21 replies to this topic

[jeanbean]

I have read the other posts on this nasty virus and have not been able to remove the virus. I have Malwarebytes PRO installed and updated, it scans, detects 8 items, but the same virus keeps popping up after I reboot. What am I doing wrong?
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 1/7/2009 10:43:41 PM
System Uptime: 4/22/2012 1:34:39 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0NX907
Processor: Intel Pentium II processor | Microprocessor | 1861/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 71 GiB total, 36.898 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Modem Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_14F1000F&REV_1000\4&CE4CBCD&0&0102
Manufacturer:
Name: Modem Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_14F1000F&REV_1000\4&CE4CBCD&0&0102
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_02281028&REV_02\4&28D6DE3B&0&00F0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_02281028&REV_02\4&28D6DE3B&0&00F0
Service:
.
==== System Restore Points ===================
.
RP836: 1/24/2012 10:43:21 AM - System Checkpoint
RP837: 1/25/2012 10:56:51 AM - System Checkpoint
RP838: 1/26/2012 11:44:25 AM - System Checkpoint
RP839: 1/27/2012 12:43:21 PM - System Checkpoint
RP840: 1/28/2012 1:43:20 PM - System Checkpoint
RP841: 1/29/2012 2:46:20 PM - System Checkpoint
RP842: 1/30/2012 3:43:16 PM - System Checkpoint
RP843: 1/31/2012 4:57:18 PM - System Checkpoint
RP844: 2/1/2012 5:38:16 PM - System Checkpoint
RP845: 2/2/2012 5:50:29 PM - System Checkpoint
RP846: 2/3/2012 6:44:24 PM - System Checkpoint
RP847: 2/4/2012 7:43:19 PM - System Checkpoint
RP848: 2/5/2012 8:43:19 PM - System Checkpoint
RP849: 2/6/2012 9:43:24 PM - System Checkpoint
RP850: 2/7/2012 5:00:27 PM - Software Distribution Service 3.0
RP851: 2/8/2012 5:06:41 PM - System Checkpoint
RP852: 2/9/2012 5:43:24 PM - System Checkpoint
RP853: 2/10/2012 6:19:10 PM - System Checkpoint
RP854: 2/11/2012 7:19:11 PM - System Checkpoint
RP855: 2/12/2012 8:19:12 PM - System Checkpoint
RP856: 2/13/2012 9:19:11 PM - System Checkpoint
RP857: 2/14/2012 10:19:10 PM - System Checkpoint
RP858: 2/15/2012 11:19:12 PM - System Checkpoint
RP859: 2/16/2012 5:00:31 PM - Software Distribution Service 3.0
RP860: 2/17/2012 5:33:07 PM - System Checkpoint
RP861: 2/18/2012 6:01:36 PM - System Checkpoint
RP862: 2/19/2012 7:02:41 PM - System Checkpoint
RP863: 2/20/2012 8:01:35 PM - System Checkpoint
RP864: 2/21/2012 8:04:57 PM - System Checkpoint
RP865: 2/22/2012 9:05:02 PM - System Checkpoint
RP866: 2/23/2012 10:04:57 PM - System Checkpoint
RP867: 2/25/2012 8:06:04 AM - System Checkpoint
RP868: 2/26/2012 9:04:58 AM - System Checkpoint
RP869: 2/27/2012 10:04:58 AM - System Checkpoint
RP870: 2/28/2012 10:06:04 AM - System Checkpoint
RP871: 2/29/2012 11:06:02 AM - System Checkpoint
RP872: 3/1/2012 12:04:58 PM - System Checkpoint
RP873: 3/2/2012 12:06:03 PM - System Checkpoint
RP874: 3/3/2012 12:26:53 PM - System Checkpoint
RP875: 3/4/2012 3:37:01 PM - System Checkpoint
RP876: 3/5/2012 3:39:42 PM - System Checkpoint
RP877: 3/6/2012 4:39:41 PM - System Checkpoint
RP878: 3/7/2012 4:40:48 PM - System Checkpoint
RP879: 3/8/2012 8:02:45 PM - System Checkpoint
RP880: 3/9/2012 9:55:13 PM - System Checkpoint
RP881: 3/11/2012 10:08:46 AM - System Checkpoint
RP882: 3/12/2012 7:06:27 PM - System Checkpoint
RP883: 3/14/2012 2:46:33 AM - System Checkpoint
RP884: 3/14/2012 5:00:26 PM - Software Distribution Service 3.0
RP885: 3/15/2012 8:11:54 PM - System Checkpoint
RP886: 3/16/2012 8:13:25 PM - System Checkpoint
RP887: 3/18/2012 7:34:58 AM - System Checkpoint
RP888: 3/19/2012 8:25:16 AM - System Checkpoint
RP889: 3/20/2012 8:41:58 AM - System Checkpoint
RP890: 3/21/2012 9:00:56 AM - System Checkpoint
RP891: 3/22/2012 9:13:17 AM - System Checkpoint
RP892: 3/23/2012 9:59:50 AM - System Checkpoint
RP893: 3/24/2012 10:59:51 AM - System Checkpoint
RP894: 3/25/2012 11:59:49 AM - System Checkpoint
RP895: 3/26/2012 2:22:09 PM - System Checkpoint
RP896: 3/27/2012 2:29:01 PM - System Checkpoint
RP897: 3/28/2012 2:30:04 PM - System Checkpoint
RP898: 3/29/2012 3:28:58 PM - System Checkpoint
RP899: 3/30/2012 4:04:16 PM - System Checkpoint
RP900: 3/31/2012 5:22:52 PM - System Checkpoint
RP901: 4/1/2012 5:54:54 PM - System Checkpoint
RP902: 4/2/2012 6:05:12 PM - System Checkpoint
RP903: 4/3/2012 6:54:55 PM - System Checkpoint
RP904: 4/4/2012 7:54:49 PM - System Checkpoint
RP905: 4/5/2012 8:18:36 PM - System Checkpoint
RP906: 4/6/2012 8:38:02 PM - System Checkpoint
RP907: 4/7/2012 9:38:00 PM - System Checkpoint
RP908: 4/9/2012 10:34:14 AM - System Checkpoint
RP909: 4/10/2012 10:38:01 AM - System Checkpoint
RP910: 4/11/2012 11:38:01 AM - System Checkpoint
RP911: 4/12/2012 1:35:19 PM - System Checkpoint
RP912: 4/12/2012 5:00:32 PM - Software Distribution Service 3.0
RP913: 4/13/2012 5:33:49 PM - System Checkpoint
RP914: 4/14/2012 6:23:53 PM - System Checkpoint
RP915: 4/15/2012 6:34:52 PM - System Checkpoint
RP916: 4/16/2012 10:26:38 PM - System Checkpoint
RP917: 4/17/2012 10:33:47 PM - System Checkpoint
RP918: 4/19/2012 12:17:05 AM - System Checkpoint
RP919: 4/20/2012 12:40:08 AM - System Checkpoint
RP920: 4/21/2012 1:33:50 AM - System Checkpoint
RP921: 4/22/2012 10:03:12 AM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 7.0.5
Adobe Shockwave Player 11.5
Aloha TriPeaks
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Big Fish Games: Game Manager
BlackBerry App World Browser Plugin
BlackBerry Desktop Software 4.5
Bonjour
Click to Call with Skype
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
CutePDF Writer 2.8
Dell Resource CD
Dell Wireless WLAN Card Utility
Digital Photo Navigator 1.5
EasyBits GO
Everio MediaBrowser
Facebook Plug-In
Google Updater
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless Software
iTunes
KhalInstallWrapper
LG United Mobile Drivers
LimeWire 5.2.13
Luxor 2
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee Security Scan Plus
mCore
mDriver
mDrWiFi
MediaDirect
mHlpDell
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft DirectX 9.0 SDK Update (August 2005)
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Small Business Edition 2003
Microsoft Office Word 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft WinUsb 1.0
Microsoft Works
mIWA
mLogView
mMHouse
MobileMe Control Panel
Move Media Player
Mozilla Firefox 11.0 (x86 en-US)
MP3 Player Utilities 4.18
mPfMgr
mPfWiz
mProSafe
mSCfg
MSN
mSSO
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
mWlsSafe
mWMI
mZConfig
NVIDIA Drivers
OutlookAddinSetup
QuickSet
QuickTime
Roxio Media Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
SigmaTel Audio
Skype™ 5.5
StreamTorrent 1.0
TimeLeft
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
vGrabber
WebFldrs XP
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Service Pack 3
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
4/22/2012 7:42:21 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV Fips intelppm
4/22/2012 7:41:22 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/22/2012 7:17:25 AM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
4/21/2012 7:08:43 PM, error: RemoteAccess [20106] - Unable to add the interface {E5B8C49F-9672-43D5-B364-64CB88009925} with the Router Manager for the IP protocol. The following error occurred: Cannot complete this function.
4/21/2012 7:08:38 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.
4/21/2012 5:46:36 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
.
==== End Of File ===========================


