uploader Class) - http://pictures.aolcdn.com/ap/Resources/1.0.2.19.b//cab/YgpUploader.9.3.2.3.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
--
End of file - 8656 bytes


----------



## eddie5659 (Mar 19, 2001)

Thanks 

Download *OTL* to your Desktop 

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. 
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic 


eddie


----------



## Cobster (Oct 15, 2011)

Here are the 2 logs Eddie:

OTL.Txt :

OTL logfile created on: 1/19/2012 10:34:27 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 67.08% Memory free
3.80 Gb Paging File | 3.14 Gb Available in Paging File | 82.57% Paging File free
Paging file location(s): C:\pagefile.sys 2000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.24 Gb Total Space | 86.89 Gb Free Space | 61.09% Space Free | Partition Type: NTFS
Drive D: | 6.79 Gb Total Space | 2.12 Gb Free Space | 31.29% Space Free | Partition Type: FAT32
Drive G: | 3.05 Gb Total Space | 3.01 Gb Free Space | 98.68% Space Free | Partition Type: FAT32

Computer Name: DESKTOP1 | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/19 22:33:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/08 19:44:22 | 004,616,064 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/10/23 09:12:51 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/10/03 01:52:43 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/05/15 14:53:20 | 000,325,512 | ---- | M] (BillP Studios) -- C:\Program Files\WinPatrol\WinPatrol.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/06/06 22:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2003/09/12 22:13:20 | 000,098,304 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\ps2.EXE

========== Modules (No Company Name) ==========

MOD - [2012/01/19 21:45:48 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/01/19 21:45:48 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/01/18 22:08:20 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/01/18 22:08:20 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/11/03 10:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/08/22 00:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/04/14 20:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\WinPatrol\sqlite3.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2001/09/28 13:44:58 | 000,257,536 | ---- | M] () -- C:\WINDOWS\BiImg.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (WANMiniportService) WAN Miniport (ATW)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (getPlus(R) Helper) getPlus(R)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Disabled | Stopped] -- -- (AOL TopSpeedMonitor)
SRV - File not found [Disabled | Stopped] -- -- (AOL ACS)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/03 01:52:43 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2006/04/02 20:23:03 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2005/04/20 10:00:56 | 002,317,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/03/04 11:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/09/30 00:55:50 | 000,229,888 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/09/24 12:38:40 | 000,012,928 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/07/29 22:04:26 | 002,216,128 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/05/08 19:21:44 | 000,035,840 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/04/27 09:31:04 | 000,474,304 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvcd.sys -- (QCDonner) Logitech QuickCam Express(PID_0840)
DRV - [2003/12/02 20:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/09/19 04:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/07/18 18:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/07/12 00:28:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2003/07/02 13:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/10/04 19:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/07/30 00:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2001/11/08 14:58:22 | 000,017,648 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pc22nd5.sys -- (pc22nd5) Toshiba PCX2200 USB Cable Modem networking driver (NDIS)
DRV - [2001/11/08 14:58:14 | 000,069,744 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pc22unic.sys -- (pc22unic)
DRV - [2000/06/27 06:14:32 | 000,019,144 | ---- | M] (USB Image.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\A1236.SYS -- (PV8630)
DRV - [1997/12/09 00:32:00 | 000,003,616 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\as6eio.sys -- (as6eio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&affID=101067&mntrId=d827292300000000000000112fc4e0f7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E8 95 22 45 D4 15 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.globes.co.il"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@sony.com/Some: C:\Program Files\Sony\Bloggie Software\npsome.dll (Sony)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/07 09:26:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/23 14:02:26 | 000,000,000 | ---D | M]

[2008/09/02 07:06:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2011/12/12 23:24:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\6pfq08et.default\extensions
[2011/10/01 09:05:50 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\6pfq08et.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}(2)
[2011/12/12 23:24:15 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\6pfq08et.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/18 08:44:53 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\6pfq08et.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/10/01 09:05:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\6pfq08et.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2011/11/24 16:16:50 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\6pfq08et.default\extensions\[email protected]
[2010/10/21 11:58:25 | 000,000,000 | ---D | M] (PSB Plugin) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\6pfq08et.default\extensions\[email protected]
[2012/01/07 09:26:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/07 09:26:26 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 01:53:41 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/09/15 10:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2005/04/27 16:31:10 | 000,225,280 | ---- | M] (Asgard Software Inc.) -- C:\Program Files\mozilla firefox\plugins\NPUploader.dll
[2011/11/24 16:16:47 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/12 22:17:56 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/10/20 07:08:20 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Suggest) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll (Yahoo! Inc.)
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found
O15 - HKCU\..Trusted Domains: mta.ac.il ([mtamail] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://active.macromedia.com/director/cabs/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (MetaStreamCtl Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} https://uat.desktop.citigroup.com/dana-cached/setup/NeoterisSetup.cab (NeoterisSetup Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152325382906 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {83EF1847-D835-490B-8D9D-90B2987D66E8} http://pictures.aolcdn.com/ap/Resources/1.0.2.19.b//cab/YgpUploader.9.3.2.3.cab (AOL Pictures Uploader Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65ADC95C-A4EE-4103-918F-8E8E9BD42698}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/21 04:59:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/19 22:33:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2012/01/18 22:08:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
[2012/01/18 22:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/01/18 22:07:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/01/18 22:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/01/18 19:42:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/18 19:42:20 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/18 19:35:18 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\TFC.exe
[2012/01/14 23:13:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Recent
[2012/01/11 19:08:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/11 18:59:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\New Folder (7)
[2012/01/11 18:52:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\New Folder
[2012/01/02 09:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\WinZip
[2012/01/01 12:03:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\Books
[2012/01/01 11:44:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Calibre Library
[2012/01/01 11:44:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\calibre
[2012/01/01 11:44:24 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2012/01/01 11:44:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\calibre - E-book Management
[2012/01/01 11:34:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\My Digital Editions
[2012/01/01 11:34:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe
[2011/06/19 14:18:11 | 000,895,503 | ---- | C] (free-windows-registry-cleaner.com ) -- C:\Program Files\free-wrc.exe
[2005/10/02 14:03:13 | 000,018,120 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\GT680X.SYS

========== Files - Modified Within 30 Days ==========

[2012/01/19 22:42:05 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/19 22:33:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2012/01/19 21:50:35 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/19 21:45:59 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/19 21:45:44 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-581693593-1015511138-3403617319-1009.job
[2012/01/19 21:45:32 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/19 21:45:31 | 000,007,883 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/01/19 21:45:28 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2012/01/19 21:45:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/19 21:45:21 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/19 16:27:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/18 22:07:28 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/18 19:42:22 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/18 19:35:18 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\TFC.exe
[2012/01/15 10:13:01 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-581693593-1015511138-3403617319-1009.job
[2012/01/01 11:44:43 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk
[2012/01/01 11:34:14 | 000,001,845 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2012/01/01 11:34:14 | 000,001,827 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Digital Editions.lnk
[2011/12/31 19:02:45 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2012/01/18 22:07:28 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/18 19:42:22 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/01 11:44:43 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk
[2012/01/01 11:34:14 | 000,001,845 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2012/01/01 11:34:14 | 000,001,833 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Digital Editions.lnk
[2012/01/01 11:34:14 | 000,001,827 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Digital Editions.lnk
[2011/10/19 19:09:35 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/06/22 08:20:59 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2010/04/28 16:35:04 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/12/27 10:56:37 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/04/29 18:50:06 | 000,000,010 | ---- | C] () -- C:\WINDOWS\compedia.ini
[2007/06/28 13:12:15 | 000,072,192 | ---- | C] () -- C:\WINDOWS\SSEUninstaller.exe
[2007/05/16 16:25:42 | 000,000,736 | ---- | C] () -- C:\WINDOWS\DigimaxMaster.INI
[2007/05/16 16:23:55 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/05/16 16:23:54 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/05/16 16:23:54 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\vidccleaner.exe
[2007/02/19 09:57:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2006/12/12 12:24:20 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\PGPsdk.dll.sig
[2006/10/08 07:55:14 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2006/07/03 21:17:38 | 000,000,101 | ---- | C] () -- C:\WINDOWS\upst.ini
[2006/04/01 09:13:25 | 000,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/02/23 16:38:53 | 000,000,078 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/01/30 19:19:39 | 000,000,134 | ---- | C] () -- C:\WINDOWS\qtw.ini
[2005/11/26 12:10:56 | 000,000,095 | ---- | C] () -- C:\WINDOWS\tb96.ini
[2005/11/23 08:39:22 | 000,013,012 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft Excel.CAL
[2005/10/02 17:06:42 | 000,000,004 | ---- | C] () -- C:\WINDOWS\AErroru3.dat
[2005/10/02 17:06:41 | 000,030,600 | ---- | C] () -- C:\WINDOWS\EWhiteu12.dat
[2005/10/02 17:06:40 | 000,030,600 | ---- | C] () -- C:\WINDOWS\EDarku12.dat
[2005/10/02 17:06:38 | 000,000,006 | ---- | C] () -- C:\WINDOWS\EExpou.dat
[2005/10/02 17:06:33 | 000,000,001 | ---- | C] () -- C:\WINDOWS\EOffsetu.dat
[2005/10/02 14:03:13 | 000,184,320 | ---- | C] () -- C:\WINDOWS\Ausba3.dll
[2005/10/02 14:03:13 | 000,011,593 | ---- | C] () -- C:\WINDOWS\Dusb3ar.ini
[2005/10/02 14:03:13 | 000,002,672 | ---- | C] () -- C:\WINDOWS\Ausba3.ini
[2005/10/02 14:03:13 | 000,001,226 | ---- | C] () -- C:\WINDOWS\ScnPanel.ini
[2005/10/02 14:03:07 | 000,001,701 | ---- | C] () -- C:\WINDOWS\Ultima292.ini
[2005/10/02 12:57:06 | 000,000,100 | ---- | C] () -- C:\WINDOWS\Tb98.ini
[2005/10/02 12:57:00 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2005/10/02 12:57:00 | 000,004,528 | ---- | C] () -- C:\WINDOWS\System32\SETBROWS.EXE
[2005/10/02 12:56:59 | 000,046,512 | ---- | C] () -- C:\WINDOWS\System32\EPSN.DLL
[2005/10/02 12:56:59 | 000,012,126 | ---- | C] () -- C:\WINDOWS\System32\PIXPCZ.DLL
[2005/10/02 12:56:59 | 000,011,934 | ---- | C] () -- C:\WINDOWS\System32\PIXPNR.DLL
[2005/10/02 12:56:19 | 000,158,720 | ---- | C] () -- C:\WINDOWS\System32\LFCMP62N.DLL
[2005/10/02 12:56:19 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\LFTIF62N.DLL
[2005/10/02 12:56:19 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\LTFIL62N.DLL
[2005/10/02 12:56:19 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\LFPCX62N.DLL
[2005/10/02 12:56:19 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\LFEPS62N.DLL
[2005/10/02 12:56:19 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\LFPCT62N.DLL
[2005/10/02 12:56:19 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\LFGIF62N.DLL
[2005/10/02 12:56:19 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\LFBMP62N.DLL
[2005/10/02 12:56:19 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LFPSD62N.DLL
[2005/10/02 12:56:19 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\LFWMF62N.DLL
[2005/10/02 12:56:19 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\LFTGA62N.DLL
[2005/10/02 12:56:19 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\LFWPG62N.DLL
[2005/10/02 12:56:19 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\LFIMG62N.DLL
[2005/10/02 12:56:19 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\LFRAS62N.DLL
[2005/10/02 12:56:19 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\LFMSP62N.DLL
[2005/10/02 12:56:19 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\LFMAC62N.DLL
[2005/10/02 12:56:19 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\LFPCD62N.DLL
[2005/10/02 12:56:08 | 000,133,632 | ---- | C] () -- C:\WINDOWS\AUSBA1.DLL
[2005/10/02 12:56:08 | 000,000,986 | ---- | C] () -- C:\WINDOWS\AUSBA1.INI
[2005/10/02 12:56:08 | 000,000,194 | ---- | C] () -- C:\WINDOWS\DUSB1AR.INI
[2005/10/02 12:56:06 | 000,003,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\As6eio.sys
[2005/07/05 09:08:51 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/07/05 09:08:42 | 000,002,872 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/06/21 14:47:57 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/06/10 18:52:41 | 000,000,111 | ---- | C] () -- C:\WINDOWS\ka.ini
[2005/05/10 10:02:54 | 000,000,037 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2005/04/16 12:09:53 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2005/04/16 09:13:09 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2005/03/15 19:05:45 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2005/03/15 19:05:45 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2005/03/15 19:05:45 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2005/03/15 19:05:33 | 000,000,310 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[2005/03/15 19:05:26 | 000,000,034 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2005/03/03 01:19:21 | 000,257,536 | ---- | C] () -- C:\WINDOWS\BiImg.dll
[2005/03/03 01:19:21 | 000,110,592 | ---- | C] () -- C:\WINDOWS\JPEG32.DLL
[2005/03/03 01:19:21 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\BiMResNT.dll
[2005/03/03 01:19:21 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\BiMAppNT.exe
[2005/01/31 08:49:19 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\PBHTML.dll
[2005/01/30 14:55:51 | 000,002,150 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2005/01/21 01:30:14 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2005/01/21 01:30:14 | 000,000,823 | ---- | C] () -- C:\WINDOWS\tsc.ini
[2005/01/21 01:29:58 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/01/20 22:16:41 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/01/20 20:26:14 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat
[2004/11/17 11:27:52 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/11/17 11:27:52 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/11/17 11:27:49 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/11/17 11:27:45 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/11/17 11:27:39 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/11/17 11:27:16 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/11/17 11:27:15 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/11/17 11:27:09 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/11/17 11:27:09 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/11/17 11:27:09 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/11/17 11:27:09 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/11/17 11:27:09 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/11/17 11:26:47 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/11/17 11:26:18 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/10/21 10:34:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/21 06:49:55 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-6.3.2.62.exe
[2004/10/21 06:48:08 | 000,013,948 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/10/21 06:47:59 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/10/21 06:33:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/21 06:20:51 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/10/21 06:20:51 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/10/21 06:20:51 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/10/21 06:20:51 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/10/21 06:20:51 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/10/21 06:20:51 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/10/21 06:04:06 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/10/21 05:53:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\RTCOMDLL.dll
[2004/10/21 05:53:26 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/10/21 05:52:02 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2004/10/21 05:48:17 | 000,017,191 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2004/10/21 05:46:49 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2004/10/21 05:46:49 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2004/10/21 05:46:49 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2004/10/21 05:15:39 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/10/21 05:15:39 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/10/21 05:14:17 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/10/21 05:04:42 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/10/21 05:01:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/10/21 04:56:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/10/21 04:42:37 | 000,000,572 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/10/21 04:42:17 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/10/21 04:42:16 | 000,384,926 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/10/21 04:42:16 | 000,054,484 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/10/20 21:50:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/10/20 21:49:04 | 000,361,728 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/09/14 01:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 05:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 05:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/04/11 01:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/08 00:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

========== LOP Check ==========

[2011/11/24 16:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2010/06/22 23:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/09/28 13:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output
[2009/01/17 22:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hiro-Media
[2011/10/24 19:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2004/10/21 06:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2009/10/01 18:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PictureMover
[2011/10/01 09:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/10/08 10:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2007/06/01 01:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Upromise__RemindU
[2012/01/02 09:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2006/04/01 09:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\acccore
[2011/11/24 16:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Babylon
[2012/01/02 09:19:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\calibre
[2009/09/28 13:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\eFax Messenger
[2010/05/22 09:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\GARMIN
[2007/01/20 00:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\GetRightToGo
[2006/10/08 07:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\InterMute
[2005/11/06 18:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Intervideo
[2009/09/28 13:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\j2 Global
[2005/12/02 08:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Juniper Networks
[2005/02/05 19:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech
[2011/11/24 16:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Media Finder
[2008/07/25 00:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\MSNInstaller
[2009/03/29 21:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Paltalk
[2007/01/19 01:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\PGP Corporation
[2009/06/04 19:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\PictureMover
[2009/06/05 05:26:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SampleView
[2009/11/12 07:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\School Zone Preferences
[2006/05/12 15:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Snapfish
[2007/02/19 09:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Template
[2010/09/23 18:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Unity
[2008/06/21 20:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Upromise__RemindU
[2011/03/09 18:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\VirtualStore
[2008/12/14 19:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\VSRevoGroup
[2011/10/24 19:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\WinPatrol
[2012/01/19 21:50:35 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2007/02/11 10:56:34 | 000,329,628 | ---- | M] ()(C:\Documents and Settings\Compaq_Owner\My Documents\??????? - ????? -????.mht) -- C:\Documents and Settings\Compaq_Owner\My Documents\היורשים - חדשות -הארץ.mht
[2007/02/11 10:56:25 | 000,329,628 | ---- | C] ()(C:\Documents and Settings\Compaq_Owner\My Documents\??????? - ????? -????.mht) -- C:\Documents and Settings\Compaq_Owner\My Documents\היורשים - חדשות -הארץ.mht
[2006/11/18 16:46:52 | 000,039,936 | ---- | M] ()(C:\Documents and Settings\Compaq_Owner\My Documents\?? ???? ??? ???? ???.doc) -- C:\Documents and Settings\Compaq_Owner\My Documents\על כגון אלה היתה אמי.doc
[2006/11/18 16:46:52 | 000,039,936 | ---- | C] ()(C:\Documents and Settings\Compaq_Owner\My Documents\?? ???? ??? ???? ???.doc) -- C:\Documents and Settings\Compaq_Owner\My Documents\על כגון אלה היתה אמי.doc
[2006/09/15 06:46:31 | 000,020,992 | ---- | M] ()(C:\Documents and Settings\Compaq_Owner\My Documents\?????? ????.doc) -- C:\Documents and Settings\Compaq_Owner\My Documents\קובקוב אהלן.doc
[2006/09/15 06:46:31 | 000,020,992 | ---- | C] ()(C:\Documents and Settings\Compaq_Owner\My Documents\?????? ????.doc) -- C:\Documents and Settings\Compaq_Owner\My Documents\קובקוב אהלן.doc
[2006/08/05 22:02:58 | 000,026,112 | ---- | M] ()(C:\Documents and Settings\Compaq_Owner\My Documents\??? ????? ?? ????????.doc) -- C:\Documents and Settings\Compaq_Owner\My Documents\הכי מפריע זה הדיסוננס.doc
[2006/08/05 22:02:58 | 000,026,112 | ---- | C] ()(C:\Documents and Settings\Compaq_Owner\My Documents\??? ????? ?? ????????.doc) -- C:\Documents and Settings\Compaq_Owner\My Documents\הכי מפריע זה הדיסוננס.doc
[2006/08/04 06:39:33 | 000,027,136 | ---- | M] ()(C:\Documents and Settings\Compaq_Owner\My Documents\?? ?? ??? ???? ?? ????.doc) -- C:\Documents and Settings\Compaq_Owner\My Documents\גם מי שלא תומך של ביבי.doc
[2006/08/04 06:39:32 | 000,027,136 | ---- | C] ()(C:\Documents and Settings\Compaq_Owner\My Documents\?? ?? ??? ???? ?? ????.doc) -- C:\Documents and Settings\Compaq_Owner\My Documents\גם מי שלא תומך של ביבי.doc
[2006/06/21 07:31:10 | 000,000,000 | ---D | M](C:\Documents and Settings\Compaq_Owner\My Documents\????? - ????? ???? ?????_files) -- C:\Documents and Settings\Compaq_Owner\My Documents\גלובס - רוכשי דירה מקבלן_files
[2006/06/18 07:00:56 | 000,030,098 | ---- | M] ()(C:\Documents and Settings\Compaq_Owner\My Documents\????? - ????? ???? ?????.htm) -- C:\Documents and Settings\Compaq_Owner\My Documents\גלובס - רוכשי דירה מקבלן.htm
[2006/06/18 07:00:55 | 000,030,098 | ---- | C] ()(C:\Documents and Settings\Compaq_Owner\My Documents\????? - ????? ???? ?????.htm) -- C:\Documents and Settings\Compaq_Owner\My Documents\גלובס - רוכשי דירה מקבלן.htm
[2006/06/18 07:00:55 | 000,000,000 | ---D | C](C:\Documents and Settings\Compaq_Owner\My Documents\????? - ????? ???? ?????_files) -- C:\Documents and Settings\Compaq_Owner\My Documents\גלובס - רוכשי דירה מקבלן_files
[2006/03/27 11:29:49 | 000,024,064 | ---- | M] ()(C:\Documents and Settings\Compaq_Owner\My Documents\????? ??????.doc) -- C:\Documents and Settings\Compaq_Owner\My Documents\הורים פולנים.doc
[2006/03/27 11:29:49 | 000,024,064 | ---- | C] ()(C:\Documents and Settings\Compaq_Owner\My Documents\????? ??????.doc) -- C:\Documents and Settings\Compaq_Owner\My Documents\הורים פולנים.doc
[2006/02/14 08:00:01 | 000,044,032 | ---- | M] ()(C:\Documents and Settings\Compaq_Owner\My Documents\????? ????? ? ? ? ? ?.doc) -- C:\Documents and Settings\Compaq_Owner\My Documents\אפרים קישון ה ג ד ו ל.doc
[2006/02/14 08:00:01 | 000,044,032 | ---- | C] ()(C:\Documents and Settings\Compaq_Owner\My Documents\????? ????? ? ? ? ? ?.doc) -- C:\Documents and Settings\Compaq_Owner\My Documents\אפרים קישון ה ג ד ו ל.doc
[2005/09/25 18:34:57 | 000,024,064 | ---- | M] ()(C:\Documents and Settings\Compaq_Owner\My Documents\?? ??????? ?? ??????? ??? ??? ????? ??????.doc) -- C:\Documents and Settings\Compaq_Owner\My Documents\אל תתייראי מן הפרושים ולא ממי שאינם פרושים.doc
[2005/09/25 18:34:56 | 000,024,064 | ---- | C] ()(C:\Documents and Settings\Compaq_Owner\My Documents\?? ??????? ?? ??????? ??? ??? ????? ??????.doc) -- C:\Documents and Settings\Compaq_Owner\My Documents\אל תתייראי מן הפרושים ולא ממי שאינם פרושים.doc
< End of report >

Extras.Txt:

OTL Extras logfile created on: 1/19/2012 10:34:27 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 67.08% Memory free
3.80 Gb Paging File | 3.14 Gb Available in Paging File | 82.57% Paging File free
Paging file location(s): C:\pagefile.sys 2000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.24 Gb Total Space | 86.89 Gb Free Space | 61.09% Space Free | Partition Type: NTFS
Drive D: | 6.79 Gb Total Space | 2.12 Gb Free Space | 31.29% Space Free | Partition Type: FAT32
Drive G: | 3.05 Gb Total Space | 3.01 Gb Free Space | 98.68% Space Free | Partition Type: FAT32

