Problems with svchost.exe running over 350,000 K

View previous topic View next topic Go down

Problems with svchost.exe running over 350,000 K

Post by cbullard1982 on Fri Jan 27, 2012 10:34 pm

I have been noticing the past few days my computer being slow and sometimes unresponsive for periods of time. I'm concerned because when I checked the task manager there are several svchost.exe files but I know that's nothing to worry about. The thing I'm worried about is the fact that one of them is over 350,000 K.

Here is my OTL log

OTL logfile created on: 1/27/2012 3:38:33 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Cattie\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 77.10% Memory free
3.79 Gb Paging File | 3.39 Gb Available in Paging File | 89.59% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 47.69 Gb Free Space | 32.02% Space Free | Partition Type: NTFS
Drive D: | 302.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CLBPC | User Name: Cattie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/27 15:37:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cattie\My Documents\Downloads\OTL(1).com
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2004/08/04 04:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Ventrilo)
SRV - File not found [Auto | Stopped] -- -- (helpsvc)
SRV - File not found [Auto | Stopped] -- -- (ccSetMgr)
SRV - File not found [Auto | Stopped] -- -- (ccEvtMgr)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/11/10 01:15:52 | 000,924,568 | ---- | M] (Support.com, Inc.) [Auto | Stopped] -- C:\Program Files\Office Depot PC Support Agent\esService.exe -- (Office Depot PC Support Agent)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2008/04/23 15:35:21 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2008/04/06 20:29:14 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/04/06 20:29:08 | 000,054,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/06 20:25:40 | 004,652,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/07/23 09:56:58 | 000,042,624 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Alpham1.sys -- (Alpham1)
DRV - [2007/03/20 11:49:52 | 000,018,432 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Alpham2.sys -- (Alpham2)
DRV - [2004/04/13 19:20:08 | 000,015,781 | R--- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2003/11/17 13:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 13:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 13:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 14:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "[You must be registered and logged in to see this link.]
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:7
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=RGxdm029YYUS&ptb=Ac6wDKhMmDJtzB.a1fSf1g&ind=2010122812&ptnrS=RGxdm029YYUS&si=&n=77d00a3c&psa=&st=kwd&searchfor="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Cattie\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Cattie\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/23 05:51:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/29 19:08:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/08 13:31:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Cattie\Application Data\Move Networks [2011/07/24 23:03:20 | 000,000,000 | ---D | M]

[2010/04/22 10:43:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cattie\Application Data\Mozilla\Extensions
[2012/01/10 17:34:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cattie\Application Data\Mozilla\Firefox\Profiles\ip2bm7id.default\extensions
[2012/01/10 17:34:43 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Cattie\Application Data\Mozilla\Firefox\Profiles\ip2bm7id.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/12/28 11:20:11 | 000,010,023 | ---- | M] () -- C:\Documents and Settings\Cattie\Application Data\Mozilla\Firefox\Profiles\ip2bm7id.default\searchplugins\mywebsearch.xml
[2011/11/09 22:29:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/29 19:08:43 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/07 11:24:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 22:29:13 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2011/04/24 20:17:12 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober103729054.xml
[2011/04/24 21:26:27 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober107884329.xml
[2011/04/24 22:12:33 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober110649856.xml
[2010/08/23 09:58:21 | 000,001,943 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober21872000.xml
[2009/04/07 12:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober426181186.gif
[2010/05/10 17:01:07 | 000,000,196 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober426181186.src

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Cattie\Local Settings\Application Data\Google\Chrome\Application\11.0.696.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Cattie\Local Settings\Application Data\Google\Chrome\Application\11.0.696.60\pdf.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Documents and Settings\Cattie\Local Settings\Application Data\Google\Chrome\Application\11.0.696.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\Cattie\Local Settings\Application Data\Google\Chrome\Application\11.0.696.60\gears.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: getPlusPlus for Adobe 16263 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Cattie\Application Data\Move Networks\plugins\npqmp071701000002.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Cattie\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

cbullard1982
Novice
Novice

Posts Posts : 45
Joined Joined : 2011-12-17
OS OS : windows xp
Points Points : 18791
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Problems with svchost.exe running over 350,000 K

Post by cbullard1982 on Fri Jan 27, 2012 10:35 pm

O1 HOSTS File: ([2011/12/22 22:52:07 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} [You must be registered and logged in to see this link.] (PCPitstop Utility)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} [You must be registered and logged in to see this link.] (PogoWebLauncher Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} [You must be registered and logged in to see this link.] (MySpace Uploader Control)
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} [You must be registered and logged in to see this link.] (GameTap Player)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} [You must be registered and logged in to see this link.] (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} [You must be registered and logged in to see this link.] (MySpace Uploader Control)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} [You must be registered and logged in to see this link.] (DDRevision Class)
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} [You must be registered and logged in to see this link.] (GoBit Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} [You must be registered and logged in to see this link.] (Oberon Flash Game Host)
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} [You must be registered and logged in to see this link.] (SproutLauncherCtrl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44EFEC5D-1C0D-466E-AD76-C26DAC4AB301}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Cattie\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Cattie\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/02/06 01:23:17 | 000,000,045 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: dscactivate - hkey= - key= - C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
MsConfig - StartUpReg: ECenter - hkey= - key= - C:\dell\E-Center\EULALauncher.exe ( )
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
MsConfig - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - File not found
SafeBootMin: Office Depot PC Support Agent - C:\Program Files\Office Depot PC Support Agent\esService.exe (Support.com, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - File not found
SafeBootNet: nm.sys - File not found
SafeBootNet: Office Depot PC Support Agent - C:\Program Files\Office Depot PC Support Agent\esService.exe (Support.com, Inc.)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} - Reg Error: Value error.
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

cbullard1982
Novice
Novice

Posts Posts : 45
Joined Joined : 2011-12-17
OS OS : windows xp
Points Points : 18791
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Problems with svchost.exe running over 350,000 K