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Tasha Jacobs at 13:48:15 on 2012-04-22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.316 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\All Users\Application Data\cdEaqoYrltbao.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\All Users\Application Data\d3cgLnuZ83xxGd.exe
C:\WINDOWS\system32\attrib.exe
C:\WINDOWS\system32\attrib.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=RGxdm186YYUS&ptb=ETkYX51EoIG1ZiqNmTecCg
uInternet Settings,ProxyServer = www.msn.com:80
uInternet Settings,ProxyOverride = <local>;*.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] "c:\program files\sigmatel\c-major audio\wdm\stsystra.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [BYR_AGENT] c:\documents and settings\all users\application data\lgmobileax\byr_client\VZWNotiAgent.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [cdEaqoYrltbao.exe] c:\documents and settings\all users\application data\cdEaqoYrltbao.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\tashaj~1\startm~1\programs\startup\timeleft.lnk - c:\program files\timeleft3\TimeLeft.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mbcame~1.lnk - c:\program files\pixela\everio mediabrowser\MBCameraMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
uPolicies-explorer: NoDesktop = 1 (0x1)
IE: Add to AMV Converter... - c:\program files\mp3 player utilities 4.18\amvconverter\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {21196042-830F-419f-A594-F9D456A6C29A} - {21196042-830F-419f-A594-F9D456A6C29A} c:\program files\timeleft3\tlintergie.html - c:\program files\timeleft3\tlintergie.html\inprocserver32 does not exist!
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{BCA1C17E-D9C5-41BC-AA1A-26B4C59602F6} : DhcpNameServer = 24.89.0.22 24.89.0.21
TCP: Interfaces\{F5CA31D2-61BB-4F45-8967-BFF155A0C9FD} : DhcpNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\tasha jacobs\application data\mozilla\firefox\profiles\8rbfrwzu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=RGxdm186YYUS&ptb=ETkYX51EoIG1ZiqNmTecCg&ind=2011080615&ptnrS=RGxdm186YYUS&si=&n=77dea7a7&psa=&st=kwd&searchfor=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\tasha jacobs\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\tasha jacobs\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\tasha jacobs\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\tasha jacobs\application data\mozilla\firefox\profiles\8rbfrwzu.default\extensions\gametapplayer@gametap.com\plugins\npGameTapWebPlayer.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\research in motion limited\blackberry app world browser plugin\npappworld.dll
.
============= SERVICES / DRIVERS ===============
.
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-22 22344]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-4-22 32072]
.
=============== Created Last 30 ================
.
2012-04-22 17:01:17 221184 ---ha-w- c:\documents and settings\all users\application data\d3cgLnuZ83xxGd.exe
2012-04-22 12:30:50 32072 ---ha-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-04-22 10:58:55 515330 ---ha-w- c:\windows\system32\PerfStringBackup.TMP
2012-04-21 21:09:08 300032 ---ha-w- c:\documents and settings\all users\application data\cdEaqoYrltbao.exe
2012-04-20 21:50:50 -------- d--h--w- c:\documents and settings\tasha jacobs\application data\StreamTorrent
2012-04-20 21:50:49 -------- d--h--w- c:\program files\StreamTorrent 1.0
2012-04-05 18:01:02 -------- d--h--w- c:\program files\v-Grabber
.
==================== Find3M ====================
.
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01:32 916992 ---ha-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ---ha-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ---ha-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ---ha-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ---ha-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ---ha-w- c:\windows\system32\html.iec
2012-02-03 09:22:18 1860096 ---ha-w- c:\windows\system32\win32k.sys
.
============= FINISH: 13:54:13.67 ===============

[MrCharlie]

Welcome to the forum

------->Logs will be closed if you haven't replied within 3 days!<--------

From your DDS scan these are showing and malware related:

C:\Documents and Settings\All Users\Application Data\cdEaqoYrltbao.exe
C:\Documents and Settings\All Users\Application Data\d3cgLnuZ83xxGd.exe

See if you can delete them......
You'll have to enable hidden files to see them:

http://www.howtogeek...-folders-in-xp/


[*]You may be able to use Malwarebytes FileASSASSIN to delete them.
Just open up MB and choose More Tools > Click run tool
Copy and paste these in one at a time in the "file name" and click open

C:\Documents and Settings\All Users\Application Data\cdEaqoYrltbao.exe

C:\Documents and Settings\All Users\Application Data\d3cgLnuZ83xxGd.exe

It will ask to reboot > say no

Repeat the process for the next one > now reboot.


---------------------------------

See if following this guide works.

especially RogueKiller..........

See if you can run RogueKiller......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.
For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
Click Scan to scan the system (don't run any other options)
Post back the report.

Let me know........MrC

[jeanbean]

I'm unable to open Malwarebytes anymore. I did it before, in a round about way, but I can't seem to do it again. I keep getting a "run time error 5".

I did the rougekiller and here is the report...

RogueKiller V7.3.3 [04/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Tasha Jacobs [Admin rights]
Mode: Scan -- Date: 04/22/2012 17:00:12
¤¤¤ Bad processes: 3 ¤¤¤
[WINDOW : SMART HDD] d3cgLnuZ83xxGd.exe -- C:\Documents and Settings\All Users\Application Data\d3cgLnuZ83xxGd.exe -> KILLED [TermProc]
[SUSP PATH] VZWNotiAgent.exe -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe -> KILLED [TermProc]
[SUSP PATH] cdEaqoYrltbao.exe -- C:\Documents and Settings\All Users\Application Data\cdEaqoYrltbao.exe -> KILLED [TermProc]
¤¤¤ Registry Entries: 19 ¤¤¤
[SUSP PATH] HKLM\[...]\Run : BYR_AGENT (C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe) -> FOUND
[SUSP PATH] HKLM\[...]\Run : cdEaqoYrltbao.exe (C:\Documents and Settings\All Users\Application Data\cdEaqoYrltbao.exe) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (www.msn.com:80) -> FOUND
[HJPOL] HKCU\[...]\Policies\Explorer\Explorer : NoDesktop (1) -> FOUND
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Infection : Rogue.FakeHDD ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD800BEVS-75RST0 +++++
--- User ---
[MBR] dbd76fe17ce7d74b2edb945fb90cc3ff
[BSP] 924c3ccc7cf16975da73c299d9d5d6d2 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 96390 | Size: 73194 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 149998905 | Size: 3074 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt

[MrCharlie]

Great!

Run RogueKiller again and click scan > when the scan completes
Click on the Bad processes tab and put a check next to these and then uncheck the rest.

Now click Delete in the right hand column.

Quote

¤¤¤ Bad processes: 3 ¤¤¤
[WINDOW : SMART HDD] d3cgLnuZ83xxGd.exe -- C:\Documents and Settings\All Users\Application Data\d3cgLnuZ83xxGd.exe -> KILLED [TermProc]


[SUSP PATH] cdEaqoYrltbao.exe -- C:\Documents and Settings\All Users\Application Data\cdEaqoYrltbao.exe -> KILLED [TermProc]

Do the same for Registry Entries:

Quote

¤¤¤ Registry Entries: 19 ¤¤¤

[SUSP PATH] HKLM\[...]\Run : cdEaqoYrltbao.exe (C:\Documents and Settings\All Users\Application Data\cdEaqoYrltbao.exe) -> FOUND

Let me know if you can run MB, MrC

[jeanbean]

Progress! I managed to get things almost back to normal. I redid the rougekiller program and deleted the one file from the registry that you suggested. Here is the report.

RogueKiller V7.3.3 [04/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Tasha Jacobs [Admin rights]
Mode: Scan -- Date: 04/22/2012 19:19:35

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤
[SUSP PATH] HKLM\[...]\Run : BYR_AGENT (C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (www.msn.com:80) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD800BEVS-75RST0 +++++
--- User ---
[MBR] dbd76fe17ce7d74b2edb945fb90cc3ff
[BSP] 924c3ccc7cf16975da73c299d9d5d6d2 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 96390 | Size: 73194 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 149998905 | Size: 3074 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

[MrCharlie]

Great

Can you Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

MrC

[jeanbean]

Yes, it worked! THANK YOU!!!!!

Here is the report...

Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.22.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Tasha Jacobs :: SCHOOL-929EE6B6 [administrator]

Protection: Disabled

4/22/2012 7:46:35 PM
mbam-log-2012-04-22 (19-46-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208921
Time elapsed: 9 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[MrCharlie]

OK, the absence of symptoms doesn't mean you're necessarily clean.

I want to run two more programs to see if there's any other malware on the system.

------------------------------------------

Please make sure system restore is running and create a new restore point before continuing.

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.



-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.



------------------------

Click the Start Scan button.



-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.



----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.





--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

[jeanbean]

Ok. Here is the report...