Computer Name: DESKTOP1 | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabledxpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\Program Files\Common Files\AOL\1127693794\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1127693794\ee\aolsoftware.exe:*:Enabled:AOL Services
"C:\Program Files\Common Files\AOL\1127693794\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1127693794\ee\aim6.exe:*:Enabled:AIM
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed
"C:\Program Files\Common Files\AOL\1127693794\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1127693794\ee\AOLServiceHost.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\AOL 9.0a\waol.exe" = C:\Program Files\AOL 9.0a\waol.exe:*:Enabled:AOL9~1.0A
"C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\AOL Desktop 9.6\waol.exe" = C:\Program Files\AOL Desktop 9.6\waol.exe:*:Enabled:AOL Desktop 9.6
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{0303CD4A-D909-4F03-9799-E25D84D7EC9F}" = ARTEC
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{10F755FD-ED31-4ABF-8720-49A399C52297}" = calibre
"{1B4AA674-F5CA-4BB5-831A-CD37B4021959}" = ImageMixer for Sony
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BD0196C-6553-460c-A0C4-90D8AE5D60D2}" = Norton Personal Firewall
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM
"{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}" = Image Transfer
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7EF0FAC3-C07D-4859-B5CA-CC31BF963C5C}" = Bloggie Software
"{86D6A20D-3910-4441-A3E5-EB6977251C86}" = Samsung USB Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9011040D-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901E0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 English User Interface Pack
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{98BAC573-DBE2-49de-9A23-597CFD95E474}" = PictureMover
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9D79832-82B4-4FA1-90E6-8B4AEDA1B736}" = WebTV
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype 5.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Digimax Master
"{B7F98125-4955-41E3-8A71-4CE11CE9C198}" = KODAK Gallery Upload Software
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{C2F82FFB-3230-41DB-959F-F38B29ABE69D}" = IPTV
"{C3F058C0-A21C-452D-8D99-95B1A45F417D}" = InterVideo DiscLabel
"{C7DD94A8-F775-426C-B56C-8E555A59F9E2}" = Garmin Communicator Plugin
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}" = WinZip 15.5
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = Compaq Organize
"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger
"{F87A8E11-02A4-4875-A3A5-5961081B0E4E}" = OpenOffice.org 2.4
"1236USB" = 1236USB
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"áåøñä-âøó" = áåøñä-âøó
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"BabylonToolbar" = Babylon toolbar on IE
"BackWeb-6750491 Uninstaller" = Compaq Connections
"BloggieSoftware" = Bloggie Software
"CCleaner" = CCleaner
"conduitEngine" = Conduit Engine 
"Digital Editions" = Adobe Digital Editions
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LiveReg" = LiveReg (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"MGI_PHOTOSUITE_SE_V10" = MGI PhotoSuite SE (Remove Only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MyConnection PC Lite Edition" = MyConnection PC Lite Edition
"MySpeed PC Lite Edition" = MySpeed PC Lite Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa2" = Picasa 2
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Radio_G Toolbar" = Radio_G Toolbar
"Radio_Israel Toolbar" = Radio_Israel Toolbar
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.93
"Shutterfly Plugin" = Shutterfly Plugin
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TextBridge Classic 2.0" = TextBridge Classic 2.0
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"Winmail Reader_is1" = Winmail Reader 1.1.12
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! extras
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! IE Suggest" = Yahoo! IE Search Suggest
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9863F141-7A33-4c9a-A5F2-96996461B216}" = KODAK EASYSHARE Gallery Easy Upload, v2.1
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/12/2011 8:23:07 PM | Computer Name = DESKTOP1 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240022, P2 processdownloadresults, P3 
download, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials
(edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.

Error - 10/12/2011 8:27:52 PM | Computer Name = DESKTOP1 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240022, P2 processdownloadresults, P3 
download, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials
(edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.

Error - 10/14/2011 2:16:07 AM | Computer Name = DESKTOP1 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240022, P2 processdownloadresults, P3 
download, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials
(edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.

Error - 10/15/2011 12:41:47 PM | Computer Name = DESKTOP1 | Source = Application Error | ID = 1000
Description = Faulting application componentlauncher.exe, version 3.0.0.49815, faulting
module , version 5.1.2600.6055, fault address 0x00010f1e.

Error - 10/17/2011 7:21:30 AM | Computer Name = DESKTOP1 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 7.0.1.4288, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/17/2011 9:31:49 PM | Computer Name = DESKTOP1 | Source = Application Error | ID = 1000
Description = Faulting application ps2.exe, version 1.0.2.2, faulting module ps2.exe,
version 1.0.2.2, fault address 0x00003343.

Error - 10/21/2011 7:45:00 AM | Computer Name = DESKTOP1 | Source = Microsoft Security Client | ID = 5000
Description =

Error - 10/23/2011 1:47:11 AM | Computer Name = DESKTOP1 | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 1.1.7801.0, P3 1.115.358.0, P4 1.115.358.0, P5 200015b3e9679dd8_9cca347a4659301f89105a5433539e9cad150c69,
P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 10/29/2011 7:27:09 AM | Computer Name = DESKTOP1 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070670, P2 patchapplication, P3 am bdd,
P4 10.3.1781.0, P5 mpsigstub.exe, P6 3.0.8402.0, P7 microsoft security essentials,
P8 NIL, P9 NIL, P10 NIL.

Error - 11/4/2011 2:15:48 AM | Computer Name = DESKTOP1 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 1/15/2012 8:32:13 AM | Computer Name = DESKTOP1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 1/17/2012 12:45:49 AM | Computer Name = DESKTOP1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the JavaQuickStarterService service.

Error - 1/18/2012 5:35:56 PM | Computer Name = DESKTOP1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 1/18/2012 5:44:18 PM | Computer Name = DESKTOP1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 1/18/2012 5:45:11 PM | Computer Name = DESKTOP1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 1/18/2012 5:52:13 PM | Computer Name = DESKTOP1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 1/18/2012 8:36:03 PM | Computer Name = DESKTOP1 | Source = Service Control Manager | ID = 7031
Description = The Microsoft Antimalware Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 
15000 milliseconds: Restart the service.

Error - 1/18/2012 8:36:03 PM | Computer Name = DESKTOP1 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/18/2012 11:16:40 PM | Computer Name = DESKTOP1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 1/19/2012 5:57:47 AM | Computer Name = DESKTOP1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Thanks 

Okay, can you uninstall these via AddRemove Programs, or Start | Programs:

*Babylon toolbar on IE
Conduit Engine *

Then, can you update Java as follows:

Please download *JavaRa* to your desktop and unzip it to its own folder 

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions. 
Accept any prompts. 
Now, go *here* and download the latest Java Version.

-------

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:OTL
SRV - File not found [Disabled | Stopped] -- -- (WANMiniportService) WAN Miniport (ATW)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (getPlus(R) Helper) getPlus(R)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Disabled | Stopped] -- -- (AOL TopSpeedMonitor)
SRV - File not found [Disabled | Stopped] -- -- (AOL ACS)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP...0000112fc4e0f7
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
[2011/11/24 16:16:50 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\6pfq08et.default\extensions\[email protected]
[2011/11/24 16:16:47 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...8f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
[2011/12/31 19:02:45 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/24 16:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2011/11/24 16:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Babylon
:Files
ipconfig /flushdns /c
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[emptyjava]
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.

----------------

Do you know what these are or did you install them? If you do, that's okay, I'll ignore them 

In AddRemove Programs:

"áåøñä-âøó" = áåøñä-âøó
"Radio_Israel Toolbar" = Radio_Israel Toolbar

In C:\Documents and Settings\Compaq_Owner\My Documents:

C:\Documents and Settings\Compaq_Owner\My Documents\היורשים - חדשות -הארץ.mht
C:\Documents and Settings\Compaq_Owner\My Documents\קובקוב אהלן.doc

---------

eddie


----------



## Cobster (Oct 15, 2011)

Hi Eddie
Did everything that you requested BUT the OLl Run Fix does not run for me.
When I click on Run Fix it freezes my computer and even after waiting 15 minutes it does not complete the task.
I needed to re-boot the system each time after re-trying to run OTL.
Not sure what to do now
Thanks again
Cobster


----------



## eddie5659 (Mar 19, 2001)

I think this may be due to MBAM running. Can you do this and then run it again:

Right-click on the MBAM icon in the systray, chose Exit and then click Yes at the prompt asking "Are you sure you want to disable the MBAM Protection Module?"

To re-enable, right-click on the MBAM icon in the systray and select Enable Protection. Right-click again and select Start with Windows. 

Then, open up Task manager by either Ctrl-Alt-Del, or by right-clicking on the taskbar and selecting Task Manager.

In there, click on Processes, and locate the entry for MBAM, rightclick and select End Process.


----------



## Cobster (Oct 15, 2011)

Had to uninstall MBAM to make OTL work.
Here is the log:

All processes killed
========== OTL ==========
Error: No service named WANMiniportService) WAN Miniport (ATW was found to stop!
Service\Driver key WANMiniportService) WAN Miniport (ATW not found.
Service HidServ stopped successfully!
Service HidServ deleted successfully!
Error: No service named getPlus(R) Helper) getPlus(R was found to stop!
Service\Driver key getPlus(R) Helper) getPlus(R not found.
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
Service AOL TopSpeedMonitor stopped successfully!
Service AOL TopSpeedMonitor deleted successfully!
Service AOL ACS stopped successfully!
Service AOL ACS deleted successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\6pfq08et.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\6pfq08et.default\extensions\[email protected]\defaults folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\6pfq08et.default\extensions\[email protected]\content\imgs\mnRadio folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\6pfq08et.default\extensions\[email protected]\content\imgs\flgs folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\6pfq08et.default\extensions\[email protected]\content\imgs folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\6pfq08et.default\extensions\[email protected]\content folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\6pfq08et.default\extensions\[email protected]\components folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\6pfq08et.default\extensions\[email protected] folder moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder\ deleted successfully.
Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Babylon folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Administrator.DESKTOP1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.DESKTOP1.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users
->Flash cache emptied: 0 bytes

User: Compaq_Owner
->Temp folder emptied: 857453 bytes
->Temporary Internet Files folder emptied: 48265460 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 48990472 bytes
->Flash cache emptied: 470 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 16786 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 31922 bytes
->Temporary Internet Files folder emptied: 616028 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 101134 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 94.00 mb

[EMPTYJAVA]

User: Administrator

User: Administrator.DESKTOP1

User: Administrator.DESKTOP1.000

User: All Users

User: Compaq_Owner
->Java cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: Administrator.DESKTOP1

User: Administrator.DESKTOP1.000

User: All Users
->Flash cache emptied: 0 bytes

User: Compaq_Owner
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.31.0 log created on 01212012_204204

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


----------



## eddie5659 (Mar 19, 2001)

> Had to uninstall MBAM to make OTL work.


Seems to be a bug with MBAM, getting quite a few users with the same problem 

The developer of OTL knows about this, and this will be sent to the developers of MBAM, for a bugfix 

---

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! As you download it rename it to Cobster123.exe and save it to your Desktop *


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

eddie


----------



## Cobster (Oct 15, 2011)

Hi Eddie
Here is the ComboFix txt

ComboFix 12-01-21.02 - Compaq_Owner 01/22/2012 11:13:02.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1181 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\Cobster123.exe
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\1318087353\DSETUP.dll
c:\documents and settings\All Users\Application Data\TEMP\1318087353\dsetup32.dll
c:\documents and settings\All Users\Application Data\TEMP\1318087353\dxdllreg_x86.cab
c:\documents and settings\All Users\Application Data\TEMP\1318087353\DXSETUP.exe
c:\documents and settings\All Users\Application Data\TEMP\1318087353\dxupdate.cab
c:\documents and settings\All Users\Application Data\TEMP\1318087353\Jun2010_d3dx9_43_x64.cab
c:\documents and settings\All Users\Application Data\TEMP\1318087353\Jun2010_d3dx9_43_x86.cab
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2011-12-22 to 2012-01-22 )))))))))))))))))))))))))))))))
.
.
2012-01-07 14:26 . 2012-01-07 14:26 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-07 14:26 . 2012-01-07 14:26 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-07 14:26 . 2012-01-07 14:26 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-07 14:26 . 2012-01-07 14:26 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-02 14:41 . 2012-01-02 14:41 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\WinZip
2012-01-01 16:44 . 2012-01-04 13:53 -------- d-----w- c:\documents and settings\Compaq_Owner\Calibre Library
2012-01-01 16:44 . 2012-01-02 14:19 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\calibre
2012-01-01 16:44 . 2012-01-01 16:44 -------- d-----w- c:\program files\Calibre2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2004-11-17 16:29 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-11-17 16:29 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-11-17 16:27 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-15 19:29 . 2009-10-02 18:52 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-04 19:20 . 2004-11-17 16:29 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-11-17 16:27 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-11-17 16:27 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-11-17 16:27 385024 ------w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2004-11-17 16:27 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-03 15:28 . 2004-11-17 16:27 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-01 16:07 . 2004-11-17 16:27 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-11-17 16:26 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2004-11-17 16:27 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-04 05:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-09-15 11:26 . 2011-06-19 19:18 895503 ----a-w- c:\program files\free-wrc.exe
2012-01-07 14:26 . 2011-10-01 15:19 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-22 6276408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 4616064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-09-30 4603904]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-21 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-21 118784]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-13 98304]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 253952]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-10-23 273528]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"WinPatrol"="c:\program files\WinPatrol\winpatrol.exe" [2011-05-15 325512]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PictureMover.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PictureMover.lnk
backup=c:\windows\pss\PictureMover.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Bloggie Watcher Utility.lnk]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk
backup=c:\windows\pss\Bloggie Watcher Utility.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 03:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2005-03-04 16:01 88209 ----a-w- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2004-07-21 00:22 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2004-07-29 08:34 2551808 ----a-w- c:\windows\ALCWZRD.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
2004-09-08 03:47 57344 ----a-w- c:\windows\ALCXMNTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.4]
2008-10-07 20:25 95744 ----a-w- c:\program files\eFax Messenger 4.4\J2GDllCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2003-02-12 03:02 61440 ----a-w- c:\hp\KBD\kbd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2004-09-30 03:23 921600 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2004-04-15 03:43 233472 ----a-w- c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 13:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-17 12:51 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 15:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ITMRTSVC"=2 (0x2)
"AOL ACS"=2 (0x2)
"AOL TopSpeedMonitor"=3 (0x3)
"WinDefend"=2 (0x2)
"WANMiniportService"=2 (0x2)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"MsMpSvc"=2 (0x2)
"MDM"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"getPlus(R) Helper"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
.
R1 as6eio;as6eio;c:\windows\system32\drivers\As6eio.sys [10/2/2005 12:56 PM 3616]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S1 MpKsl0e563469;MpKsl0e563469;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{873B57C5-04A4-4AB7-AB95-51361C3F30EF}\MpKsl0e563469.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{873B57C5-04A4-4AB7-AB95-51361C3F30EF}\MpKsl0e563469.sys [?]
S1 MpKsl5641d4f4;MpKsl5641d4f4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{93EE684A-0DC6-4DB0-AA74-4EC5A868BFBC}\MpKsl5641d4f4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{93EE684A-0DC6-4DB0-AA74-4EC5A868BFBC}\MpKsl5641d4f4.sys [?]
S1 MpKsl6e37a865;MpKsl6e37a865;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{15A745F0-84C2-4235-B667-60D0D4F1A5BD}\MpKsl6e37a865.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{15A745F0-84C2-4235-B667-60D0D4F1A5BD}\MpKsl6e37a865.sys [?]
S1 MpKsl76e2cf48;MpKsl76e2cf48;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DAA41FAB-B1A6-44F6-AB8A-A5EF512511F3}\MpKsl76e2cf48.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DAA41FAB-B1A6-44F6-AB8A-A5EF512511F3}\MpKsl76e2cf48.sys [?]
S1 MpKslb3e862ad;MpKslb3e862ad;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{47762791-95A5-4BEF-92FE-5B1CE6EFC917}\MpKslb3e862ad.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{47762791-95A5-4BEF-92FE-5B1CE6EFC917}\MpKslb3e862ad.sys [?]
S1 MpKsleb2c071b;MpKsleb2c071b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DA357C22-D289-4192-A7E3-A53BCB19E043}\MpKsleb2c071b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DA357C22-D289-4192-A7E3-A53BCB19E043}\MpKsleb2c071b.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/9/2011 7:32 PM 136176]
S3 EraserUtilDrvI9;EraserUtilDrvI9;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/9/2011 7:32 PM 136176]
S3 pc22nd5;Toshiba PCX2200 USB Cable Modem networking driver (NDIS);c:\windows\system32\drivers\pc22nd5.sys [4/16/2005 5:07 PM 17648]
S3 pc22unic;Toshiba PCX2200 USB Cable Modem WDM driver;c:\windows\system32\drivers\pc22unic.sys [4/16/2005 4:38 PM 69744]
S3 PV8630;USB Flatbed Scanner Driver;c:\windows\system32\drivers\A1236.SYS [10/2/2005 2:03 PM 19144]
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-10 00:32]
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-10 00:32]
.
2012-01-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
2012-01-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-581693593-1015511138-3403617319-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]
.
2012-01-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-581693593-1015511138-3403617319-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.haaretz.co.il/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = <local>
Trusted Zone: mta.ac.il\mtamail
TCP: DhcpNameServer = 192.168.0.1
DPF: {83EF1847-D835-490B-8D9D-90B2987D66E8} - hxxp://pictures.aolcdn.com/ap/Resources/1.0.2.19.b//cab/YgpUploader.9.3.2.3.cab
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\6pfq08et.default\
FF - prefs.js: browser.startup.homepage - www.globes.co.il
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe
MSConfigStartUp-AOLSPScheduler - c:\program files\Common Files\AOL\1127693794\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
MSConfigStartUp-HostManager - c:\program files\Common Files\AOL\1127693794\ee\AOLSoftware.exe
MSConfigStartUp-sscRun - c:\program files\Common Files\AOL\1127693794\ee\SSCRun.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-22 11:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(564)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2012-01-22 11:22:08
ComboFix-quarantined-files.txt 2012-01-22 16:21
.
Pre-Run: 93,427,769,344 bytes free
Post-Run: 93,395,546,112 bytes free
.
- - End Of File - - A9DC761B56A5D86D891107DDF07405AE


----------



## eddie5659 (Mar 19, 2001)

Thanks 

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:dir
c:\windows\IME /sub
c:\windows\SYSTEM32\IME /sub
:filefind
*Babylon*
*Conduit*
:folderfind
*Babylon*
*Conduit*
:regfind
*Babylon*
*Conduit*
:file
C:\WINDOWS\System32\drivers\as6eio.sys
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

------------

Save these instructions so you can have access to them while in Safe Mode.

Please click *here* to download AVP Tool by Kaspersky. 

Save it to your desktop. 
Reboot your computer into SafeMode. 
_You can do this by restarting your computer and continually tapping the *F8* key until a menu appears. 
Use your up arrow key to highlight SafeMode then hit *enter*_*.*​
Double click the setup file to run it. 
Click Next to continue. 
Accept the Licence agreement and click on next 
It will by default install it to your desktop folder.Click Next. 
It will then open a box There will be a tab that says Automatic scan. 
Under Automatic scan make sure these are checked. 

Hidden Startup Objects 
System Memory 
Disk Boot Sectors. 
My Computer. 
Also any other drives (Removable that you may have) 

Leave the rest of the settings as they appear as default.


Then click on Scan at the to right hand Corner. 
It will automatically Neutralize any objects found. 
If some objects are left un-neutralized then click the button that says Neutralize all 
If it says it cannot be Neutralized then chooose The delete option when prompted. 
After that is done click on the reports button at the bottom and save it to file name it *Kas*. 
Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under *Detected* post those results in your next reply.

*Note: This tool will self uninstall when you close it so please save the log before closing it. ​*
*​*
eddie


----------



## Cobster (Oct 15, 2011)

Voila Eddie

SystemLook 30.07.11 by jpshortstuff
Log created at 14:05 on 22/01/2012 by Compaq_Owner
Administrator - Elevation successful
========== dir ==========
c:\windows\IME - Parameters: "/sub"
---Files---
mscandui.dll --a---- 220160 bytes [16:27 17/11/2004] [00:11 14/04/2008]
softkbd.dll --a---- 130048 bytes [16:28 17/11/2004] [00:12 14/04/2008]
spgrmr.dll --a---- 62976 bytes [16:28 17/11/2004] [16:43 13/04/2008]
sptip.dll --a---- 250368 bytes [16:28 17/11/2004] [00:12 14/04/2008]
c:\windows\IME\chsime d------ [09:59 21/10/2004]
c:\windows\IME\chsime\applets d------ [09:59 21/10/2004]
c:\windows\IME\CHTIME d------ [02:43 21/10/2004]
c:\windows\IME\CHTIME\Applets d------ [02:43 21/10/2004]
c:\windows\IME\imejp d------ [02:43 21/10/2004]
c:\windows\IME\imejp\applets d------ [02:43 21/10/2004]
c:\windows\IME\imejp98 d------ [02:43 21/10/2004]
c:\windows\IME\imjp8_1 d------ [09:59 21/10/2004]
c:\windows\IME\imjp8_1\applets d------ [09:59 21/10/2004]
c:\windows\IME\imkr6_1 d------ [09:59 21/10/2004]
c:\windows\IME\imkr6_1\applets d------ [09:59 21/10/2004]
c:\windows\IME\imkr6_1\dicts d------ [09:59 21/10/2004]
c:\windows\IME\shared d------ [09:59 21/10/2004]
c:\windows\IME\shared\res d------ [09:59 21/10/2004]
c:\windows\SYSTEM32\IME - Parameters: "/sub"
---Files---
None found.
c:\windows\SYSTEM32\IME\CINTLGNT d------ [02:43 21/10/2004]
c:\windows\SYSTEM32\IME\PINTLGNT d------ [02:43 21/10/2004]
c:\windows\SYSTEM32\IME\TINTLGNT d------ [02:43 21/10/2004]
========== filefind ==========
Searching for "*Babylon*"
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Babylon\Setup\Babylon.dat --a---- 11198 bytes [21:16 24/11/2011] [21:27 08/08/2011] 0EA4B325AEDED4466C4CF6F8DAE88ECF
C:\_OTL\MovedFiles\01212012_204204\C_Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\6pfq08et.default\extensions\[email protected]\content\babylon.css --a---- 2740 bytes [09:02 22/03/2011] [09:02 22/03/2011] 8473A23281D302880A9E6508321201BE
C:\_OTL\MovedFiles\01212012_204204\C_Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\6pfq08et.default\extensions\[email protected]\content\babylon.xul --a---- 10941 bytes [10:37 11/07/2011] [10:37 11/07/2011] 97BF7CBF63DFFEEC117A1A7F788D71DA
C:\_OTL\MovedFiles\01212012_204204\C_Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\6pfq08et.default\extensions\[email protected]\defaults\preferences\babylon.js --a---- 603 bytes [21:16 24/11/2011] [21:16 24/11/2011] 51E63EDFA8EAB426D73510CA17AE410C
C:\_OTL\MovedFiles\01212012_204204\C_Program Files\Mozilla Firefox\searchplugins\babylon.xml --a---- 2288 bytes [21:16 24/11/2011] [21:16 24/11/2011] 4F45F64AAE98AD063E3F8978D1AA2FDB
Searching for "*Conduit*"
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=&browserType=IE&toolbarVersion=5_5_0_10.xml --a---- 10909 bytes [14:41 03/09/2010] [14:41 03/09/2010] 1B3B574AA349758343D3C80787B9739E
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=he-il&browserType=IE&toolbarVersion=5_5_0_10.xml --a---- 11130 bytes [12:37 22/06/2010] [14:11 03/09/2010] B34F50F4215D0081D05F05D038B18A7D
========== folderfind ==========
Searching for "*Babylon*"
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Babylon d------ [21:16 24/11/2011]
C:\_OTL\MovedFiles\01212012_204204\C_Documents and Settings\All Users\Application Data\Babylon d------ [21:16 24/11/2011]
C:\_OTL\MovedFiles\01212012_204204\C_Documents and Settings\Compaq_Owner\Application Data\Babylon d------ [21:16 24/11/2011]
C:\_OTL\MovedFiles\01212012_204204\C_Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\6pfq08et.default\extensions\[email protected] d------ [01:42 22/01/2012]
Searching for "*Conduit*"
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Conduit d------ [01:38 29/12/2008]
C:\Program Files\Conduit d------ [01:38 29/12/2008]
========== regfind ==========
Searching for "*Babylon*"
No data found.
Searching for "*Conduit*"
No data found.
========== file ==========
C:\WINDOWS\System32\drivers\as6eio.sys - File found and opened.
MD5: 1C5307F88C5752478FAED9A96B91FE89
Created at 17:56 on 02/10/2005
Modified at 05:32 on 09/12/1997
Size: 3616 bytes
Attributes: --a----
No version information available.
-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

Okay, looks like we may have an infection there. We'll remove the remains of conduit and babylon later, can you do the following, just to rule out its there or not, and the folders found were legit or not.