Post by cbullard1982 on Fri Jan 27, 2012 10:36 pm

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/27 13:56:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cattie\My Documents\Office Depot PC Support Agent
[2012/01/27 13:54:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cattie\Application Data\QuickScan
[2012/01/27 13:49:03 | 000,000,000 | ---D | C] -- C:\Program Files\Office Depot PC Support Agent
[2012/01/11 12:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/01/11 12:30:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cattie\Desktop\Rawr WPF 4.3.5
[2012/01/07 22:32:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cattie\Application Data\Skype
[2012/01/07 22:32:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/01/07 22:32:27 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/01/07 22:32:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype

========== Files - Modified Within 30 Days ==========

[2012/01/27 15:44:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{96B2581F-E1FF-4224-B9F2-AB3E31D00B96}.job
[2012/01/27 15:41:00 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{34CD53BE-07A6-4108-B6CE-D8E418EA34BA}.job
[2012/01/27 15:03:27 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/27 15:02:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/27 15:02:15 | 2078,789,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/27 14:45:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/27 13:49:18 | 000,001,903 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Office Depot PC Support Agent.lnk
[2012/01/27 13:36:17 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/27 13:03:26 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Cattie\tasklist
[2012/01/27 12:20:06 | 087,583,141 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/01/27 00:55:01 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/01/26 14:18:10 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2012/01/26 06:03:00 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\WebReg Deskjet D1400 series.job
[2012/01/23 23:24:23 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/18 23:16:06 | 000,082,165 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/01/12 08:18:55 | 000,527,904 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/12 08:18:55 | 000,098,940 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/11 08:08:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2012/01/27 13:49:18 | 000,001,909 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Office Depot PC Support Agent.lnk
[2012/01/27 13:49:18 | 000,001,903 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Office Depot PC Support Agent.lnk
[2012/01/27 13:03:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Cattie\tasklist
[2012/01/16 16:55:38 | 000,194,554 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2096645506-828190138-1039861506-1008-0.dat
[2012/01/16 16:55:37 | 000,194,554 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/01/07 22:32:28 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/12/22 22:11:53 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/22 22:11:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/22 22:11:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/22 22:11:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/22 22:11:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/20 01:40:50 | 000,017,022 | -HS- | C] () -- C:\Documents and Settings\Cattie\Local Settings\Application Data\811410x6x458s346j352j8tkd0v6
[2011/12/20 01:40:50 | 000,017,022 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\811410x6x458s346j352j8tkd0v6
[2011/12/17 09:09:08 | 000,013,010 | -HS- | C] () -- C:\Documents and Settings\Cattie\Local Settings\Application Data\fwfnwh1p0gfn1ktt7sru4b322s8n
[2011/12/17 09:09:08 | 000,013,010 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\fwfnwh1p0gfn1ktt7sru4b322s8n
[2010/07/13 04:53:38 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2010/06/24 09:20:12 | 000,384,384 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/31 18:53:59 | 000,000,507 | ---- | C] () -- C:\Documents and Settings\Cattie\Application Data\Poladroid prefs.plist
[2010/03/10 16:20:29 | 000,001,288 | ---- | C] () -- C:\Documents and Settings\Cattie\Application Data\wklnhst.dat
[2010/03/09 11:58:01 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Cattie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/27 22:44:17 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009/10/21 12:22:26 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2009/08/09 03:11:24 | 000,010,480 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xonopeb.ban
[2009/08/09 03:11:23 | 000,017,411 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\agijudo.dat
[2009/08/09 03:11:23 | 000,017,041 | ---- | C] () -- C:\WINDOWS\uvoh.bin
[2009/08/09 03:11:23 | 000,016,232 | ---- | C] () -- C:\WINDOWS\cazufanu.bin
[2009/08/09 03:11:23 | 000,013,722 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tumudyh.lib
[2009/07/11 14:31:43 | 045,312,544 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/07/11 14:31:43 | 000,815,648 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/06/30 23:40:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/09 09:56:00 | 000,058,672 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2009/04/09 00:14:06 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/03/21 23:28:53 | 000,000,295 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2008/04/23 15:39:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/04/23 15:34:39 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/04/23 15:10:42 | 000,001,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2008/04/23 15:03:01 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/04/23 15:03:01 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/04/23 15:03:01 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/04/23 15:02:59 | 001,018,772 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2008/04/23 15:02:59 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/04/23 15:02:59 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/04/23 15:02:58 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/04/23 15:02:57 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/04/23 15:02:53 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/04/23 15:02:52 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/04/23 15:02:44 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/04/23 15:01:22 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 12:12:05 | 000,000,884 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 12:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 