Jump to content


Photo
- - - - -

Virus Affecting Google, Redirects & Popups


  • This topic is locked This topic is locked
15 replies to this topic

#1 kjay

kjay

    Regular Member

  • Members
  • PipPip
  • 60 posts
  • Gender:Male

Posted 27 August 2012 - 08:01 PM

I am having problems ridding our PC of a virus. Earlier this month Malwarebytes found and removed the following trojans (Trojan.Agent, Trojan.FakeAlert, Trojan.FakeAlert.RO and Trojan.Lameshield). Malwarebytes scans show that no malicious software detected. Yet we cannot consistently use google (get Forbidden 404 message or Connection Interrupted message). Also will have small pop-ups and occasional redirection to PC Fix website. I have attached the Quick Scan I completed this evening and the dds.txt and attach.txt file as requested. Any assistance would be appreciated.

Thanks

alwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.27.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Chris Jacobs :: KJACOBS [administrator]

27/08/2012 7:11:22 PM
mbam-log-2012-08-27 (19-11-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 363641
Time elapsed: 23 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

dds.txt
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Chris Jacobs at 20:37:16 on 2012-08-27
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1195 [GMT -4:00]
.
AV: Norton Security Online *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: GFI Software VIPRE *Enabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Norton Security Online *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe
C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe
C:\Program Files\Secunia\PSI\sua.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\GFI Software\VIPRE\SBAMTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\WINDOWS\notepad.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: N/A: {e372c287-64ea-4bec-a4a6-8771b11d539b} - c:\program files\gamenutt_2s\bar\1.bin\2sSrcAs.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Toolbar BHO: {19c672d9-54c1-4416-aa7a-696185cb77f6} - c:\progra~1\gamenu~2\bar\1.bin\2sbar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Search Assistant BHO: {f599d514-765f-43c8-9347-cb54ba40073f} - c:\program files\gamenutt_2s\bar\1.bin\2sSrcAs.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: UltimateGamesBar: {15c23c48-f231-4557-8eee-da3152e2e7dd} - c:\program files\gamenutt_2s\bar\1.bin\2sbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [Google Update] "c:\documents and settings\chris jacobs\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6.6; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; WinNT-PAI 31.07.2009)" -"http://webgames.d.tm...nia/index.html"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [Amazing3DAquariumWallpaper]
mRun: [YeppStudioAgent] c:\program files\samsung\samsung media studio\SamsungMediaStudioAgent.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [GameNutt_2s Browser Plugin Loader] c:\progra~1\gamenu~2\bar\1.bin\2sbrmon.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SBAMTray] "c:\program files\gfi software\vipre\SBAMTray.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &Search - http://tbedits.ultim...E4&n=2011121316
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: brassring.com\sjobs
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: plaxo.com\www
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1346099389648
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} - hxxps://www.plaxo.com/activex/plx_upldr-2k-xp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{9FDD0B95-0C23-4FD0-8212-413F03EE8815} : DhcpNameServer = 192.168.0.1
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\quicktax 2007\ic2007pp.dll
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax 2008\ic2008pp.dll
Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - c:\program files\quicktax 2009\ic2009pp.dll
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - c:\program files\turbotax 2010\ic2010pp.dll
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files\turbotax 2011\ic2011pp.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\chris jacobs\application data\mozilla\firefox\profiles\kxgn1snm.default\
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\chris jacobs\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\chris jacobs\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\chris jacobs\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\chris jacobs\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\downloaded program files\npsoe.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2012-7-13 21240]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2012-1-25 101112]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2010-8-25 219136]
R2 KodakDigitalDisplayService;KodakDigitalDisplayService;c:\program files\kodak\digital display\orbkodaklauncher\DllStartupService.exe [2009-5-14 98304]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 SBAMSvc;VIPRE Antivirus;c:\program files\gfi software\vipre\SBAMSvc.exe [2012-5-2 3289680]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2012-7-13 77816]
R2 SBPIMSvc;SB Recovery Service;c:\program files\gfi software\vipre\SBPIMSvc.exe [2012-5-2 173920]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2012-7-25 681056]
S2 5576;5576;\??\c:\docume~1\chrisj~1\locals~1\temp\5576.sys --> c:\docume~1\chrisj~1\locals~1\temp\5576.sys [?]
S2 5709;5709;\??\c:\docume~1\chrisj~1\locals~1\temp\5709.sys --> c:\docume~1\chrisj~1\locals~1\temp\5709.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-2 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 257224]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-27 101936]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-2 135664]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-17 22344]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-16 113120]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2012-7-25 1326176]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-17 655944]
.
=============== Created Last 30 ================
.
2012-08-16 20:40:23 -------- d-----w- c:\program files\common files\Nancy Drew Prerequisites
2012-08-15 03:15:14 -------- d--h--w- c:\windows\PIF
2012-08-15 01:11:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-08-15 01:11:31 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-08-14 04:01:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-14 04:01:42 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-14 03:58:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-08-14 03:58:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-08-14 03:58:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-08-14 03:58:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-08-14 03:58:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-08-14 03:58:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-08-14 03:58:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2012-08-14 03:45:22 -------- d-----w- c:\program files\iPod
2012-08-14 03:40:16 -------- d-----w- c:\program files\Bonjour
2012-08-14 03:00:18 -------- d-----w- c:\documents and settings\chris jacobs\local settings\application data\Secunia PSI
2012-08-14 03:00:07 -------- d-----w- c:\program files\Secunia
2012-08-14 00:23:36 -------- d-----w- c:\program files\WiseConvert
2012-08-10 16:12:55 -------- d-----w- c:\program files\common files\xing shared
2012-08-01 01:07:50 -------- d-----w- c:\documents and settings\all users\application data\f91280
2012-07-30 21:52:13 103904 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-08-14 04:01:18 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-14 03:32:59 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-14 03:32:59 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-10 16:12:25 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-08-10 14:09:32 114 ----a-w- c:\documents and settings\chris jacobs\application data\netstat.bat
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 21:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 20:38:52.05 ===============