After you've run the AVP scan, using SystemLook, can you run the following code:


```
:dir
c:\windows\IME\CHTIME\Applets /sub
c:\windows\SYSTEM32\IME\PINTLGNT /sub
c:\windows\IME\imjp8_1 /sub
c:\windows\SYSTEM32\IME\CINTLGNT /sub
c:\windows\IME\imkr6_1 /sub
c:\windows\IME\SHARED\res /sub
c:\windows\SYSTEM32\IME\TINTLGNT /sub
c:\windows\IME\IMJP8_1\applets /sub
c:\windows\IME\CHSIME\applets /sub
c:\windows\IME\shared /sub
c:\windows\IME\IMJP8_1\DICTS /sub
:filefind
*kbd101b.dll
*quick.ime
*miniime.tpl
*kbd106.dll
*winime.ime
*CINTLGNT.IME
*phon.ime
*imjp81k.dll
*winar30.ime
*imekr61.ime
*PINTLGNT.IME
*chajei.ime
*uniime.dll
*unicdime.ime
*kbdkor.dll
*kbd103.dll
*dayi.ime
*kbdjpn.dll
*romanime.ime
*kbd101c.dll
*TINTLGNT.IME
*imjp81.ime
:regfind
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\INTERNATIONAL\CPMRU
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\MULTIMEDIA\DRAWDIB
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\INTERNATIONAL\W2KLPK
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\INTERNATIONAL\CPMRU\ENABLE
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\INTERNATIONAL\CPMRU\FACTOR
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\INTERNATIONAL\CPMRU\INITHITS
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\INTERNATIONAL\CPMRU\SIZE
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\MULTIMEDIA\DRAWDIB
```
I'm hoping it will come back clear, but want to be safe than sorry


----------



## Cobster (Oct 15, 2011)

AVP has been running in safe mode for 75 minutes now and it says it needs some 6 more hours to complete,,
is that normal?
Will post log and run system look once it is finished
Thanks again for all your help


----------



## Cobster (Oct 15, 2011)

Hi Eddie
After 7+ hours of scanning here is the KAS file (2 trojans found and deleted):

Status: Deleted (events: 2) 
1/22/2012 7:28:03 PM Deleted Trojan program Trojan.Win32.Agent.qqzy C:\Program Files\AOL\Installers\ASP 2.0\setup.exe High 
1/22/2012 11:02:18 PM Deleted Trojan program Trojan.Win32.Agent.qqzy C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP155\A0010716.exe High

I ran the code you asked me to run on SystemLook and here is what I got:

SystemLook 30.07.11 by jpshortstuff
Log created at 23:24 on 22/01/2012 by Compaq_Owner
Administrator - Elevation successful

========== dir ==========

c:\windows\IME\CHTIME\Applets - Parameters: "/sub"

---Files---
None found.

No folders found.

c:\windows\SYSTEM32\IME\PINTLGNT - Parameters: "/sub"

---Files---
None found.

No folders found.

c:\windows\IME\imjp8_1 - Parameters: "/sub"

---Files---
None found.

c:\windows\IME\imjp8_1\applets d------ [09:59 21/10/2004]

c:\windows\SYSTEM32\IME\CINTLGNT - Parameters: "/sub"

---Files---
None found.

No folders found.

c:\windows\IME\imkr6_1 - Parameters: "/sub"

---Files---
None found.

c:\windows\IME\imkr6_1\applets d------ [09:59 21/10/2004]

c:\windows\IME\imkr6_1\dicts d------ [09:59 21/10/2004]

c:\windows\IME\SHARED\res - Parameters: "/sub"

---Files---
None found.

No folders found.

c:\windows\SYSTEM32\IME\TINTLGNT - Parameters: "/sub"

---Files---
None found.

No folders found.

c:\windows\IME\IMJP8_1\applets - Parameters: "/sub"

---Files---
None found.

No folders found.

c:\windows\IME\CHSIME\applets - Parameters: "/sub"

---Files---
None found.

No folders found.

c:\windows\IME\shared - Parameters: "/sub"

---Files---
None found.

c:\windows\IME\shared\res d------ [09:59 21/10/2004]

c:\windows\IME\IMJP8_1\DICTS - Unable to find folder.

========== filefind ==========

Searching for "*kbd101b.dll"
No files found.

Searching for "*quick.ime"
C:\WINDOWS\ServicePackFiles\i386\lang\quick.ime ------- 77824 bytes [21:36 23/09/2008] [00:11 14/04/2008] FA97615A0C79C51FAD96911D2D946B77

Searching for "*miniime.tpl"
C:\WINDOWS\ServicePackFiles\i386\lang\miniime.tpl ------- 11776 bytes [21:36 23/09/2008] [18:40 13/04/2008] C40CF89D7E855DE1FCDA27DB5F3CE424

Searching for "*kbd106.dll"
C:\WINDOWS\ServicePackFiles\i386\kbd106.dll ------- 6144 bytes [21:36 23/09/2008] [00:09 14/04/2008] C33B3ED4BEF24BAC604FF97FF2D97C49

Searching for "*winime.ime"
C:\WINDOWS\ServicePackFiles\i386\lang\winime.ime ------- 65536 bytes [21:36 23/09/2008] [00:11 14/04/2008] 2CC6DF8577A8648C6C802C067862443E

Searching for "*CINTLGNT.IME"
C:\WINDOWS\ServicePackFiles\i386\lang\cintlgnt.ime ------- 21504 bytes [21:36 23/09/2008] [00:11 14/04/2008] 96DDB1E61337B7BE52F650C9B570FC46

Searching for "*phon.ime"
C:\WINDOWS\ServicePackFiles\i386\lang\phon.ime ------- 79360 bytes [21:36 23/09/2008] [00:11 14/04/2008] BB665DCB93104E4D81678E55A765F4FF

Searching for "*imjp81k.dll"
C:\WINDOWS\ServicePackFiles\i386\lang\imjp81k.dll ------- 811064 bytes [21:36 23/09/2008] [00:09 14/04/2008] 2FA3AA17542825F837E119CC669943BC

Searching for "*winar30.ime"
C:\WINDOWS\ServicePackFiles\i386\lang\winar30.ime ------- 79360 bytes [21:36 23/09/2008] [00:11 14/04/2008] 56948CD822AAD728895A74CC8EC0D735

Searching for "*imekr61.ime"
C:\WINDOWS\ServicePackFiles\i386\lang\imekr61.ime ------- 94720 bytes [21:36 23/09/2008] [00:09 14/04/2008] 0BE4186EF76AED034FE43A0797F963FA

Searching for "*PINTLGNT.IME"
C:\WINDOWS\ServicePackFiles\i386\lang\pintlgnt.ime ------- 482304 bytes [21:36 23/09/2008] [00:11 14/04/2008] 7E0B8C97043388405471FD76E8F189FD

Searching for "*chajei.ime"
C:\WINDOWS\ServicePackFiles\i386\lang\chajei.ime ------- 78336 bytes [21:36 23/09/2008] [00:11 14/04/2008] 0419BC2473FA62BF61F615B4893CA299

Searching for "*uniime.dll"
C:\WINDOWS\ServicePackFiles\i386\lang\uniime.dll ------- 76288 bytes [21:36 23/09/2008] [00:11 14/04/2008] 4B1C1F9A10CE47FEA5407DAC4C1F4EF8

Searching for "*unicdime.ime"
C:\WINDOWS\ServicePackFiles\i386\lang\unicdime.ime ------- 65024 bytes [21:36 23/09/2008] [00:11 14/04/2008] 21EE9664CB49C1C797E751FE13675B10

Searching for "*kbdkor.dll"
No files found.

Searching for "*kbd103.dll"
No files found.

Searching for "*dayi.ime"
C:\WINDOWS\ServicePackFiles\i386\lang\dayi.ime ------- 78848 bytes [21:36 23/09/2008] [00:11 14/04/2008] DC47D5147C07FE214380FC866963C8C0

Searching for "*kbdjpn.dll"
No files found.

Searching for "*romanime.ime"
C:\WINDOWS\ServicePackFiles\i386\lang\romanime.ime ------- 26112 bytes [21:36 23/09/2008] [00:11 14/04/2008] 2F15D7D52D74C84172EC3440BBF543FC

Searching for "*kbd101c.dll"
No files found.

Searching for "*TINTLGNT.IME"
C:\WINDOWS\ServicePackFiles\i386\lang\tintlgnt.ime ------- 571392 bytes [21:36 23/09/2008] [00:11 14/04/2008] ED0ABFC1B16BD862BDA52480C7A88A58

Searching for "*imjp81.ime"
C:\WINDOWS\ServicePackFiles\i386\lang\imjp81.ime ------- 340023 bytes [21:36 23/09/2008] [00:09 14/04/2008] 5510BBA7190C545610597F0A109E0CA0

========== regfind ==========

Searching for "HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\INTERNATIONAL\CPMRU"
No data found.

Searching for "HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\MULTIMEDIA\DRAWDIB"
No data found.

Searching for "HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\INTERNATIONAL\W2KLPK"
No data found.

Searching for "HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\INTERNATIONAL\CPMRU\ENABLE"
No data found.

Searching for "HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\INTERNATIONAL\CPMRU\FACTOR"
No data found.

Searching for "HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\INTERNATIONAL\CPMRU\INITHITS"
No data found.

Searching for "HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\INTERNATIONAL\CPMRU\SIZE"
No data found.

Searching for "HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\MULTIMEDIA\DRAWDIB"
No data found.

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

I think that was one of the longest runs for AVP, but at least it found and removed something 

Okay, looks like the search was nice and clear :up:

Lets remove the leftover folders now:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the quotebox below into it:



> Folder::
> C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Babylon
> C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Conduit
> C:\Program Files\Conduit


Save this as *CFScript.txt*, in the same location as ComboFix.exe










Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

------

After that, can you run the following tools, to see what is eating the memory:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan 









On completion of the scan click save log, save it to your desktop and post in your next reply 









-----

Download the latest version of TDSSKiller from *here* and save it to your Desktop.


Doubleclick on *TDSSKiller.exe* to run the application, then click on *Change parameters*.










Check the boxes beside *Verify Driver Digital Signature and Detect TDLFS* file system, then click OK.










Click the *Start Scan* button.










If a suspicious object is detected, the default action will be *Skip*, click on *Continue*.










If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure *Cure* is selected, then click *Continue* => *Reboot now* to finish the cleaning process.










Note: *If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.*

A report will be created in your root directory, (usually C:\ folder) in the form of *"TDSSKiller.[Version]_[Date]_[Time]_log.txt"*. Please copy and paste its contents on your next reply

===========

eddie


----------



## Cobster (Oct 15, 2011)

Hi Eddi
Thanks again for your help
Here are the 3 required logs:

ComboFix:

ComboFix 12-01-23.02 - Compaq_Owner 01/24/2012 20:51:30.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1246 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Babylon
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Babylon\Setup\bab033.tbinst.dat
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Babylon\Setup\bab091.norecovericon.dat
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Babylon\Setup\Babylon.dat
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Babylon\Setup\HtmlScreens\common.js
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Babylon\Setup\HtmlScreens\eula.html
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page2.css
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page2.html
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page2.js
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page2Lrg.css
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page9.html
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Babylon\Setup\HtmlScreens\pBar.gif
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Babylon\Setup\HtmlScreens\title2.png
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Babylon\Setup\HtmlScreens\toolBar.jpg
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Babylon\Setup\Setup-tbmntr903-9.0.3.19.zpb
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Babylon\Setup\Setup.exe
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Babylon\Setup\SetupStrings.dat
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Babylon\Setup\sqlite3.dll
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Conduit
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\AppNotification.js
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\close.png
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\like.png
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next.png
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next_hover.png
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\powered-by.png
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev.png
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev_hover.png
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\settings.png
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Thumbs.db
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\initialNotification.html
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\main.html
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyle.css
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyleIE9.css
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\sampleNotification.html
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\DialogsAPI.js
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\PIE.htc
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\settings.js
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\version.txt
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks\en.xml
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Conduit\CT1425416\Radio_GAutoUpdaterHelper.exe
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Conduit\CT1425416\Radio_IsraelAutoUpdaterHelper.exe
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=&browserType=IE&toolbarVersion=5_5_0_10.xml
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=he-il&browserType=IE&toolbarVersion=5_5_0_10.xml
c:\program files\Conduit
c:\program files\Conduit\Community Alerts\Alert.dll
c:\program files\Conduit\Community Alerts\Alert0.dll
c:\program files\Conduit\Community Alerts\Alert00.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-12-25 to 2012-01-25 )))))))))))))))))))))))))))))))
.
.
2012-01-24 04:19 . 2012-01-06 01:19 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-24 04:18 . 2012-01-06 01:19 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{97F8EDFB-2B0F-4B53-B55A-23978972B040}\mpengine.dll
2012-01-22 19:15 . 2012-01-22 19:16 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-22 06:54 . 2012-01-17 09:39 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{CA5D449C-CB28-43FE-90B4-BC2E3BCFCE1B}\mpengine.dll
2012-01-21 22:41 . 2012-01-21 22:41 -------- d-----w- C:\_OTL
2012-01-19 03:08 . 2012-01-19 03:08 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2012-01-19 03:07 . 2012-01-19 03:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-19 03:07 . 2012-01-19 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-01-07 14:26 . 2012-01-07 14:26 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-07 14:26 . 2012-01-07 14:26 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-07 14:26 . 2012-01-07 14:26 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-07 14:26 . 2012-01-07 14:26 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-02 14:41 . 2012-01-02 14:41 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\WinZip
2012-01-01 16:44 . 2012-01-04 13:53 -------- d-----w- c:\documents and settings\Compaq_Owner\Calibre Library
2012-01-01 16:44 . 2012-01-02 14:19 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\calibre
2012-01-01 16:44 . 2012-01-01 16:44 -------- d-----w- c:\program files\Calibre2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2004-11-17 16:29 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-11-17 16:29 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-11-17 16:27 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-15 19:29 . 2009-10-02 18:52 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-04 19:20 . 2004-11-17 16:29 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-11-17 16:27 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-11-17 16:27 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-11-17 16:27 385024 ------w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2004-11-17 16:27 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-03 15:28 . 2004-11-17 16:27 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-01 16:07 . 2004-11-17 16:27 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-11-17 16:26 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-09-15 11:26 . 2011-06-19 19:18 895503 ----a-w- c:\program files\free-wrc.exe
2012-01-07 14:26 . 2011-10-01 15:19 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( [email protected]_16.19.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-23 04:12 . 2012-01-23 04:12 16384 c:\windows\Temp\Perflib_Perfdata_204.dat
+ 2011-04-18 18:18 . 2011-04-18 18:18 165648 c:\windows\system32\drivers\MpFilter.sys
+ 2012-01-22 19:15 . 2012-01-22 19:15 785920 c:\windows\Installer\14ce19a.msi
+ 2012-01-22 19:15 . 2012-01-22 19:15 483840 c:\windows\Installer\14ce193.msi
+ 2012-01-22 19:15 . 2012-01-22 19:15 301056 c:\windows\Installer\14ce18d.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-22 6276408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 4616064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-09-30 4603904]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-21 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-21 118784]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-13 98304]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 253952]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-10-23 273528]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"WinPatrol"="c:\program files\WinPatrol\winpatrol.exe" [2011-05-15 325512]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PictureMover.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PictureMover.lnk
backup=c:\windows\pss\PictureMover.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Bloggie Watcher Utility.lnk]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk
backup=c:\windows\pss\Bloggie Watcher Utility.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 03:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2005-03-04 16:01 88209 ----a-w- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2004-07-21 00:22 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2004-07-29 08:34 2551808 ----a-w- c:\windows\ALCWZRD.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
2004-09-08 03:47 57344 ----a-w- c:\windows\ALCXMNTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.4]
2008-10-07 20:25 95744 ----a-w- c:\program files\eFax Messenger 4.4\J2GDllCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2003-02-12 03:02 61440 ----a-w- c:\hp\KBD\kbd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2004-09-30 03:23 921600 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2004-04-15 03:43 233472 ----a-w- c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 13:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-17 12:51 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 15:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ITMRTSVC"=2 (0x2)
"AOL ACS"=2 (0x2)
"AOL TopSpeedMonitor"=3 (0x3)
"WinDefend"=2 (0x2)
"WANMiniportService"=2 (0x2)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"MsMpSvc"=2 (0x2)
"MDM"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"getPlus(R) Helper"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
.
R1 as6eio;as6eio;c:\windows\system32\drivers\As6eio.sys [10/2/2005 12:56 PM 3616]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/9/2011 7:32 PM 136176]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 EraserUtilDrvI9;EraserUtilDrvI9;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/9/2011 7:32 PM 136176]
S3 pc22nd5;Toshiba PCX2200 USB Cable Modem networking driver (NDIS);c:\windows\system32\drivers\pc22nd5.sys [4/16/2005 5:07 PM 17648]
S3 pc22unic;Toshiba PCX2200 USB Cable Modem WDM driver;c:\windows\system32\drivers\pc22unic.sys [4/16/2005 4:38 PM 69744]
S3 PV8630;USB Flatbed Scanner Driver;c:\windows\system32\drivers\A1236.SYS [10/2/2005 2:03 PM 19144]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-10 00:32]
.
2012-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-10 00:32]
.
2012-01-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
2012-01-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-581693593-1015511138-3403617319-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]
.
2012-01-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-581693593-1015511138-3403617319-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.haaretz.co.il/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = <local>
Trusted Zone: mta.ac.il\mtamail
TCP: DhcpNameServer = 192.168.0.1
DPF: {83EF1847-D835-490B-8D9D-90B2987D66E8} - hxxp://pictures.aolcdn.com/ap/Resources/1.0.2.19.b//cab/YgpUploader.9.3.2.3.cab
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\6pfq08et.default\
FF - prefs.js: browser.startup.homepage - www.globes.co.il
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-24 20:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(552)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2012-01-24 21:00:39
ComboFix-quarantined-files.txt 2012-01-25 02:00
ComboFix2.txt 2012-01-22 16:22
.
Pre-Run: 93,161,799,680 bytes free
Post-Run: 93,134,114,816 bytes free
.
- - End Of File - - CF9B15B85B7C103C7E31871744EE8F8B

AswMBR:

aswMBR version 0.9.9.1509 Copyright(c) 2011 AVAST Software
Run date: 2012-01-24 22:13:14
-----------------------------
22:13:14.729 OS Version: Windows 5.1.2600 Service Pack 3
22:13:14.729 Number of processors: 1 586 0xC00
22:13:14.729 ComputerName: DESKTOP1 UserName: 
22:13:15.588 Initialize success
22:13:58.854 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
22:13:58.854 Disk 0 Vendor: Maxtor_6Y160M0 YAR511W0 Size: 152627MB BusType: 3
22:13:58.869 Disk 0 MBR read successfully
22:13:58.869 Disk 0 MBR scan
22:13:58.869 Disk 0 unknown MBR code
22:13:58.869 Disk 0 Partition 1 00 0B FAT32 RECOVERY 6961 MB offset 63
22:13:58.885 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 145655 MB offset 14258160
22:13:58.885 Disk 0 scanning sectors +312560640
22:13:58.948 Disk 0 scanning C:\WINDOWS\system32\drivers
22:14:04.698 Service scanning
22:14:06.166 Modules scanning
22:14:18.573 Disk 0 trace - called modules:
22:14:18.588 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
22:14:18.588 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b637ab8]
22:14:18.588 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000005e[0x8b68cf18]
22:14:18.588 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8b640940]
22:14:18.588 Scan finished successfully
22:16:15.838 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Compaq_Owner\Desktop\MBR.dat"
22:16:15.854 The log file has been saved successfully to "C:\Documents and Settings\Compaq_Owner\Desktop\aswMBR.txt"

TDSSKiller:

22:16:51.0588 3480 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
22:16:51.0807 3480 ============================================================
22:16:51.0807 3480 Current date / time: 2012/01/24 22:16:51.0807
22:16:51.0807 3480 SystemInfo:
22:16:51.0807 3480 
22:16:51.0807 3480 OS Version: 5.1.2600 ServicePack: 3.0
22:16:51.0807 3480 Product type: Workstation
22:16:51.0807 3480 ComputerName: DESKTOP1
22:16:51.0807 3480 UserName: Compaq_Owner
22:16:51.0807 3480 Windows directory: C:\WINDOWS
22:16:51.0807 3480 System windows directory: C:\WINDOWS
22:16:51.0807 3480 Processor architecture: Intel x86
22:16:51.0807 3480 Number of processors: 1
22:16:51.0807 3480 Page size: 0x1000
22:16:51.0807 3480 Boot type: Normal boot
22:16:51.0807 3480 ============================================================
22:16:53.0744 3480 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
22:16:53.0854 3480 Initialize success
22:17:27.0807 1776 ============================================================
22:17:27.0807 1776 Scan started
22:17:27.0807 1776 Mode: Manual; SigCheck; TDLFS; 
22:17:27.0807 1776 ============================================================
22:17:28.0604 1776 Abiosdsk - ok
22:17:28.0635 1776 abp480n5 - ok
22:17:28.0698 1776 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:17:28.0916 1776 ACPI - ok
22:17:28.0979 1776 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:17:29.0119 1776 ACPIEC - ok
22:17:29.0151 1776 adpu160m - ok
22:17:29.0229 1776 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:17:29.0385 1776 aec - ok
22:17:29.0448 1776 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:17:29.0494 1776 AFD - ok
22:17:29.0588 1776 AgereSoftModem (029e01cb2938bec5af31bf47b6af0159) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
22:17:29.0666 1776 AgereSoftModem - ok
22:17:29.0713 1776 Aha154x - ok
22:17:29.0776 1776 aic78u2 - ok
22:17:29.0838 1776 aic78xx - ok
22:17:29.0979 1776 ALCXWDM (781c5ec517c53f5214b61253b20c13c4) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
22:17:30.0119 1776 ALCXWDM - ok
22:17:30.0166 1776 AliIde - ok
22:17:30.0229 1776 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
22:17:30.0385 1776 AmdK7 - ok
22:17:30.0448 1776 AmdK8 (e6a2299284013ec4de3419481a62069f) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
22:17:30.0494 1776 AmdK8 - ok
22:17:30.0526 1776 amsint - ok
22:17:30.0588 1776 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:17:30.0760 1776 Arp1394 - ok
22:17:30.0823 1776 as6eio (1c5307f88c5752478faed9a96b91fe89) C:\WINDOWS\System32\drivers\as6eio.sys
22:17:30.0823 1776 as6eio ( UnsignedFile.Multi.Generic ) - warning
22:17:30.0823 1776 as6eio - detected UnsignedFile.Multi.Generic (1)
22:17:30.0854 1776 asc - ok
22:17:30.0901 1776 asc3350p - ok
22:17:30.0932 1776 asc3550 - ok
22:17:30.0979 1776 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:17:31.0135 1776 AsyncMac - ok
22:17:31.0182 1776 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:17:31.0323 1776 atapi - ok
22:17:31.0354 1776 Atdisk - ok
22:17:31.0401 1776 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:17:31.0557 1776 Atmarpc - ok
22:17:31.0604 1776 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:17:31.0729 1776 audstub - ok
22:17:31.0791 1776 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:17:31.0932 1776 Beep - ok
22:17:32.0057 1776 catchme - ok
22:17:32.0119 1776 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:17:32.0276 1776 cbidf2k - ok
22:17:32.0338 1776 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:17:32.0479 1776 CCDECODE - ok
22:17:32.0510 1776 cd20xrnt - ok
22:17:32.0573 1776 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:17:32.0713 1776 Cdaudio - ok
22:17:32.0776 1776 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:17:32.0979 1776 Cdfs - ok
22:17:33.0026 1776 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:17:33.0151 1776 Cdrom - ok
22:17:33.0182 1776 Changer - ok
22:17:33.0229 1776 CmdIde - ok
22:17:33.0276 1776 Cpqarray - ok
22:17:33.0307 1776 dac2w2k - ok
22:17:33.0338 1776 dac960nt - ok
22:17:33.0385 1776 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:17:33.0541 1776 Disk - ok
22:17:33.0619 1776 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:17:33.0791 1776 dmboot - ok
22:17:33.0838 1776 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:17:34.0010 1776 dmio - ok
22:17:34.0057 1776 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:17:34.0198 1776 dmload - ok
22:17:34.0260 1776 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:17:34.0401 1776 DMusic - ok
22:17:34.0448 1776 dpti2o - ok
22:17:34.0494 1776 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:17:34.0619 1776 drmkaud - ok
22:17:34.0713 1776 EraserUtilDrvI9 - ok
22:17:34.0791 1776 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:17:34.0932 1776 Fastfat - ok
22:17:34.0994 1776 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
22:17:35.0026 1776 fasttx2k - ok
22:17:35.0088 1776 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:17:35.0244 1776 Fdc - ok
22:17:35.0276 1776 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:17:35.0432 1776 Fips - ok
22:17:35.0479 1776 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:17:35.0635 1776 Flpydisk - ok
22:17:35.0666 1776 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:17:35.0823 1776 FltMgr - ok
22:17:35.0869 1776 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:17:36.0010 1776 Fs_Rec - ok
22:17:36.0057 1776 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:17:36.0198 1776 Ftdisk - ok
22:17:36.0244 1776 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:17:36.0385 1776 Gpc - ok
22:17:36.0448 1776 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
22:17:36.0479 1776 grmnusb - ok
22:17:36.0557 1776 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:17:36.0713 1776 HDAudBus - ok
22:17:36.0807 1776 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:17:36.0932 1776 HidUsb - ok
22:17:36.0979 1776 hpn - ok
22:17:37.0041 1776 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:17:37.0088 1776 HTTP - ok
22:17:37.0135 1776 i2omgmt - ok
22:17:37.0166 1776 i2omp - ok
22:17:37.0229 1776 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:17:37.0401 1776 i8042prt - ok
22:17:37.0479 1776 ialm (0acebb31989cbf9a5663fe4a33d28d21) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
22:17:37.0526 1776 ialm - ok
22:17:37.0573 1776 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:17:37.0713 1776 Imapi - ok
22:17:37.0776 1776 ini910u - ok
22:17:37.0948 1776 IntcAzAudAddService (eafd29c7918325b45e0dabafd82ef75f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:17:38.0041 1776 IntcAzAudAddService - ok
22:17:38.0088 1776 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:17:38.0229 1776 IntelIde - ok
22:17:38.0260 1776 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:17:38.0385 1776 intelppm - ok
22:17:38.0416 1776 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:17:38.0573 1776 Ip6Fw - ok
22:17:38.0635 1776 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:17:38.0776 1776 IpFilterDriver - ok
22:17:38.0807 1776 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:17:38.0948 1776 IpInIp - ok
22:17:38.0994 1776 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:17:39.0151 1776 IpNat - ok
22:17:39.0198 1776 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:17:39.0338 1776 IPSec - ok
22:17:39.0354 1776 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:17:39.0432 1776 IRENUM - ok
22:17:39.0479 1776 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:17:39.0619 1776 isapnp - ok
22:17:39.0698 1776 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
22:17:39.0713 1776 Iviaspi ( UnsignedFile.Multi.Generic ) - warning
22:17:39.0713 1776 Iviaspi - detected UnsignedFile.Multi.Generic (1)
22:17:39.0776 1776 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:17:39.0948 1776 Kbdclass - ok
22:17:39.0994 1776 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:17:40.0151 1776 kmixer - ok
22:17:40.0213 1776 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:17:40.0244 1776 KSecDD - ok
22:17:40.0291 1776 lbrtfdc - ok
22:17:40.0385 1776 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:17:40.0494 1776 mnmdd - ok
22:17:40.0541 1776 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:17:40.0682 1776 Modem - ok
22:17:40.0729 1776 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:17:40.0916 1776 Mouclass - ok
22:17:40.0979 1776 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:17:41.0135 1776 mouhid - ok
22:17:41.0182 1776 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:17:41.0307 1776 MountMgr - ok
22:17:41.0354 1776 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
22:17:41.0385 1776 MpFilter - ok
22:17:41.0416 1776 mraid35x - ok
22:17:41.0463 1776 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:17:41.0588 1776 MRxDAV - ok
22:17:41.0651 1776 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:17:41.0713 1776 MRxSmb - ok
22:17:41.0838 1776 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:17:41.0963 1776 Msfs - ok
22:17:42.0026 1776 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:17:42.0182 1776 MSKSSRV - ok
22:17:42.0229 1776 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:17:42.0354 1776 MSPCLOCK - ok
22:17:42.0401 1776 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:17:42.0526 1776 MSPQM - ok
22:17:42.0557 1776 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:17:42.0666 1776 mssmbios - ok
22:17:42.0698 1776 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:17:42.0823 1776 MSTEE - ok
22:17:42.0885 1776 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:17:42.0916 1776 Mup - ok
22:17:42.0963 1776 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:17:43.0135 1776 NABTSFEC - ok
22:17:43.0182 1776 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:17:43.0323 1776 NDIS - ok
22:17:43.0369 1776 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:17:43.0526 1776 NdisIP - ok
22:17:43.0573 1776 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:17:43.0619 1776 NdisTapi - ok
22:17:43.0651 1776 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:17:43.0807 1776 Ndisuio - ok
22:17:43.0854 1776 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:17:43.0994 1776 NdisWan - ok
22:17:44.0057 1776 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:17:44.0073 1776 NDProxy - ok
22:17:44.0119 1776 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:17:44.0244 1776 NetBIOS - ok
22:17:44.0291 1776 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:17:44.0448 1776 NetBT - ok
22:17:44.0494 1776 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:17:44.0651 1776 NIC1394 - ok
22:17:44.0682 1776 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:17:44.0807 1776 Npfs - ok
22:17:44.0869 1776 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:17:45.0041 1776 Ntfs - ok
22:17:45.0119 1776 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:17:45.0244 1776 Null - ok
22:17:45.0401 1776 nv (22660b2ea8a89d3ec72b9691535dff44) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:17:45.0526 1776 nv - ok
22:17:45.0573 1776 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:17:45.0744 1776 NwlnkFlt - ok
22:17:45.0791 1776 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:17:45.0948 1776 NwlnkFwd - ok
22:17:46.0010 1776 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:17:46.0151 1776 ohci1394 - ok
22:17:46.0229 1776 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:17:46.0338 1776 Parport - ok
22:17:46.0369 1776 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:17:46.0526 1776 PartMgr - ok
22:17:46.0573 1776 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:17:46.0713 1776 ParVdm - ok
22:17:46.0791 1776 pc22nd5 (d784d960ef53b5bd63855fabb10f8911) C:\WINDOWS\system32\DRIVERS\pc22nd5.sys
22:17:47.0401 1776 pc22nd5 - ok
22:17:47.0448 1776 pc22unic (71485136f32d5f9d3f533a15878225dd) C:\WINDOWS\system32\DRIVERS\pc22unic.sys
22:17:47.0479 1776 pc22unic - ok
22:17:47.0510 1776 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:17:47.0651 1776 PCI - ok
22:17:47.0682 1776 PCIDump - ok
22:17:47.0729 1776 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:17:47.0854 1776 PCIIde - ok
22:17:47.0901 1776 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:17:48.0057 1776 Pcmcia - ok
22:17:48.0088 1776 PDCOMP - ok
22:17:48.0104 1776 PDFRAME - ok
22:17:48.0135 1776 PDRELI - ok
22:17:48.0166 1776 PDRFRAME - ok
22:17:48.0182 1776 perc2 - ok
22:17:48.0213 1776 perc2hib - ok
22:17:48.0307 1776 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
22:17:48.0323 1776 Pfc ( UnsignedFile.Multi.Generic ) - warning
22:17:48.0323 1776 Pfc - detected UnsignedFile.Multi.Generic (1)
22:17:48.0385 1776 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:17:48.0541 1776 PptpMiniport - ok
22:17:48.0573 1776 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
22:17:48.0744 1776 Processor - ok
22:17:48.0823 1776 Ps2 (9b793a1ffd480155fe9ee5261153f21b) C:\WINDOWS\system32\DRIVERS\PS2.sys
22:17:48.0869 1776 Ps2 - ok
22:17:48.0916 1776 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:17:49.0041 1776 PSched - ok
22:17:49.0104 1776 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:17:49.0229 1776 Ptilink - ok
22:17:49.0291 1776 PV8630 (1f58f0faa7d56c888ec8c45b843b67df) C:\WINDOWS\system32\DRIVERS\A1236.sys
22:17:49.0291 1776 PV8630 ( UnsignedFile.Multi.Generic ) - warning
22:17:49.0291 1776 PV8630 - detected UnsignedFile.Multi.Generic (1)
22:17:49.0369 1776 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:17:49.0369 1776 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
22:17:49.0369 1776 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
22:17:49.0463 1776 QCDonner (b1ad87b4c97b6b59fcd075001e76865f) C:\WINDOWS\system32\DRIVERS\LVCD.sys
22:17:49.0510 1776 QCDonner - ok
22:17:49.0557 1776 ql1080 - ok
22:17:49.0588 1776 Ql10wnt - ok
22:17:49.0604 1776 ql12160 - ok
22:17:49.0651 1776 ql1240 - ok
22:17:49.0682 1776 ql1280 - ok
22:17:49.0744 1776 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:17:49.0885 1776 RasAcd - ok
22:17:49.0948 1776 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:17:50.0104 1776 Rasl2tp - ok
22:17:50.0151 1776 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:17:50.0291 1776 RasPppoe - ok
22:17:50.0494 1776 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:17:50.0682 1776 Raspti - ok
22:17:50.0760 1776 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:17:50.0916 1776 Rdbss - ok
22:17:50.0963 1776 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:17:51.0104 1776 RDPCDD - ok
22:17:51.0182 1776 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:17:51.0198 1776 RDPWD - ok
22:17:51.0244 1776 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:17:51.0369 1776 redbook - ok
22:17:51.0432 1776 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
22:17:51.0463 1776 rtl8139 - ok
22:17:51.0573 1776 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:17:56.0323 1776 SASDIFSV - ok
22:17:56.0354 1776 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:17:56.0354 1776 SASKUTIL - ok
22:17:56.0416 1776 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:17:56.0479 1776 Secdrv - ok
22:17:56.0541 1776 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:17:56.0698 1776 serenum - ok
22:17:56.0760 1776 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:17:56.0901 1776 Serial - ok
22:17:56.0948 1776 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:17:57.0073 1776 Sfloppy - ok
22:17:57.0104 1776 Simbad - ok
22:17:57.0166 1776 SiS315 (020467b4ee7f73c304943bf0e3e4d526) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
22:17:57.0182 1776 SiS315 - ok
22:17:57.0229 1776 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
22:17:57.0276 1776 SISAGP - ok
22:17:57.0307 1776 SiSkp (02960a9c3f4e5178edbd9c0d2d995b3b) C:\WINDOWS\system32\DRIVERS\srvkp.sys
22:17:57.0338 1776 SiSkp - ok
22:17:57.0416 1776 SISNIC (5529b51aacff16fbdde4b34ff0af2b76) C:\WINDOWS\system32\DRIVERS\sisnic.sys
22:17:57.0432 1776 SISNIC - ok
22:17:57.0494 1776 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:17:57.0635 1776 SLIP - ok
22:17:57.0713 1776 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
22:17:57.0838 1776 SONYPVU1 - ok
22:17:57.0869 1776 Sparrow - ok
22:17:57.0932 1776 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:17:58.0073 1776 splitter - ok
22:17:58.0135 1776 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:17:58.0198 1776 sr - ok
22:17:58.0276 1776 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:17:58.0354 1776 Srv - ok
22:17:58.0401 1776 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:17:58.0557 1776 streamip - ok
22:17:58.0604 1776 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:17:58.0729 1776 swenum - ok
22:17:58.0854 1776 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:17:58.0963 1776 swmidi - ok
22:17:59.0448 1776 symc810 - ok
22:17:59.0479 1776 symc8xx - ok
22:17:59.0510 1776 sym_hi - ok
22:17:59.0541 1776 sym_u3 - ok
22:17:59.0573 1776 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:17:59.0713 1776 sysaudio - ok
22:17:59.0838 1776 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:17:59.0901 1776 Tcpip - ok
22:17:59.0979 1776 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:18:00.0119 1776 TDPIPE - ok
22:18:00.0166 1776 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:18:00.0291 1776 TDTCP - ok
22:18:00.0338 1776 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:18:00.0448 1776 TermDD - ok
22:18:00.0479 1776 TosIde - ok
22:18:00.0541 1776 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:18:00.0666 1776 Udfs - ok
22:18:00.0698 1776 ultra - ok
22:18:00.0791 1776 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:18:00.0932 1776 Update - ok
22:18:00.0994 1776 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:18:01.0135 1776 usbehci - ok
22:18:01.0166 1776 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:18:01.0307 1776 usbhub - ok
22:18:01.0354 1776 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:18:01.0494 1776 usbohci - ok
22:18:01.0557 1776 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:18:01.0682 1776 usbscan - ok
22:18:01.0760 1776 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
22:18:01.0869 1776 usbser - ok
22:18:01.0932 1776 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
22:18:01.0948 1776 usbsermpt ( UnsignedFile.Multi.Generic ) - warning
22:18:01.0948 1776 usbsermpt - detected UnsignedFile.Multi.Generic (1)
22:18:01.0994 1776 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:18:02.0135 1776 USBSTOR - ok
22:18:02.0182 1776 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:18:02.0323 1776 usbuhci - ok
22:18:02.0354 1776 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:18:02.0510 1776 VgaSave - ok
22:18:02.0541 1776 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
22:18:02.0557 1776 viaagp1 - ok
22:18:02.0619 1776 viagfx (220d565a3afdea901dabc67a5c81a121) C:\WINDOWS\system32\DRIVERS\vtmini.sys
22:18:02.0666 1776 viagfx - ok
22:18:02.0713 1776 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:18:02.0838 1776 ViaIde - ok
22:18:02.0869 1776 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:18:02.0994 1776 VolSnap - ok
22:18:03.0073 1776 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:18:03.0229 1776 Wanarp - ok
22:18:03.0276 1776 WDICA - ok
22:18:03.0307 1776 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:18:03.0448 1776 wdmaud - ok
22:18:03.0541 1776 WpdUsb (c1b3d9d75c3fb735f5fa3a5806aded57) C:\WINDOWS\system32\Drivers\wpdusb.sys
22:18:03.0573 1776 WpdUsb - ok
22:18:03.0651 1776 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:18:03.0776 1776 WS2IFSL - ok
22:18:03.0838 1776 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:18:03.0979 1776 WSTCODEC - ok
22:18:04.0026 1776 MBR (0x1B8) (bad0263fbe81b49f5f07b32dc9d198b3) \Device\Harddisk0\DR0
22:18:04.0104 1776 \Device\Harddisk0\DR0 - ok
22:18:04.0119 1776 Boot (0x1200) (984cd98a599fd0335ede41e28eedb431) \Device\Harddisk0\DR0\Partition0
22:18:04.0119 1776 \Device\Harddisk0\DR0\Partition0 - ok
22:18:04.0135 1776 Boot (0x1200) (91e165f3a6ec247a950150bdb29873c1) \Device\Harddisk0\DR0\Partition1
22:18:04.0135 1776 \Device\Harddisk0\DR0\Partition1 - ok
22:18:04.0151 1776 ============================================================
22:18:04.0151 1776 Scan finished
22:18:04.0151 1776 ============================================================
22:18:04.0260 1216 Detected object count: 6
22:18:04.0260 1216 Actual detected object count: 6
22:19:48.0166 1216 as6eio ( UnsignedFile.Multi.Generic ) - skipped by user
22:19:48.0166 1216 as6eio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:19:48.0166 1216 Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user
22:19:48.0166 1216 Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:19:48.0166 1216 Pfc ( UnsignedFile.Multi.Generic ) - skipped by user
22:19:48.0166 1216 Pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:19:48.0166 1216 PV8630 ( UnsignedFile.Multi.Generic ) - skipped by user
22:19:48.0166 1216 PV8630 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:19:48.0166 1216 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
22:19:48.0166 1216 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:19:48.0166 1216 usbsermpt ( UnsignedFile.Multi.Generic ) - skipped by user
22:19:48.0166 1216 usbsermpt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:20:02.0651 5064 ============================================================
22:20:02.0651 5064 Scan started
22:20:02.0651 5064 Mode: Manual; SigCheck; TDLFS; 
22:20:02.0651 5064 ============================================================
22:20:03.0010 5064 Abiosdsk - ok
22:20:03.0041 5064 abp480n5 - ok
22:20:03.0119 5064 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:20:03.0276 5064 ACPI - ok
22:20:03.0338 5064 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:20:03.0479 5064 ACPIEC - ok
22:20:03.0510 5064 adpu160m - ok
22:20:03.0557 5064 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:20:03.0698 5064 aec - ok
22:20:03.0791 5064 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:20:03.0807 5064 AFD - ok
22:20:03.0948 5064 AgereSoftModem (029e01cb2938bec5af31bf47b6af0159) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
22:20:03.0979 5064 AgereSoftModem - ok
22:20:04.0026 5064 Aha154x - ok
22:20:04.0057 5064 aic78u2 - ok
22:20:04.0104 5064 aic78xx - ok
22:20:04.0229 5064 ALCXWDM (781c5ec517c53f5214b61253b20c13c4) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
22:20:04.0338 5064 ALCXWDM - ok
22:20:04.0385 5064 AliIde - ok
22:20:04.0479 5064 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
22:20:04.0604 5064 AmdK7 - ok
22:20:04.0682 5064 AmdK8 (e6a2299284013ec4de3419481a62069f) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
22:20:04.0713 5064 AmdK8 - ok
22:20:04.0760 5064 amsint - ok
22:20:04.0854 5064 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:20:05.0010 5064 Arp1394 - ok
22:20:05.0057 5064 as6eio (1c5307f88c5752478faed9a96b91fe89) C:\WINDOWS\System32\drivers\as6eio.sys
22:20:05.0057 5064 as6eio ( UnsignedFile.Multi.Generic ) - warning
22:20:05.0057 5064 as6eio - detected UnsignedFile.Multi.Generic (1)
22:20:05.0104 5064 asc - ok
22:20:05.0135 5064 asc3350p - ok
22:20:05.0166 5064 asc3550 - ok
22:20:05.0244 5064 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:20:05.0385 5064 AsyncMac - ok
22:20:05.0432 5064 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:20:05.0604 5064 atapi - ok
22:20:05.0651 5064 Atdisk - ok
22:20:05.0698 5064 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:20:05.0807 5064 Atmarpc - ok
22:20:05.0854 5064 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:20:05.0979 5064 audstub - ok
22:20:06.0041 5064 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:20:06.0182 5064 Beep - ok
22:20:06.0323 5064 catchme - ok
22:20:06.0369 5064 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:20:06.0510 5064 cbidf2k - ok
22:20:06.0573 5064 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:20:06.0698 5064 CCDECODE - ok
22:20:06.0729 5064 cd20xrnt - ok
22:20:06.0807 5064 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:20:06.0963 5064 Cdaudio - ok
22:20:06.0994 5064 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:20:07.0135 5064 Cdfs - ok
22:20:07.0182 5064 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:20:07.0307 5064 Cdrom - ok
22:20:07.0323 5064 Changer - ok
22:20:07.0369 5064 CmdIde - ok
22:20:07.0416 5064 Cpqarray - ok
22:20:07.0463 5064 dac2w2k - ok
22:20:07.0494 5064 dac960nt - ok
22:20:07.0541 5064 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:20:07.0666 5064 Disk - ok
22:20:07.0744 5064 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:20:07.0916 5064 dmboot - ok
22:20:07.0963 5064 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:20:08.0104 5064 dmio - ok
22:20:08.0151 5064 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:20:08.0291 5064 dmload - ok
22:20:08.0338 5064 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:20:08.0479 5064 DMusic - ok
22:20:08.0526 5064 dpti2o - ok
22:20:08.0573 5064 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:20:08.0666 5064 drmkaud - ok
22:20:08.0776 5064 EraserUtilDrvI9 - ok
22:20:08.0869 5064 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:20:08.0994 5064 Fastfat - ok
22:20:09.0026 5064 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
22:20:09.0057 5064 fasttx2k - ok
22:20:09.0119 5064 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:20:09.0260 5064 Fdc - ok
22:20:09.0307 5064 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:20:09.0448 5064 Fips - ok
22:20:09.0510 5064 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:20:09.0744 5064 Flpydisk - ok
22:20:09.0807 5064 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:20:09.0916 5064 FltMgr - ok
22:20:09.0963 5064 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:20:10.0073 5064 Fs_Rec - ok
22:20:10.0119 5064 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:20:10.0244 5064 Ftdisk - ok
22:20:10.0291 5064 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:20:10.0432 5064 Gpc - ok
22:20:10.0510 5064 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
22:20:10.0526 5064 grmnusb - ok
22:20:10.0604 5064 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:20:10.0729 5064 HDAudBus - ok
22:20:10.0823 5064 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:20:10.0963 5064 HidUsb - ok
22:20:11.0010 5064 hpn - ok
22:20:11.0073 5064 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:20:11.0104 5064 HTTP - ok
22:20:11.0151 5064 i2omgmt - ok
22:20:11.0182 5064 i2omp - ok
22:20:11.0229 5064 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:20:11.0385 5064 i8042prt - ok
22:20:11.0463 5064 ialm (0acebb31989cbf9a5663fe4a33d28d21) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
22:20:11.0479 5064 ialm - ok
22:20:11.0541 5064 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:20:11.0666 5064 Imapi - ok
22:20:11.0729 5064 ini910u - ok
22:20:11.0869 5064 IntcAzAudAddService (eafd29c7918325b45e0dabafd82ef75f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:20:12.0010 5064 IntcAzAudAddService - ok
22:20:12.0041 5064 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:20:12.0182 5064 IntelIde - ok
22:20:12.0244 5064 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:20:12.0354 5064 intelppm - ok
22:20:12.0385 5064 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:20:12.0526 5064 Ip6Fw - ok
22:20:12.0588 5064 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:20:12.0729 5064 IpFilterDriver - ok
22:20:12.0776 5064 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:20:12.0948 5064 IpInIp - ok
22:20:12.0994 5064 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:20:13.0119 5064 IpNat - ok
22:20:13.0166 5064 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:20:13.0291 5064 IPSec - ok
22:20:13.0338 5064 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:20:13.0385 5064 IRENUM - ok
22:20:13.0448 5064 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:20:13.0573 5064 isapnp - ok
22:20:13.0635 5064 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
22:20:13.0651 5064 Iviaspi ( UnsignedFile.Multi.Generic ) - warning
22:20:13.0651 5064 Iviaspi - detected UnsignedFile.Multi.Generic (1)
22:20:13.0713 5064 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:20:13.0854 5064 Kbdclass - ok
22:20:13.0901 5064 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:20:14.0073 5064 kmixer - ok
22:20:14.0135 5064 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:20:14.0151 5064 KSecDD - ok
22:20:14.0182 5064 lbrtfdc - ok
22:20:14.0276 5064 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:20:14.0385 5064 mnmdd - ok
22:20:14.0448 5064 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:20:14.0573 5064 Modem - ok
22:20:14.0619 5064 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:20:14.0776 5064 Mouclass - ok
22:20:14.0838 5064 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:20:14.0963 5064 mouhid - ok
22:20:15.0010 5064 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:20:15.0119 5064 MountMgr - ok
22:20:15.0182 5064 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
22:20:15.0198 5064 MpFilter - ok
22:20:15.0229 5064 mraid35x - ok
22:20:15.0260 5064 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:20:15.0369 5064 MRxDAV - ok
22:20:15.0432 5064 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:20:15.0479 5064 MRxSmb - ok
22:20:15.0541 5064 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:20:15.0682 5064 Msfs - ok
22:20:15.0729 5064 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:20:15.0838 5064 MSKSSRV - ok
22:20:15.0885 5064 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:20:16.0026 5064 MSPCLOCK - ok
22:20:16.0057 5064 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:20:16.0182 5064 MSPQM - ok
22:20:16.0244 5064 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:20:16.0385 5064 mssmbios - ok
22:20:16.0416 5064 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:20:16.0541 5064 MSTEE - ok
22:20:16.0619 5064 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:20:16.0635 5064 Mup - ok
22:20:16.0698 5064 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:20:16.0854 5064 NABTSFEC - ok
22:20:16.0901 5064 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:20:17.0041 5064 NDIS - ok
22:20:17.0073 5064 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:20:17.0213 5064 NdisIP - ok
22:20:17.0260 5064 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:20:17.0276 5064 NdisTapi - ok
22:20:17.0323 5064 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:20:17.0432 5064 Ndisuio - ok
22:20:17.0479 5064 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:20:17.0619 5064 NdisWan - ok
22:20:17.0666 5064 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:20:17.0682 5064 NDProxy - ok
22:20:17.0744 5064 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:20:17.0869 5064 NetBIOS - ok
22:20:17.0916 5064 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:20:18.0026 5064 NetBT - ok
22:20:18.0073 5064 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:20:18.0213 5064 NIC1394 - ok
22:20:18.0260 5064 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:20:18.0385 5064 Npfs - ok
22:20:18.0448 5064 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:20:18.0573 5064 Ntfs - ok
22:20:18.0651 5064 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:20:18.0776 5064 Null - ok
22:20:18.0948 5064 nv (22660b2ea8a89d3ec72b9691535dff44) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:20:19.0057 5064 nv - ok
22:20:19.0119 5064 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:20:19.0260 5064 NwlnkFlt - ok
22:20:19.0416 5064 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:20:19.0588 5064 NwlnkFwd - ok
22:20:19.0651 5064 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:20:19.0760 5064 ohci1394 - ok
22:20:19.0838 5064 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:20:19.0963 5064 Parport - ok
22:20:20.0010 5064 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:20:20.0151 5064 PartMgr - ok
22:20:20.0198 5064 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:20:20.0354 5064 ParVdm - ok
22:20:20.0432 5064 pc22nd5 (d784d960ef53b5bd63855fabb10f8911) C:\WINDOWS\system32\DRIVERS\pc22nd5.sys
22:20:20.0448 5064 pc22nd5 - ok
22:20:20.0479 5064 pc22unic (71485136f32d5f9d3f533a15878225dd) C:\WINDOWS\system32\DRIVERS\pc22unic.sys
22:20:20.0510 5064 pc22unic - ok
22:20:20.0557 5064 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:20:20.0666 5064 PCI - ok
22:20:20.0698 5064 PCIDump - ok
22:20:20.0744 5064 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:20:20.0869 5064 PCIIde - ok
22:20:20.0932 5064 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:20:21.0088 5064 Pcmcia - ok
22:20:21.0119 5064 PDCOMP - ok
22:20:21.0151 5064 PDFRAME - ok
22:20:21.0182 5064 PDRELI - ok
22:20:21.0229 5064 PDRFRAME - ok
22:20:21.0260 5064 perc2 - ok
22:20:21.0291 5064 perc2hib - ok
22:20:21.0369 5064 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
22:20:21.0385 5064 Pfc ( UnsignedFile.Multi.Generic ) - warning
22:20:21.0385 5064 Pfc - detected UnsignedFile.Multi.Generic (1)
22:20:21.0448 5064 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:20:21.0573 5064 PptpMiniport - ok
22:20:21.0619 5064 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
22:20:21.0760 5064 Processor - ok
22:20:21.0838 5064 Ps2 (9b793a1ffd480155fe9ee5261153f21b) C:\WINDOWS\system32\DRIVERS\PS2.sys
22:20:21.0854 5064 Ps2 - ok
22:20:21.0901 5064 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:20:22.0041 5064 PSched - ok
22:20:22.0088 5064 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:20:22.0229 5064 Ptilink - ok
22:20:22.0291 5064 PV8630 (1f58f0faa7d56c888ec8c45b843b67df) C:\WINDOWS\system32\DRIVERS\A1236.sys
22:20:22.0307 5064 PV8630 ( UnsignedFile.Multi.Generic ) - warning
22:20:22.0307 5064 PV8630 - detected UnsignedFile.Multi.Generic (1)
22:20:22.0369 5064 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:20:22.0385 5064 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
22:20:22.0385 5064 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
22:20:22.0463 5064 QCDonner (b1ad87b4c97b6b59fcd075001e76865f) C:\WINDOWS\system32\DRIVERS\LVCD.sys
22:20:22.0494 5064 QCDonner - ok
22:20:22.0526 5064 ql1080 - ok
22:20:22.0557 5064 Ql10wnt - ok
22:20:22.0604 5064 ql12160 - ok
22:20:22.0635 5064 ql1240 - ok
22:20:22.0666 5064 ql1280 - ok
22:20:22.0729 5064 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:20:22.0885 5064 RasAcd - ok
22:20:22.0948 5064 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:20:23.0073 5064 Rasl2tp - ok
22:20:23.0119 5064 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:20:23.0244 5064 RasPppoe - ok
22:20:23.0276 5064 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:20:23.0385 5064 Raspti - ok
22:20:23.0432 5064 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:20:23.0573 5064 Rdbss - ok
22:20:23.0619 5064 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:20:23.0760 5064 RDPCDD - ok
22:20:23.0838 5064 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:20:23.0838 5064 RDPWD - ok
22:20:23.0901 5064 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:20:24.0026 5064 redbook - ok
22:20:24.0104 5064 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
22:20:24.0119 5064 rtl8139 - ok
22:20:24.0229 5064 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:20:24.0229 5064 SASDIFSV - ok
22:20:24.0244 5064 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:20:24.0260 5064 SASKUTIL - ok
22:20:24.0323 5064 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:20:24.0369 5064 Secdrv - ok
22:20:24.0479 5064 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:20:24.0604 5064 serenum - ok
22:20:24.0635 5064 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:20:24.0776 5064 Serial - ok
22:20:24.0823 5064 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:20:24.0948 5064 Sfloppy - ok
22:20:24.0994 5064 Simbad - ok
22:20:25.0057 5064 SiS315 (020467b4ee7f73c304943bf0e3e4d526) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
22:20:25.0073 5064 SiS315 - ok
22:20:25.0119 5064 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
22:20:25.0135 5064 SISAGP - ok
22:20:25.0182 5064 SiSkp (02960a9c3f4e5178edbd9c0d2d995b3b) C:\WINDOWS\system32\DRIVERS\srvkp.sys
22:20:25.0213 5064 SiSkp - ok
22:20:25.0276 5064 SISNIC (5529b51aacff16fbdde4b34ff0af2b76) C:\WINDOWS\system32\DRIVERS\sisnic.sys
22:20:25.0291 5064 SISNIC - ok
22:20:25.0338 5064 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:20:25.0463 5064 SLIP - ok
22:20:25.0541 5064 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
22:20:25.0682 5064 SONYPVU1 - ok
22:20:25.0713 5064 Sparrow - ok
22:20:25.0791 5064 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:20:25.0901 5064 splitter - ok
22:20:25.0948 5064 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:20:26.0010 5064 sr - ok
22:20:26.0088 5064 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:20:26.0135 5064 Srv - ok
22:20:26.0198 5064 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:20:26.0338 5064 streamip - ok
22:20:26.0385 5064 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:20:26.0526 5064 swenum - ok
22:20:26.0573 5064 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:20:26.0682 5064 swmidi - ok
22:20:26.0713 5064 symc810 - ok
22:20:26.0776 5064 symc8xx - ok
22:20:26.0838 5064 sym_hi - ok
22:20:26.0901 5064 sym_u3 - ok
22:20:26.0979 5064 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:20:27.0104 5064 sysaudio - ok
22:20:27.0198 5064 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:20:27.0260 5064 Tcpip - ok
22:20:27.0307 5064 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:20:27.0463 5064 TDPIPE - ok
22:20:27.0526 5064 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:20:27.0635 5064 TDTCP - ok
22:20:27.0666 5064 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:20:27.0791 5064 TermDD - ok
22:20:27.0838 5064 TosIde - ok
22:20:27.0885 5064 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:20:27.0994 5064 Udfs - ok
22:20:28.0026 5064 ultra - ok
22:20:28.0104 5064 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:20:28.0260 5064 Update - ok
22:20:28.0323 5064 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:20:28.0448 5064 usbehci - ok
22:20:28.0494 5064 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:20:28.0635 5064 usbhub - ok
22:20:28.0682 5064 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:20:28.0791 5064 usbohci - ok
22:20:28.0854 5064 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:20:28.0994 5064 usbscan - ok
22:20:29.0057 5064 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
22:20:29.0151 5064 usbser - ok
22:20:29.0213 5064 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
22:20:29.0229 5064 usbsermpt ( UnsignedFile.Multi.Generic ) - warning
22:20:29.0229 5064 usbsermpt - detected UnsignedFile.Multi.Generic (1)
22:20:29.0276 5064 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:20:29.0401 5064 USBSTOR - ok
22:20:29.0448 5064 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:20:29.0573 5064 usbuhci - ok
22:20:29.0619 5064 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:20:29.0729 5064 VgaSave - ok
22:20:29.0823 5064 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
22:20:29.0823 5064 viaagp1 - ok
22:20:29.0901 5064 viagfx (220d565a3afdea901dabc67a5c81a121) C:\WINDOWS\system32\DRIVERS\vtmini.sys
22:20:29.0932 5064 viagfx - ok
22:20:30.0010 5064 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:20:30.0135 5064 ViaIde - ok
22:20:30.0182 5064 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:20:30.0323 5064 VolSnap - ok
22:20:30.0385 5064 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:20:30.0510 5064 Wanarp - ok
22:20:30.0557 5064 WDICA - ok
22:20:30.0588 5064 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:20:30.0713 5064 wdmaud - ok
22:20:30.0838 5064 WpdUsb (c1b3d9d75c3fb735f5fa3a5806aded57) C:\WINDOWS\system32\Drivers\wpdusb.sys
22:20:30.0869 5064 WpdUsb - ok
22:20:30.0932 5064 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:20:31.0073 5064 WS2IFSL - ok
22:20:31.0135 5064 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:20:31.0260 5064 WSTCODEC - ok
22:20:31.0323 5064 MBR (0x1B8) (bad0263fbe81b49f5f07b32dc9d198b3) \Device\Harddisk0\DR0
22:20:31.0401 5064 \Device\Harddisk0\DR0 - ok
22:20:31.0401 5064 Boot (0x1200) (984cd98a599fd0335ede41e28eedb431) \Device\Harddisk0\DR0\Partition0
22:20:31.0401 5064 \Device\Harddisk0\DR0\Partition0 - ok
22:20:31.0432 5064 Boot (0x1200) (91e165f3a6ec247a950150bdb29873c1) \Device\Harddisk0\DR0\Partition1
22:20:31.0432 5064 \Device\Harddisk0\DR0\Partition1 - ok
22:20:31.0448 5064 ============================================================
22:20:31.0448 5064 Scan finished
22:20:31.0448 5064 ============================================================
22:20:31.0463 8908 Detected object count: 6
22:20:31.0463 8908 Actual detected object count: 6
22:20:44.0698 8908 as6eio ( UnsignedFile.Multi.Generic ) - skipped by user
22:20:44.0698 8908 as6eio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:20:44.0698 8908 Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user
22:20:44.0698 8908 Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:20:44.0698 8908 Pfc ( UnsignedFile.Multi.Generic ) - skipped by user
22:20:44.0698 8908 Pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:20:44.0698 8908 PV8630 ( UnsignedFile.Multi.Generic ) - skipped by user
22:20:44.0698 8908 PV8630 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:20:44.0713 8908 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
22:20:44.0713 8908 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:20:44.0713 8908 usbsermpt ( UnsignedFile.Multi.Generic ) - skipped by user
22:20:44.0713 8908 usbsermpt ( UnsignedFile.Multi.Generic ) - User select action: Skip