11:57:15 | 000,224,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 11:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 11:51:20 | 000,527,904 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 11:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 11:51:20 | 000,098,940 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 11:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 11:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 11:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 11:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 11:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 11:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 11:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 11:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1997/06/13 19:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/12/29 19:08:43 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/12/29 19:08:42 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/12/29 19:08:40 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/12/29 19:08:40 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2011/12/22 23:14:04 | 000,000,000 | ---D | M] -- C:\Program Files\2Wire
[2011/05/04 03:21:38 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/02/18 06:25:02 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2011/04/16 15:13:02 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/08/23 14:37:15 | 000,000,000 | ---D | M] -- C:\Program Files\att games
[2012/01/27 15:31:54 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2009/10/27 17:42:00 | 000,000,000 | ---D | M] -- C:\Program Files\Bethesda Softworks
[2010/01/08 22:52:21 | 000,000,000 | ---D | M] -- C:\Program Files\BFG
[2012/01/27 15:34:56 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2004/08/10 12:02:08 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2008/04/23 15:10:48 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2010/03/24 11:48:22 | 000,000,000 | ---D | M] -- C:\Program Files\Crystalize
[2008/04/23 15:27:19 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2010/11/06 18:24:17 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2008/04/23 15:30:17 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2010/10/29 01:46:14 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2010/01/15 16:00:02 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2010/03/24 11:48:36 | 000,000,000 | ---D | M] -- C:\Program Files\GameMill Entertainment
[2011/02/21 12:47:25 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/01/25 06:02:10 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2011/06/14 17:27:40 | 000,000,000 | ---D | M] -- C:\Program Files\ImgBurn
[2011/05/31 15:13:52 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/12/15 08:03:23 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/05/06 12:41:22 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/10/24 09:32:45 | 000,000,000 | ---D | M] -- C:\Program Files\Jewels of the Nile
[2012/01/27 13:15:25 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/14 15:08:59 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2004/08/10 12:04:18 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2008/04/23 15:30:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/12/24 10:54:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2012/01/11 12:37:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2008/06/25 12:53:02 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Diagnostic Tool
[2010/10/29 07:02:30 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/12/29 19:09:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/08/15 02:07:42 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/10/29 01:52:09 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/08/10 12:01:24 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/04/23 15:22:03 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2009/10/10 18:40:34 | 000,000,000 | ---D | M] -- C:\Program Files\myapp
[2010/01/14 15:05:21 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2008/04/23 15:27:09 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2011/02/21 12:55:51 | 000,000,000 | ---D | M] -- C:\Program Files\Norton PC Checkup
[2010/05/16 19:52:56 | 000,000,000 | ---D | M] -- C:\Program Files\Norton Security Scan
[2010/10/29 01:45:49 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2010/01/11 23:15:49 | 000,000,000 | ---D | M] -- C:\Program Files\Nova Development
[2011/05/04 03:22:38 | 000,000,000 | ---D | M] -- C:\Program Files\Oberon Media
[2012/01/27 14:04:18 | 000,000,000 | ---D | M] -- C:\Program Files\Office Depot PC Support Agent
[2004/08/10 12:01:34 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/24 10:51:53 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/10/10 16:43:30 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2010/01/08 22:23:26 | 000,000,000 | ---D | M] -- C:\Program Files\Perfect World Entertainment
[2011/04/16 15:14:38 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/10/29 01:52:36 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2010/10/29 01:52:35 | 000,000,000 | ---D | M] -- C:\Program Files\real(2)
[2009/08/15 02:07:31 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/04/23 15:31:41 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2010/03/24 11:59:26 | 000,000,000 | ---D | M] -- C:\Program Files\SBC Yahoo!
[2010/01/14 18:53:19 | 000,000,000 | ---D | M] -- C:\Program Files\Selectsoft
[2012/01/07 22:32:28 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2010/02/05 12:11:18 | 000,000,000 | ---D | M] -- C:\Program Files\Stardock
[2008/08/10 01:11:43 | 000,000,000 | ---D | M] -- C:\Program Files\Sun
[2009/10/10 18:51:58 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2010/06/14 01:45:36 | 000,000,000 | ---D | M] -- C:\Program Files\TrueGames
[2004/08/10 12:08:30 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/04/23 15:35:07 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2010/01/14 15:06:56 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/01/14 15:05:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2004/08/10 12:02:52 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2011/05/31 15:24:38 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2011/05/31 15:24:27 | 000,000,000 | ---D | M] -- C:\Program Files\WolfQuest
[2012/01/26 14:18:09 | 000,000,000 | ---D | M] -- C:\Program Files\World of Warcraft
[2011/10/22 13:38:08 | 000,000,000 | ---D | M] -- C:\Program Files\World of Warcraft Public Test
[2004/08/10 12:04:18 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2011/05/31 15:33:27 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!