20:02:35.0343 3004 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
20:02:36.0203 3004 ============================================================
20:02:36.0203 3004 Current date / time: 2012/04/22 20:02:36.0203
20:02:36.0203 3004 SystemInfo:
20:02:36.0203 3004
20:02:36.0203 3004 OS Version: 5.1.2600 ServicePack: 3.0
20:02:36.0203 3004 Product type: Workstation
20:02:36.0203 3004 ComputerName: SCHOOL-929EE6B6
20:02:36.0203 3004 UserName: Tasha Jacobs
20:02:36.0203 3004 Windows directory: C:\WINDOWS
20:02:36.0203 3004 System windows directory: C:\WINDOWS
20:02:36.0203 3004 Processor architecture: Intel x86
20:02:36.0203 3004 Number of processors: 1
20:02:36.0203 3004 Page size: 0x1000
20:02:36.0203 3004 Boot type: Normal boot
20:02:36.0203 3004 ============================================================
20:02:40.0125 3004 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:02:40.0125 3004 \Device\Harddisk0\DR0:
20:02:40.0125 3004 MBR partitions:
20:02:40.0125 3004 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x8EF54B3
20:02:40.0250 3004 C: <-> \Device\Harddisk0\DR0\Partition0
20:02:40.0250 3004 Initialize success
20:02:40.0250 3004 ============================================================
20:03:13.0281 2112 ============================================================
20:03:13.0281 2112 Scan started
20:03:13.0281 2112 Mode: Manual; SigCheck; TDLFS;
20:03:13.0281 2112 ============================================================
20:03:13.0546 2112 Abiosdsk - ok
20:03:13.0593 2112 abp480n5 - ok
20:03:13.0640 2112 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:03:15.0734 2112 ACPI - ok
20:03:15.0843 2112 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:03:16.0000 2112 ACPIEC - ok
20:03:16.0031 2112 adpu160m - ok
20:03:16.0078 2112 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:03:16.0218 2112 aec - ok
20:03:16.0281 2112 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:03:16.0296 2112 AegisP ( UnsignedFile.Multi.Generic ) - warning
20:03:16.0296 2112 AegisP - detected UnsignedFile.Multi.Generic (1)
20:03:16.0359 2112 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:03:16.0453 2112 AFD - ok
20:03:16.0468 2112 Aha154x - ok
20:03:16.0468 2112 aic78u2 - ok
20:03:16.0500 2112 aic78xx - ok
20:03:16.0546 2112 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
20:03:16.0656 2112 Alerter - ok
20:03:16.0671 2112 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
20:03:16.0796 2112 ALG - ok
20:03:16.0796 2112 AliIde - ok
20:03:16.0812 2112 amsint - ok
20:03:16.0875 2112 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
20:03:16.0890 2112 APPDRV ( UnsignedFile.Multi.Generic ) - warning
20:03:16.0890 2112 APPDRV - detected UnsignedFile.Multi.Generic (1)
20:03:17.0031 2112 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:03:17.0046 2112 Apple Mobile Device - ok
20:03:17.0062 2112 AppMgmt - ok
20:03:17.0109 2112 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:03:17.0218 2112 Arp1394 - ok
20:03:17.0234 2112 asc - ok
20:03:17.0250 2112 asc3350p - ok
20:03:17.0250 2112 asc3550 - ok
20:03:17.0359 2112 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:03:17.0375 2112 aspnet_state - ok
20:03:17.0406 2112 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:03:17.0515 2112 AsyncMac - ok
20:03:17.0546 2112 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:03:17.0671 2112 atapi - ok
20:03:17.0671 2112 Atdisk - ok
20:03:17.0734 2112 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:03:17.0843 2112 Atmarpc - ok
20:03:17.0890 2112 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
20:03:18.0000 2112 AudioSrv - ok
20:03:18.0062 2112 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:03:18.0187 2112 audstub - ok
20:03:18.0296 2112 BCM43XX (9208c78bd9283f79a30252ad954c77a2) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
20:03:18.0500 2112 BCM43XX - ok
20:03:18.0578 2112 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:03:18.0718 2112 Beep - ok
20:03:18.0765 2112 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
20:03:18.0937 2112 BITS - ok
20:03:19.0078 2112 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
20:03:19.0093 2112 Bonjour Service - ok
20:03:19.0171 2112 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
20:03:19.0296 2112 Browser - ok
20:03:19.0328 2112 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:03:19.0468 2112 cbidf2k - ok
20:03:19.0531 2112 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:03:19.0656 2112 CCDECODE - ok
20:03:19.0671 2112 cd20xrnt - ok
20:03:19.0734 2112 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:03:19.0875 2112 Cdaudio - ok
20:03:19.0921 2112 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:03:20.0046 2112 Cdfs - ok
20:03:20.0078 2112 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:03:20.0187 2112 Cdrom - ok
20:03:20.0250 2112 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
20:03:20.0281 2112 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
20:03:20.0281 2112 cercsr6 - detected UnsignedFile.Multi.Generic (1)
20:03:20.0296 2112 Changer - ok
20:03:20.0328 2112 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
20:03:20.0484 2112 CiSvc - ok
20:03:20.0515 2112 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
20:03:20.0609 2112 ClipSrv - ok
20:03:20.0734 2112 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:03:20.0750 2112 clr_optimization_v2.0.50727_32 - ok
20:03:20.0796 2112 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:03:20.0906 2112 CmBatt - ok
20:03:20.0921 2112 CmdIde - ok
20:03:20.0937 2112 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:03:21.0046 2112 Compbatt - ok
20:03:21.0062 2112 COMSysApp - ok
20:03:21.0093 2112 Cpqarray - ok
20:03:21.0140 2112 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
20:03:21.0250 2112 CryptSvc - ok
20:03:21.0265 2112 dac2w2k - ok
20:03:21.0281 2112 dac960nt - ok
20:03:21.0328 2112 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:03:21.0421 2112 DcomLaunch - ok
20:03:21.0484 2112 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
20:03:21.0609 2112 Dhcp - ok
20:03:21.0625 2112 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:03:21.0734 2112 Disk - ok
20:03:21.0750 2112 dmadmin - ok
20:03:21.0812 2112 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:03:21.0984 2112 dmboot - ok
20:03:22.0031 2112 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:03:22.0140 2112 dmio - ok
20:03:22.0187 2112 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:03:22.0328 2112 dmload - ok
20:03:22.0375 2112 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
20:03:22.0468 2112 dmserver - ok
20:03:22.0515 2112 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:03:22.0625 2112 DMusic - ok
20:03:22.0671 2112 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
20:03:22.0781 2112 Dnscache - ok
20:03:22.0843 2112 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
20:03:22.0968 2112 Dot3svc - ok
20:03:22.0984 2112 dpti2o - ok
20:03:23.0046 2112 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:03:23.0156 2112 drmkaud - ok
20:03:23.0203 2112 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
20:03:23.0312 2112 EapHost - ok
20:03:23.0375 2112 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
20:03:23.0484 2112 ERSvc - ok
20:03:23.0531 2112 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:03:23.0578 2112 Eventlog - ok
20:03:23.0625 2112 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
20:03:23.0656 2112 EventSystem - ok
20:03:23.0812 2112 EvtEng (4c6fa3fd55087b7c35707068723a1710) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
20:03:23.0843 2112 EvtEng ( UnsignedFile.Multi.Generic ) - warning
20:03:23.0843 2112 EvtEng - detected UnsignedFile.Multi.Generic (1)
20:03:23.0921 2112 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:03:24.0046 2112 Fastfat - ok
20:03:24.0078 2112 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:03:24.0156 2112 FastUserSwitchingCompatibility - ok
20:03:24.0203 2112 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:03:24.0312 2112 Fdc - ok
20:03:24.0343 2112 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:03:24.0468 2112 Fips - ok
20:03:24.0484 2112 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:03:24.0593 2112 Flpydisk - ok
20:03:24.0625 2112 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:03:24.0718 2112 FltMgr - ok
20:03:24.0843 2112 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:03:24.0859 2112 FontCache3.0.0.0 - ok
20:03:24.0890 2112 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:03:25.0031 2112 Fs_Rec - ok
20:03:25.0140 2112 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:03:25.0281 2112 Ftdisk - ok
20:03:25.0343 2112 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:03:25.0359 2112 GEARAspiWDM - ok
20:03:25.0406 2112 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:03:25.0515 2112 Gpc - ok
20:03:25.0625 2112 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:03:25.0640 2112 gusvc - ok
20:03:25.0687 2112 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:03:25.0796 2112 HDAudBus - ok
20:03:25.0859 2112 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:03:25.0968 2112 helpsvc - ok
20:03:25.0984 2112 HidServ - ok
20:03:26.0015 2112 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:03:26.0125 2112 HidUsb - ok
20:03:26.0187 2112 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
20:03:26.0281 2112 hkmsvc - ok
20:03:26.0296 2112 hpn - ok
20:03:26.0375 2112 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:03:26.0421 2112 HTTP - ok
20:03:26.0468 2112 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
20:03:26.0578 2112 HTTPFilter - ok
20:03:26.0593 2112 i2omgmt - ok
20:03:26.0609 2112 i2omp - ok
20:03:26.0640 2112 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:03:26.0734 2112 i8042prt - ok
20:03:27.0015 2112 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
20:03:27.0468 2112 ialm - ok
20:03:27.0625 2112 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
20:03:27.0640 2112 IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:03:27.0640 2112 IDriverT - detected UnsignedFile.Multi.Generic (1)
20:03:27.0750 2112 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:03:27.0843 2112 idsvc - ok
20:03:27.0906 2112 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:03:28.0015 2112 Imapi - ok
20:03:28.0062 2112 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
20:03:28.0171 2112 ImapiService - ok
20:03:28.0187 2112 ini910u - ok
20:03:28.0203 2112 IntelIde - ok
20:03:28.0234 2112 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:03:28.0328 2112 intelppm - ok
20:03:28.0390 2112 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:03:28.0515 2112 Ip6Fw - ok
20:03:28.0578 2112 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:03:28.0703 2112 IpFilterDriver - ok