----------



## eddie5659 (Mar 19, 2001)

Excellent, looks nice and clean, so lets run this to clear up any dead leftovers 

Download *OTS* to your Desktop and double-click on it to run it 

Make sure you close all other programs and *don't* use the PC while the scan runs. 
Now click the *Run Scan* button on the toolbar. Make sure not to use the PC while the program is running or it will freeze. 
When the scan is complete Notepad will open with the report file loaded in it. 
Click the *Format* menu and make sure that *Wordwrap* is not checked. If it is then click on it to uncheck it. 
Use the Add Reply button and post the information back here in an *attachment*. I will review it when it comes in. The last line is *< End of Report >*, so make sure that is the last line in the attached report.

*Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way*

eddie


----------



## Cobster (Oct 15, 2011)

Here is the OTS file attached Eddie


----------



## eddie5659 (Mar 19, 2001)

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says *"Paste fix here"* and then click the *Run Fix* button.


```
[Unregister Dlls]
[Win32 Services - Safe List]
YN -> (WANMiniportService) WAN Miniport (ATW) Service [Disabled | Stopped] -> 
YN -> (getPlus(R) Helper) getPlus(R) Helper [Disabled | Stopped] -> 
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> [JQSIEStartDetectorImpl Class]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> {B48798CE-A2E0-4918-BC00-0F72FBA708E2}\\"ButtonText" [HKLM] -> [Reg Error: Key error.]
YN -> {B48798CE-A2E0-4918-BC00-0F72FBA708E2}\\"CLSID" [HKLM] -> [{0000031A-0000-0000-C000-000000000046}]
YN -> {B48798CE-A2E0-4918-BC00-0F72FBA708E2}\\"Default Visible" [HKLM] -> [Reg Error: Key error.]
YN -> {B48798CE-A2E0-4918-BC00-0F72FBA708E2}\\"HotIcon" [HKLM] -> [Reg Error: Key error.]
YN -> {B48798CE-A2E0-4918-BC00-0F72FBA708E2}\\"Icon" [HKLM] -> [Reg Error: Key error.]
YN -> {B48798CE-A2E0-4918-BC00-0F72FBA708E2}\\"Script" [HKLM] -> [Reg Error: Key error.]
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
YN -> "%ProgramFiles%\iTunes\iTunes.exe" -> [%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes]
YN -> "C:\Program Files\America Online 9.0\waol.exe" -> [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0]
YN -> "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL]
YN -> "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL]
YN -> "C:\Program Files\MSN Messenger\livecall.exe" -> [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)]
YN -> "C:\Program Files\MSN Messenger\msnmsgr.exe" -> [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1]
[Files/Folders - Created Within 30 Days]
NY ->  8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
[Files/Folders - Modified Within 30 Days]
NY ->  6 C:\Documents and Settings\Compaq_Owner\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Compaq_Owner\Local Settings\temp\*.tmp
```
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the *Ok* button and Notepad will open with a log of actions taken during the fix. Post that information back here

eddie


----------



## Cobster (Oct 15, 2011)

Hi Eddie
Here is the OTX RunFix log:

[Win32 Services - Safe List]
Service WANMiniportService stopped successfully!
Error: No service named getPlus(R was found to stop!
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{B48798CE-A2E0-4918-BC00-0F72FBA708E2}\\ButtonText deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{B48798CE-A2E0-4918-BC00-0F72FBA708E2}\\CLSID deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{B48798CE-A2E0-4918-BC00-0F72FBA708E2}\\Default Visible deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{B48798CE-A2E0-4918-BC00-0F72FBA708E2}\\HotIcon deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{B48798CE-A2E0-4918-BC00-0F72FBA708E2}\\Icon deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{B48798CE-A2E0-4918-BC00-0F72FBA708E2}\\Script deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%ProgramFiles%\iTunes\iTunes.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe deleted successfully.
[Files/Folders - Created Within 30 Days]
C:\WINDOWS\System32\SET4EA.tmp deleted successfully.
C:\WINDOWS\System32\SET4F6.tmp deleted successfully.
C:\WINDOWS\System32\SET4FF.tmp deleted successfully.
C:\WINDOWS\System32\SET500.tmp deleted successfully.
C:\WINDOWS\System32\SET501.tmp deleted successfully.
C:\WINDOWS\System32\SET504.tmp deleted successfully.
C:\WINDOWS\System32\SET511.tmp deleted successfully.
C:\WINDOWS\System32\SET51A.tmp deleted successfully.
[Files/Folders - Modified Within 30 Days]
C:\Documents and Settings\Compaq_Owner\Local Settings\temp\b78B3.tmp deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\temp\IXP000.TMP folder deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\temp\jar_cache3495712197983561995.tmp deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\temp\jar_cache5075752153699812575.tmp deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\temp\jar_cache5475083659969734417.tmp deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\temp\jar_cache5596551025734986568.tmp deleted successfully.
< End of fix log >
OTS by OldTimer - Version 3.1.46.0 fix logfile created on 01292012_211410


----------



## eddie5659 (Mar 19, 2001)

Excellent, how's the computer running now?


----------



## Cobster (Oct 15, 2011)

Hi Eddie
I think it is better but I still get frequent spikes in CPU usage % due to services.exe which freeze the computer for 10-15 seconds at a time


----------



## eddie5659 (Mar 19, 2001)

Okay, lets see if we can trim things down a bit.

Can you open up OTL again, but firstly make sure *Services* is set to *All*, and then click *Run Scan*.