< MD5 for: AGP440.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/01/14 15:00:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/01/14 15:00:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/01/14 15:00:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/01/14 15:00:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:disk.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2010/01/14 15:00:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2010/01/14 15:00:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 04:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\i386\disk.sys
[2004/08/04 04:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 12:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 12:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: IASTOR.SYS >
[2011/06/14 17:22:23 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Documents and Settings\Cattie\Desktop\unused shit\IAStor\IaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 12:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/04 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-26 14:06:17

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/29 19:08:40 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/29 19:08:40 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/29 19:08:40 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/12/29 19:08:42 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/12/29 19:08:42 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/12/29 19:08:42 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 05:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 05:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 05:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/29 19:08:40 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/29 19:08:40 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/29 19:08:40 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/12/29 19:08:42 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/12/29 19:08:42 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/12/29 19:08:42 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 05:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 05:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 05:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

========== Files - Unicode (All) ==========
[2009/07/11 14:25:41 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩
[2009/07/11 14:25:41 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

cbullard1982
Novice
Novice

Posts Posts : 45
Joined Joined : 2011-12-17
OS OS : windows xp
Points Points : 18791
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Problems with svchost.exe running over 350,000 K

Post by cbullard1982 on Fri Jan 27, 2012 10:39 pm

aswMBR log


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2012-01-27 16:29:16
-----------------------------
16:29:16.393 OS Version: Windows 5.1.2600 Service Pack 3
16:29:16.393 Number of processors: 1 586 0x7F02
16:29:16.393 ComputerName: CLBPC UserName:
16:29:21.911 Initialize success
16:30:13.835 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
16:30:13.835 Disk 0 Vendor: WDC_WD1600AAJS-75WAA0 58.01D58 Size: 152587MB BusType: 3
16:30:13.835 Device \Driver\atapi -> DriverStartIo 8978e2c6
16:30:15.838 Disk 0 MBR read successfully
16:30:15.838 Disk 0 MBR scan
16:30:15.838 Disk 0 TDL4@MBR code has been found
16:30:15.838 Disk 0 Windows XP default MBR code found via API
16:30:15.838 Disk 0 MBR hidden
16:30:15.838 Disk 0 MBR [TDL4] **ROOTKIT**
16:30:15.838 Disk 0 trace - called modules:
16:30:15.838 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8978e49f]<<
16:30:15.838 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aaf9ab8]
16:30:15.838 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000062[0x8aa7ff18]
16:30:15.838 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> [0x8ab50d98]
16:30:16.149 \Driver\atapi[0x89a99818] -> IRP_MJ_CREATE -> 0x8978e49f
16:30:16.149 Scan finished successfully
16:30:57.338 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Cattie\Desktop\MBR.dat"
16:30:57.348 The log file has been saved successfully to "C:\Documents and Settings\Cattie\Desktop\1aswMBR.txt"

cbullard1982
Novice
Novice

Posts Posts : 45
Joined Joined : 2011-12-17
OS OS : windows xp
Points Points : 18791
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Problems with svchost.exe running over 350,000 K

Post by cbullard1982 on Fri Jan 27, 2012 10:43 pm

Security Check Log

Results of screen317's Security Check version 0.99.30
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
AVG 2012
```````````````````````````````
Anti-malware/Other Utilities Check:

Java(TM) 6 Update 24
Java version out of date!
Adobe Flash Player 10.3.183.7 Flash Player out of Date!
Adobe Reader 8 Adobe Reader out of date!
Mozilla Firefox (9.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgemc.exe
``````````End of Log````````````

cbullard1982
Novice
Novice

Posts Posts : 45
Joined Joined : 2011-12-17
OS OS : windows xp
Points Points : 18791
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Problems with svchost.exe running over 350,000 K

Post by Belahzur on Tue Jan 31, 2012 1:01 am

Hello.

Please download TDSSKiller from [You must be registered and logged in to see this link.] and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Problems with svchost.exe running over 350,000 K