20:03:28.0765 2112 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:03:28.0890 2112 IpInIp - ok
20:03:28.0921 2112 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:03:29.0031 2112 IpNat - ok
20:03:29.0156 2112 iPod Service (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe
20:03:29.0234 2112 iPod Service - ok
20:03:29.0281 2112 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:03:29.0390 2112 IPSec - ok
20:03:29.0437 2112 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:03:29.0562 2112 IRENUM - ok
20:03:29.0609 2112 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:03:29.0718 2112 isapnp - ok
20:03:29.0734 2112 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:03:29.0843 2112 Kbdclass - ok
20:03:29.0890 2112 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:03:30.0000 2112 kmixer - ok
20:03:30.0031 2112 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:03:30.0125 2112 KSecDD - ok
20:03:30.0156 2112 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
20:03:30.0234 2112 lanmanserver - ok
20:03:30.0296 2112 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
20:03:30.0343 2112 lanmanworkstation - ok
20:03:30.0359 2112 lbrtfdc - ok
20:03:30.0421 2112 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
20:03:30.0531 2112 LmHosts - ok
20:03:30.0578 2112 mbamchameleon (e0e22c8a2c5528919c45b834ca68e5ef) C:\WINDOWS\system32\drivers\mbamchameleon.sys
20:03:30.0875 2112 mbamchameleon - ok
20:03:30.0937 2112 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
20:03:30.0953 2112 MBAMProtector - ok
20:03:31.0093 2112 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:03:31.0140 2112 MBAMService - ok
20:03:31.0218 2112 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
20:03:31.0234 2112 McComponentHostService - ok
20:03:31.0296 2112 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
20:03:31.0312 2112 MDM - ok
20:03:31.0406 2112 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
20:03:31.0531 2112 Messenger - ok
20:03:31.0578 2112 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:03:31.0718 2112 mnmdd - ok
20:03:31.0750 2112 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
20:03:31.0843 2112 mnmsrvc - ok
20:03:31.0906 2112 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:03:32.0015 2112 Modem - ok
20:03:32.0062 2112 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:03:32.0171 2112 Mouclass - ok
20:03:32.0234 2112 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:03:32.0359 2112 mouhid - ok
20:03:32.0406 2112 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:03:32.0515 2112 MountMgr - ok
20:03:32.0531 2112 mraid35x - ok
20:03:32.0562 2112 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:03:32.0671 2112 MRxDAV - ok
20:03:32.0703 2112 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:03:32.0828 2112 MRxSmb - ok
20:03:32.0859 2112 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
20:03:32.0984 2112 MSDTC - ok
20:03:33.0015 2112 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:03:33.0125 2112 Msfs - ok
20:03:33.0140 2112 MSIServer - ok
20:03:33.0187 2112 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:03:33.0281 2112 MSKSSRV - ok
20:03:33.0328 2112 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:03:33.0453 2112 MSPCLOCK - ok
20:03:33.0500 2112 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:03:33.0609 2112 MSPQM - ok
20:03:33.0656 2112 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:03:33.0765 2112 mssmbios - ok
20:03:33.0812 2112 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:03:33.0937 2112 MSTEE - ok
20:03:33.0968 2112 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:03:34.0031 2112 Mup - ok
20:03:34.0078 2112 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:03:34.0203 2112 NABTSFEC - ok
20:03:34.0265 2112 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
20:03:34.0375 2112 napagent - ok
20:03:34.0406 2112 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:03:34.0515 2112 NDIS - ok
20:03:34.0562 2112 ndiscm (b797ee2ef919c95561dee78b72b33e5b) C:\WINDOWS\system32\DRIVERS\NetMotCM.sys
20:03:34.0687 2112 ndiscm - ok
20:03:34.0750 2112 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:03:34.0859 2112 NdisIP - ok
20:03:34.0953 2112 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:03:35.0000 2112 NdisTapi - ok
20:03:35.0062 2112 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:03:35.0187 2112 Ndisuio - ok
20:03:35.0187 2112 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:03:35.0296 2112 NdisWan - ok
20:03:35.0359 2112 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:03:35.0437 2112 NDProxy - ok
20:03:35.0484 2112 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:03:35.0578 2112 NetBIOS - ok
20:03:35.0609 2112 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:03:35.0718 2112 NetBT - ok
20:03:35.0765 2112 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:03:35.0859 2112 NetDDE - ok
20:03:35.0875 2112 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:03:35.0968 2112 NetDDEdsdm - ok
20:03:36.0000 2112 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:03:36.0109 2112 Netlogon - ok
20:03:36.0156 2112 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
20:03:36.0265 2112 Netman - ok
20:03:37.0109 2112 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:03:37.0125 2112 NetTcpPortSharing - ok
20:03:37.0156 2112 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:03:37.0265 2112 NIC1394 - ok
20:03:37.0328 2112 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
20:03:37.0375 2112 Nla - ok
20:03:37.0421 2112 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:03:37.0531 2112 Npfs - ok
20:03:37.0578 2112 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:03:37.0750 2112 Ntfs - ok
20:03:37.0796 2112 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:03:37.0890 2112 NtLmSsp - ok
20:03:37.0968 2112 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
20:03:38.0093 2112 NtmsSvc - ok
20:03:38.0140 2112 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:03:38.0250 2112 Null - ok
20:03:38.0312 2112 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:03:38.0437 2112 NwlnkFlt - ok
20:03:38.0468 2112 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:03:38.0593 2112 NwlnkFwd - ok
20:03:38.0625 2112 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
20:03:38.0734 2112 NwlnkIpx - ok
20:03:38.0750 2112 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
20:03:38.0859 2112 NwlnkNb - ok
20:03:38.0890 2112 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
20:03:39.0000 2112 NwlnkSpx - ok
20:03:39.0062 2112 NwSapAgent (4b83fcbbe72af5f99d109798653e8b78) C:\WINDOWS\System32\ipxsap.dll
20:03:39.0187 2112 NwSapAgent - ok
20:03:39.0234 2112 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:03:39.0343 2112 ohci1394 - ok
20:03:39.0453 2112 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:03:39.0453 2112 ose - ok
20:03:39.0484 2112 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
20:03:39.0593 2112 Parport - ok
20:03:39.0609 2112 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:03:39.0718 2112 PartMgr - ok
20:03:39.0781 2112 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:03:39.0875 2112 ParVdm - ok
20:03:39.0937 2112 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:03:40.0031 2112 PCI - ok
20:03:40.0046 2112 PCIDump - ok
20:03:40.0078 2112 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:03:40.0218 2112 PCIIde - ok
20:03:40.0250 2112 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:03:40.0359 2112 Pcmcia - ok
20:03:40.0359 2112 PDCOMP - ok
20:03:40.0375 2112 PDFRAME - ok
20:03:40.0390 2112 PDRELI - ok
20:03:40.0406 2112 PDRFRAME - ok
20:03:40.0421 2112 perc2 - ok
20:03:40.0437 2112 perc2hib - ok
20:03:40.0515 2112 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:03:40.0562 2112 PlugPlay - ok
20:03:40.0578 2112 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:03:40.0687 2112 PolicyAgent - ok
20:03:40.0718 2112 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:03:40.0828 2112 PptpMiniport - ok
20:03:40.0843 2112 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:03:40.0937 2112 ProtectedStorage - ok
20:03:40.0953 2112 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:03:41.0093 2112 PSched - ok
20:03:41.0140 2112 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:03:41.0265 2112 Ptilink - ok
20:03:41.0265 2112 ql1080 - ok
20:03:41.0281 2112 Ql10wnt - ok
20:03:41.0296 2112 ql12160 - ok
20:03:41.0312 2112 ql1240 - ok
20:03:41.0328 2112 ql1280 - ok
20:03:41.0359 2112 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:03:41.0468 2112 RasAcd - ok
20:03:41.0515 2112 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
20:03:41.0609 2112 RasAuto - ok
20:03:41.0640 2112 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:03:41.0734 2112 Rasl2tp - ok
20:03:41.0781 2112 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
20:03:41.0890 2112 RasMan - ok
20:03:41.0906 2112 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:03:42.0031 2112 RasPppoe - ok
20:03:42.0046 2112 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:03:42.0171 2112 Raspti - ok
20:03:42.0203 2112 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:03:42.0296 2112 Rdbss - ok
20:03:42.0312 2112 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:03:42.0421 2112 RDPCDD - ok
20:03:42.0500 2112 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
20:03:42.0546 2112 RDPWD - ok
20:03:42.0593 2112 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
20:03:42.0703 2112 RDSessMgr - ok
20:03:42.0734 2112 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:03:42.0828 2112 redbook - ok
20:03:42.0968 2112 RegSrvc (8ac155995f5d10fc0d3ad949a1a68075) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
20:03:43.0000 2112 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
20:03:43.0000 2112 RegSrvc - detected UnsignedFile.Multi.Generic (1)
20:03:43.0046 2112 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
20:03:43.0171 2112 RemoteAccess - ok
20:03:43.0234 2112 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
20:03:43.0296 2112 rimmptsk - ok
20:03:43.0312 2112 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
20:03:43.0375 2112 rimsptsk - ok
20:03:43.0406 2112 RimUsb - ok
20:03:43.0468 2112 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
20:03:43.0562 2112 RimVSerPort - ok
20:03:43.0593 2112 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
20:03:43.0609 2112 rismxdp - ok
20:03:43.0656 2112 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
20:03:43.0781 2112 ROOTMODEM - ok
20:03:43.0828 2112 RoxLiveShare9 - ok
20:03:43.0875 2112 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
20:03:44.0000 2112 RpcLocator - ok
20:03:44.0062 2112 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:03:44.0125 2112 RpcSs - ok