Only one log will be produced to be copy/pasted here 

eddie


----------



## Cobster (Oct 15, 2011)

Here is the log Eddie:

OTL logfile created on: 1/31/2012 10:40:23 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Compaq_Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.67% Memory free
3.80 Gb Paging File | 2.98 Gb Available in Paging File | 78.46% Paging File free
Paging file location(s): C:\pagefile.sys 2000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.24 Gb Total Space | 86.17 Gb Free Space | 60.58% Space Free | Partition Type: NTFS
Drive D: | 6.79 Gb Total Space | 2.12 Gb Free Space | 31.29% Space Free | Partition Type: FAT32

Computer Name: DESKTOP1 | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/21 18:08:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\OTL.exe
PRC - [2012/01/07 09:26:26 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/08 19:44:22 | 004,616,064 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/10/23 09:12:51 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/10/03 01:52:43 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/05/15 14:53:20 | 000,325,512 | ---- | M] (BillP Studios) -- C:\Program Files\WinPatrol\WinPatrol.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/06/06 22:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2003/09/12 22:13:20 | 000,098,304 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\ps2.EXE

========== Modules (No Company Name) ==========

MOD - [2012/01/30 07:09:41 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/01/30 07:09:40 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/01/18 22:08:20 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/01/18 22:08:20 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/01/07 09:26:26 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/10/23 09:46:57 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/03 01:52:09 | 000,015,760 | ---- | M] () -- C:\Program Files\Java\jre7\bin\jp2native.dll
MOD - [2011/08/22 00:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/04/14 20:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\WinPatrol\sqlite3.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2001/09/28 13:44:58 | 000,257,536 | ---- | M] () -- C:\WINDOWS\BiImg.dll

========== Win32 Services (All) ==========

SRV - File not found [Disabled | Stopped] -- -- (WANMiniportService) WAN Miniport (ATW)
SRV - File not found [Disabled | Stopped] -- -- (getPlus(R) Helper) getPlus(R)
SRV - [2011/10/09 19:32:07 | 000,136,176 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdatem) Google Update Service (gupdatem)
SRV - [2011/10/09 19:32:07 | 000,136,176 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2011/10/03 01:52:43 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/08/27 00:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2009/06/10 01:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
SRV - [2009/04/20 12:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs) Remote Procedure Call (RPC)
SRV - [2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (DcomLaunch)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2009/01/21 01:14:12 | 000,137,200 | ---- | M] (Google) [Disabled | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/07/07 15:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\es.dll -- (EventSystem)
SRV - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla) Network Location Awareness (NLA)
SRV - [2008/04/13 19:12:40 | 000,126,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv)
SRV - [2008/04/13 19:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/13 19:12:38 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ups.exe -- (UPS)
SRV - [2008/04/13 19:12:35 | 000,089,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog)
SRV - [2008/04/13 19:12:34 | 000,141,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr)
SRV - [2008/04/13 19:12:33 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\scardsvr.exe -- (SCardSvr)
SRV - [2008/04/13 19:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/13 19:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008/04/13 19:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 19:12:27 | 000,006,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\msdtc.exe -- (MSDTC)
SRV - [2008/04/13 19:12:25 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mnmsrvc.exe -- (mnmsrvc)
SRV - [2008/04/13 19:12:24 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\locator.exe -- (RpcLocator) Remote Procedure Call (RPC)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (NtLmSsp)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 19:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 19:12:21 | 000,267,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\fxssvc.exe -- (Fax)
SRV - [2008/04/13 19:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 19:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 19:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (COMSysApp)
SRV - [2008/04/13 19:12:14 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2008/04/13 19:12:14 | 000,005,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc)
SRV - [2008/04/13 19:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/13 19:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2008/04/13 19:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\xmlprov.dll -- (xmlprov)
SRV - [2008/04/13 19:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 19:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2008/04/13 19:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2008/04/13 19:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc) Windows Image Acquisition (WIA)
SRV - [2008/04/13 19:12:08 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\upnphost.dll -- (upnphost)
SRV - [2008/04/13 19:12:08 | 000,175,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\w32time.dll -- (W32Time)
SRV - [2008/04/13 19:12:08 | 000,068,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\webclnt.dll -- (WebClient)
SRV - [2008/04/13 19:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2008/04/13 19:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/13 19:12:07 | 000,090,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\trkwks.dll -- (TrkWks)
SRV - [2008/04/13 19:12:07 | 000,071,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\ssdpsrv.dll -- (SSDPSRV)
SRV - [2008/04/13 19:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 19:12:05 | 000,039,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\sens.dll -- (SENS)
SRV - [2008/04/13 19:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2008/04/13 19:12:03 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qagentrt.dll -- (napagent)
SRV - [2008/04/13 19:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2008/04/13 19:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 19:12:02 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/04/13 19:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/04/13 19:11:59 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008/04/13 19:11:57 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/13 19:11:56 | 000,061,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\kmsvc.dll -- (hkmsvc)
SRV - [2008/04/13 19:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 19:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS)
SRV - [2008/04/13 19:11:53 | 000,023,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ersvc.dll -- (ERSvc)
SRV - [2008/04/13 19:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 19:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2008/04/13 19:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 19:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2008/04/13 19:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 19:11:50 | 000,077,824 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/13 19:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 19:11:49 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/10/18 21:47:16 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mspmsnsv.dll -- (WmdmPmSN)
SRV - [2006/10/18 20:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/09/28 18:56:14 | 000,055,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\WudfSvc.dll -- (WudfSvc)
SRV - [2004/09/29 22:23:00 | 000,127,043 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2004/08/04 07:00:00 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsvp.exe -- (RSVP)
SRV - [2004/07/15 00:49:26 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2003/07/28 21:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/20 08:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)

========== Driver Services (SafeList) ==========

DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2006/04/02 20:23:03 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2005/04/20 10:00:56 | 002,317,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/03/04 11:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/09/30 00:55:50 | 000,229,888 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/09/24 12:38:40 | 000,012,928 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/07/29 22:04:26 | 002,216,128 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/05/08 19:21:44 | 000,035,840 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/04/27 09:31:04 | 000,474,304 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvcd.sys -- (QCDonner) Logitech QuickCam Express(PID_0840)
DRV - [2003/12/02 20:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/09/19 04:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/07/18 18:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/07/12 00:28:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2003/07/02 13:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/10/04 19:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/07/30 00:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2001/11/08 14:58:22 | 000,017,648 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pc22nd5.sys -- (pc22nd5) Toshiba PCX2200 USB Cable Modem networking driver (NDIS)
DRV - [2001/11/08 14:58:14 | 000,069,744 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pc22unic.sys -- (pc22unic)
DRV - [2000/06/27 06:14:32 | 000,019,144 | ---- | M] (USB Image.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\A1236.SYS -- (PV8630)
DRV - [1997/12/09 00:32:00 | 000,003,616 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\as6eio.sys -- (as6eio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.haaretz.co.il/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FE 11 CD 0A A8 D8 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.globes.co.il"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@sony.com/Some: C:\Program Files\Sony\Bloggie Software\npsome.dll (Sony)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/07 09:26:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/23 14:02:26 | 000,000,000 | ---D | M]

[2008/09/02 07:06:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2012/01/26 07:49:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\6pfq08et.default\extensions
[2011/10/01 09:05:50 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\6pfq08et.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}(2)
[2012/01/26 07:49:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\6pfq08et.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/18 08:44:53 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\6pfq08et.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/10/01 09:05:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\6pfq08et.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2010/10/21 11:58:25 | 000,000,000 | ---D | M] (PSB Plugin) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\6pfq08et.default\extensions\[email protected]
[2012/01/07 09:26:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/07 09:26:26 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 01:53:41 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/09/15 10:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2005/04/27 16:31:10 | 000,225,280 | ---- | M] (Asgard Software Inc.) -- C:\Program Files\mozilla firefox\plugins\NPUploader.dll
[2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/12 22:17:56 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/24 20:58:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Suggest) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll (Yahoo! Inc.)
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: mta.ac.il ([mtamail] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://active.macromedia.com/director/cabs/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (MetaStreamCtl Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} https://uat.desktop.citigroup.com/dana-cached/setup/NeoterisSetup.cab (NeoterisSetup Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152325382906 (MUWebControl Class)
O16 - DPF: {83EF1847-D835-490B-8D9D-90B2987D66E8} http://pictures.aolcdn.com/ap/Resources/1.0.2.19.b//cab/YgpUploader.9.3.2.3.cab (AOL Pictures Uploader Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65ADC95C-A4EE-4103-918F-8E8E9BD42698}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/21 04:59:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/29 21:14:10 | 000,000,000 | ---D | C] -- C:\_OTS
[2012/01/29 11:50:13 | 000,646,144 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTS.exe
[2012/01/24 22:48:51 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2012/01/24 22:48:36 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2012/01/24 22:48:27 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2012/01/24 22:47:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2012/01/24 22:47:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2012/01/24 22:21:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/24 22:16:42 | 002,058,032 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Compaq_Owner\Desktop\tdsskiller.exe
[2012/01/24 22:13:10 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Compaq_Owner\Desktop\aswMBR.exe
[2012/01/22 14:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/01/22 11:10:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/22 11:10:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/22 11:10:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/22 11:10:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/22 11:07:33 | 004,388,509 | R--- | C] (Swearware) -- C:\Documents and Settings\Compaq_Owner\Desktop\Cobster123.exe
[2012/01/21 17:41:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/18 22:08:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
[2012/01/18 22:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/01/18 22:07:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/01/18 22:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/01/18 19:35:18 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\TFC.exe
[2012/01/14 23:13:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Recent
[2012/01/11 19:08:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/11 18:59:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\New Folder (7)
[2012/01/11 18:52:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\New Folder
[2012/01/02 09:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\WinZip
[2011/06/19 14:18:11 | 000,895,503 | ---- | C] (free-windows-registry-cleaner.com ) -- C:\Program Files\free-wrc.exe
[2005/10/02 14:03:13 | 000,018,120 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\GT680X.SYS

========== Files - Modified Within 30 Days ==========

[2012/01/31 21:47:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/31 20:47:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/30 07:14:28 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/30 07:09:48 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/30 07:09:30 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-581693593-1015511138-3403617319-1009.job
[2012/01/30 07:09:23 | 000,007,883 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/01/30 07:09:21 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2012/01/30 07:09:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/30 07:09:14 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/29 11:50:14 | 000,646,144 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTS.exe
[2012/01/29 10:13:01 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-581693593-1015511138-3403617319-1009.job
[2012/01/26 16:27:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/25 13:11:18 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk
[2012/01/25 03:01:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/24 22:53:49 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2012/01/24 22:48:46 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/01/24 22:48:45 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/01/24 22:48:45 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/01/24 22:47:56 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/01/24 22:47:22 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2012/01/24 22:16:47 | 002,058,032 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Compaq_Owner\Desktop\tdsskiller.exe
[2012/01/24 22:16:15 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\MBR.dat
[2012/01/24 22:13:10 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Compaq_Owner\Desktop\aswMBR.exe
[2012/01/24 20:58:33 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/24 20:49:56 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to ComboFix.lnk
[2012/01/22 16:00:55 | 115,291,080 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\AVPKaspersky.exe
[2012/01/22 14:16:08 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/01/22 14:05:21 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\SystemLook.exe
[2012/01/22 11:07:34 | 004,388,509 | R--- | M] (Swearware) -- C:\Documents and Settings\Compaq_Owner\Desktop\Cobster123.exe
[2012/01/18 22:07:28 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/18 19:35:18 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\TFC.exe
[2012/01/04 04:26:22 | 000,236,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

========== Files Created - No Company Name ==========

[2012/01/24 22:53:49 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2012/01/24 22:48:41 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/01/24 22:47:22 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/01/24 22:47:22 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2012/01/24 22:16:15 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\MBR.dat
[2012/01/24 20:49:56 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to ComboFix.lnk
[2012/01/22 23:12:22 | 2147,012,608 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/22 16:00:55 | 115,291,080 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\AVPKaspersky.exe
[2012/01/22 14:20:58 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/22 14:15:47 | 000,001,688 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/01/22 14:05:21 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\SystemLook.exe
[2012/01/22 11:10:48 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/22 11:10:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/22 11:10:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/22 11:10:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/22 11:10:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/18 22:07:28 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/19 19:09:35 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/06/22 08:20:59 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2010/04/28 16:35:04 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/12/27 10:56:37 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/04/29 18:50:06 | 000,000,010 | ---- | C] () -- C:\WINDOWS\compedia.ini
[2007/06/28 13:12:15 | 000,072,192 | ---- | C] () -- C:\WINDOWS\SSEUninstaller.exe
[2007/05/16 16:25:42 | 000,000,736 | ---- | C] () -- C:\WINDOWS\DigimaxMaster.INI
[2007/05/16 16:23:55 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/05/16 16:23:54 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/05/16 16:23:54 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\vidccleaner.exe
[2007/02/19 09:57:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2006/12/12 12:24:20 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\PGPsdk.dll.sig
[2006/10/08 07:55:14 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2006/07/03 21:17:38 | 000,000,101 | ---- | C] () -- C:\WINDOWS\upst.ini
[2006/04/01 09:13:25 | 000,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/02/23 16:38:53 | 000,000,078 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/01/30 19:19:39 | 000,000,134 | ---- | C] () -- C:\WINDOWS\qtw.ini
[2005/11/26 12:10:56 | 000,000,095 | ---- | C] () -- C:\WINDOWS\tb96.ini
[2005/11/23 08:39:22 | 000,013,012 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft Excel.CAL
[2005/10/02 17:06:42 | 000,000,004 | ---- | C] () -- C:\WINDOWS\AErroru3.dat
[2005/10/02 17:06:41 | 000,030,600 | ---- | C] () -- C:\WINDOWS\EWhiteu12.dat
[2005/10/02 17:06:40 | 000,030,600 | ---- | C] () -- C:\WINDOWS\EDarku12.dat
[2005/10/02 17:06:38 | 000,000,006 | ---- | C] () -- C:\WINDOWS\EExpou.dat
[2005/10/02 17:06:33 | 000,000,001 | ---- | C] () -- C:\WINDOWS\EOffsetu.dat
[2005/10/02 14:03:13 | 000,184,320 | ---- | C] () -- C:\WINDOWS\Ausba3.dll
[2005/10/02 14:03:13 | 000,011,593 | ---- | C] () -- C:\WINDOWS\Dusb3ar.ini
[2005/10/02 14:03:13 | 000,002,672 | ---- | C] () -- C:\WINDOWS\Ausba3.ini
[2005/10/02 14:03:13 | 000,001,226 | ---- | C] () -- C:\WINDOWS\ScnPanel.ini
[2005/10/02 14:03:07 | 000,001,701 | ---- | C] () -- C:\WINDOWS\Ultima292.ini
[2005/10/02 12:57:06 | 000,000,100 | ---- | C] () -- C:\WINDOWS\Tb98.ini
[2005/10/02 12:57:00 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2005/10/02 12:57:00 | 000,004,528 | ---- | C] () -- C:\WINDOWS\System32\SETBROWS.EXE
[2005/10/02 12:56:59 | 000,046,512 | ---- | C] () -- C:\WINDOWS\System32\EPSN.DLL
[2005/10/02 12:56:59 | 000,012,126 | ---- | C] () -- C:\WINDOWS\System32\PIXPCZ.DLL
[2005/10/02 12:56:59 | 000,011,934 | ---- | C] () -- C:\WINDOWS\System32\PIXPNR.DLL
[2005/10/02 12:56:19 | 000,158,720 | ---- | C] () -- C:\WINDOWS\System32\LFCMP62N.DLL
[2005/10/02 12:56:19 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\LFTIF62N.DLL
[2005/10/02 12:56:19 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\LTFIL62N.DLL
[2005/10/02 12:56:19 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\LFPCX62N.DLL
[2005/10/02 12:56:19 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\LFEPS62N.DLL
[2005/10/02 12:56:19 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\LFPCT62N.DLL
[2005/10/02 12:56:19 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\LFGIF62N.DLL
[2005/10/02 12:56:19 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\LFBMP62N.DLL
[2005/10/02 12:56:19 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LFPSD62N.DLL
[2005/10/02 12:56:19 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\LFWMF62N.DLL
[2005/10/02 12:56:19 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\LFTGA62N.DLL
[2005/10/02 12:56:19 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\LFWPG62N.DLL
[2005/10/02 12:56:19 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\LFIMG62N.DLL
[2005/10/02 12:56:19 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\LFRAS62N.DLL
[2005/10/02 12:56:19 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\LFMSP62N.DLL
[2005/10/02 12:56:19 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\LFMAC62N.DLL
[2005/10/02 12:56:19 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\LFPCD62N.DLL
[2005/10/02 12:56:08 | 000,133,632 | ---- | C] () -- C:\WINDOWS\AUSBA1.DLL
[2005/10/02 12:56:08 | 000,000,986 | ---- | C] () -- C:\WINDOWS\AUSBA1.INI
[2005/10/02 12:56:08 | 000,000,194 | ---- | C] () -- C:\WINDOWS\DUSB1AR.INI
[2005/10/02 12:56:06 | 000,003,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\As6eio.sys
[2005/07/05 09:08:51 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/07/05 09:08:42 | 000,002,872 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/06/10 18:52:41 | 000,000,111 | ---- | C] () -- C:\WINDOWS\ka.ini
[2005/05/10 10:02:54 | 000,000,037 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2005/04/16 12:09:53 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2005/04/16 09:13:09 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2005/03/15 19:05:45 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2005/03/15 19:05:45 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2005/03/15 19:05:45 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2005/03/15 19:05:33 | 000,000,310 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[2005/03/15 19:05:26 | 000,000,034 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2005/03/03 01:19:21 | 000,257,536 | ---- | C] () -- C:\WINDOWS\BiImg.dll
[2005/03/03 01:19:21 | 000,110,592 | ---- | C] () -- C:\WINDOWS\JPEG32.DLL
[2005/03/03 01:19:21 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\BiMResNT.dll
[2005/03/03 01:19:21 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\BiMAppNT.exe
[2005/01/31 08:49:19 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\PBHTML.dll
[2005/01/30 14:55:51 | 000,002,150 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2005/01/21 01:30:14 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2005/01/21 01:30:14 | 000,000,823 | ---- | C] () -- C:\WINDOWS\tsc.ini
[2005/01/21 01:29:58 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/01/20 22:16:41 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/01/20 20:26:14 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat
[2004/11/17 11:27:52 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/11/17 11:27:52 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/11/17 11:27:49 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/11/17 11:27:45 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/11/17 11:27:39 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/11/17 11:27:16 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/11/17 11:27:15 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/11/17 11:26:47 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/11/17 11:26:18 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/10/21 10:34:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/21 06:49:55 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-6.3.2.62.exe
[2004/10/21 06:48:08 | 000,013,948 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/10/21 06:47:59 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/10/21 06:33:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/21 06:20:51 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/10/21 06:20:51 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/10/21 06:20:51 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/10/21 06:20:51 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/10/21 06:20:51 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/10/21 06:20:51 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/10/21 06:04:06 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/10/21 05:53:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\RTCOMDLL.dll
[2004/10/21 05:53:26 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/10/21 05:52:02 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2004/10/21 05:48:17 | 000,017,191 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2004/10/21 05:46:49 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2004/10/21 05:46:49 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2004/10/21 05:46:49 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2004/10/21 05:15:39 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/10/21 05:15:39 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/10/21 05:14:17 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/10/21 05:04:42 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/10/21 05:01:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/10/21 04:56:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/10/21 04:42:37 | 000,000,572 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/10/21 04:42:17 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/10/21 04:42:16 | 000,384,926 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/10/21 04:42:16 | 000,054,484 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/10/20 21:50:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/10/20 21:49:04 | 000,361,728 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/09/14 01:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 05:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 05:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/04/11 01:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/08 00:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

========== Files - Unicode (All) ==========
[2006/11/18 16:46:52 | 000,039,936 | ---- | M] ()(C:\Documents and Settings\Compaq_Owner\My Documents\?? ???? ??? ???? ???.doc) -- C:\Documents and Settings\Compaq_Owner\My Documents\על כגון אלה היתה אמי.doc
[2006/11/18 16:46:52 | 000,039,936 | ---- | C] ()(C:\Documents and Settings\Compaq_Owner\My Documents\?? ???? ??? ???? ???.doc) -- C:\Documents and Settings\Compaq_Owner\My Documents\על כגון אלה היתה אמי.doc
[2006/08/05 22:02:58 | 000,026,112 | ---- | M] ()(C:\Documents and Settings\Compaq_Owner\My Documents\??? ????? ?? ????????.doc) -- C:\Documents and Settings\Compaq_Owner\My Documents\הכי מפריע זה הדיסוננס.doc
[2006/08/05 22:02:58 | 000,026,112 | ---- | C] ()(C:\Documents and Settings\Compaq_Owner\My Documents\??? ????? ?? ????????.doc) -- C:\Documents and Settings\Compaq_Owner\My Documents\הכי מפריע זה הדיסוננס.doc
[2006/08/04 06:39:33 | 000,027,136 | ---- | M] ()(C:\Documents and Settings\Compaq_Owner\My Documents\?? ?? ??? ???? ?? ????.doc) -- C:\Documents and Settings\Compaq_Owner\My Documents\גם מי שלא תומך של ביבי.doc
[2006/08/04 06:39:32 | 000,027,136 | ---- | C] ()(C:\Documents and Settings\Compaq_Owner\My Documents\?? ?? ??? ???? ?? ????.doc) -- C:\Documents and Settings\Compaq_Owner\My Documents\גם מי שלא תומך של ביבי.doc
[2006/06/21 07:31:10 | 000,000,000 | ---D | M](C:\Documents and Settings\Compaq_Owner\My Documents\????? - ????? ???? ?????_files) -- C:\Documents and Settings\Compaq_Owner\My Documents\גלובס - רוכשי דירה מקבלן_files
[2006/06/18 07:00:56 | 000,030,098 | ---- | M] ()(C:\Documents and Settings\Compaq_Owner\My Documents\????? - ????? ???? ?????.htm) -- C:\Documents and Settings\Compaq_Owner\My Documents\גלובס - רוכשי דירה מקבלן.htm
[2006/06/18 07:00:55 | 000,030,098 | ---- | C] ()(C:\Documents and Settings\Compaq_Owner\My Documents\????? - ????? ???? ?????.htm) -- C:\Documents and Settings\Compaq_Owner\My Documents\גלובס - רוכשי דירה מקבלן.htm
[2006/06/18 07:00:55 | 000,000,000 | ---D | C](C:\Documents and Settings\Compaq_Owner\My Documents\????? - ????? ???? ?????_files) -- C:\Documents and Settings\Compaq_Owner\My Documents\גלובס - רוכשי דירה מקבלן_files
[2006/03/27 11:29:49 | 000,024,064 | ---- | M] ()(C:\Documents and Settings\Compaq_Owner\My Documents\????? ??????.doc) -- C:\Documents and Settings\Compaq_Owner\My Documents\הורים פולנים.doc
[2006/03/27 11:29:49 | 000,024,064 | ---- | C] ()(C:\Documents and Settings\Compaq_Owner\My Documents\????? ??????.doc) -- C:\Documents and Settings\Compaq_Owner\My Documents\הורים פולנים.doc
[2006/02/14 08:00:01 | 000,044,032 | ---- | M] ()(C:\Documents and Settings\Compaq_Owner\My Documents\????? ????? ? ? ? ? ?.doc) -- C:\Documents and Settings\Compaq_Owner\My Documents\אפרים קישון ה ג ד ו ל.doc
[2006/02/14 08:00:01 | 000,044,032 | ---- | C] ()(C:\Documents and Settings\Compaq_Owner\My Documents\????? ????? ? ? ? ? ?.doc) -- C:\Documents and Settings\Compaq_Owner\My Documents\אפרים קישון ה ג ד ו ל.doc
[2005/09/25 18:34:57 | 000,024,064 | ---- | M] ()(C:\Documents and Settings\Compaq_Owner\My Documents\?? ??????? ?? ??????? ??? ??? ????? ??????.doc) -- C:\Documents and Settings\Compaq_Owner\My Documents\אל תתייראי מן הפרושים ולא ממי שאינם פרושים.doc
[2005/09/25 18:34:56 | 000,024,064 | ---- | C] ()(C:\Documents and Settings\Compaq_Owner\My Documents\?? ??????? ?? ??????? ??? ??? ????? ??????.doc) -- C:\Documents and Settings\Compaq_Owner\My Documents\אל תתייראי מן הפרושים ולא ממי שאינם פרושים.doc

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Okay, with regards to the actual services, there isn't a lot we can change, as most are needed for your system. However, here goes with what you can change.