Post by cbullard1982 on Fri Feb 03, 2012 5:02 pm

07:44:39.0901 5180 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
07:44:40.0462 5180 ============================================================
07:44:40.0462 5180 Current date / time: 2012/02/03 07:44:40.0462
07:44:40.0462 5180 SystemInfo:
07:44:40.0462 5180
07:44:40.0462 5180 OS Version: 5.1.2600 ServicePack: 3.0
07:44:40.0462 5180 Product type: Workstation
07:44:40.0462 5180 ComputerName: CLBPC
07:44:40.0462 5180 UserName: Cattie
07:44:40.0462 5180 Windows directory: C:\WINDOWS
07:44:40.0462 5180 System windows directory: C:\WINDOWS
07:44:40.0462 5180 Processor architecture: Intel x86
07:44:40.0462 5180 Number of processors: 1
07:44:40.0462 5180 Page size: 0x1000
07:44:40.0462 5180 Boot type: Normal boot
07:44:40.0462 5180 ============================================================
07:44:46.0120 5180 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
07:44:46.0200 5180 \Device\Harddisk0\DR0:
07:44:46.0210 5180 MBR used
07:44:46.0210 5180 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x129ED876
07:44:46.0280 5180 Initialize success
07:44:46.0280 5180 ============================================================
07:44:49.0004 4808 ============================================================
07:44:49.0004 4808 Scan started
07:44:49.0004 4808 Mode: Manual;
07:44:49.0004 4808 ============================================================
07:44:49.0865 4808 .avgldx86 - ok
07:44:50.0005 4808 Abiosdsk - ok
07:44:50.0136 4808 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
07:44:50.0436 4808 abp480n5 - ok
07:44:50.0536 4808 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:44:50.0536 4808 ACPI - ok
07:44:50.0586 4808 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
07:44:50.0586 4808 ACPIEC - ok
07:44:50.0676 4808 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
07:44:50.0686 4808 adpu160m - ok
07:44:50.0756 4808 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
07:44:50.0756 4808 aec - ok
07:44:50.0937 4808 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
07:44:51.0027 4808 AFD - ok
07:44:51.0107 4808 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
07:44:51.0107 4808 agp440 - ok
07:44:51.0117 4808 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
07:44:51.0117 4808 agpCPQ - ok
07:44:51.0177 4808 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
07:44:51.0177 4808 Aha154x - ok
07:44:51.0197 4808 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
07:44:51.0197 4808 aic78u2 - ok
07:44:51.0207 4808 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
07:44:51.0217 4808 aic78xx - ok
07:44:51.0237 4808 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
07:44:51.0237 4808 AliIde - ok
07:44:51.0247 4808 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
07:44:51.0257 4808 alim1541 - ok
07:44:51.0307 4808 Alpham1 (acd2f2df292b6cc28f58095bba63a068) C:\WINDOWS\system32\DRIVERS\Alpham1.sys
07:44:51.0638 4808 Alpham1 - ok
07:44:51.0798 4808 Alpham2 (f4fafb2e74b83a156408b1b02302799e) C:\WINDOWS\system32\DRIVERS\Alpham2.sys
07:44:52.0158 4808 Alpham2 - ok
07:44:52.0309 4808 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
07:44:52.0309 4808 amdagp - ok
07:44:52.0359 4808 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
07:44:52.0359 4808 amsint - ok
07:44:52.0419 4808 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
07:44:52.0419 4808 asc - ok
07:44:52.0499 4808 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
07:44:52.0499 4808 asc3350p - ok
07:44:52.0509 4808 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
07:44:52.0519 4808 asc3550 - ok
07:44:52.0569 4808 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
07:44:52.0889 4808 ASCTRM - ok
07:44:53.0090 4808 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:44:53.0090 4808 AsyncMac - ok
07:44:53.0170 4808 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
07:44:53.0180 4808 atapi - ok
07:44:53.0190 4808 Atdisk - ok
07:44:53.0220 4808 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:44:53.0220 4808 Atmarpc - ok
07:44:53.0290 4808 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
07:44:53.0290 4808 audstub - ok
07:44:53.0350 4808 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
07:44:53.0380 4808 AVGIDSDriver - ok
07:44:53.0400 4808 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
07:44:53.0400 4808 AVGIDSEH - ok
07:44:53.0440 4808 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
07:44:53.0440 4808 AVGIDSFilter - ok
07:44:53.0460 4808 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
07:44:53.0460 4808 AVGIDSShim - ok
07:44:53.0480 4808 Avgldx86 - ok
07:44:53.0520 4808 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
07:44:53.0520 4808 Avgmfx86 - ok
07:44:53.0540 4808 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
07:44:53.0540 4808 Avgrkx86 - ok
07:44:53.0590 4808 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
07:44:53.0590 4808 Beep - ok
07:44:53.0651 4808 catchme - ok
07:44:53.0711 4808 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
07:44:53.0711 4808 cbidf - ok
07:44:53.0761 4808 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
07:44:53.0761 4808 cbidf2k - ok
07:44:53.0831 4808 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
07:44:53.0831 4808 CCDECODE - ok
07:44:53.0881 4808 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
07:44:53.0881 4808 cd20xrnt - ok
07:44:53.0911 4808 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
07:44:53.0911 4808 Cdaudio - ok
07:44:53.0951 4808 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
07:44:53.0951 4808 Cdfs - ok
07:44:53.0991 4808 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:44:54.0011 4808 Cdrom - ok
07:44:54.0031 4808 Changer - ok
07:44:54.0101 4808 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
07:44:54.0101 4808 CmdIde - ok
07:44:54.0151 4808 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
07:44:54.0151 4808 Cpqarray - ok
07:44:54.0211 4808 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
07:44:54.0211 4808 dac2w2k - ok
07:44:54.0221 4808 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
07:44:54.0231 4808 dac960nt - ok
07:44:54.0261 4808 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
07:44:54.0261 4808 Disk - ok
07:44:54.0302 4808 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
07:44:54.0322 4808 dmboot - ok
07:44:54.0362 4808 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