20:03:44.0203 2112 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
20:03:44.0312 2112 RSVP - ok
20:03:44.0421 2112 S24EventMonitor (131d50f081d2e29ebd1365b21f6b9736) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
20:03:44.0515 2112 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
20:03:44.0515 2112 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
20:03:44.0546 2112 s24trans (e2c6abcbefb1d44f6aaeb1cd5d6062d4) C:\WINDOWS\system32\DRIVERS\s24trans.sys
20:03:44.0546 2112 s24trans ( UnsignedFile.Multi.Generic ) - warning
20:03:44.0546 2112 s24trans - detected UnsignedFile.Multi.Generic (1)
20:03:44.0593 2112 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:03:44.0687 2112 SamSs - ok
20:03:44.0734 2112 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
20:03:44.0859 2112 SCardSvr - ok
20:03:44.0921 2112 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
20:03:45.0031 2112 Schedule - ok
20:03:45.0062 2112 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
20:03:45.0156 2112 sdbus - ok
20:03:45.0203 2112 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:03:45.0328 2112 Secdrv - ok
20:03:45.0359 2112 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
20:03:45.0468 2112 seclogon - ok
20:03:45.0500 2112 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
20:03:45.0593 2112 SENS - ok
20:03:45.0625 2112 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
20:03:45.0734 2112 Serial - ok
20:03:45.0781 2112 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:03:45.0890 2112 Sfloppy - ok
20:03:45.0953 2112 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
20:03:46.0062 2112 SharedAccess - ok
20:03:46.0109 2112 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:03:46.0109 2112 ShellHWDetection - ok
20:03:46.0125 2112 Simbad - ok
20:03:46.0171 2112 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:03:46.0296 2112 SLIP - ok
20:03:46.0359 2112 SMNDIS5 - ok
20:03:46.0375 2112 Sparrow - ok
20:03:46.0390 2112 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:03:46.0500 2112 splitter - ok
20:03:46.0546 2112 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:03:46.0625 2112 Spooler - ok
20:03:46.0656 2112 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:03:46.0765 2112 sr - ok
20:03:46.0812 2112 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
20:03:46.0906 2112 srservice - ok
20:03:46.0968 2112 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:03:47.0046 2112 Srv - ok
20:03:47.0093 2112 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
20:03:47.0203 2112 SSDPSRV - ok
20:03:47.0296 2112 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
20:03:47.0437 2112 STHDA - ok
20:03:47.0484 2112 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
20:03:47.0609 2112 stisvc - ok
20:03:47.0671 2112 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:03:47.0765 2112 streamip - ok
20:03:47.0796 2112 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:03:47.0906 2112 swenum - ok
20:03:47.0953 2112 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:03:48.0062 2112 swmidi - ok
20:03:48.0078 2112 SwPrv - ok
20:03:48.0093 2112 symc810 - ok
20:03:48.0109 2112 symc8xx - ok
20:03:48.0125 2112 sym_hi - ok
20:03:48.0140 2112 sym_u3 - ok
20:03:48.0187 2112 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:03:48.0296 2112 sysaudio - ok
20:03:48.0390 2112 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
20:03:48.0500 2112 SysmonLog - ok
20:03:48.0546 2112 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
20:03:48.0656 2112 TapiSrv - ok
20:03:48.0703 2112 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:03:48.0750 2112 Tcpip - ok
20:03:48.0843 2112 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:03:48.0953 2112 TDPIPE - ok
20:03:48.0984 2112 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:03:49.0093 2112 TDTCP - ok
20:03:49.0140 2112 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:03:49.0234 2112 TermDD - ok
20:03:49.0281 2112 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
20:03:49.0375 2112 TermService - ok
20:03:49.0437 2112 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:03:49.0453 2112 Themes - ok
20:03:49.0453 2112 TosIde - ok
20:03:49.0484 2112 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
20:03:49.0593 2112 TrkWks - ok
20:03:49.0625 2112 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:03:49.0734 2112 Udfs - ok
20:03:49.0750 2112 ultra - ok
20:03:49.0781 2112 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
20:03:49.0828 2112 UMWdf - ok
20:03:49.0906 2112 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:03:50.0031 2112 Update - ok
20:03:50.0078 2112 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
20:03:50.0187 2112 upnphost - ok
20:03:50.0218 2112 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
20:03:50.0312 2112 UPS - ok
20:03:50.0390 2112 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:03:50.0406 2112 USBAAPL - ok
20:03:50.0453 2112 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:03:50.0578 2112 usbaudio - ok
20:03:50.0625 2112 usbbus (af9388e736af0c325067f05edc350010) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
20:03:50.0734 2112 usbbus - ok
20:03:50.0765 2112 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:03:50.0875 2112 usbccgp - ok
20:03:50.0906 2112 UsbDiag (ae30ea96e60e823c7b525da356283ae8) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
20:03:50.0937 2112 UsbDiag - ok
20:03:50.0984 2112 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:03:51.0109 2112 usbehci - ok
20:03:51.0156 2112 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:03:51.0265 2112 usbhub - ok
20:03:51.0296 2112 USBModem (46ac66df3d6efe81f69bea823a53aab5) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
20:03:51.0296 2112 USBModem - ok
20:03:51.0343 2112 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:03:51.0468 2112 usbprint - ok
20:03:51.0484 2112 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:03:51.0593 2112 usbscan - ok
20:03:51.0656 2112 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:03:51.0765 2112 USBSTOR - ok
20:03:51.0796 2112 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:03:51.0890 2112 usbuhci - ok
20:03:51.0953 2112 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
20:03:52.0062 2112 usbvideo - ok
20:03:52.0093 2112 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:03:52.0203 2112 VgaSave - ok
20:03:52.0218 2112 ViaIde - ok
20:03:52.0265 2112 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:03:52.0359 2112 VolSnap - ok
20:03:52.0421 2112 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
20:03:52.0546 2112 VSS - ok
20:03:52.0578 2112 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
20:03:52.0703 2112 W32Time - ok
20:03:52.0734 2112 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:03:52.0828 2112 Wanarp - ok
20:03:52.0843 2112 WDICA - ok
20:03:52.0890 2112 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:03:52.0984 2112 wdmaud - ok
20:03:53.0031 2112 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
20:03:53.0156 2112 WebClient - ok
20:03:53.0265 2112 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:03:53.0375 2112 winmgmt - ok
20:03:53.0546 2112 WLANKEEPER (8880769b9f88918e27f8e7332aa1aa01) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
20:03:53.0562 2112 WLANKEEPER ( UnsignedFile.Multi.Generic ) - warning
20:03:53.0562 2112 WLANKEEPER - detected UnsignedFile.Multi.Generic (1)
20:03:53.0578 2112 wltrysvc - ok
20:03:53.0640 2112 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\mspmsnsv.dll
20:03:53.0671 2112 WmdmPmSN - ok
20:03:53.0734 2112 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
20:03:53.0828 2112 WmiAcpi - ok
20:03:53.0906 2112 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:03:54.0015 2112 WmiApSrv - ok
20:03:54.0046 2112 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
20:03:54.0078 2112 WpdUsb - ok
20:03:54.0140 2112 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:03:54.0265 2112 WS2IFSL - ok
20:03:54.0312 2112 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
20:03:54.0453 2112 wscsvc - ok
20:03:54.0515 2112 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:03:54.0593 2112 WSTCODEC - ok
20:03:54.0656 2112 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
20:03:54.0750 2112 wuauserv - ok
20:03:54.0812 2112 WudfPf (729f76cd53af1685ca4c4c058519c58c) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:03:54.0859 2112 WudfPf - ok
20:03:54.0921 2112 WudfRd (a2aafcc8a204736296d937c7c545b53f) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:03:54.0953 2112 WudfRd - ok
20:03:55.0000 2112 WudfSvc (db5bf5aab72b1b99b5331231d09ebb26) C:\WINDOWS\System32\WUDFSvc.dll
20:03:55.0031 2112 WudfSvc - ok
20:03:55.0093 2112 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
20:03:55.0218 2112 WZCSVC - ok
20:03:55.0375 2112 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
20:03:55.0500 2112 xmlprov - ok
20:03:55.0531 2112 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:03:55.0859 2112 \Device\Harddisk0\DR0 - ok
20:03:55.0875 2112 Boot (0x1200) (766637c154896451eaace5df5584fefe) \Device\Harddisk0\DR0\Partition0
20:03:55.0875 2112 \Device\Harddisk0\DR0\Partition0 - ok
20:03:55.0875 2112 ============================================================
20:03:55.0875 2112 Scan finished
20:03:55.0875 2112 ============================================================
20:03:55.0984 3988 Detected object count: 9
20:03:55.0984 3988 Actual detected object count: 9
20:06:37.0265 3988 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:37.0265 3988 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:06:37.0265 3988 APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:37.0265 3988 APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:06:37.0265 3988 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:37.0265 3988 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:06:37.0265 3988 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:37.0265 3988 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:06:37.0265 3988 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:37.0265 3988 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:06:37.0265 3988 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:37.0265 3988 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:06:37.0281 3988 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:37.0281 3988 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:06:37.0281 3988 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:37.0281 3988 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:06:37.0281 3988 WLANKEEPER ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:37.0281 3988 WLANKEEPER ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:08:28.0156 2148 Deinitialize success

[MrCharlie]

Last one......

Please download and run ComboFix.
The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.
MrC

[jeanbean]

Ok. I will paste the log below. Unfortunately, I accidentally downloaded something called "download manager" and "PC Speed Maximizer". Were they supposed to install with the combofix?

Here is the log...

ComboFix 12-04-22.02 - Tasha Jacobs 04/22/2012 20:55:07.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.131 [GMT -4:00]
Running from: c:\documents and settings\Tasha Jacobs\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\program files\Internet Explorer\SETBB.tmp
c:\program files\Internet Explorer\SETBC.tmp
c:\program files\Internet Explorer\SETBE.tmp
c:\program files\Luxor 2
c:\program files\Luxor 2\3rdparty.gvf
c:\program files\Luxor 2\activation_info.xml
c:\program files\Luxor 2\assets\splashscreen.jpg
c:\program files\Luxor 2\bfgstate.xml
c:\program files\Luxor 2\data.mjz
c:\program files\Luxor 2\DSETUP.dll
c:\program files\Luxor 2\engine.dll
c:\program files\Luxor 2\file.dll
c:\program files\Luxor 2\fmodex.dll
c:\program files\Luxor 2\gfx.dll
c:\program files\Luxor 2\gfx_dd7.dll
c:\program files\Luxor 2\gfx_dx8.dll
c:\program files\Luxor 2\img_jpg.dll
c:\program files\Luxor 2\img_png.dll
c:\program files\Luxor 2\img_tga.dll
c:\program files\Luxor 2\LaunchGame.bfg
c:\program files\Luxor 2\locale\english.mjz
c:\program files\Luxor 2\logger.dll
c:\program files\Luxor 2\Luxor 2.exe
c:\program files\Luxor 2\pics\175x150.swf
c:\program files\Luxor 2\pics\60x40.jpg
c:\program files\Luxor 2\pics\80x80.jpg
c:\program files\Luxor 2\pics\feature.jpg
c:\program files\Luxor 2\platform.dll
c:\program files\Luxor 2\Read_Me.html
c:\program files\Luxor 2\snd3d.dll
c:\program files\Luxor 2\snd3d_fmod.dll
c:\program files\Luxor 2\thread.dll
c:\program files\Luxor 2\Uninstall.exe
c:\program files\Luxor 2\UnlockGame.bfg
c:\program files\Luxor 2\wxrgvcj.exe
C:\Setup.exe
c:\windows\system32\drivers\1028_DELL_XPS_Vostro 1500 .MRK
c:\windows\system32\drivers\DELL_XPS_Vostro 1500 .MRK
c:\windows\system32\SETC8.tmp
c:\windows\system32\SETC9.tmp
c:\windows\system32\SETCB.tmp
c:\windows\system32\SETCC.tmp
c:\windows\system32\SETCD.tmp
c:\windows\system32\SETCE.tmp
c:\windows\system32\SETCF.tmp
c:\windows\system32\SETD1.tmp
c:\windows\system32\SETD3.tmp
c:\windows\system32\SETD4.tmp
c:\windows\system32\SETD5.tmp
c:\windows\system32\SETD8.tmp
c:\windows\system32\SETD9.tmp
c:\windows\system32\SETDC.tmp
c:\windows\system32\SETDD.tmp
c:\windows\system32\SETDF.tmp
c:\windows\system32\SETE2.tmp
c:\windows\system32\SETE3.tmp
c:\windows\system32\SETE4.tmp
c:\windows\system32\SETE5.tmp
c:\windows\system32\SETE6.tmp
c:\windows\system32\SETE7.tmp
c:\windows\system32\SETEB.tmp
c:\windows\system32\SETEC.tmp
c:\windows\system32\SETED.tmp
c:\windows\system32\SETEE.tmp
c:\windows\system32\SETEF.tmp
c:\windows\system32\SETF0.tmp
c:\windows\system32\SETF1.tmp
c:\windows\system32\SETF2.tmp
c:\windows\system32\SETF3.tmp
c:\windows\system32\SETF4.tmp
c:\windows\system32\SETF5.tmp
c:\windows\system32\SETF7.tmp
c:\windows\system32\SETF8.tmp
c:\windows\system32\SETF9.tmp
c:\windows\system32\SETFA.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-03-23 to 2012-04-23 )))))))))))))))))))))))))))))))
.
.
2012-04-23 01:00 . 2012-04-23 01:00 -------- d-----w- c:\documents and settings\Tasha Jacobs\Application Data\PC Speed Maximizer
2012-04-23 00:40 . 2012-04-23 01:04 -------- d-----w- c:\documents and settings\Tasha Jacobs\Application Data\Free Download Manager
2012-04-23 00:40 . 2012-04-23 00:40 -------- d-----w- c:\program files\PC Speed Maximizer
2012-04-23 00:40 . 2012-04-23 00:40 -------- d-----w- c:\program files\Free Download Manager
2012-04-23 00:39 . 2012-04-23 00:39 -------- d-----w- c:\documents and settings\Tasha Jacobs\Local Settings\Application Data\I Want This
2012-04-23 00:39 . 2012-04-23 00:39 -------- d-----w- c:\program files\I Want This
2012-04-23 00:39 . 2012-04-23 00:39 -------- d-----w- c:\documents and settings\Tasha Jacobs\Local Settings\Application Data\antiphishing-vmninternethelper1_1dn
2012-04-23 00:39 . 2012-04-23 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor
2012-04-23 00:39 . 2012-04-23 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\blekko toolbars
2012-04-23 00:39 . 2012-04-23 00:39 -------- d-----w- c:\documents and settings\Tasha Jacobs\Application Data\blekkotb_soc
2012-04-23 00:39 . 2012-04-23 00:39 -------- d-----w- c:\program files\blekkotb_soc
2012-04-23 00:35 . 2012-04-23 00:35 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-22 20:30 . 2012-04-22 20:30 32072 ----a-w- c:\windows\system32\drivers\48230029.sys
2012-04-22 12:30 . 2012-04-22 12:30 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-04-22 11:40 . 2012-04-22 11:41 -------- d-----w- c:\documents and settings\Administrator
2012-04-22 10:58 . 2012-04-22 12:46 515330 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-04-20 21:50 . 2012-04-20 21:50 -------- d-----w- c:\documents and settings\Tasha Jacobs\Application Data\StreamTorrent
2012-04-20 21:50 . 2012-04-20 21:50 -------- d-----w- c:\program files\StreamTorrent 1.0
2012-04-05 18:01 . 2012-04-05 18:01 -------- d-----w- c:\program files\v-Grabber
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 19:56 . 2011-07-22 11:34 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-04 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-04 10:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-04 10:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:22 . 2004-08-04 10:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-03-17 12:13 . 2011-10-15 11:45 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be}]
2012-03-14 19:42 85288 ----a-w- c:\program files\blekkotb_soc\blekkotb_019X.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be}"= "c:\program files\blekkotb_soc\blekkotb_019X.dll" [2012-03-14 85288]
.
[HKEY_CLASSES_ROOT\clsid\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-19 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-08-18 17360520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-25 2220032]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-17 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-17 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-17 138008]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"BYR_AGENT"="c:\documents and settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe" [2012-03-15 392280]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Anti-phishing Domain Advisor"="c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-07-29 217256]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
MBCameraMonitor.lnk - c:\program files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe [2009-9-19 541976]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/22/2011 7:34 AM 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/22/2011 7:34 AM 22344]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [4/22/2012 8:35 PM 40776]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [4/22/2012 8:30 AM 32072]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 48758298
*NewlyCreated* - 70615840
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - 48758298
*Deregistered* - 70615840
*Deregistered* - TrueSight
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:34]
.
2012-04-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-19 16:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://blekkosearch.mystart.com/blekkotb_soc/?source=86adbc52&toolbarid=blekkotb_soc&u=2012042352734C56A70B50A707AFC5BE&tbp=homepage
uInternet Settings,ProxyServer = www.msn.com:80
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.18\AMVConverter\grab.html
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Tasha Jacobs\Application Data\Mozilla\Firefox\Profiles\8rbfrwzu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=RGxdm186YYUS&ptb=ETkYX51EoIG1ZiqNmTecCg&ind=2011080615&ptnrS=RGxdm186YYUS&si=&n=77dea7a7&psa=&st=kwd&searchfor=
FF - prefs.js: browser.search.selectedEngine - Blekko
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-PC Speed Maximizer - c:\program files\PC Speed Maximizer\SPMStarter.exe
HKCU-Run-SPMTray - c:\program files\PC Speed Maximizer\SPMTray.exe
AddRemove-BFG-Luxor 2 - c:\program files\Luxor 2\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-22 21:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(680)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2012-04-22 21:10:36
ComboFix-quarantined-files.txt 2012-04-23 01:10
.
Pre-Run: 44,077,273,088 bytes free
Post-Run: 45,798,854,656 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 8C096B8ECFD99186F8948CFA0C2E179D

[MrCharlie]

BTW: The TDSSKiller scan was clean...just some unsigned files.

-------------------------------------------

c:\program files\Luxor 2<---what was this program and did you install it?

Quote

Ok. I will paste the log below. Unfortunately, I accidentally downloaded something called "download manager" and "PC Speed Maximizer". Were they supposed to install with the combofix?

How did you do that?

See if you can uninstall from control panels add/remove programs:

PC Speed Maximizer
Free Download Manager

I Want This <-----what is this, was downloaded and installed at same time as the other two

These too! all new!!

Quote

c:\documents and settings\Tasha Jacobs\Application Data\PC Speed Maximizer
c:\documents and settings\Tasha Jacobs\Application Data\Free Download Manager
c:\program files\PC Speed Maximizer
c:\program files\Free Download Manager
c:\documents and settings\Tasha Jacobs\Local Settings\Application Data\I Want This
c:\program files\I Want This
c:\documents and settings\Tasha Jacobs\Local Settings\Application Data\antiphishing-vmninternethelper1_1dn
c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor
c:\documents and settings\All Users\Application Data\blekko toolbars
c:\documents and settings\Tasha Jacobs\Application Data\blekkotb_soc
c:\program files\blekkotb_soc

-------------------------------------

StreamTorrent<---using P2P programs like this is one reason you got infected and will continue to!

Let me know what you want to do with them, I suggest we uninstall or delete them all.

MrC

[jeanbean]

Why did they download? Don't know. I clicked on ComboFix, was redirected to the download page and after the wizard finished the download manager program opened. ??? I hit the back button on my browser to confirm that the download was for combofix and that is what the page said. I clicked a second time and then the correct program downloaded.

I have uninstalled and deleted them. The stream torrent program was from my hubby, who streams hockey games. The luxor program is a game, not sure why it's on there, we don't use this computer for anything other than email, pandora and the occasional hockey game.

Thank you again for all of your help!!!!!

Jeannine

[jeanbean]

Ugh.... not sure if this is related, but now my speakers don't work. It says the driver is not installed and when I use the wizard to find one, it says error code 10.

[MrCharlie]

ComboFix creates a restore point just before it runs, please use it to restore things.

We'll manually delete some of those bad files.

MrC

[jeanbean]

Ok, that worked. I didn't see any of the "bad" files go back on, just the Torrent program, which I uninstalled again. Speakers are working.

You have been such a great help!!! Only other question is that I found two "shortcuts" to the program smart HDD. One was in the start menu, under programs. Deleted it. The other was a quick start icon on my tool bar, deleted it too. They did not return after I rebooted. Is there anything else I should do?

Jeannine

[MrCharlie]

Yes........

Please download OTL from one of the links below:
http://oldtimer.geekstogo.com/OTL.exe
http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.
Double click on the icon on your desktop.
Click the Scan All Users checkbox.
Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized

MrC

[jeanbean]

otl file...

OTL logfile created on: 4/23/2012 8:03:23 AM - Run 1
OTL by OldTimer - Version 3.2.41.0 Folder = C:\Documents and Settings\Tasha Jacobs\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.97 Mb Total Physical Memory | 106.23 Mb Available Physical Memory | 10.48% Memory free
2.38 Gb Paging File | 1.65 Gb Available in Paging File | 69.22% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.48 Gb Total Space | 42.45 Gb Free Space | 59.39% Space Free | Partition Type: NTFS

Computer Name: SCHOOL-929EE6B6 | User Name: Tasha Jacobs | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/23 08:01:58 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tasha Jacobs\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/17 08:13:32 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/10 14:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2007/02/21 15:19:58 | 000,819,200 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/02/21 15:19:40 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/02/21 15:17:42 | 000,970,752 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/17 08:13:31 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/12/02 12:57:07 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/11/05 09:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2008/10/24 22:00:32 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2008/10/24 22:00:12 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2007/02/21 15:13:02 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2007/02/21 15:19:40 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS -- (SMNDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\TASHAJ~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/04/22 20:35:34 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/04/22 08:30:50 | 000,032,072 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/02/14 02:42:36 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2011/02/14 02:42:34 | 000,025,216 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2011/02/14 02:42:32 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/10/24 22:00:32 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/05/10 14:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/02/21 15:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/11/15 04:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 23:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 21:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2004/09/29 16:36:29 | 000,015,360 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NetMotCM.sys -- (ndiscm)
DRV - [2004/08/04 06:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 06:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1060284298-796845957-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://blekkosearch....BE&tbp=homepage
IE - HKU\S-1-5-21-1060284298-796845957-725345543-1004\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKU\S-1-5-21-1060284298-796845957-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-1060284298-796845957-725345543-1004\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekkosearch....q={searchTerms}
IE - HKU\S-1-5-21-1060284298-796845957-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1060284298-796845957-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKU\S-1-5-21-1060284298-796845957-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = www.msn.com:80

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Blekko"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8153
FF - prefs.js..extensions.enabledItems: GameTapPlayer@gametap.com:4.4.0.8
FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=RGxdm186YYUS&ptb=ETkYX51EoIG1ZiqNmTecCg&ind=2011080615&ptnrS=RGxdm186YYUS&si=&n=77dea7a7&psa=&st=kwd&searchfor="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Tasha Jacobs\Application Data\Move Networks\plugins\npqmp071505000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Tasha Jacobs\Application Data\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Tasha Jacobs\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Tasha Jacobs\Application Data\Move Networks\plugins\npqmp071505000010.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/22 18:18:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/22 18:18:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Tasha Jacobs\Application Data\Move Networks [2009/10/02 18:41:45 | 000,000,000 | ---D | M]

[2009/01/08 23:17:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tasha Jacobs\Application Data\Mozilla\Extensions
[2012/04/23 07:26:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tasha Jacobs\Application Data\Mozilla\Firefox\Profiles\8rbfrwzu.default\extensions
[2012/02/03 11:22:50 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Tasha Jacobs\Application Data\Mozilla\Firefox\Profiles\8rbfrwzu.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/03/22 13:06:03 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Tasha Jacobs\Application Data\Mozilla\Firefox\Profiles\8rbfrwzu.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/04/08 23:02:58 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Tasha Jacobs\Application Data\Mozilla\Firefox\Profiles\8rbfrwzu.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}(2)
[2009/04/08 23:00:20 | 000,000,000 | ---D | M] ("Upromise TurboSaver") -- C:\Documents and Settings\Tasha Jacobs\Application Data\Mozilla\Firefox\Profiles\8rbfrwzu.default\extensions\FFToolbar@upromise(2)
[2011/08/06 15:51:14 | 000,000,000 | ---D | M] (GameTap) -- C:\Documents and Settings\Tasha Jacobs\Application Data\Mozilla\Firefox\Profiles\8rbfrwzu.default\extensions\GameTapPlayer@gametap.com
[2009/04/09 19:55:00 | 000,002,434 | ---- | M] () -- C:\Documents and Settings\Tasha Jacobs\Application Data\Mozilla\Firefox\Profiles\8rbfrwzu.default\searchplugins\google-scholar.xml
[2012/04/23 07:29:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/02 18:41:45 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\TASHA JACOBS\APPLICATION DATA\MOVE NETWORKS
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\TASHA JACOBS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8RBFRWZU.DEFAULT\EXTENSIONS\{7D9E1ADC-7DB1-4EAF-B6C7-7E062074E6BE}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\TASHA JACOBS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8RBFRWZU.DEFAULT\EXTENSIONS\CROSSRIDERAPP2258@CROSSRIDER.COM
[2012/03/17 08:13:32 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/28 20:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/22 20:39:30 | 000,002,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml
[2011/11/10 18:40:30 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/22 21:06:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1060284298-796845957-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1060284298-796845957-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1060284298-796845957-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1060284298-796845957-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCA1C17E-D9C5-41BC-AA1A-26B4C59602F6}: DhcpNameServer = 24.89.0.22 24.89.0.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5CA31D2-61BB-4F45-8967-BFF155A0C9FD}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Tasha Jacobs\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tasha Jacobs\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/07 23:41:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/23 08:02:03 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tasha Jacobs\Desktop\OTL.exe
[2012/04/23 07:23:21 | 000,000,000 | ---D | C] -- C:\Program Files\SigmaTel
[2012/04/23 07:23:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tasha Jacobs\Start Menu\Programs\vGrabber
[2012/04/23 07:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\v-Grabber
[2012/04/23 07:22:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/04/23 07:22:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tasha Jacobs\Desktop\Unused Desktop Shortcuts
[2012/04/23 07:18:13 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/23 07:05:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/04/23 06:02:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tasha Jacobs\Desktop\Anti-Virus Programs
[2012/04/23 06:00:07 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/22 21:22:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tasha Jacobs\Application Data\InstallShield
[2012/04/22 21:10:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/04/22 20:52:54 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/22 20:43:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/22 20:43:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/22 20:43:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/22 20:43:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/22 20:43:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/22 20:43:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/22 20:42:42 | 004,472,002 | R--- | C] (Swearware) -- C:\Documents and Settings\Tasha Jacobs\Desktop\ComboFix.exe
[2012/04/22 20:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\Free Download Manager
[2012/04/22 20:37:22 | 000,340,296 | ---- | C] (AirInstaller Inc.) -- C:\Documents and Settings\Tasha Jacobs\Desktop\setup.exe
[2012/04/22 20:35:34 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/04/22 20:01:57 | 002,072,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Tasha Jacobs\Desktop\tdsskiller.exe
[2012/04/22 17:58:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/22 16:51:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tasha Jacobs\Recent
[2012/04/22 08:49:06 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Tasha Jacobs\Desktop\unhide.exe
[2012/04/22 07:32:35 | 010,062,736 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tasha Jacobs\Desktop\mbam-consumer.exe
[2012/04/20 17:50:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tasha Jacobs\Application Data\StreamTorrent
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[42 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/23 08:01:58 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tasha Jacobs\Desktop\OTL.exe
[2012/04/23 07:25:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/23 07:10:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/22 21:06:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/22 20:53:00 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/04/22 20:42:45 | 004,472,002 | R--- | M] (Swearware) -- C:\Documents and Settings\Tasha Jacobs\Desktop\ComboFix.exe
[2012/04/22 20:37:18 | 000,340,296 | ---- | M] (AirInstaller Inc.) -- C:\Documents and Settings\Tasha Jacobs\Desktop\setup.exe
[2012/04/22 20:35:34 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/04/22 20:02:28 | 002,072,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Tasha Jacobs\Desktop\tdsskiller.exe
[2012/04/22 18:45:20 | 001,280,512 | ---- | M] () -- C:\Documents and Settings\Tasha Jacobs\Desktop\RogueKiller.exe
[2012/04/22 18:29:08 | 000,272,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/22 18:26:16 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/04/22 18:03:52 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/22 16:52:55 | 000,002,427 | ---- | M] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2012/04/22 16:50:12 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/22 16:30:59 | 000,032,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\48230029.sys
[2012/04/22 12:44:59 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Tasha Jacobs\Application Data\mbam.context.scan
[2012/04/22 11:38:01 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/04/22 08:30:50 | 000,032,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/04/22 08:02:32 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Tasha Jacobs\Desktop\unhide.exe
[2012/04/22 07:32:49 | 010,062,736 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tasha Jacobs\Desktop\mbam-consumer.exe
[2012/04/21 17:50:23 | 000,436,276 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/21 17:50:23 | 000,069,006 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/16 14:48:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/12 17:04:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/05 14:01:37 | 000,001,560 | ---- | M] () -- C:\Documents and Settings\Tasha Jacobs\Desktop\vGrabber.lnk
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[42 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/22 21:01:58 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Tasha Jacobs\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/04/22 20:53:00 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/04/22 20:52:56 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/04/22 20:43:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/22 20:43:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/22 20:43:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/22 20:43:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/22 20:43:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/22 18:45:22 | 001,280,512 | ---- | C] () -- C:\Documents and Settings\Tasha Jacobs\Desktop\RogueKiller.exe
[2012/04/22 18:26:16 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/04/22 18:26:16 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/04/22 18:03:52 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/22 16:30:59 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\48230029.sys
[2012/04/22 12:44:59 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Tasha Jacobs\Application Data\mbam.context.scan
[2012/04/22 08:30:50 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/04/22 08:28:51 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/04/22 08:28:51 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Tasha Jacobs\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/22 08:28:51 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Tasha Jacobs\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/04/22 08:28:51 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/04/22 08:28:51 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Tasha Jacobs\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/04/22 08:28:51 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/04/22 08:28:51 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Tasha Jacobs\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/04/22 08:28:50 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2012/04/22 08:28:50 | 000,000,888 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2012/04/22 08:28:47 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/04/22 08:28:47 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 7.0.lnk
[2012/04/05 14:01:36 | 000,001,560 | ---- | C] () -- C:\Documents and Settings\Tasha Jacobs\Desktop\vGrabber.lnk
[2012/02/16 14:00:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/06/08 23:55:30 | 000,002,427 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2010/12/23 13:34:32 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Tasha Jacobs\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/17 12:12:24 | 000,067,328 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/03 15:36:47 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

========== LOP Check ==========

[2012/04/23 07:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2009/03/24 13:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2011/06/23 10:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
[2009/01/12 01:05:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2012/04/23 07:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2010/03/19 07:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2011/08/07 19:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/02/17 20:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/09/19 21:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PIXELA
[2010/03/25 06:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2010/10/28 14:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/26 19:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/01/11 21:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2009/04/08 22:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tasha Jacobs\Application Data\DMCache
[2009/02/23 13:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tasha Jacobs\Application Data\DriverCure
[2010/04/18 13:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tasha Jacobs\Application Data\Facebook
[2009/04/17 20:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tasha Jacobs\Application Data\GetRightToGo
[2012/04/22 21:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tasha Jacobs\Application Data\go
[2009/04/08 23:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tasha Jacobs\Application Data\IDM
[2009/01/11 21:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tasha Jacobs\Application Data\iolo
[2009/02/17 18:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tasha Jacobs\Application Data\SecondLife
[2009/09/25 20:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tasha Jacobs\Application Data\Smith Micro
[2012/04/20 17:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tasha Jacobs\Application Data\StreamTorrent
[2009/02/14 22:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tasha Jacobs\Application Data\Template
[2010/02/26 22:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tasha Jacobs\Application Data\Uniblue
[2009/04/08 23:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tasha Jacobs\Application Data\uTorrent

========== Purity Check ==========



< End of report >


Extras File...

OTL Extras logfile created on: 4/23/2012 8:03:23 AM - Run 1
OTL by OldTimer - Version 3.2.41.0 Folder = C:\Documents and Settings\Tasha Jacobs\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.97 Mb Total Physical Memory | 106.23 Mb Available Physical Memory | 10.48% Memory free
2.38 Gb Paging File | 1.65 Gb Available in Paging File | 69.22% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.48 Gb Total Space | 42.45 Gb Free Space | 59.39% Space Free | Partition Type: NTFS

Computer Name: SCHOOL-929EE6B6 | User Name: Tasha Jacobs | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1060284298-796845957-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Dell\MediaDirect\PCMService.exe" = C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe" = C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe:*:Enabled:StreamTorrent Media Player


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = MP3 Player Utilities 4.18
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{966A491F-8970-44E0-AC4E-9C845D9013EC}" = Microsoft DirectX 9.0 SDK Update (August 2005)
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{B03954CC-E130-4E57-BC83-869978685902}" = LG United Mobile Drivers
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Aloha TriPeaks" = Aloha TriPeaks
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Google Updater" = Google Updater
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"LimeWire" = LimeWire 5.2.13
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel® PROSet/Wireless Software
"vGrabber" = vGrabber
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"winusb0100" = Microsoft WinUsb 1.0
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1060284298-796845957-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

[MrCharlie]

I don't see any anti-virus on the system??

You can always install Microsoft Security Essentials:

http://windows.micro...rity-essentials

--------------------

Did you run unhide.exe and are all your folders and shortcuts visible?

----------------------

There's one suspicious file showing:

C:\WINDOWS\System32\drivers\48230029.sys

Can you locate it and then upload it to VirusTotal for a free scan.

Let me know the results > just copy back the url

You may have to enable hidden files to see it:

http://www.howtogeek...-folders-in-xp/

http://www.virustotal.com/

Let me know, MrC

[jeanbean]

Yes, I did the unhide program and I can see all my files.

Here is the result of the scan... https://www.virustot...sis/1335192090/

I only have Malwatebytes pro installed on this computer. I will also install the security essentials.