Firstly, uninstall SuperAntiSpyware from AddRemove programs, as its not needed anymore.

From the log, you have these:

*O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)*

These are not bad, just optional removals. They can cause problems, say the slowness you're getting at certain times.

So, if you want to uninstall it, you can. Its up to you. This is just the Yahoo Toolbar, not the actual Yahoo program 

--

Next, the services...

You have Google Updater running all the time. However, you also appear to have other programs running scans, so I want to look at that deeper next.

Now, the following services are automatic, so we can change these to manual. They're still there, but as soon as you open or a program starts that uses these, it starts.

The best way is to remember which you're changing, so that if any program doesn't work, you can just go back in, and put it back to Automatic 

To do this, go to Start | Run and type:

*services.msc*

and click OK.

In the list that appears, look for the following in turn:

*Windows Image Acquisition
Windows Time
WebClient
Secondary Logon*

So, with the first one, Windows Image Acquisition, click on it to highlight it. Then, right-click on it and select Properties. In the General tab, you will see a drop-down menu called Startup Type.

At the moment it should say Automatic. Change this to Manual, apply and OK.

Do that with all 4, and then close the Services window by pressing the X as normal.

A reboot is needed for the changes to take effect.

--

Now, this one:

*Remote Access Auto Connection Manager*

is currently automatic, but before you change it to manual, this is to be checked:

You may require this service for some direct cable or DSL providers and connections, depending on how they implement their logon process. If your dial-up, cable or DSL internet access no longer functions properly with this service disabled, place this service into Automatic. If you use a hardware gateway or router, this service is not required.

So, you may want to leave that one alone for now, until we look at some other things 

--------

So, with this in mind, can you run SystemLook again, using this code:



> :filefind
> *.job


And post the log it produces 

eddie


----------



## Cobster (Oct 15, 2011)

Hi Eddie
Here is the log

SystemLook 30.07.11 by jpshortstuff
Log created at 18:15 on 02/02/2012 by Compaq_Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "*.job "
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job --a---- 284 bytes [14:07 23/10/2011] [21:27 02/02/2012] F35BF51412344F2C6338B82B65EF1842
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job --a---- 894 bytes [00:32 10/10/2011] [22:59 02/02/2012] B9B0029FFF54CB10677B5E332582807D
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job --a---- 898 bytes [00:32 10/10/2011] [22:47 02/02/2012] 01FB7F35B0E4BAF1A4B034E5CC4C3B33
C:\WINDOWS\Tasks\MP Scheduled Scan.job --ah--- 424 bytes [19:20 22/01/2012] [23:03 02/02/2012] A353F026F4CA1C1E2533AD659F5CB78A
C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-581693593-1015511138-3403617319-1009.job --a---- 292 bytes [14:13 23/10/2011] [22:59 02/02/2012] 18316392EF3FC5DA20E1D3EA2EFB0F59
C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-581693593-1015511138-3403617319-1009.job --a---- 300 bytes [14:13 23/10/2011] [15:13 29/01/2012] A145AD3CB526DEB1E4014EA885ED8032

-= EOF =-

I left Super Anti Malware as not sure if I should keep MS Security Essential or drop it and keep the Super Anti Spyware program..what do you think?
Yahoo Toolbar uninstalled.
Thanks again


----------



## eddie5659 (Mar 19, 2001)

For which one to keep, lets have a look at what you do have, so we can see fully 

Download *Security Check* from *here*.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called *checkup.txt*; please post the contents of that document.

-------

For all the taks listed below, you can check their frequency of updating etc by having a look at this link:

http://support.microsoft.com/kb/308671

Have a look as to when the below are scheduled, and if need be, change them to monthly, or at a time when you're not always using the computer, say 11pm once a week.

If you don't want them, you can just delete them, but leave them in the Recycle Bin, just in case, for a week, and see how the programs work. 99.99% of the time they're fine 

AppleSoftwareUpdate.job

This just updates Apple software such as iTunes, Quicktime etc. You can do this manually, or just leave it running.

GoogleUpdateTaskMachineCore.job 
GoogleUpdateTaskMachineUA.job

I have these two running, they are used for Google Chrome browser, Google Earth, Google Updater, Picasa or other Google applications. I have Chrome installed, not used it myself much. Again, you should be able to change the schedules.

RealUpgradeLogonTaskS
RealUpgradeScheduledTaskS

Now, these are for RealPlayer or any software that is by Real Media. Now, I use Realplayer all the time, but I don't have these running as tasks.

MP Scheduled Scan.job

This is for Windows Defender scanning. This is about it:

http://www.microsoft.com/download/en/details.aspx?id=17


----------



## Cobster (Oct 15, 2011)

Hi Eddie
Here is the securitycheck log, I uninstalled the Super AntiMalware 2 days ago as you suggested in the first place so only using MS Security Essentials now:

Results of screen317's Security Check version 0.99.30 
Windows XP Service Pack 3 x86 
Internet Explorer 8 
*`````````````````````````````` 
Antivirus/Firewall Check:* 
Windows Firewall Enabled! 
Norton Personal Firewall 
Microsoft Security Essentials 
*``````````````````````````````` 
Anti-malware/Other Utilities Check:* 
Windows Defender 
Windows Defender Signatures 
CCleaner 
Adobe Flash Player 10.3.183.10 *Flash Player out of Date!* 
Adobe Reader X (10.1.1) 
Mozilla Firefox 10.0. *Firefox out of Date!* 
*```````````````````````````````` 
Process Check: 
objlist.exe by Laurent* 
Windows Defender MSMpEng.exe 
WinPatrol winpatrol.exe 
Microsoft Security Essentials msseces.exe 
Microsoft Security Client Antimalware MsMpEng.exe 
WinPatrol winpatrol.exe 
*``````````End of Log````````````*

Changed the schedules on those tasks to once a month


----------



## eddie5659 (Mar 19, 2001)

Okay, it appears you have two firewalls running. As one is Norton, I would disable the Windows firewall:

Go to Start | Run and type the following in:

*Firewall.cpl*

and click OK.

In the general tab, select Off, and click OK.

--

Adobe is out of date, so get the latest version from here:

http://get.adobe.com/flashplayer/

Just untick the Google Toolbar option before installing.

--

Firefox is out of date. To update, when you're in Firefox, click the Orange menu in the top right of the screen, and select Help | About Fireafox, and it will automatically update.

--

Good to hear about the schedule change 

See if the one firewall reduces the services usage.


----------



## Cobster (Oct 15, 2011)

Hi Eddie
I used to have Norton. AV a long time ago but I uninstalled it way back.
Would it make more sense to keep the windows firewall and delete thenorton?


----------



## Cobster (Oct 15, 2011)

Updated Adobe Reader (does it have to start up when computer is booted every time) and Firefox was already updated I was told when tried to update it.


----------



## eddie5659 (Mar 19, 2001)

For Norton, it can cause a lot of memory usage, as can Mcafee. So, if you want to uninstall it, you can and leave Windows firewall on.

Adobe Reader doesn't need to start on startup all the time


----------



## Cobster (Oct 15, 2011)

Hi Eddie
I don't see any service for Adobe Updates, checked twice and nothing is running when i look at the Task manager too.
Also, I can not find any sign for the Norton Firewall, can't find any trace for Norto in the Control Pael (add/remove software) as well as Services.
Can you direct me ?
Thanks again


----------



## eddie5659 (Mar 19, 2001)

That's strange, as its showing here:

Norton Personal Firewall

http://forums.techguy.org/8228318-post6.html

Still, its not a problem, as we can use a tool to remove it 

Download the Norton Removal Tool.

Save the file to the Windows desktop.

ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

On the Windows desktop, double-click the Norton Removal Tool icon, follow the on-screen instructions, restart your computer.

Your computer may be restarted more than once, and you may be asked to repeat some steps after the computer restarts.

eddie


----------



## Cobster (Oct 15, 2011)

Removed the Norton Firewall..
Anything else we should do?


----------



## eddie5659 (Mar 19, 2001)

How's the service usage running now, is it still spiking?


----------



## Cobster (Oct 15, 2011)

yes, still terrible..spiking for 15-20 seconds at a time ..so frustrating


----------



## eddie5659 (Mar 19, 2001)

Okay, just been looking at the original thread you were helped on with Kevin, and he has the same idea as me, its no malware.

So, looks like CCLeaner found some things. Do you still have it installed?

If not, just get it from here:



> Download and install *CCleaner*
> 
> Use either one of the two free links below the Premium version. If you are offered any Toolbars etc such as Yahoo just decline the offer.
> 
> Run CCleaner, select tools > start up > in the bottom righthand corner hit the "save to text file" tab. Post that log for me to see...


And do exactly as you did before, in pasting the log


----------



## Cobster (Oct 15, 2011)

Here it is Eddie
Yes Extension Show or hide HP Smart Web Printing C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
No Extension &#1502;&#1495;&#1511;&#1512; C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
No Helper Adobe PDF Link Helper C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
No Helper Google Dictionary Compression sdch C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
No Helper Google Toolbar Helper C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
No Helper Google Toolbar Notifier BHO C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
Yes Helper HP Print Enhancer C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
Yes Helper HP Smart BHO Class C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Yes Helper Java(tm) Plug-In 2 SSV Helper C:\Program Files\Java\jre7\bin\jp2ssv.dll
Yes Helper Search Helper C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
No Helper UberButton Class C:\Program Files\Yahoo!\Common\yiesrvc.dll
Yes Helper Windows Live ID Sign-in Helper C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
No Helper Yahoo! IE Suggest C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
No Helper Yahoo! Toolbar Helper C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
No Helper YahooTaggedBM Class C:\Program Files\Yahoo!\Common\YIeTagBm.dll
No Toolbar Google Toolbar C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
No Toolbar Yahoo! Toolbar C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll


----------



## eddie5659 (Mar 19, 2001)

Hi

Sorry for the very late reply, this weekend and the past few days have been very hectic here.

It looks like not much is there, can you re-run HijackThis and post the log, so I can see if anything else looks to be causing this spike.

eddie


----------



## Cobster (Oct 15, 2011)

Not a problem Effie
Thanks again for your help
Here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:28:12 PM, on 2/15/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ps2.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WinPatrol\winpatrol.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.haaretz.co.il/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Bing Bar] "C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: ???? - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {B48798CE-A2E0-4918-BC00-0F72FBA708E2} - (no file) (HKCU)
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} (MetaStreamCtl Class) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://uat.desktop.citigroup.com/dana-cached/setup/NeoterisSetup.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152325382906
O16 - DPF: {83EF1847-D835-490B-8D9D-90B2987D66E8} (AOL Pictures Uploader Class) - http://pictures.aolcdn.com/ap/Resources/1.0.2.19.b//cab/YgpUploader.9.3.2.3.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe

--
End of file - 9714 bytes


----------



## eddie5659 (Mar 19, 2001)

Sorry, been a long few days. If you want a good laugh, read here:

http://forums.techguy.org/8263669-post216.html

Its all about it 

Okay, back to you 

-------------

The following is a list of all that you have running at startup. For those interested, its the 04 entries. The more you have, the slower your bootup to Windows will be, and you may have problems online, like slowness etc. I've put some explanation on what they are, in case you're curious.

Don't worry, you're not uninstalling these, just preventing them loading at startup

=========

NvCplDaemon - Intializes the clock and memory settings on nVidia based graphics cards. Enable if you overclock your card. Up to you

hpsysdrv - Related to Hewlett-Packard This item keeps track of how many times the system has been recovered and the times of the first and last recoveries done on the system. Leaving unchecked will sometimes prevent the Keyboard Manager program from detecting that the computer is an HP. Since this program/driver was only made to run on HP, if it can't tell that it is an HP it will not run. If unchecked, it can prevent the running of the Application Recovery CDs, the use of the multimedia keys, and the HP Instant Support. Up to you

IgfxTray - Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. Quick access to the control panel via a System Tray icon. Available via Start -> Settings -> Control Panel. Not needed

HotKeysCmds - Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. If the user wishes to have "HotKey" access to Intel's customised graphics properties, it is required, otherwise not. It can be disabled via the Display Properties in the Control Panel. Up to you

PS2 - Related to Hewlett-Packard Multimedia Keyboard companion on HP computers. If this is prevented from starting, then some keyboard functionality will be lost. Up to you

LSBWatcher - HP CD-ROM driver - reportedly required for it to work. Keep

TkBellExe - Application Scheduler installed along with RealOne_Player Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it.

http://www.mikescomputerinfo.com/TkBellExe.htm

Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK. Not needed

SunJavaUpdateSched - Checks with Sun's Java updates site to see if newer Java versions are available. Visit http://java.sun.com or just run the Java Plug-In Control Panel. Up to you

WinPatrol - Related to WinPatrol - "Manage Startup programs, tasks, cookies; will sniff out Worms, Trojan horses, Cookies, Adware, Spyware, Klez, Assumption and other malicious programs". Up to you

Adobe Photo Downloader - From Adobe_Photoshop_Album not to be terminated unless suspected to be causing problems. Note: Located in \%Program Files%\Adobe\Adobe Photoshop Lightroom *.*\. Up to you

MSC - Related to Microsoft Security Essentials. Real-time protection for your home PC that guards against viruses, spyware, and other malicious software. Keep

HP Software Update - Related to Hewlett-Packard Software updates. If a shortcut doesn't exist, create your own and run it manually. Note: Located in \%Program Files%\Hewlett-Packard\HP Software Update\. Not needed

*Bing Bar - Related to MSN Toolbar Reported to cause high CPU usage. Up to you*

Microsoft Default Manager - Related to Microsoft Default Manager user invoked program and a normal part of PC operations. Not needed

ctfmon.exe - CTFMon is involved with the language/alternative input services in Office XP. CTFMON.exe will continue to put itself back into MSConfig when you run the Office XP apps as long as the Text Services and Speech applets in the Control Panel are enabled. Not required if you don't need these features. For more info on ctfmon See_Here

http://support.microsoft.com/kb/282599/en-us

CTFMON can be disabled from Control Panel, Text & Speech Services. Up to you

SUPERAntiSpyware - Uninstall via AddRemove Programs, not needed now.

Picasa Media Detector - Media detector for Picasa's automatic photo organizer. Not needed

DWQueuedReporting - Related to System_Event_Notification_Services from Microsoft. Required for Efficient Mobile Network Computing. Keep

HP Digital Imaging Monitor - Related to Hewlett-Packard System Tray access to HP Director. Required if you prefer to use the all-in-one buttons to manually scan documents or transfer photos from a camera, for example. Up to you

=========

Okay, for the one's that say Not Needed, do this:

Go to Start | Run and type MSCONFIG, and click OK. Startup tab. Untick the ones that are Not Needed, Apply and Restart. When Windows loads back up, you will have a popup box saying that the startup has been changed. Tick the little box to not appear again, and OK.

For the Up To You ones, that's exactly that. Its your choice if you need them. One way to do this, is after you've done the above with the Not Needed, is to go back to MSCONFIG, and untick one of them. Reboot, and see if all your 'normal' programs work okay. If, for instance yourAdobe Photoshop has a problem after unticking Adobe Photo Downloader, then just go back in, retick it, and restart.

------------

I would also suggest uninstalling SUPERAntiSpyware as this is not needed anymore, plus look at the part in *Bold* above


----------



## Cobster (Oct 15, 2011)

Hi Eddie
Sorry to hear about your saga with BT and o2..like fighting windmills it seems, hope all is sorted out by now 

I did what you suggested and unticked all the not necessary items and a few of the optionals, I also ran hijack this just in case and here is the log

Will report in a day or two as to performance, hope that does it for this issue and I thank you once again for your patience and willingness to help

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:52:51 PM, on 2/23/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WinPatrol\winpatrol.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\real\realplayer\update\realsched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.haaretz.co.il/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\real\realplayer\update\realsched.exe" -osboot
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: ???? - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {B48798CE-A2E0-4918-BC00-0F72FBA708E2} - (no file) (HKCU)
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} (MetaStreamCtl Class) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://uat.desktop.citigroup.com/dana-cached/setup/NeoterisSetup.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152325382906
O16 - DPF: {83EF1847-D835-490B-8D9D-90B2987D66E8} (AOL Pictures Uploader Class) - http://pictures.aolcdn.com/ap/Resources/1.0.2.19.b//cab/YgpUploader.9.3.2.3.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

--
End of file - 7654 bytes


----------



## eddie5659 (Mar 19, 2001)

Sorry, not getting email thru for some reason, so having to check the subscriptions 

How's it going now?


----------



## Cobster (Oct 15, 2011)

Hi Eddie
Unfortunately no change in the spikes of CPU usage due to services.exe..so frustrating


----------



## eddie5659 (Mar 19, 2001)

Nuts 

Okay, lets have a deeper look:

The following program checks the running services on your system, to determine if there are any malicious files running.

Download *Getservices.zip*

Extract the Zip file to your C drive. Once it is extracted there will be a directory called *Getservice*. Inside the C:\getservice directory will be a file called *getservice.bat *. Simply double-click on the *getservice.bat* file and when it is completed a notepad will open with a lot of information.

Copy/Paste the contents here.

eddie


----------



## Cobster (Oct 15, 2011)

Here it is Eddie
Thanks again


SERVICE_NAME: ALG
DISPLAY_NAME: Application Layer Gateway Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 2844
FLAGS : 
DESCRIPTION : Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.

TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\alg.exe
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Application Layer Gateway Service
SERVICE_START_NAME : NT AUTHORITY\LocalService

SERVICE_NAME: AudioSrv
DISPLAY_NAME: Windows Audio
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 924
FLAGS : 
DESCRIPTION : Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : AudioGroup
TAG : 0
DISPLAY_NAME : Windows Audio
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: BITS
DISPLAY_NAME: Background Intelligent Transfer Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 924
FLAGS : 
DESCRIPTION : Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Background Intelligent Transfer Service
DEPENDENCIES : Rpcss
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: CryptSvc
DISPLAY_NAME: CryptSvc
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 924
FLAGS : 
DESCRIPTION : Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : CryptSvc
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: DcomLaunch
DISPLAY_NAME: DCOM Server Process Launcher
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 764
FLAGS : 
DESCRIPTION : Provides launch functionality for DCOM services.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k DcomLaunch
LOAD_ORDER_GROUP : Event Log
TAG : 0
DISPLAY_NAME : DCOM Server Process Launcher
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: Dhcp
DISPLAY_NAME: DHCP Client
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 924
FLAGS : 
DESCRIPTION : Manages network configuration by registering and updating IP addresses and DNS names.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DHCP Client
DEPENDENCIES : Tcpip
: Afd
: NetBT
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: Dnscache
DISPLAY_NAME: DNS Client
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1208
FLAGS : 
DESCRIPTION : Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k NetworkService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DNS Client
DEPENDENCIES : Tcpip
SERVICE_START_NAME : NT AUTHORITY\NetworkService

SERVICE_NAME: ERSvc
DISPLAY_NAME: Error Reporting Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 924
FLAGS : 
DESCRIPTION : Allows error reporting for services and applictions running in non-standard environments.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Error Reporting Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: Eventlog
DISPLAY_NAME: Event Log
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 600
FLAGS : SERVICE_RUNS_IN_SYSTEM_PROCESS
DESCRIPTION : Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
LOAD_ORDER_GROUP : Event log
TAG : 0
DISPLAY_NAME : Event Log
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: EventSystem
DISPLAY_NAME: COM+ Event System
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 924
FLAGS : 
DESCRIPTION : Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : COM+ Event System
DEPENDENCIES : RPCSS
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: FastUserSwitchingCompatibility
DISPLAY_NAME: Fast User Switching Compatibility
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 924
FLAGS : 
DESCRIPTION : Provides management for applications that require assistance in a multiple user environment.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Fast User Switching Compatibility
DEPENDENCIES : TermService
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: helpsvc
DISPLAY_NAME: Help and Support
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 924
FLAGS : 
DESCRIPTION : Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Help and Support
DEPENDENCIES : RPCSS
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: hpqcxs08
DISPLAY_NAME: hpqcxs08
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
 (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 224
FLAGS : 
DESCRIPTION : 

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : hpqcxs08
DEPENDENCIES : RPCSS
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: hpqddsvc
DISPLAY_NAME: HP CUE DeviceDiscovery Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 224
FLAGS : 
DESCRIPTION : This service detects and monitors CUE devices on the system.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : HP CUE DeviceDiscovery Service
DEPENDENCIES : RPCSS
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: HPSLPSVC
DISPLAY_NAME: HP Network Devices Support
TYPE : 120 WIN32_SHARE_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 264
FLAGS : 
DESCRIPTION : Discovers and monitors the state and the configuration of the HP devices attached to your network. If the service is stopped, and your network devices change IP addresses, they might become unavailable

TYPE : 120 WIN32_SHARE_PROCESS (interactive)
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k HPService
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : HP Network Devices Support
DEPENDENCIES : RPCSS
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: lanmanserver
DISPLAY_NAME: Server
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 924
FLAGS : 
DESCRIPTION : Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Server
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: lanmanworkstation
DISPLAY_NAME: Workstation
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 924
FLAGS : 
DESCRIPTION : Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : Workstation
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: LmHosts
DISPLAY_NAME: TCP/IP NetBIOS Helper
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1380
FLAGS : 
DESCRIPTION : Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : TCP/IP NetBIOS Helper
DEPENDENCIES : NetBT
: Afd
SERVICE_START_NAME : NT AUTHORITY\LocalService

SERVICE_NAME: MsMpSvc
DISPLAY_NAME: Microsoft Antimalware Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 884
FLAGS : 
DESCRIPTION : Helps protect users from malware and other potentially unwanted software

TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"
LOAD_ORDER_GROUP : COM Infrastructure
TAG : 0
DISPLAY_NAME : Microsoft Antimalware Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: Netman
DISPLAY_NAME: Network Connections
TYPE : 120 WIN32_SHARE_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID  : 924
FLAGS : 
DESCRIPTION : Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.