07:44:54.0362 4808 dmio - ok
07:44:54.0392 4808 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
07:44:54.0392 4808 dmload - ok
07:44:54.0452 4808 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
07:44:54.0452 4808 DMusic - ok
07:44:54.0472 4808 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
07:44:54.0472 4808 dpti2o - ok
07:44:54.0482 4808 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
07:44:54.0482 4808 drmkaud - ok
07:44:54.0522 4808 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
07:44:54.0522 4808 E100B - ok
07:44:54.0562 4808 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
07:44:54.0572 4808 Fastfat - ok
07:44:54.0592 4808 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
07:44:54.0592 4808 Fdc - ok
07:44:54.0632 4808 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
07:44:54.0632 4808 Fips - ok
07:44:54.0662 4808 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
07:44:54.0662 4808 Flpydisk - ok
07:44:54.0712 4808 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
07:44:54.0712 4808 FltMgr - ok
07:44:54.0762 4808 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:44:54.0762 4808 Fs_Rec - ok
07:44:54.0802 4808 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:44:54.0802 4808 Ftdisk - ok
07:44:54.0832 4808 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:44:54.0832 4808 Gpc - ok
07:44:54.0892 4808 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
07:44:54.0902 4808 HDAudBus - ok
07:44:54.0942 4808 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:44:54.0942 4808 HidUsb - ok
07:44:55.0063 4808 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
07:44:55.0103 4808 hpn - ok
07:44:55.0163 4808 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
07:44:55.0193 4808 HSFHWBS2 - ok
07:44:55.0243 4808 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
07:44:55.0273 4808 HSF_DP - ok
07:44:55.0323 4808 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
07:44:55.0343 4808 HTTP - ok
07:44:55.0383 4808 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
07:44:55.0383 4808 i2omgmt - ok
07:44:55.0423 4808 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
07:44:55.0423 4808 i2omp - ok
07:44:55.0453 4808 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:44:55.0453 4808 i8042prt - ok
07:44:55.0483 4808 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
07:44:55.0483 4808 Imapi - ok
07:44:55.0533 4808 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
07:44:55.0543 4808 ini910u - ok
07:44:55.0784 4808 IntcAzAudAddService (dbc702fbc70dc58d9122ce56eadbd659) C:\WINDOWS\system32\drivers\RtkHDAud.sys
07:44:55.0984 4808 IntcAzAudAddService - ok
07:44:56.0024 4808 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
07:44:56.0024 4808 IntelIde - ok
07:44:56.0094 4808 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:44:56.0104 4808 intelppm - ok
07:44:56.0134 4808 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
07:44:56.0164 4808 Ip6Fw - ok
07:44:56.0184 4808 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:44:56.0184 4808 IpFilterDriver - ok
07:44:56.0194 4808 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:44:56.0194 4808 IpInIp - ok
07:44:56.0294 4808 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:44:56.0294 4808 IpNat - ok
07:44:56.0354 4808 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:44:56.0374 4808 IPSec - ok
07:44:56.0405 4808 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
07:44:56.0415 4808 IRENUM - ok
07:44:56.0465 4808 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:44:56.0465 4808 isapnp - ok
07:44:56.0515 4808 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:44:56.0535 4808 Kbdclass - ok
07:44:56.0585 4808 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
07:44:56.0595 4808 kbdhid - ok
07:44:56.0635 4808 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
07:44:56.0635 4808 kmixer - ok
07:44:56.0665 4808 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
07:44:56.0685 4808 KSecDD - ok
07:44:56.0715 4808 lbrtfdc - ok
07:44:56.0795 4808 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
07:44:57.0136 4808 MDC8021X - ok
07:44:57.0276 4808 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
07:44:57.0276 4808 mdmxsdk - ok
07:44:57.0346 4808 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
07:44:57.0346 4808 mnmdd - ok
07:44:57.0396 4808 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
07:44:57.0406 4808 Modem - ok
07:44:57.0426 4808 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
07:44:57.0426 4808 MODEMCSA - ok
07:44:57.0446 4808 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:44:57.0446 4808 Mouclass - ok
07:44:57.0496 4808 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:44:57.0506 4808 mouhid - ok
07:44:57.0546 4808 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
07:44:57.0546 4808 MountMgr - ok
07:44:57.0636 4808 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
07:44:57.0636 4808 mraid35x - ok
07:44:57.0656 4808 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:44:57.0656 4808 MRxDAV - ok
07:44:57.0686 4808 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
07:44:57.0686 4808 Msfs - ok
07:44:57.0756 4808 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:44:57.0756 4808 MSKSSRV - ok
07:44:57.0797 4808 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:44:57.0817 4808 MSPCLOCK - ok
07:44:57.0827 4808 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
07:44:57.0837 4808 MSPQM - ok
07:44:57.0897 4808 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:44:57.0917 4808 mssmbios - ok
07:44:57.0957 4808 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
07:44:58.0007 4808 MSTEE - ok
07:44:58.0067 4808 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
07:44:58.0067 4808 Mup - ok
07:44:58.0117 4808 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
07:44:58.0127 4808 NABTSFEC - ok
07:44:58.0177 4808 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
07:44:58.0177 4808 NDIS - ok
07:44:58.0227 4808 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
07:44:58.0227 4808 NdisIP - ok
07:44:58.0287 4808 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:44:58.0297 4808 NdisTapi - ok
07:44:58.0337 4808 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:44:58.0347 4808 Ndisuio - ok
07:44:58.0377 4808 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:44:58.0387 4808 NdisWan - ok