Attach.txt.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 30/01/2007 11:57:37 PM
System Uptime: 27/08/2012 9:09:45 AM (11 hours ago)
.
Motherboard: Dell Inc. | | 0WG855
Processor: Intel® Core™2 CPU 6400 @ 2.13GHz | Microprocessor | 2127/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 293 GiB total, 190.3 GiB free.
D: is CDROM (UDF)
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002\5&38E4B95F&0&0001
Manufacturer:
Name:
PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002\5&38E4B95F&0&0001
Service:
.
==== System Restore Points ===================
.
RP2117: 30/05/2012 6:45:45 PM - System Checkpoint
RP2118: 31/05/2012 7:31:50 PM - System Checkpoint
RP2119: 01/06/2012 7:50:06 PM - System Checkpoint
RP2120: 02/06/2012 8:21:54 PM - System Checkpoint
RP2121: 03/06/2012 10:07:16 PM - System Checkpoint
RP2122: 04/06/2012 10:00:17 AM - Software Distribution Service 3.0
RP2123: 05/06/2012 10:01:23 AM - System Checkpoint
RP2124: 06/06/2012 10:36:53 AM - System Checkpoint
RP2125: 07/06/2012 11:07:13 AM - System Checkpoint
RP2126: 08/06/2012 11:14:35 AM - System Checkpoint
RP2127: 09/06/2012 1:15:09 PM - System Checkpoint
RP2128: 10/06/2012 1:40:45 PM - System Checkpoint
RP2129: 11/06/2012 3:30:55 PM - System Checkpoint
RP2130: 12/06/2012 4:38:37 PM - System Checkpoint
RP2131: 13/06/2012 10:00:18 AM - Software Distribution Service 3.0
RP2132: 13/06/2012 7:45:57 PM - VIPRE clean action
RP2133: 14/06/2012 8:01:54 PM - System Checkpoint
RP2134: 15/06/2012 8:25:10 PM - System Checkpoint
RP2135: 16/06/2012 8:35:31 PM - System Checkpoint
RP2136: 17/06/2012 9:11:34 PM - System Checkpoint
RP2137: 18/06/2012 11:06:04 PM - System Checkpoint
RP2138: 20/06/2012 10:12:18 AM - System Checkpoint
RP2139: 21/06/2012 10:21:22 AM - System Checkpoint
RP2140: 22/06/2012 10:46:06 AM - System Checkpoint
RP2141: 23/06/2012 11:20:08 AM - System Checkpoint
RP2142: 24/06/2012 11:54:47 AM - System Checkpoint
RP2143: 25/06/2012 12:36:10 PM - System Checkpoint
RP2144: 26/06/2012 1:24:03 PM - System Checkpoint
RP2145: 27/06/2012 1:42:49 PM - System Checkpoint
RP2146: 28/06/2012 2:28:30 PM - System Checkpoint
RP2147: 29/06/2012 2:43:36 PM - System Checkpoint
RP2148: 30/06/2012 3:20:27 PM - System Checkpoint
RP2149: 01/07/2012 3:39:09 PM - System Checkpoint
RP2150: 08/07/2012 4:24:23 PM - System Checkpoint
RP2151: 09/07/2012 5:50:26 PM - System Checkpoint
RP2152: 10/07/2012 5:58:20 PM - System Checkpoint
RP2153: 11/07/2012 10:00:20 AM - Software Distribution Service 3.0
RP2154: 12/07/2012 10:35:15 AM - System Checkpoint
RP2155: 13/07/2012 11:37:01 AM - System Checkpoint
RP2156: 14/07/2012 12:28:24 PM - System Checkpoint
RP2157: 15/07/2012 8:17:42 AM - Installed The Sims 3
RP2158: 16/07/2012 8:26:43 AM - System Checkpoint
RP2159: 17/07/2012 10:31:48 AM - System Checkpoint
RP2160: 18/07/2012 11:12:42 AM - System Checkpoint
RP2161: 19/07/2012 12:04:08 PM - System Checkpoint
RP2162: 20/07/2012 12:12:50 PM - System Checkpoint
RP2163: 21/07/2012 1:02:29 PM - System Checkpoint
RP2164: 21/07/2012 11:07:23 PM - Removed Bonjour
RP2165: 21/07/2012 11:10:07 PM - Removed Nancy Drew: The Phantom of Venice
RP2166: 21/07/2012 11:15:31 PM - Removed Roxio DLA
RP2167: 21/07/2012 11:16:26 PM - Removed Roxio MyDVD LE
RP2168: 21/07/2012 11:17:11 PM - Removed Roxio RecordNow Audio
RP2169: 21/07/2012 11:17:35 PM - Removed Roxio RecordNow Copy
RP2170: 21/07/2012 11:18:01 PM - Removed Roxio RecordNow Data
RP2171: 21/07/2012 11:19:53 PM - Uninstall Click'N Design 3D
RP2172: 22/07/2012 9:27:01 PM - Installed %1 %2.
RP2173: 23/07/2012 12:18:11 PM - Removed TheSims3EP5
RP2174: 24/07/2012 3:40:38 PM - System Checkpoint
RP2175: 25/07/2012 3:00:48 PM - Installed The Sims 3 Ambitions
RP2176: 25/07/2012 3:47:43 PM - Installed Saddle Up
RP2177: 26/07/2012 4:28:04 PM - System Checkpoint
RP2178: 26/07/2012 10:07:08 PM - Removed The Sims 3 Ambitions
RP2179: 27/07/2012 10:17:00 PM - System Checkpoint
RP2180: 28/07/2012 11:43:22 PM - System Checkpoint
RP2181: 30/07/2012 12:37:06 AM - System Checkpoint
RP2182: 30/07/2012 11:14:48 AM - Installed The Sims 3 Ambitions
RP2183: 30/07/2012 11:48:36 AM - Installed The Sims 3 Ambitions
RP2184: 31/07/2012 12:34:12 PM - System Checkpoint
RP2185: 01/08/2012 12:56:45 PM - System Checkpoint
RP2186: 02/08/2012 1:07:05 PM - System Checkpoint
RP2187: 03/08/2012 1:51:32 PM - System Checkpoint
RP2188: 04/08/2012 2:53:52 PM - System Checkpoint
RP2189: 05/08/2012 3:48:07 PM - System Checkpoint
RP2190: 06/08/2012 4:10:23 PM - System Checkpoint
RP2191: 07/08/2012 4:29:21 PM - System Checkpoint
RP2192: 08/08/2012 5:19:18 PM - System Checkpoint
RP2193: 09/08/2012 5:35:35 PM - System Checkpoint
RP2194: 10/08/2012 9:51:04 AM - Removed Saddle Up
RP2195: 11/08/2012 10:20:49 AM - System Checkpoint
RP2196: 12/08/2012 10:47:00 AM - System Checkpoint
RP2197: 13/08/2012 11:44:09 AM - System Checkpoint
RP2198: 14/08/2012 12:37:17 AM - Removed Windows Live Favorites for Windows Live Toolbar
RP2199: 15/08/2012 9:41:18 AM - System Checkpoint
RP2200: 15/08/2012 10:00:56 AM - Software Distribution Service 3.0
RP2201: 16/08/2012 11:05:14 AM - System Checkpoint
RP2202: 16/08/2012 4:40:10 PM - Installed Nancy Drew: The Captive Curse
RP2203: 17/08/2012 4:43:46 PM - System Checkpoint
RP2204: 18/08/2012 4:44:55 PM - System Checkpoint
RP2205: 19/08/2012 5:52:10 PM - System Checkpoint
RP2206: 20/08/2012 6:51:17 PM - System Checkpoint
RP2207: 21/08/2012 7:42:00 PM - System Checkpoint
RP2208: 22/08/2012 8:02:13 PM - System Checkpoint
RP2209: 23/08/2012 9:14:38 PM - System Checkpoint
RP2210: 24/08/2012 9:27:38 PM - System Checkpoint
RP2211: 25/08/2012 9:39:53 PM - System Checkpoint
RP2212: 26/08/2012 1:50:42 PM - Removed Google Earth.
RP2213: 27/08/2012 2:13:50 PM - System Checkpoint
.
==== Installed Programs ======================
.
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.2
Adobe Shockwave Player 11.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ATI Catalyst Install Manager
ATI Catalyst Registration
ATI Parental Control & Encoder
BioShock
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon Easy-PhotoPrint EX
Canon Easy-PhotoPrint Pro
Canon Easy-WebPrint EX
Canon G.726 WMP-Decoder
Canon MG6100 series MP Drivers
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator EX 4.0
Canon My Printer
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Solution Menu EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility
CCC Help English
CCScore
Clone Wars
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer
Dell Driver Reset Tool
Dell Support 3.2.1
Dell System Restore
DivX Web Player
DVD-MovieAlbumSE 3 for DVDCAM
EPSON Printer Software
ESPNMotion
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSTOOLS
essvatgt
EZface ActiveX 210
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Graboid Video 3.05
High Definition Audio Driver Package - KB835221
Highlight Viewer (Windows Live Toolbar)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® Matrix Storage Manager
Intel® PRO Network Connections
InterActual Player
iTunes
Java Auto Updater
Java™ 6 Update 33
Junk Mail filter update
KEDDS
kgcbaby
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
Logitech Gaming Software
Malwarebytes Anti-Malware version 1.62.0.1300
Managed DirectX (0900)
Map Button (Windows Live Toolbar)
MCU
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works 6-9 Converter
Microsoft WSE 3.0 Runtime
MobileMe Control Panel
Move Networks Media Player for Internet Explorer
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSN
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Musicnotes Player
Musicnotes Software Suite 1.0
Nancy Drew: The Captive Curse
netbrdg
OfotoXMI
On2 VP3 Video for Windows Codec
Origin
Otto
Picture Package Music Transfer
PunkBuster Services
QuickTax 2006
QuickTax 2007
QuickTax 2008
QuickTax 2009
QuickTime
QuickTime for Windows (32-bit)
Race Day Demo Version
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
RPS CRT
RSH Home Networking Wizard
Samsung Media Studio
SecondLife (remove only)
Secunia PSI (3.0.0.3001)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SFR
SHASTA
Shockwave
Sibelius Scorch (ActiveX Only)
skin0001
SKINXSDK
Smart Menus (Windows Live Toolbar)
Sonic Activation Module
Sonic Encoders
Sony Picture Utility
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
staticcr
swMSM
TeamViewer 5
The Sims™ 3
The Sims™ 3 Ambitions
Tiger Woods PGA TOUR 2004
TurboTax 2010
TurboTax 2011
UltimateGamesBar
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC80CRTRedist - 8.0.50727.762
VIPRE Antivirus
VLC media player 2.0.2
VoiceOver Kit
VPRINTOL
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows PowerShell™ 1.0
Windows Search 4.0
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WIRELESS
YP-U1
.
==== Event Viewer Messages From Past Week ========
.
23/08/2012 4:34:55 PM, error: Dhcp [1002] - The IP address lease 192.168.0.10 for the Network Card with network address 0019D11D42C2 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
23/08/2012 1:27:05 PM, error: Service Control Manager [7000] - The Security Services Driver (x86) service failed to start due to the following error: The system cannot find the file specified.
23/08/2012 1:27:05 PM, error: Service Control Manager [7000] - The 5709 service failed to start due to the following error: The system cannot find the file specified.
23/08/2012 1:27:05 PM, error: Service Control Manager [7000] - The 5576 service failed to start due to the following error: The system cannot find the file specified.
23/08/2012 1:27:04 PM, error: Dhcp [1002] - The IP address lease 192.168.0.15 for the Network Card with network address 0019D11D42C2 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
22/08/2012 3:20:57 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.10 with the system having network hardware address 00:C6:10:D0:00:B5. Network operations on this system may be disrupted as a result.
22/08/2012 3:20:44 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
22/08/2012 3:20:38 PM, error: Dhcp [1002] - The IP address lease 192.168.0.11 for the Network Card with network address 0019D11D42C2 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