TYPE : 120 WIN32_SHARE_PROCESS (interactive)
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Network Connections
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: Nla
DISPLAY_NAME: Network Location Awareness (NLA)
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 924
FLAGS : 
DESCRIPTION : Collects and stores network configuration and location information, and notifies applications when this information changes.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Network Location Awareness (NLA)
DEPENDENCIES : Tcpip
: Afd
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: PlugPlay
DISPLAY_NAME: Plug and Play
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 600
FLAGS : SERVICE_RUNS_IN_SYSTEM_PROCESS
DESCRIPTION : Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
LOAD_ORDER_GROUP : PlugPlay
TAG : 0
DISPLAY_NAME : Plug and Play
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: PolicyAgent
DISPLAY_NAME: IPSEC Services
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 612
FLAGS : SERVICE_RUNS_IN_SYSTEM_PROCESS
DESCRIPTION : Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : IPSEC Services
DEPENDENCIES : RPCSS
: Tcpip
: IPSec
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: ProtectedStorage
DISPLAY_NAME: Protected Storage
TYPE : 120 WIN32_SHARE_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 612
FLAGS : SERVICE_RUNS_IN_SYSTEM_PROCESS
DESCRIPTION : Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.

TYPE : 120 WIN32_SHARE_PROCESS (interactive)
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Protected Storage
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: RasMan
DISPLAY_NAME: Remote Access Connection Manager
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 924
FLAGS : 
DESCRIPTION : Creates a network connection.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Remote Access Connection Manager
DEPENDENCIES : Tapisrv
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: RpcSs
DISPLAY_NAME: Remote Procedure Call (RPC)
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 820
FLAGS : 
DESCRIPTION : Provides the endpoint mapper and other miscellaneous RPC services.

TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k rpcss
LOAD_ORDER_GROUP : COM Infrastructure
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC)
SERVICE_START_NAME : NT Authority\NetworkService

SERVICE_NAME: SamSs
DISPLAY_NAME: Security Accounts Manager
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 612
FLAGS : SERVICE_RUNS_IN_SYSTEM_PROCESS
DESCRIPTION : Stores security information for local user accounts.

TYPE : 20 WIN32_SHARE_PROCESS
 START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP : LocalValidation
TAG : 0
DISPLAY_NAME : Security Accounts Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: Schedule
DISPLAY_NAME: Task Scheduler
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 924
FLAGS : 
DESCRIPTION : Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : SchedulerGroup
TAG : 0
DISPLAY_NAME : Task Scheduler
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: SeaPort
DISPLAY_NAME: SeaPort
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 536
FLAGS : 
DESCRIPTION : Enables the detection, download and installation of up-to-date configuration files for Microsoft Search Enhancement applications. Also provides server communication for the customer experience improvement program. If this service is disabled, search enhancement features such as search history may not work correctly.

TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : SeaPort
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: SENS
DISPLAY_NAME: System Event Notification
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 924
FLAGS : 
DESCRIPTION : Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : System Event Notification
DEPENDENCIES : EventSystem
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: SharedAccess
DISPLAY_NAME: Windows Firewall/Internet Connection Sharing (ICS)
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 924
FLAGS : 
DESCRIPTION : Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS)
DEPENDENCIES : Netman
: WinMgmt
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: ShellHWDetection
DISPLAY_NAME: Shell Hardware Detection
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 924
FLAGS : 
DESCRIPTION : Provides notifications for AutoPlay hardware events.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : ShellSvcGroup
TAG : 0
DISPLAY_NAME : Shell Hardware Detection
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: Spooler
DISPLAY_NAME: Print Spooler
TYPE : 110 WIN32_OWN_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1492
FLAGS : 
DESCRIPTION : Loads files to memory for later printing.

TYPE : 110 WIN32_OWN_PROCESS (interactive)
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\spoolsv.exe
LOAD_ORDER_GROUP : SpoolerGroup
TAG : 0
DISPLAY_NAME : Print Spooler
DEPENDENCIES : RPCSS
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: srservice
DISPLAY_NAME: System Restore Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 924
FLAGS : 
DESCRIPTION : Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : System Restore Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: SSDPSRV
DISPLAY_NAME: SSDP Discovery Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1380
FLAGS : 
DESCRIPTION : Enables discovery of UPnP devices on your home network.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : SSDP Discovery Service
DEPENDENCIES : HTTP
SERVICE_START_NAME : NT AUTHORITY\LocalService

SERVICE_NAME: stisvc
DISPLAY_NAME: Windows Image Acquisition (WIA)
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1292
FLAGS : 
DESCRIPTION : Provides image acquisition services for scanners and cameras.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k imgsvc
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Windows Image Acquisition (WIA)
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: TapiSrv
DISPLAY_NAME: Telephony
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 924
FLAGS : 
DESCRIPTION : Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Telephony
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: TermService
DISPLAY_NAME: Terminal Services
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 764
FLAGS : 
DESCRIPTION : Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k DComLaunch
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Terminal Services
DEPENDENCIES : RPCSS
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: Themes
DISPLAY_NAME: Themes
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 924
FLAGS : 
DESCRIPTION : Provides user experience theme management.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : UIGroup
TAG : 0
DISPLAY_NAME : Themes
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: TrkWks
DISPLAY_NAME: Distributed Link Tracking Client
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 924
FLAGS : 
DESCRIPTION : Maintains links between NTFS files within a computer or across computers in a network domain.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Distributed Link Tracking Client
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: winmgmt
DISPLAY_NAME: Windows Management Instrumentation
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 924
FLAGS : 
DESCRIPTION : Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Windows Management Instrumentation
DEPENDENCIES : RPCSS
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: wlidsvc
DISPLAY_NAME: Windows Live ID Sign-in Assistant
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1568
FLAGS : 
DESCRIPTION : Enables Windows Live ID authentication.

TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Windows Live ID Sign-in Assistant
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: wscsvc
DISPLAY_NAME: Security Center
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 924
FLAGS : 
DESCRIPTION : Monitors system security settings and configurations.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Security Center
DEPENDENCIES : RpcSs
: winmgmt
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: wuauserv
DISPLAY_NAME: Automatic Updates
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 924
FLAGS : 
DESCRIPTION : Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Automatic Updates
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: WudfSvc
DISPLAY_NAME: Windows Driver Foundation - User-mode Driver Framework
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 960
FLAGS : 
DESCRIPTION : Manages user-mode driver host processes

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
LOAD_ORDER_GROUP : PlugPlay
TAG : 0
DISPLAY_NAME : Windows Driver Foundation - User-mode Driver Framework
DEPENDENCIES : PlugPlay
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: WZCSVC
DISPLAY_NAME: Wireless Zero Configuration
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 924
FLAGS : 
DESCRIPTION : Provides automatic configuration for the 802.11 adapters

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Wireless Zero Configuration
DEPENDENCIES : RpcSs
: Ndisuio
SERVICE_START_NAME : LocalSystem


----------



## eddie5659 (Mar 19, 2001)

Okay, looking though the list, no malware jumps out. However, I do see something, so lets see if its anything related.

Do you get the spikes when you're online? If you're connected by cable so that you're always connected to the internet, unplug it and see if it still spikes.

If it doesn't, are you using a router/modem, and do you have access to the Admin Control Panel? Don't send me the details here, just want to know so I can advise what could be the cause.

eddie


----------



## Cobster (Oct 15, 2011)

Hi Eddie
Yes, I am connected online through a cable service and have a wireless router as well.
Since I normally work on the computer while online (emails, surf the web, remote access to work etc.) the spikes are during these activities.
I believe I have access to the Admin Control Panel (it is my ho,e computer)
Also, yest. I removed Winzip and today the spikes are much less pronounced, i don't know if that can be the reason but it was the first day in months where they did not disrupt my work in the morning.
I will ascertain this tomorrow when I log into work again
Thanks again


----------



## eddie5659 (Mar 19, 2001)

Has the spiking reduced since Winzip?

The reason I mention the router as well as the services, is that it is known to cause connection problems online when using games for example. I know this, as I have a game I was having problems with, and disabling uPNP in the services and in the router stopped the problems.

Now, this is a legit thing to have, but its not really needed on most systems. This is about it:

http://support.microsoft.com/kb/323713

You may not have to disable it in the services, but I did just to be sure 

So, if you want to have a go at that, as you'll notice this in the above:

So, lets start 

-------------

Go to Start | Run and type the following and press OK:

*services.msc*

In the Services, scroll down until you find:

*UPnP Device Host*

Right-click on it and select Properties.

In the drop-down box called Startup Type, select Disabled. Apply and OK. (jot down what it is before you change this, just in case  )

Close the services.

Then, go to your router, and this can be dependent on which router and who you're with, but it may take a bit of searching. I'm with o2 and it took me a bit to find mine, hidden away.

Once you find it, you'll notice it talks about this is a useful thing for games etc. I don't find it useful at all, more of an annoyance when I'm yelling at my mates that the game disconnected me again, in the middle of a match 

Disable or turn it off.

Reboot the computer, and see if that helps.

Now, you may just want to try the router method first, just in case you need the UPnP service enabled, but if you do attempt both and one of your networking programs fails, pop it back to enable/Auto, depending on what it was before. The router should be okay to leave disabled.


----------



## Cobster (Oct 15, 2011)

Hi Eddie
I disabled UPnP in Services.msc, that was easy.
However, i can not seem to find anything in my computer related to my wireless router.
It is connected to the computer and my cable modem by ethernet cables and I am not sure I even had to set up anything when I connected the system to it so there may not be any software related to it.
I looked for it in the hardware and the control panel but couldn't find it either.
Any ideas?
System still spikes and freezes


----------



## eddie5659 (Mar 19, 2001)

Its accessable through the browser. For me, I have a link in my favourites under O2, and in there is a link to the router. You'll normally need a password, which in most cases is the ID number under the actual router.

Who is your network provider, and the name/model of the router?


----------



## Cobster (Oct 15, 2011)

Hi Eddie
I have no link in may favourites in my browsers, should I look somewhere else.
As I said, I don't believe I needed to install anything to connect the wireless router.
It is a D-Link model DIR-601
My network provider is Time Warner Cable
Thanks again


----------



## eddie5659 (Mar 19, 2001)

Okay, I couldn't find DIR-601, but I did find DIR-600:

http://www.dlink.co.uk/cs/Satellite...erm=DIR-600&pagename=DLinkEurope-GB/DLWrapper

If you can get to the site, click on the manual at the bottom.

This is a direct link, save it your destop as its easier to view 

ftp://ftp.dlink.co.uk/dir_products/dir-600/manual/DIR-600_B2_Manual.pdf

In there, on page 41 of 97 is the Advance Network settings.

and it explains with a nice picture, about uPnP.

To get into the utility, on page 14 of 97, it explains how to log on etc.

Any problems/questions, just ask 

eddie


----------



## Cobster (Oct 15, 2011)

Done Eddie
Will see if it makes a difference and report
thx again


----------



## Cobster (Oct 15, 2011)

So far no change in spike Eddie


----------



## eddie5659 (Mar 19, 2001)

Okay, I must admit I'm not that good on hardware etc, so I'm going to grab a Trusted Helper, as they can reply in here 

Also, we'll remove the tools we've used, as malware isn't the issue, but I'm staying subsribed as I'd like to know the outcome 

I'll post my list of tools for security on the web etc, which I normally post when a thread is complete, but I know this one isn't. Just want to make sure this is there 
-----------

*Any questions about the following, just ask  *

We have a couple of last steps to perform and then you're all set.

Firstly, lets uninstall the tools we've used:

*Follow these steps to uninstall Combofix and tools used in the removal of malware*

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

*ComboFix /Uninstall *

Then, run this:


Download *OTC* to your desktop and run it 
Click Yes to beginning the Cleanup process and remove these components, including this application. 
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes. 

======================
Uninstall *SUPERAntiSpyware* from AddRemove Programs.

Also, remove the following from the Desktop, if still there after doing the above:

*
SystemLook
CFScript.txt
aswMBR
TDSSKiller
Security Check
Getservices.zip
*
==============================

*Create Restore Point (Win XP)*

(Windows XP) 
1. Turn off System Restore. 
On the Desktop, right-click My Computer. 
Click Properties. 
Click the System Restore tab. 
Check Turn off System Restore. 
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore. 
On the Desktop, right-click My Computer. 
Click Properties. 
Click the System Restore tab. 
UN-Check *Turn off System Restore*. 
Click Apply, and then click OK.

*Making Internet Explorer More Secure*

Go to Control Panel and open the *Internet Options*. Click on the *Advanced tab* and do the following:

 Tick Empty Temporary Internet Files When Browser is Closed under Security. Apply

Then, click on the *Security tab* and do the following:

 Make sure the Internet icon is selected.
 Click once on the *Custom Level* button.
 Change the *Download signed ActiveX controls* to *Prompt*.
 Change the *Download unsigned ActiveX controls* to *Disable*.
 Change the *Initialise and script ActiveX controls not marked as safe* to *Disable.*
 Change the *Installation of desktop items* to *Prompt.*
 Change the *Launching programs and files in an IFRAME* to *Prompt.*
 When all these settings have been made, click on the *OK* button.
 If it prompts you as to whether or not you want to save the settings, press the *Yes* button. 
 Next press the *Apply* button and then the *OK* to exit the Internet Properties page.

*Makeing FireFox More Secure*

Please visit this page to explain how to make Firefox more secure - How to Secure Firefox

*Other Software Updates*
It is very important to update the other software on your computer to patch up any security issues you may have. Go HERE to scan your computer for any out of date software. In particular make sure you download the updates for *Java* and *Adobe* as these are subject to many security vulnerabilities.

Also, its a good idea to keep on top of removing any Temp files etc every month or so. To do this, Windows has a pretty good tool.

Go to Start | Programs | Accessories | System Tools | Disk Cleanup
It should start straight away, but if you have to select a drive, click on the C-drive.
Let it run, and at the end it will give you some boxes to tick. 
All are okay to enable, then press *OK* and then *Yes* to the question after.
It will close after its completed.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:
*SpywareBlaster* to help prevent spyware from installing in the first place.
You should also have a good firewall. Here are is a free one available for personal use:
*Online Armor Free*
and a good antivirus (these are also free for personal use):
*Avast Home Edition*
*AVG Anti-Virus*
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit 
*Microsoft Windows Update*
monthly. And to keep your system clean run this free malware scanner

*Malwarebytes' Anti-Malware*

weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this about Security online: *General Security Information, How to tighten Security Settings and Warnings *

Have a safe and happy computing day!

eddie


----------



## flavallee (May 12, 2002)

Right-click MY COMPUTER, then click Properties.

What's listed in the *Computer:* section at the bottom of the "General" tab?

----------------------------------------------------------

Go to Start - Run - *MSCONFIG* - OK - "Startup" tab.

Write down only the names in the "Startup Item" column that have a checkmark next to them.

If the "Startup Item" column isn't wide enough to see the entire name of any of them, widen the column.

Submit those names here in a vertical list, and make sure to spell them correctly.

-----------------------------------------------------------

Go to Start - Run - *SERVICES.MSC* - OK.

Write down only the names in the "Name" column that have their startup type set on Automatic.

If the "Name" column isn't wide enough to see the entire name of any of them, widen the column.

Submit those names here in a vertical list and in alphabetical order.

-----------------------------------------------------------


----------



## Cobster (Oct 15, 2011)

Thanks so much for your help and guidance Eddie, it is truly appreciated.
I did all of what you have put down in your last post and am running all the defensive software now to make sure all is protected.
A quick question, is MBAM better than SuperAntiMalware
Also, will Avast co-exist with MS Sec. Essentials?
Best


----------



## Cobster (Oct 15, 2011)

Hi and thanks for your willingness to help.
=====================================

Compaq Presario AMD Athlon 64 Processor 3200+
2.21 GHz, 2MB of RAM
Physical Address Extension

=====================================
Startup Item names:

hpsysdrive

lsburnwatcher

winpatrol

adproxy

msseces

blank name - no name appears

realsched

jusched

OAui

avastUI

ctfmon

HP Digital Imaging Monitor

===============================================

Services names on Automatic:


Automatic Updates

avast! Antivirus

Background Intelligent Transfer Service

Computer Browser

Crypt Svc

DCOM Server Process Launcher

DHCP Client

Distributed Link Tracking Client

DNS Client

Error Reporting Service

Event Log

Help and Support

HP CUE DeviceDiscovery Service

HP Network Devices Support

IPSEC Services

Java Quick Starter

Microsoft Antimalware Service

Net Driver HPZ12

Online Armor

Online Armor Help Service

Plug and Play

Pml Driver HPZ12

Print Spooler

Protected Storage

Remote Procedure Call (RPC)

SeaPort

Security Accounts Manager

Security Center

Server

Shell Hardware Detection

Skype Updater

System Event Notification

System Restore Service

Task Scheduler

TCP/IP NetBios Helper

Themes

Windows Audio

Windows Driver Foundation - User - mode Driver Framework

Windows Firewall/Internet Connection Sharing (ICS)

Windows Image Acquisition (WIA)

Windows Live ID Sign-in Assistant

Windows Management Instrumentation

Windows Zero Configuration

Workstation


----------



## flavallee (May 12, 2002)

You need to uninstall *Avast* because you have it and *Microsoft Security Essentials* both installed and running at the same time.

According to your HiJackThis logs, it appears that you had MSE already installed and then added Avast later.

Multiple antivirus programs will fight each other and bog down a computer.

------------------------------------------------

After that's done, do the following in the order that they're listed.

------------------------------------------------

Go back to Start - Run - *MSCONFIG* - OK - "Startup" tab.

Remove the checkmark in these startup entries:

*lsburnwatcher*
Unless you're actually using the LightScribe software to burn labels on discs.

*apdproxy

blank name

realsched

jusched*

After you're done, click Apply - OK/Close - Exit Without Restart.

------------------------------------------------

Go back to Start - Run - *SERVICES.MSC* - OK.

Double-click on these service entries, one at a time, to open their properties window:

*Background Intelligence Transfer Service

Computer Browser

Distributed Link Tracking Client

Error Reporting Service

Help and Support

HP CUE DeviceDiscovery Service

HP Network Devices Support

IPSEC Services

Java Quick Starter

Net Driver HPZ12

Pml Driver HPZ12

Skype Updater

TCP/IP NetBIOS Helper

Windows Driver Foundation - User-mode Driver Framework

Windows Live ID Sign-in Assistant*

Change the "startup type" setting from Automatic to Manual, then click Apply - OK.

After you're done with the above list of service entries, do the following while you're still in the services window:

Change *Network Connections* from Manual to Automatic.

Change any service entry that's currently set on Disabled to Manual.

After that's done, close the services window and then restart the computer.

------------------------------------------------

When the small "System Configuration Utility" window appears during restart, ignore its message.

Put a checkmark in the lower left of that window BEFORE you click OK to close it.

------------------------------------------------

Wait for the computer to completely settle down from the restart.

Do NOT start any programs nor open any browser windows.

Go back to Start - Run - *SERVICES.MSC* - OK.

If any service entry that has its "startup type" set on Automatic does NOT show a status of started, change it to Manual.

If any service entry that has its "startup type" set on Manual DOES show a status of started, change it to Automatic.

------------------------------------------------


----------



## flavallee (May 12, 2002)

I've made some changes and additions to post #64 after submitting it, so read it again carefully before you start.

----------------------------------------------------------


----------



## Cobster (Oct 15, 2011)

I did everything you instructed me to do but found out about the Avast un-install after the re-boot.
I just did that and also uninstalled Online Armor too (Eddie told me to get those 2 programs for security purposes so I added them last night)

DO I need to re-do the whole services process again?

All services that are running are on automatic (before the un-install of Avast and OA)
thx


----------



## flavallee (May 12, 2002)

If you've uninstalled/removed *Alwil Avast* and *Online Armor*, their startup entries and service entries should be gone.

If you want to re-do post #61, just to be sure, that's fine.

How is the computer running now, and has the CPU usage dropped?

----------------------------------------------------------


----------



## eddie5659 (Mar 19, 2001)

Thanks flavellee :up:

The canned I post at the end was just a standard reply I normally post to a thread that has finished. I'll make sure to tweak it now, if someone has MSE installed. That's my mistake, sorry about that.

With regards to MBAM over SuperAntispyware: I prefer MBAM as it doesn't always need to be started on startup, and its less rescource hogging. Plus, it tends to find more, but I run both when cleaning peoples computers, as each tool can be a bit different in searching for the malware to start with 

eddie


----------



## flavallee (May 12, 2002)

No problem, Eddie. 

--------------------------------------------------------


----------



## Cobster (Oct 15, 2011)

Hi there
There is a huge difference now with CPU usage % and Services.exe seems to be hiding and not affecting the computer anymore.
I hope that solved it for goos.
If you don't mind, I'd lik to test it tomorrow while working on the comp. remotely before declaring a victory 
Thanks so much to you both!


----------



## Cobster (Oct 15, 2011)

Hi Eddie
For some reason mbam FADED AND WAS SAYING MY TRIAL SUBSCRIPTION EXPIRED..


----------



## Cobster (Oct 15, 2011)

Eddie,
I removed MBAM and will install super anti spyware and see if it makes a big difference.
Also, the Avast av was very taxing I hope MS Sec Essentials is enough but if you think AVG should be added I will add it.
Thanks again for all your help


----------



## eddie5659 (Mar 19, 2001)

For MBAM, it was because you were testing out the full version. If you uninstall it, and reinstall again, but this time when it asks d you want a trial, select no.

The free version is just as good, its just the paid one has other extra's. I have the free version 

AVG can hog the processes as well, so I would say no to that. I'll wait for flavellee's reply


----------



## flavallee (May 12, 2002)

Stick with *Microsoft Security Essentials* and do NOT replace it with *AVG 2012*.

Besides the fact that AVG is very bloated and problematic and more system-hungry, it contains a file and registry cleaner feature that can cause you grief if you use it.

-----------------------------------------------------------

Do what Eddie advised and decline to use the "trial" version of *Malwarebytes Anti-Malware*.

The free version of MBAM and *SUPERAntiSpyware* are fine.

Start them once a week, then update them, then run a quick scan, then select and remove what they find.

-----------------------------------------------------------


----------



## Cobster (Oct 15, 2011)

Looks like system is working fine
THANKS SO MUCH to both of you!
Truly appreciated!!
Will download the free MBAM and SuperAntiSpyware
I think we can declare VICTORY!!


----------



## flavallee (May 12, 2002)

Cobster said:


> Looks like system is working fine
> THANKS SO MUCH to both of you!
> Truly appreciated!!
> Will download the free MBAM and SuperAntiSpyware
> I think we can declare VICTORY!!


  :up:

Click the "Mark Solved" button at the upper left of this webpage.

-----------------------------------------------------------


----------



## eddie5659 (Mar 19, 2001)

Excellent news, and looks like I may start to trim some of those services myself as I've been getting a few problems with my own computer :up:

eddie


----------