07:44:58.0437 4808 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
07:44:58.0468 4808 NDProxy - ok
07:44:58.0508 4808 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
07:44:58.0518 4808 NetBIOS - ok
07:44:58.0548 4808 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
07:44:58.0558 4808 NetBT - ok
07:44:58.0588 4808 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
07:44:58.0588 4808 Npfs - ok
07:44:58.0718 4808 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
07:44:58.0768 4808 Ntfs - ok
07:44:58.0818 4808 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
07:44:58.0818 4808 Null - ok
07:44:59.0038 4808 nv (cce4877e45f5300fffbb4a6bc5e7fda7) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
07:44:59.0259 4808 nv - ok
07:44:59.0329 4808 NVENETFD (1492c7738f68625805f5f53c8bad24c6) C:\WINDOWS\system32\drivers\NVENETFD.sys
07:44:59.0329 4808 NVENETFD - ok
07:44:59.0369 4808 nvnetbus (ae73e61f07ddc84255bece6b02f18390) C:\WINDOWS\system32\drivers\nvnetbus.sys
07:44:59.0369 4808 nvnetbus - ok
07:44:59.0409 4808 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:44:59.0409 4808 NwlnkFlt - ok
07:44:59.0459 4808 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:44:59.0459 4808 NwlnkFwd - ok
07:44:59.0519 4808 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
07:44:59.0529 4808 Parport - ok
07:44:59.0619 4808 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
07:44:59.0619 4808 PartMgr - ok
07:44:59.0649 4808 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
07:44:59.0649 4808 ParVdm - ok
07:44:59.0679 4808 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
07:44:59.0679 4808 PCI - ok
07:44:59.0689 4808 PCIDump - ok
07:44:59.0739 4808 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
07:44:59.0739 4808 PCIIde - ok
07:44:59.0759 4808 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
07:44:59.0759 4808 Pcmcia - ok
07:44:59.0779 4808 PDCOMP - ok
07:44:59.0789 4808 PDFRAME - ok
07:44:59.0799 4808 PDRELI - ok
07:44:59.0809 4808 PDRFRAME - ok
07:44:59.0839 4808 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
07:44:59.0839 4808 perc2 - ok
07:44:59.0860 4808 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
07:44:59.0860 4808 perc2hib - ok
07:44:59.0910 4808 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:44:59.0910 4808 PptpMiniport - ok
07:44:59.0960 4808 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
07:44:59.0960 4808 Processor - ok
07:44:59.0980 4808 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:44:59.0980 4808 Ptilink - ok
07:45:00.0020 4808 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
07:45:00.0030 4808 PxHelp20 - ok
07:45:00.0080 4808 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
07:45:00.0080 4808 ql1080 - ok
07:45:00.0140 4808 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
07:45:00.0150 4808 Ql10wnt - ok
07:45:00.0210 4808 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
07:45:00.0210 4808 ql12160 - ok
07:45:00.0280 4808 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
07:45:00.0290 4808 ql1240 - ok
07:45:00.0350 4808 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
07:45:00.0360 4808 ql1280 - ok
07:45:00.0390 4808 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:45:00.0390 4808 RasAcd - ok
07:45:00.0450 4808 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:45:00.0450 4808 Rasl2tp - ok
07:45:00.0460 4808 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:45:00.0470 4808 RasPppoe - ok
07:45:00.0480 4808 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
07:45:00.0490 4808 Raspti - ok
07:45:00.0520 4808 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:45:00.0520 4808 Rdbss - ok
07:45:00.0551 4808 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:45:00.0551 4808 RDPCDD - ok
07:45:00.0711 4808 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:45:00.0711 4808 rdpdr - ok
07:45:00.0791 4808 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
07:45:00.0791 4808 RDPWD - ok
07:45:00.0831 4808 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
07:45:00.0851 4808 redbook - ok
07:45:00.0871 4808 RPSKT - ok
07:45:00.0951 4808 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:45:00.0991 4808 Secdrv - ok
07:45:01.0051 4808 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
07:45:01.0051 4808 serenum - ok
07:45:01.0091 4808 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
07:45:01.0111 4808 Serial - ok
07:45:01.0191 4808 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
07:45:01.0191 4808 Sfloppy - ok
07:45:01.0211 4808 Simbad - ok
07:45:01.0252 4808 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
07:45:01.0262 4808 sisagp - ok
07:45:01.0302 4808 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
07:45:01.0302 4808 SLIP - ok
07:45:01.0352 4808 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
07:45:01.0352 4808 Sparrow - ok
07:45:01.0402 4808 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
07:45:01.0412 4808 splitter - ok
07:45:01.0432 4808 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
07:45:01.0442 4808 sr - ok
07:45:01.0482 4808 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
07:45:01.0482 4808 Srv - ok
07:45:01.0532 4808 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
07:45:01.0542 4808 streamip - ok
07:45:01.0552 4808 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
07:45:01.0562 4808 swenum - ok
07:45:01.0572 4808 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
07:45:01.0572 4808 swmidi - ok
07:45:01.0622 4808 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
07:45:01.0622 4808 symc810 - ok
07:45:01.0652 4808 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
07:45:01.0652 4808 symc8xx - ok
07:45:01.0672 4808 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
07:45:01.0672 4808 sym_hi - ok
07:45:01.0712 4808 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
07:45:01.0712 4808 sym_u3 - ok
07:45:01.0792 4808 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
07:45:01.0822 4808 sysaudio - ok
07:45:01.0983 4808 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:45:02.0013 4808 Tcpip - ok
07:45:02.0233 4808 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
07:45:02.0233 4808 TDPIPE - ok
07:45:02.0303 4808 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
07:45:02.0303 4808 TDTCP - ok
07:45:02.0333 4808 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
07:45:02.0343 4808 TermDD - ok