#2 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,195 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 28 August 2012 - 06:45 AM

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#3 kjay

kjay

    Regular Member

  • Members
  • PipPip
  • 60 posts
  • Gender:Male

Posted 28 August 2012 - 08:35 PM

RogueKiller V8.0.0 [08/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Chris Jacobs [Admin rights]
Mode : Scan -- Date : 08/28/2012 21:32:02

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\5576 (\??\C:\DOCUME~1\CHRISJ~1\LOCALS~1\Temp\5576.sys) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\5709 (\??\C:\DOCUME~1\CHRISJ~1\LOCALS~1\Temp\5709.sys) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[Faked.Drv][FILE] nwlnknb.sys : C:\WINDOWS\system32\drivers\nwlnknb.sys --> CANNOT FIX

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3320620AS +++++
--- User ---
[MBR] 4f64bb99f305879aaae592529b9af759
[BSP] 3efdd157322bc54deb4f0f8435ac64f6 : MBR Code unknown
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 96390 | Size: 300442 Mo
2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 615401955 | Size: 4753 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#4 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,195 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 28 August 2012 - 08:40 PM

Run RogueKiller again and click Scan
When the scan completes > click on the Registry tab
Put a check next to all of these and uncheck the rest: (if found)

[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\5576 (\??\C:\DOCUME~1\CHRISJ~1\LOCALS~1\Temp\5576.sys) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\5709 (\??\C:\DOCUME~1\CHRISJ~1\LOCALS~1\Temp\5709.sys) -> FOUND


Now click Delete on the right hand column under Options

~~~~~~~~~~~~~~~~~~

Then..........



Please read the directions carefully so you don't end up deleting something that is good!!

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Posted Image

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

Posted Image

------------------------

Click the Start Scan button.

Posted Image

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue


Posted Image

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


Posted Image


--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#5 kjay

kjay

    Regular Member

  • Members
  • PipPip
  • 60 posts
  • Gender:Male

Posted 28 August 2012 - 09:46 PM

Attached is the report from TDSSKiller. It found one malicious object and allowed me to select cure. Upon completion, I rebooted the computer as instructed.

22:28:23.0365 9012 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
22:28:23.0724 9012 ============================================================
22:28:23.0724 9012 Current date / time: 2012/08/28 22:28:23.0724
22:28:23.0724 9012 SystemInfo:
22:28:23.0724 9012
22:28:23.0724 9012 OS Version: 5.1.2600 ServicePack: 3.0
22:28:23.0724 9012 Product type: Workstation
22:28:23.0724 9012 ComputerName: KJACOBS
22:28:23.0724 9012 UserName: Chris Jacobs
22:28:23.0724 9012 Windows directory: C:\WINDOWS
22:28:23.0724 9012 System windows directory: C:\WINDOWS
22:28:23.0724 9012 Processor architecture: Intel x86
22:28:23.0724 9012 Number of processors: 2
22:28:23.0724 9012 Page size: 0x1000
22:28:23.0724 9012 Boot type: Normal boot
22:28:23.0724 9012 ============================================================
22:28:24.0396 9012 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:28:24.0443 9012 ============================================================
22:28:24.0443 9012 \Device\Harddisk0\DR0:
22:28:24.0443 9012 MBR partitions:
22:28:24.0443 9012 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x24ACD15D
22:28:24.0443 9012 ============================================================
22:28:24.0490 9012 C: <-> \Device\Harddisk0\DR0\Partition1
22:28:24.0490 9012 ============================================================
22:28:24.0490 9012 Initialize success
22:28:24.0490 9012 ============================================================
22:29:31.0302 7904 ============================================================
22:29:31.0302 7904 Scan started
22:29:31.0302 7904 Mode: Manual; SigCheck; TDLFS;
22:29:31.0302 7904 ============================================================
22:29:31.0646 7904 ================ Scan services =============================
22:29:31.0787 7904 5576 - ok
22:29:31.0787 7904 5709 - ok
22:29:32.0083 7904 Abiosdsk - ok
22:29:32.0115 7904 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
22:29:33.0662 7904 abp480n5 - ok
22:29:33.0755 7904 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
22:29:33.0771 7904 ACDaemon - ok
22:29:33.0818 7904 [ EA38C961260F29295C6D03070FA9D0B5 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:29:33.0833 7904 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: EA38C961260F29295C6D03070FA9D0B5, Fake md5: 8FD99680A539792A30E97944FDAECF17
22:29:33.0833 7904 ACPI ( Virus.Win32.Rloader.a ) - infected
22:29:33.0833 7904 ACPI - detected Virus.Win32.Rloader.a (0)
22:29:33.0865 7904 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
22:29:34.0083 7904 ACPIEC - ok
22:29:34.0177 7904 [ F3CD7B20B27D1772C946DF993FF3635C ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:29:34.0193 7904 AdobeFlashPlayerUpdateSvc - ok
22:29:34.0224 7904 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
22:29:34.0349 7904 adpu160m - ok
22:29:34.0380 7904 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
22:29:34.0490 7904 aec - ok
22:29:34.0537 7904 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
22:29:34.0568 7904 AFD - ok
22:29:34.0599 7904 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
22:29:34.0693 7904 agp440 - ok
22:29:34.0724 7904 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
22:29:34.0818 7904 agpCPQ - ok
22:29:34.0833 7904 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
22:29:34.0896 7904 Aha154x - ok
22:29:34.0912 7904 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
22:29:35.0037 7904 aic78u2 - ok
22:29:35.0052 7904 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:29:35.0146 7904 aic78xx - ok
22:29:35.0177 7904 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
22:29:35.0302 7904 Alerter - ok
22:29:35.0318 7904 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
22:29:35.0396 7904 ALG - ok
22:29:35.0412 7904 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
22:29:35.0505 7904 AliIde - ok
22:29:35.0521 7904 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
22:29:35.0646 7904 alim1541 - ok
22:29:35.0677 7904 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
22:29:35.0771 7904 amdagp - ok
22:29:35.0787 7904 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
22:29:35.0849 7904 amsint - ok
22:29:35.0927 7904 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:29:35.0943 7904 Apple Mobile Device - ok
22:29:36.0005 7904 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
22:29:36.0068 7904 AppMgmt - ok
22:29:36.0099 7904 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
22:29:36.0208 7904 asc - ok
22:29:36.0224 7904 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22:29:36.0287 7904 asc3350p - ok
22:29:36.0302 7904 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
22:29:36.0396 7904 asc3550 - ok
22:29:36.0505 7904 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:29:36.0552 7904 aspnet_state - ok
22:29:36.0583 7904 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:29:36.0677 7904 AsyncMac - ok
22:29:36.0708 7904 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
22:29:36.0818 7904 atapi - ok
22:29:36.0818 7904 Atdisk - ok
22:29:36.0865 7904 [ C2B87DF80DAB23407C4155090177C813 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
22:29:36.0912 7904 Ati HotKey Poller - ok
22:29:37.0068 7904 [ 662C08FEF641D8D6E9DCDB39168895B0 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:29:37.0193 7904 ati2mtag - ok
22:29:37.0224 7904 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:29:37.0349 7904 Atmarpc - ok
22:29:37.0412 7904 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
22:29:37.0537 7904 AudioSrv - ok
22:29:37.0552 7904 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
22:29:37.0646 7904 audstub - ok
22:29:37.0677 7904 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:29:37.0787 7904 Beep - ok
22:29:37.0833 7904 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
22:29:37.0958 7904 BITS - ok
22:29:38.0021 7904 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:29:38.0037 7904 Bonjour Service - ok
22:29:38.0083 7904 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
22:29:38.0271 7904 Browser - ok
22:29:38.0287 7904 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
22:29:38.0412 7904 cbidf - ok
22:29:38.0412 7904 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
22:29:38.0505 7904 cbidf2k - ok
22:29:38.0552 7904 [ 20F89E232173985A455BC9A5F70D1166 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe
22:29:38.0552 7904 CCALib8 ( UnsignedFile.Multi.Generic ) - warning
22:29:38.0552 7904 CCALib8 - detected UnsignedFile.Multi.Generic (1)
22:29:38.0583 7904 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
22:29:38.0630 7904 cd20xrnt - ok
22:29:38.0646 7904 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
22:29:38.0755 7904 Cdaudio - ok
22:29:38.0802 7904 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
22:29:38.0896 7904 Cdfs - ok
22:29:38.0943 7904 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:29:38.0990 7904 Cdrom - ok
22:29:38.0990 7904 Changer - ok
22:29:39.0021 7904 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
22:29:39.0146 7904 CiSvc - ok
22:29:39.0162 7904 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
22:29:39.0287 7904 ClipSrv - ok
22:29:39.0318 7904 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:29:39.0396 7904 clr_optimization_v2.0.50727_32 - ok
22:29:39.0412 7904 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
22:29:39.0521 7904 CmdIde - ok
22:29:39.0521 7904 COMSysApp - ok
22:29:39.0552 7904 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
22:29:39.0646 7904 Cpqarray - ok
22:29:39.0662 7904 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
22:29:39.0787 7904 CryptSvc - ok
22:29:39.0818 7904 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
22:29:39.0912 7904 dac2w2k - ok
22:29:39.0927 7904 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
22:29:40.0052 7904 dac960nt - ok
22:29:40.0083 7904 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:29:40.0130 7904 DcomLaunch - ok
22:29:40.0177 7904 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
22:29:40.0271 7904 Dhcp - ok
22:29:40.0318 7904 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
22:29:40.0443 7904 Disk - ok
22:29:40.0443 7904 dmadmin - ok
22:29:40.0474 7904 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
22:29:40.0583 7904 dmboot - ok
22:29:40.0599 7904 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
22:29:40.0693 7904 dmio - ok
22:29:40.0708 7904 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
22:29:40.0802 7904 dmload - ok
22:29:40.0833 7904 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
22:29:40.0974 7904 dmserver - ok
22:29:41.0005 7904 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
22:29:41.0130 7904 DMusic - ok
22:29:41.0162 7904 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:29:41.0255 7904 Dnscache - ok
22:29:41.0287 7904 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
22:29:41.0427 7904 Dot3svc - ok
22:29:41.0443 7904 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
22:29:41.0537 7904 dpti2o - ok
22:29:41.0568 7904 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
22:29:41.0693 7904 drmkaud - ok
22:29:41.0740 7904 [ 2AC2372FFAD9ADC85672CC8E8AE14BE9 ] DSproct C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
22:29:41.0943 7904 DSproct ( UnsignedFile.Multi.Generic ) - warning
22:29:41.0943 7904 DSproct - detected UnsignedFile.Multi.Generic (1)
22:29:41.0974 7904 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:29:42.0083 7904 E100B - ok
22:29:42.0130 7904 [ 00192F0C612591D585594E9467E6CA8B ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
22:29:42.0177 7904 e1express - ok
22:29:42.0208 7904 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
22:29:42.0333 7904 EapHost - ok
22:29:42.0412 7904 [ 70AEAC5D481B2904B40F2173E280B1B5 ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
22:29:42.0458 7904 eeCtrl - ok
22:29:42.0521 7904 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
22:29:42.0615 7904 ehRecvr - ok
22:29:42.0646 7904 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
22:29:42.0740 7904 ehSched - ok
22:29:42.0787 7904 [ 00BD6FC4A873D3341DCF9AEF2D3C841E ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:29:42.0818 7904 EraserUtilRebootDrv - ok
22:29:42.0849 7904 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
22:29:42.0974 7904 ERSvc - ok
22:29:43.0005 7904 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
22:29:43.0037 7904 Eventlog - ok
22:29:43.0068 7904 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
22:29:43.0130 7904 EventSystem - ok
22:29:43.0162 7904 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
22:29:43.0287 7904 Fastfat - ok
22:29:43.0318 7904 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:29:43.0380 7904 FastUserSwitchingCompatibility - ok
22:29:43.0396 7904 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
22:29:43.0521 7904 Fdc - ok
22:29:43.0552 7904 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
22:29:43.0646 7904 Fips - ok
22:29:43.0662 7904 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:29:43.0771 7904 Flpydisk - ok
22:29:43.0818 7904 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
22:29:43.0912 7904 FltMgr - ok
22:29:43.0974 7904 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:29:44.0005 7904 FontCache3.0.0.0 - ok
22:29:44.0037 7904 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:29:44.0130 7904 Fs_Rec - ok
22:29:44.0146 7904 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:29:44.0240 7904 Ftdisk - ok
22:29:44.0287 7904 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
22:29:44.0287 7904 GEARAspiWDM - ok
22:29:44.0318 7904 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:29:44.0412 7904 Gpc - ok
22:29:44.0490 7904 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
22:29:44.0490 7904 gupdate - ok
22:29:44.0505 7904 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
22:29:44.0521 7904 gupdatem - ok
22:29:44.0568 7904 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:29:44.0693 7904 HDAudBus - ok
22:29:44.0755 7904 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:29:44.0865 7904 helpsvc - ok
22:29:44.0896 7904 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
22:29:45.0021 7904 HidServ - ok
22:29:45.0052 7904 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:29:45.0162 7904 HidUsb - ok
22:29:45.0193 7904 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
22:29:45.0302 7904 hkmsvc - ok
22:29:45.0318 7904 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
22:29:45.0412 7904 hpn - ok
22:29:45.0458 7904 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
22:29:45.0521 7904 HTTP - ok
22:29:45.0552 7904 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
22:29:45.0662 7904 HTTPFilter - ok
22:29:45.0677 7904 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
22:29:45.0771 7904 i2omgmt - ok
22:29:45.0802 7904 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
22:29:45.0896 7904 i2omp - ok
22:29:45.0927 7904 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:29:46.0037 7904 i8042prt - ok
22:29:46.0083 7904 [ B122BE74E283A2BC7FEBC180BFD2EFD5 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
22:29:46.0099 7904 IAANTMON ( UnsignedFile.Multi.Generic ) - warning
22:29:46.0099 7904 IAANTMON - detected UnsignedFile.Multi.Generic (1)
22:29:46.0115 7904 [ 019CF5F31C67030841233C545A0E217A ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
22:29:46.0162 7904 iaStor - ok
22:29:46.0271 7904 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
22:29:46.0287 7904 IDriverT ( UnsignedFile.Multi.Generic ) - warning
22:29:46.0287 7904 IDriverT - detected UnsignedFile.Multi.Generic (1)
22:29:46.0365 7904 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:29:46.0396 7904 idsvc - ok
22:29:46.0443 7904 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
22:29:46.0552 7904 Imapi - ok
22:29:46.0583 7904 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
22:29:46.0708 7904 ImapiService - ok
22:29:46.0724 7904 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
22:29:46.0833 7904 ini910u - ok
22:29:46.0865 7904 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
22:29:46.0958 7904 IntelIde - ok
22:29:46.0990 7904 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:29:47.0099 7904 intelppm - ok
22:29:47.0130 7904 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
22:29:47.0224 7904 Ip6Fw - ok
22:29:47.0255 7904 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:29:47.0349 7904 IpFilterDriver - ok
22:29:47.0380 7904 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:29:47.0474 7904 IpInIp - ok
22:29:47.0505 7904 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:29:47.0599 7904 IpNat - ok
22:29:47.0662 7904 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:29:47.0708 7904 iPod Service - ok
22:29:47.0740 7904 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:29:47.0833 7904 IPSec - ok
22:29:47.0865 7904 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
22:29:47.0927 7904 IRENUM - ok
22:29:47.0958 7904 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:29:48.0068 7904 isapnp - ok
22:29:48.0162 7904 [ DE5D05FD449798EF88CC34AD4B1E7F85 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
22:29:48.0177 7904 JavaQuickStarterService - ok
22:29:48.0193 7904 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:29:48.0287 7904 Kbdclass - ok
22:29:48.0318 7904 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:29:48.0412 7904 kbdhid - ok
22:29:48.0458 7904 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
22:29:48.0568 7904 kmixer - ok
22:29:48.0615 7904 [ 9646A100ACF21516DB1052BC419332BA ] KodakDigitalDisplayService C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe
22:29:48.0615 7904 KodakDigitalDisplayService ( UnsignedFile.Multi.Generic ) - warning
22:29:48.0615 7904 KodakDigitalDisplayService - detected UnsignedFile.Multi.Generic (1)
22:29:48.0662 7904 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
22:29:48.0740 7904 KSecDD - ok
22:29:48.0787 7904 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
22:29:48.0833 7904 lanmanserver - ok
22:29:48.0880 7904 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:29:48.0943 7904 lanmanworkstation - ok
22:29:48.0943 7904 lbrtfdc - ok
22:29:49.0005 7904 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
22:29:49.0115 7904 LmHosts - ok
22:29:49.0146 7904 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
22:29:49.0162 7904 MBAMProtector - ok
22:29:49.0240 7904 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:29:49.0287 7904 MBAMService - ok
22:29:49.0318 7904 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
22:29:49.0333 7904 McrdSvc - ok
22:29:49.0396 7904 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
22:29:49.0412 7904 MDM - ok
22:29:49.0443 7904 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
22:29:49.0583 7904 Messenger - ok
22:29:49.0599 7904 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
22:29:49.0630 7904 MHN ( UnsignedFile.Multi.Generic ) - warning
22:29:49.0630 7904 MHN - detected UnsignedFile.Multi.Generic (1)
22:29:49.0646 7904 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
22:29:49.0677 7904 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
22:29:49.0677 7904 MHNDRV - detected UnsignedFile.Multi.Generic (1)
22:29:49.0708 7904 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
22:29:49.0802 7904 mnmdd - ok
22:29:49.0833 7904 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
22:29:49.0958 7904 mnmsrvc - ok
22:29:49.0990 7904 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
22:29:50.0083 7904 Modem - ok
22:29:50.0115 7904 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:29:50.0208 7904 Mouclass - ok
22:29:50.0255 7904 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:29:50.0333 7904 mouhid - ok
22:29:50.0365 7904 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
22:29:50.0458 7904 MountMgr - ok
22:29:50.0490 7904 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:29:50.0537 7904 MozillaMaintenance - ok
22:29:50.0552 7904 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
22:29:50.0646 7904 mraid35x - ok
22:29:50.0662 7904 MREMPR5 - ok
22:29:50.0662 7904 MRENDIS5 - ok
22:29:50.0677 7904 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:29:50.0787 7904 MRxDAV - ok
22:29:50.0818 7904 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:29:50.0896 7904 MRxSmb - ok
22:29:50.0927 7904 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
22:29:51.0037 7904 MSDTC - ok
22:29:51.0052 7904 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:29:51.0146 7904 Msfs - ok
22:29:51.0146 7904 MSIServer - ok
22:29:51.0177 7904 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:29:51.0287 7904 MSKSSRV - ok
22:29:51.0302 7904 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:29:51.0396 7904 MSPCLOCK - ok
22:29:51.0412 7904 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
22:29:51.0505 7904 MSPQM - ok
22:29:51.0537 7904 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:29:51.0630 7904 mssmbios - ok
22:29:51.0646 7904 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
22:29:51.0693 7904 Mup - ok
22:29:51.0724 7904 [ 1E59AAED42A5E3A5ED86EC403F9C0776 ] NAL C:\WINDOWS\system32\Drivers\iqvw32.sys
22:29:51.0724 7904 NAL ( UnsignedFile.Multi.Generic ) - warning
22:29:51.0724 7904 NAL - detected UnsignedFile.Multi.Generic (1)
22:29:51.0755 7904 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
22:29:51.0880 7904 napagent - ok
22:29:51.0927 7904 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
22:29:52.0005 7904 NDIS - ok
22:29:52.0052 7904 [ 1A18F436E4855572260580F4D42C69E8 ] NDISRD C:\WINDOWS\system32\drivers\NDISRD.sys
22:29:52.0052 7904 NDISRD ( UnsignedFile.Multi.Generic ) - warning
22:29:52.0052 7904 NDISRD - detected UnsignedFile.Multi.Generic (1)
22:29:52.0083 7904 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:29:52.0130 7904 NdisTapi - ok
22:29:52.0162 7904 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:29:52.0240 7904 Ndisuio - ok
22:29:52.0255 7904 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:29:52.0380 7904 NdisWan - ok
22:29:52.0412 7904 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
22:29:52.0458 7904 NDProxy - ok
22:29:52.0490 7904 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
22:29:52.0583 7904 NetBIOS - ok
22:29:52.0615 7904 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:29:52.0708 7904 NetBT - ok
22:29:52.0740 7904 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
22:29:52.0865 7904 NetDDE - ok
22:29:52.0865 7904 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
22:29:52.0958 7904 NetDDEdsdm - ok
22:29:52.0990 7904 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
22:29:53.0115 7904 Netlogon - ok
22:29:53.0130 7904 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
22:29:53.0224 7904 Netman - ok
22:29:53.0240 7904 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:29:53.0271 7904 NetTcpPortSharing - ok
22:29:53.0318 7904 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
22:29:53.0349 7904 Nla - ok
22:29:53.0380 7904 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:29:53.0490 7904 Npfs - ok
22:29:53.0521 7904 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
22:29:53.0630 7904 Ntfs - ok
22:29:53.0662 7904 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
22:29:53.0740 7904 NtLmSsp - ok
22:29:53.0787 7904 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
22:29:53.0912 7904 NtmsSvc - ok
22:29:53.0927 7904 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
22:29:54.0037 7904 Null - ok
22:29:54.0052 7904 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:29:54.0162 7904 NwlnkFlt - ok
22:29:54.0177 7904 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:29:54.0255 7904 NwlnkFwd - ok
22:29:54.0287 7904 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:29:54.0318 7904 ose - ok
22:29:54.0349 7904 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
22:29:54.0443 7904 Parport - ok
22:29:54.0474 7904 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
22:29:54.0583 7904 PartMgr - ok
22:29:54.0599 7904 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
22:29:54.0708 7904 ParVdm - ok
22:29:54.0708 7904 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
22:29:54.0833 7904 PCI - ok
22:29:54.0833 7904 PCIDump - ok
22:29:54.0880 7904 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
22:29:54.0958 7904 PCIIde - ok
22:29:55.0005 7904 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
22:29:55.0099 7904 Pcmcia - ok
22:29:55.0115 7904 PDCOMP - ok
22:29:55.0115 7904 PDFRAME - ok
22:29:55.0115 7904 PDRELI - ok
22:29:55.0130 7904 PDRFRAME - ok
22:29:55.0146 7904 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
22:29:55.0240 7904 perc2 - ok
22:29:55.0255 7904 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
22:29:55.0365 7904 perc2hib - ok
22:29:55.0396 7904 [ DA86016F0672ADA925F589EDE715F185 ] pfc C:\WINDOWS\system32\drivers\pfc.sys
22:29:55.0427 7904 pfc ( UnsignedFile.Multi.Generic ) - warning
22:29:55.0427 7904 pfc - detected UnsignedFile.Multi.Generic (1)
22:29:55.0443 7904 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
22:29:55.0458 7904 PlugPlay - ok
22:29:55.0505 7904 [ 831883B107684301F48ACE752C963984 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
22:29:55.0505 7904 PnkBstrA - ok
22:29:55.0521 7904 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
22:29:55.0615 7904 PolicyAgent - ok
22:29:55.0662 7904 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:29:55.0771 7904 PptpMiniport - ok
22:29:55.0802 7904 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:29:55.0896 7904 ProtectedStorage - ok
22:29:55.0896 7904 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
22:29:56.0021 7904 PSched - ok
22:29:56.0052 7904 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\WINDOWS\system32\DRIVERS\psi_mf.sys
22:29:56.0068 7904 PSI - ok
22:29:56.0099 7904 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:29:56.0208 7904 Ptilink - ok
22:29:56.0240 7904 [ 1962166E0CEB740704F30FA55AD3D509 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:29:56.0240 7904 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
22:29:56.0240 7904 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
22:29:56.0271 7904 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
22:29:56.0365 7904 ql1080 - ok
22:29:56.0380 7904 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
22:29:56.0490 7904 Ql10wnt - ok
22:29:56.0505 7904 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
22:29:56.0599 7904 ql12160 - ok
22:29:56.0615 7904 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
22:29:56.0693 7904 ql1240 - ok
22:29:56.0724 7904 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
22:29:56.0833 7904 ql1280 - ok
22:29:56.0865 7904 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:29:56.0958 7904 RasAcd - ok
22:29:56.0990 7904 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:29:57.0099 7904 RasAuto - ok
22:29:57.0115 7904 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:29:57.0208 7904 Rasl2tp - ok
22:29:57.0255 7904 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
22:29:57.0365 7904 RasMan - ok
22:29:57.0365 7904 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:29:57.0458 7904 RasPppoe - ok
22:29:57.0474 7904 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
22:29:57.0552 7904 Raspti - ok
22:29:57.0599 7904 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:29:57.0693 7904 Rdbss - ok
22:29:57.0708 7904 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:29:57.0818 7904 RDPCDD - ok
22:29:57.0833 7904 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:29:57.0943 7904 rdpdr - ok
22:29:57.0974 7904 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
22:29:58.0037 7904 RDPWD - ok
22:29:58.0083 7904 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
22:29:58.0193 7904 RDSessMgr - ok
22:29:58.0224 7904 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
22:29:58.0333 7904 redbook - ok
22:29:58.0365 7904 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:29:58.0474 7904 RemoteAccess - ok
22:29:58.0505 7904 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
22:29:58.0615 7904 RemoteRegistry - ok
22:29:58.0646 7904 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
22:29:58.0755 7904 RpcLocator - ok
22:29:58.0787 7904 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
22:29:58.0802 7904 RpcSs - ok
22:29:58.0802 7904 RPSKT - ok
22:29:58.0833 7904 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
22:29:58.0927 7904 RSVP - ok
22:29:58.0943 7904 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
22:29:59.0037 7904 SamSs - ok
22:29:59.0193 7904 [ 18530D2F605F1EC48CA20A7B184CCBCC ] SBAMSvc C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe
22:29:59.0302 7904 SBAMSvc - ok
22:29:59.0349 7904 [ 62BA65CC0B4A4BD1EAFF5FED6E2B5069 ] sbaphd C:\WINDOWS\system32\drivers\sbaphd.sys
22:29:59.0349 7904 sbaphd - ok
22:29:59.0396 7904 [ 3FFF8CDA4D2F29CA06F1557E85163C30 ] sbapifs C:\WINDOWS\system32\drivers\sbapifs.sys
22:29:59.0412 7904 sbapifs - ok
22:29:59.0443 7904 [ 2815772894855506E94008CC0E602738 ] SBPIMSvc C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe
22:29:59.0458 7904 SBPIMSvc - ok
22:29:59.0505 7904 [ D03A8CCA8BFA82CBF12A87326EBFE258 ] SBRE C:\WINDOWS\system32\drivers\SBREDrv.sys
22:29:59.0505 7904 SBRE - ok
22:29:59.0552 7904 [ 451626248828CD323D2F47300EA77AF5 ] SbTis C:\WINDOWS\system32\drivers\sbtis.sys
22:29:59.0568 7904 SbTis - ok
22:29:59.0599 7904 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
22:29:59.0724 7904 SCardSvr - ok
22:29:59.0755 7904 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:29:59.0880 7904 Schedule - ok
22:29:59.0927 7904 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:29:59.0974 7904 Secdrv - ok
22:30:00.0021 7904 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
22:30:00.0130 7904 seclogon - ok
22:30:00.0224 7904 [ 9044795E9D1A912D5F1B8DF6211850FD ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
22:30:00.0318 7904 Secunia PSI Agent - ok
22:30:00.0380 7904 [ 8B1A72E4FB63A9C068B08E1F9B70482A ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
22:30:00.0412 7904 Secunia Update Agent - ok
22:30:00.0443 7904 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
22:30:00.0537 7904 SENS - ok
22:30:00.0583 7904 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
22:30:00.0662 7904 serenum - ok
22:30:00.0693 7904 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
22:30:00.0787 7904 Serial - ok
22:30:00.0818 7904 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
22:30:00.0927 7904 Sfloppy - ok
22:30:00.0974 7904 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
22:30:01.0099 7904 SharedAccess - ok
22:30:01.0115 7904 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:30:01.0130 7904 ShellHWDetection - ok
22:30:01.0130 7904 Simbad - ok
22:30:01.0162 7904 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
22:30:01.0255 7904 sisagp - ok
22:30:01.0287 7904 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
22:30:01.0349 7904 Sparrow - ok
22:30:01.0380 7904 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
22:30:01.0490 7904 splitter - ok
22:30:01.0505 7904 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
22:30:01.0552 7904 Spooler - ok
22:30:01.0583 7904 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
22:30:01.0630 7904 sr - ok
22:30:01.0662 7904 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
22:30:01.0724 7904 srservice - ok
22:30:01.0740 7904 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:30:01.0771 7904 Srv - ok
22:30:01.0818 7904 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:30:01.0896 7904 SSDPSRV - ok
22:30:01.0958 7904 [ 797FCC1D859B203958E915BB82528DA9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
22:30:02.0068 7904 STHDA - ok
22:30:02.0115 7904 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
22:30:02.0240 7904 stisvc - ok
22:30:02.0287 7904 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
22:30:02.0365 7904 swenum - ok
22:30:02.0396 7904 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
22:30:02.0490 7904 swmidi - ok
22:30:02.0505 7904 SwPrv - ok
22:30:02.0521 7904 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
22:30:02.0615 7904 symc810 - ok
22:30:02.0646 7904 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
22:30:02.0740 7904 symc8xx - ok
22:30:02.0771 7904 [ C5EAFB6A8C73FB26B73EE613C1A5AEF6 ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
22:30:02.0787 7904 SymEvent - ok
22:30:02.0802 7904 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
22:30:02.0896 7904 sym_hi - ok
22:30:02.0896 7904 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
22:30:02.0990 7904 sym_u3 - ok
22:30:03.0005 7904 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
22:30:03.0130 7904 sysaudio - ok
22:30:03.0162 7904 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
22:30:03.0271 7904 SysmonLog - ok
22:30:03.0302 7904 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:30:03.0412 7904 TapiSrv - ok
22:30:03.0458 7904 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:30:03.0474 7904 Tcpip - ok
22:30:03.0505 7904 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
22:30:03.0615 7904 TDPIPE - ok
22:30:03.0646 7904 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
22:30:03.0740 7904 TDTCP - ok
22:30:03.0771 7904 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
22:30:03.0865 7904 TermDD - ok
22:30:03.0912 7904 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
22:30:04.0037 7904 TermService - ok
22:30:04.0052 7904 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
22:30:04.0068 7904 Themes - ok
22:30:04.0099 7904 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
22:30:04.0177 7904 TlntSvr - ok
22:30:04.0208 7904 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
22:30:04.0287 7904 TosIde - ok
22:30:04.0302 7904 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
22:30:04.0427 7904 TrkWks - ok
22:30:04.0474 7904 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
22:30:04.0552 7904 Udfs - ok
22:30:04.0583 7904 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
22:30:04.0646 7904 ultra - ok
22:30:04.0693 7904 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
22:30:04.0787 7904 Update - ok
22:30:04.0818 7904 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
22:30:04.0896 7904 upnphost - ok
22:30:04.0927 7904 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
22:30:05.0037 7904 UPS - ok
22:30:05.0083 7904 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
22:30:05.0130 7904 USBAAPL - ok
22:30:05.0162 7904 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:30:05.0255 7904 usbccgp - ok
22:30:05.0287 7904 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:30:05.0396 7904 usbehci - ok
22:30:05.0427 7904 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:30:05.0505 7904 usbhub - ok
22:30:05.0537 7904 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:30:05.0662 7904 usbprint - ok
22:30:05.0677 7904 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:30:05.0771 7904 usbscan - ok
22:30:05.0802 7904 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:30:05.0912 7904 USBSTOR - ok
22:30:05.0943 7904 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:30:06.0037 7904 usbuhci - ok
22:30:06.0068 7904 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
22:30:06.0162 7904 VgaSave - ok
22:30:06.0193 7904 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:30:06.0287 7904 viaagp - ok
22:30:06.0318 7904 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
22:30:06.0412 7904 ViaIde - ok
22:30:06.0427 7904 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
22:30:06.0537 7904 VolSnap - ok
22:30:06.0568 7904 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
22:30:06.0646 7904 VSS - ok
22:30:06.0677 7904 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
22:30:06.0771 7904 w32time - ok
22:30:06.0818 7904 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:30:06.0927 7904 Wanarp - ok
22:30:06.0927 7904 WDICA - ok
22:30:06.0958 7904 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
22:30:07.0052 7904 wdmaud - ok
22:30:07.0083 7904 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
22:30:07.0193 7904 WebClient - ok
22:30:07.0271 7904 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:30:07.0396 7904 winmgmt - ok
22:30:07.0427 7904 [ BC3ECBCB40147BDAE3AD2FD0B4B346D8 ] WmBEnum C:\WINDOWS\system32\drivers\WmBEnum.sys
22:30:07.0458 7904 WmBEnum - ok
22:30:07.0505 7904 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
22:30:07.0583 7904 WmdmPmSN - ok
22:30:07.0599 7904 [ 19F9881D8B3484FEDB605D0216876898 ] WmFilter C:\WINDOWS\system32\drivers\WmFilter.sys
22:30:07.0646 7904 WmFilter - ok
22:30:07.0677 7904 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
22:30:07.0724 7904 Wmi - ok
22:30:07.0755 7904 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:30:07.0880 7904 WmiApSrv - ok
22:30:07.0974 7904 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
22:30:08.0052 7904 WMPNetworkSvc - ok
22:30:08.0099 7904 [ 7A51545A6409A25EEDBDBD97D019E8CC ] WmVirHid C:\WINDOWS\system32\drivers\WmVirHid.sys
22:30:08.0146 7904 WmVirHid - ok
22:30:08.0162 7904 [ 1F083B3BC73017E60C3CA85CF4A70753 ] WmXlCore C:\WINDOWS\system32\drivers\WmXlCore.sys
22:30:08.0177 7904 WmXlCore - ok
22:30:08.0208 7904 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:30:08.0318 7904 WS2IFSL - ok
22:30:08.0349 7904 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
22:30:08.0474 7904 wscsvc - ok

#6 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,195 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 28 August 2012 - 10:04 PM

OK, that's not the complete log, the bottom part is missing.

If it's too large to post...just attach it.

Click "More Reply Options" at the bottom right hand corner of this page
In the next window that pops up you can attach the log.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#7 kjay

kjay

    Regular Member

  • Members
  • PipPip
  • 60 posts
  • Gender:Male

Posted 29 August 2012 - 06:32 AM

[attachment=84097:TDSSKiller.2.8.8.0_28.08.2012_22.28.23_log.txt]

Sorry about that. I thought I had it all. I have attached the file

#8 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,195 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 29 August 2012 - 06:41 AM

OK....please do this >

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#9 kjay

kjay

    Regular Member

  • Members
  • PipPip
  • 60 posts
  • Gender:Male

Posted 29 August 2012 - 06:48 AM

Thanks. I will do this next step this evening. I sure appreciate your help.

#10 kjay

kjay

    Regular Member

  • Members
  • PipPip
  • 60 posts
  • Gender:Male

Posted 29 August 2012 - 09:20 PM

ComboFix 12-08-29.03 - Chris Jacobs 29/08/2012 22:01:26.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1307 [GMT -4:00]
Running from: c:\documents and settings\Chris Jacobs\Desktop\ComboFix.exe
AV: GFI Software VIPRE *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
AV: Norton Security Online *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Online *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Aidan Jacobs\Application Data\alot
c:\documents and settings\Aidan Jacobs\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
c:\documents and settings\Aidan Jacobs\WINDOWS
c:\documents and settings\Alison Jacobs\WINDOWS
c:\documents and settings\All Users\Application Data\shs_setup_4059-354328.exe
c:\documents and settings\Chris Jacobs\WINDOWS
c:\documents and settings\Hannah Jacobs\Application Data\alot
c:\documents and settings\Hannah Jacobs\WINDOWS
c:\program files\Common Files\Uninstall
c:\windows\system32\ndisapi.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-30 )))))))))))))))))))))))))))))))
.
.
2012-08-29 02:32 . 2012-08-29 02:32 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-21 19:43 . 2012-08-21 19:43 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-08-17 02:28 . 2012-08-17 02:28 -------- d-----w- c:\documents and settings\Chris Jacobs\Local Settings\Application Data\Mozilla
2012-08-17 02:28 . 2012-08-17 02:28 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-08-16 20:40 . 2012-08-16 20:40 -------- d-----w- c:\program files\Common Files\Nancy Drew Prerequisites
2012-08-15 03:15 . 2012-08-15 03:15 -------- d--h--w- c:\windows\PIF
2012-08-15 01:11 . 2012-08-15 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-08-15 01:11 . 2012-08-15 01:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-08-15 00:47 . 2012-08-15 00:47 -------- d-----w- c:\documents and settings\Katherine Jacobs\Application Data\Canon Easy-WebPrint EX
2012-08-14 04:01 . 2012-08-14 04:01 -------- d-----w- c:\program files\Common Files\Java
2012-08-14 04:01 . 2012-08-14 04:01 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-14 04:01 . 2012-08-14 04:01 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-14 03:58 . 2012-08-14 03:58 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2012-08-14 03:58 . 2012-08-14 03:58 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2012-08-14 03:58 . 2012-08-14 03:58 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2012-08-14 03:58 . 2012-08-14 03:58 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2012-08-14 03:58 . 2012-08-14 03:58 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2012-08-14 03:58 . 2012-08-14 03:58 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2012-08-14 03:58 . 2012-08-14 03:58 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2012-08-14 03:58 . 2012-08-14 03:58 -------- d-----w- c:\program files\QuickTime
2012-08-14 03:45 . 2012-08-14 03:45 -------- d-----w- c:\program files\iPod
2012-08-14 03:40 . 2012-08-14 03:40 -------- d-----w- c:\program files\Bonjour
2012-08-14 03:00 . 2012-08-14 03:00 -------- d-----w- c:\documents and settings\Chris Jacobs\Local Settings\Application Data\Secunia PSI
2012-08-14 03:00 . 2012-08-14 03:00 -------- d-----w- c:\program files\Secunia
2012-08-14 00:23 . 2012-08-14 00:23 -------- d-----w- c:\program files\WiseConvert
2012-08-10 16:12 . 2012-08-10 16:12 -------- d-----w- c:\program files\Common Files\xing shared
2012-08-01 01:07 . 2012-08-01 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\f91280
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-29 11:29 . 2012-08-29 11:29 19674 ----a-w- C:\TDSSKiller.2.8.8.0_28.08.2012_22.28.23_log.zip
2012-08-29 02:33 . 2004-08-04 05:07 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-08-14 04:01 . 2011-04-19 02:37 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-14 03:32 . 2012-03-30 00:20 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-14 03:32 . 2011-06-22 21:55 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-10 16:12 . 2003-02-21 10:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-08-10 14:09 . 2011-04-17 03:58 114 ----a-w- c:\documents and settings\Chris Jacobs\Application Data\netstat.bat
2012-07-06 13:58 . 2005-08-16 10:18 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2005-08-16 10:37 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 17:46 . 2011-04-17 21:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40 . 2005-08-16 10:18 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2005-08-16 10:18 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2005-08-16 10:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2005-08-16 10:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2005-08-16 10:18 385024 ----a-w- c:\windows\system32\html.iec
2012-06-05 15:50 . 2008-09-12 20:46 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2005-08-16 10:18 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 21:35 . 2008-09-10 06:10 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2005-08-16 10:18 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2007-06-18 22:16 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2007-06-18 22:16 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2005-08-16 10:40 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2005-08-16 10:40 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2005-08-16 10:40 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2007-06-18 22:16 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2005-08-16 10:40 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2005-08-16 10:40 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2005-08-16 10:18 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2005-05-26 10:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2007-06-18 22:16 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2005-08-16 10:40 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2005-08-16 10:40 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2008-09-10 06:10 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2008-09-10 06:10 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-07-14 00:17 . 2012-08-17 02:28 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-11 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"YeppStudioAgent"="c:\program files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2005-09-12 40960]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"SBAMTray"="c:\program files\GFI Software\VIPRE\SBAMTray.exe" [2012-05-02 3050848]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-08-10 296096]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Digital Display\\KodakDigitalDisplaySoftware.exe"=
"c:\\Program Files\\Kodak\\Digital Display\\OrbKodakLauncher\\DllStartupService.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1324:UDP"= 1324:UDP:Windows Media Format SDK (iexplore.exe)
"1325:UDP"= 1325:UDP:Windows Media Format SDK (iexplore.exe)
.
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [13/07/2012 8:56 PM 21240]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [25/01/2012 10:21 PM 101112]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [25/08/2010 9:50 PM 219136]
R2 KodakDigitalDisplayService;KodakDigitalDisplayService;c:\program files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe [14/05/2009 1:21 PM 98304]
R2 SBAMSvc;VIPRE Antivirus;c:\program files\GFI Software\VIPRE\SBAMSvc.exe [02/05/2012 8:59 AM 3289680]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [13/07/2012 8:56 PM 77816]
R2 SBPIMSvc;SB Recovery Service;c:\program files\GFI Software\VIPRE\SBPIMSvc.exe [02/05/2012 8:58 AM 173920]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [25/07/2012 4:46 AM 681056]
S2 5576;5576;\??\c:\docume~1\CHRISJ~1\LOCALS~1\Temp\5576.sys --> c:\docume~1\CHRISJ~1\LOCALS~1\Temp\5576.sys [?]
S2 5709;5709;\??\c:\docume~1\CHRISJ~1\LOCALS~1\Temp\5709.sys --> c:\docume~1\CHRISJ~1\LOCALS~1\Temp\5709.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [02/05/2010 11:42 AM 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [29/03/2012 8:20 PM 257224]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27/02/2009 11:55 AM 101936]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [02/05/2010 11:42 AM 135664]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [17/04/2011 5:40 PM 22344]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [16/08/2012 10:28 PM 113120]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [01/09/2010 4:30 AM 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [25/07/2012 4:46 AM 1326176]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [17/04/2011 5:40 PM 655944]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - NDISRD
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 03:32]
.
2012-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 15:42]
.
2012-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 15:42]
.
2012-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3363229072-3021304974-548893752-1007Core.job
- c:\documents and settings\Chris Jacobs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-26 03:03]
.
2012-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3363229072-3021304974-548893752-1007UA.job
- c:\documents and settings\Chris Jacobs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-26 03:03]
.
2012-08-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3363229072-3021304974-548893752-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]
.
2012-08-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3363229072-3021304974-548893752-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: brassring.com\sjobs
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: plaxo.com\www
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files\TurboTax 2011\ic2011pp.dll
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
FF - ProfilePath - c:\documents and settings\Chris Jacobs\Application Data\Mozilla\Firefox\Profiles\kxgn1snm.default\
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{e372c287-64ea-4bec-a4a6-8771b11d539b} - c:\program files\GameNutt_2s\bar\1.bin\2sSrcAs.dll
Toolbar-SITEguard - (no file)
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKLM-Run-Amazing3DAquariumWallpaper - (no file)
HKLM-Run-GameNutt_2s Browser Plugin Loader - c:\progra~1\GAMENU~2\bar\1.bin\2sbrmon.exe
SafeBoot-71887763.sys
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-29 22:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3363229072-3021304974-548893752-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:8c,1a,c4,6d,d6,71,39,bd,cf,36,70,a1,ae,e9,5a,1a,24,ff,5f,fd,3e,0b,98,
3a,cd,e9,b1,80,66,de,4d,7f,2f,ea,4a,39,10,c7,43,a4,66,e2,24,1b,a2,21,e9,f5,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
[HKEY_USERS\S-1-5-21-3363229072-3021304974-548893752-1007\Software\SecuROM\License information*]
"datasecu"=hex:8d,fc,6d,66,69,bd,ae,84,4a,b8,0d,af,93,16,c7,41,0e,17,47,01,47,
7f,06,f5,97,0d,b3,c0,3d,2d,51,55,53,7e,2f,58,4e,1f,07,c5,af,97,b6,44,ac,ab,\
"rkeysecu"=hex:fc,c0,7e,17,05,7d,fc,b5,1a,af,54,29,89,3b,60,32
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3768)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-08-29 22:17:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-30 02:17
.
Pre-Run: 204,095,823,872 bytes free
Post-Run: 206,818,766,848 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - BD640721E811B83F7BC6B4FD5A3C30AE

#11 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,195 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 29 August 2012 - 09:38 PM

Looks Good.....

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#12 kjay

kjay

    Regular Member

  • Members
  • PipPip
  • 60 posts
  • Gender:Male

Posted 29 August 2012 - 10:07 PM

Here is the malwarebytes log. Did not come up with any malicious files, so nothing to remove. Was it supposed to?

A quick test on google and everything seems okay. If I notice anything odd, I will let you know.

Would this virus have contributed to increased internet usage. We seem to have higher than expected usage for the past year. First thought it was kids and added use, but we do not download any HD video. Kids play on ipods, watch some utube, download some TV shows, browse the web and email. Last month we exceeded our maximum of 120GB. Any thoughts?

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.29.10
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Chris Jacobs :: KJACOBS [administrator]
29/08/2012 10:42:34 PM
mbam-log-2012-08-29 (22-42-34).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 354959
Time elapsed: 15 minute(s), 21 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

#13 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,195 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 29 August 2012 - 10:13 PM

Here is the malwarebytes log. Did not come up with any malicious files, so nothing to remove. Was it supposed to?


No

A quick test on google and everything seems okay. If I notice anything odd, I will let you know.


OK

Would this virus have contributed to increased internet usage. We seem to have higher than expected usage for the past year. First thought it was kids and added use, but we do not download any HD video. Kids play on ipods, watch some utube, download some TV shows, browse the web and email. Last month we exceeded our maximum of 120GB. Any thoughts?


Don't think so.

~~~~~~~~~~~~~~~~~~~

One last scan.......

Please do this:

Download Security Check by screen317 from HERE or HERE.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
MrC (gone for tonight...be back in AM)

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#14 kjay

kjay

    Regular Member

  • Members
  • PipPip
  • 60 posts
  • Gender:Male

Posted 29 August 2012 - 10:30 PM

Results of screen317's Security Check version 0.99.49
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton Security Online
GFI Software VIPRE
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Secunia PSI (3.0.0.3001)
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 33
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.3.183.20 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 7%
````````````````````End of Log``````````````````````


Should I uninstall ComboFix or leave it on our computer for now? There is also a folder RK_Quarantine on the desktop, may I delete the folder?

Thanks again for your help with this.

#15 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,195 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 30 August 2012 - 06:54 AM

Java™ 6 Update 33 <---uninstall and install newest version
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date! <--update
Adobe Flash Player 10.3.183.20 Flash Player out of Date! <---update
Adobe Reader 9 Adobe Reader out of Date! <---update


You have out dated programs on the system which are vulnerable to malware.
Please update or delete them
Info on doing that can be found in my Preventive Maintenance below.

~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Posted Image

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)
http://oldtimer.geekstogo.com/OTL.exe
http://oldtimer.geekstogo.com/OTL.com
http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#16 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 31 August 2012 - 07:29 AM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users