07:45:02.0413 4808 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
07:45:02.0413 4808 TosIde - ok
07:45:02.0453 4808 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
07:45:02.0463 4808 Udfs - ok
07:45:02.0503 4808 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
07:45:02.0513 4808 ultra - ok
07:45:02.0543 4808 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
07:45:02.0543 4808 Update - ok
07:45:02.0593 4808 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:45:02.0593 4808 usbccgp - ok
07:45:02.0654 4808 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:45:02.0654 4808 usbehci - ok
07:45:02.0694 4808 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:45:02.0694 4808 usbhub - ok
07:45:02.0754 4808 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
07:45:02.0754 4808 usbohci - ok
07:45:02.0794 4808 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
07:45:02.0794 4808 usbprint - ok
07:45:02.0834 4808 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:45:02.0844 4808 USBSTOR - ok
07:45:02.0864 4808 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:45:02.0864 4808 usbuhci - ok
07:45:02.0914 4808 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
07:45:02.0914 4808 VgaSave - ok
07:45:02.0964 4808 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
07:45:02.0964 4808 viaagp - ok
07:45:02.0984 4808 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
07:45:02.0984 4808 ViaIde - ok
07:45:03.0024 4808 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
07:45:03.0034 4808 VolSnap - ok
07:45:03.0074 4808 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:45:03.0084 4808 Wanarp - ok
07:45:03.0124 4808 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
07:45:03.0164 4808 wanatw - ok
07:45:03.0174 4808 WDICA - ok
07:45:03.0234 4808 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
07:45:03.0254 4808 wdmaud - ok
07:45:03.0324 4808 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
07:45:03.0345 4808 winachsf - ok
07:45:03.0475 4808 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
07:45:03.0485 4808 WS2IFSL - ok
07:45:03.0535 4808 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
07:45:03.0535 4808 WSTCODEC - ok
07:45:03.0555 4808 XDva349 - ok
07:45:03.0585 4808 MBR (0x1B8) (1f753b395539269a3484aecd505b79bd) \Device\Harddisk0\DR0
07:45:03.0615 4808 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
07:45:03.0615 4808 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
07:45:03.0655 4808 Boot (0x1200) (7ccb7a213c331412c4caf334b46e94cf) \Device\Harddisk0\DR0\Partition0
07:45:03.0655 4808 \Device\Harddisk0\DR0\Partition0 - ok
07:45:03.0665 4808 ============================================================
07:45:03.0665 4808 Scan finished
07:45:03.0665 4808 ============================================================
07:45:03.0675 5976 Detected object count: 1
07:45:03.0675 5976 Actual detected object count: 1
07:45:28.0931 5976 \Device\Harddisk0\DR0\# - copied to quarantine
07:45:28.0931 5976 \Device\Harddisk0\DR0 - copied to quarantine
07:45:29.0072 5976 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
07:45:29.0112 5976 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
07:45:29.0112 5976 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
07:45:29.0182 5976 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
07:45:29.0192 5976 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
07:45:29.0192 5976 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
07:45:29.0192 5976 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
07:45:29.0252 5976 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
07:45:29.0262 5976 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
07:45:29.0262 5976 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
07:45:29.0282 5976 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
07:45:29.0282 5976 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
07:45:29.0292 5976 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
07:45:29.0292 5976 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
07:45:29.0292 5976 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
07:45:29.0292 5976 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
07:45:29.0292 5976 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
07:45:29.0292 5976 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
07:45:29.0292 5976 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
07:45:29.0292 5976 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
07:45:29.0292 5976 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
07:45:29.0292 5976 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
07:45:29.0302 5976 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
07:45:29.0302 5976 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
07:45:29.0302 5976 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
07:45:29.0302 5976 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
07:45:29.0302 5976 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
07:45:29.0302 5976 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
07:45:29.0302 5976 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
07:45:29.0302 5976 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
07:45:29.0302 5976 \Device\Harddisk0\DR0 - processing error
07:45:46.0046 5976 \Device\Harddisk0\DR0 - will be restored on reboot
07:45:46.0046 5976 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure Restore
07:45:52.0976 3980 Deinitialize success

cbullard1982
Novice
Novice

Posts Posts : 45
Joined Joined : 2011-12-17
OS OS : windows xp
Points Points : 18791
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Problems with svchost.exe running over 350,000 K

Post by cbullard1982 on Wed Feb 08, 2012 10:40 pm

bump

cbullard1982
Novice
Novice

Posts Posts : 45
Joined Joined : 2011-12-17
OS OS : windows xp
Points Points : 18791
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Problems with svchost.exe running over 350,000 K

Post by Belahzur on Sat Feb 11, 2012 12:12 am

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Problems with svchost.exe running over 350,000 K

Post by cbullard1982 on Sat Feb 11, 2012 3:27 am

I appreciate the help. I had to go and get it reprogrammed. I just got it back today. Thanks though

cbullard1982
Novice
Novice

Posts Posts : 45
Joined Joined : 2011-12-17
OS OS : windows xp
Points Points : 18791
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum